-- MySQL dump 10.13 Distrib 8.0.39, for FreeBSD15.0 (amd64) -- -- Host: localhost Database: defcon32 -- ------------------------------------------------------ -- Server version 8.0.35 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!50503 SET NAMES utf8mb4 */; /*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; /*!40103 SET TIME_ZONE='+00:00' */; /*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; /*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; /*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; /*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; SET @MYSQLDUMP_TEMP_LOG_BIN = @@SESSION.SQL_LOG_BIN; SET @@SESSION.SQL_LOG_BIN= 0; -- -- GTID state at the beginning of the backup -- SET @@GLOBAL.GTID_PURGED=/*!80000 '+'*/ 'b4148ec7-37aa-11e6-bdd9-003048850f62:1-897773, c8b80935-c8ce-11ee-80c0-f48e38c15384:1-573512, f9f9d5a4-23aa-11e5-b61b-0021856cfce2:1-316626'; -- -- Table structure for table `DCannouncements` -- DROP TABLE IF EXISTS `DCannouncements`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!50503 SET character_set_client = utf8mb4 */; CREATE TABLE `DCannouncements` ( `ID` int NOT NULL AUTO_INCREMENT, `url` varchar(300) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL, `descrip` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL, `datewhen` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (`ID`) ) ENGINE=InnoDB AUTO_INCREMENT=151 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `DCannouncements` -- LOCK TABLES `DCannouncements` WRITE; /*!40000 ALTER TABLE `DCannouncements` DISABLE KEYS */; INSERT INTO `DCannouncements` VALUES (2,'https://x.com/defcon/status/1759680893944529357?s=20','DEF CON Pre Reg announcement','2024-02-28 07:48:19'),(3,'https://x.com/DC_BHV/status/1759842823908778100?s=20','BHV CTF opens','2024-02-28 07:48:19'),(4,'https://x.com/defcon/status/1761126392245498033?s=20','Last of the DC Call fors open annoucement','2024-02-28 07:48:19'),(5,'https://www.villageb.io/','Road to DEF CON 32 link added to footer','2024-02-28 22:00:40'),(6,'https://x.com/DEFCONPolicy/status/1762753707995775096?s=20','Policy CFP is open\r\n','2024-02-28 23:33:58'),(7,'https://x.com/defcon/status/1762963582000783596?s=20','end of DC call for contests reminder is on Mar 1','2024-02-28 23:36:53'),(8,'https://x.com/ICS_Village/status/1763645305352867862?s=20','ICS Village HackTheCapital announcement','2024-03-01 21:15:31'),(9,'https://x.com/HDA_DEFCON/status/1764482891411833287?s=20','HDA - First walkthrough of the new venue complete! Check it out! ','2024-03-05 00:01:24'),(10,'https://x.com/DC_BHV/status/1765272853870739509?s=20','BHV call for workshop proposals','2024-03-06 23:02:35'),(11,'https://x.com/DC_BHV/status/1765443956450414658?s=20','BHV call for volunteers','2024-03-06 23:05:40'),(12,'https://x.com/DC_BHV/status/1765842915513782475?s=20','BHV call for papers\r\n','2024-03-07 20:59:19'),(13,'https://discord.com/channels/977372746491265024/983633856601149440/1215893471114563685','DCGVR CFP on discord','2024-03-08 20:58:54'),(14,'https://x.com/paymentvillage/status/1766190732996440359?s=20','Payment Village CFV\r\n','2024-03-09 22:34:26'),(15,'https://x.com/DCGVR/status/1766332549239087262?s=20','DCGVR twitter CFP','2024-03-09 22:39:21'),(16,'https://x.com/cloudvillage_dc/status/1766527759809909182?s=20','Cloud Village CFP','2024-03-09 22:41:51'),(17,'https://x.com/HDA_DEFCON/status/1767071341205983301?s=20','HDA forum post on LVCCW and skybridge','2024-03-11 22:24:41'),(18,'https://x.com/DC_BHV/status/1767651582785601538?s=20','BHV call fors\r\n','2024-03-20 16:07:48'),(19,'https://x.com/defcon/status/1767679546281828801?s=20','additions to trainings for DEF CON\r\n','2024-03-20 16:09:55'),(20,'https://x.com/BlackInCyberCo1/status/1770435391272677577?s=20','BICV CFP','2024-03-20 16:43:04'),(21,'https://x.com/RedTeamVillage_/status/1770533314610249917?s=20','RTV Call for everything, sponsors, papers & workshops, and volunteers ','2024-03-20 16:48:33'),(22,'https://x.com/DC_BHV/status/1770535410835325261?s=20','BHV call for devices','2024-03-20 16:51:59'),(23,'https://x.com/defcon/status/1769156931242152021?s=20','DEF CON call for workshops reminder','2024-03-20 18:02:30'),(24,'https://x.com/K4rm4ness/status/1767657322891886960?s=20','twitter #badgelife, badge list, call for submissions','2024-03-20 19:00:15'),(25,'https://x.com/ClubOfRoguery/status/1770860039487553614?s=20','Society of Shenanigans Defcon 32 Badge notification of sales page announcement','2024-03-21 14:28:33'),(26,'https://x.com/defcon/status/1770941479927894064?s=20','DEF CON Fontainebleau Hotel room block announcement','2024-03-21 16:07:27'),(27,'https://x.com/AppSec_Village/status/1771945833933439221?s=20','ASV App Sec Village CFP','2024-03-25 21:10:51'),(28,'https://x.com/ICS_Village/status/1772324817338835407?s=20','ICS Village HackTheCapital CFP ending reminder','2024-03-25 22:56:06'),(29,'https://x.com/Gater_Byte/status/1772066495624880195?s=20','@Gater_Byte\'s YT video, Prepping for DC32','2024-03-25 23:22:48'),(30,'https://x.com/defcon/status/1772744782307082378?s=20','DEF CON reminder call for music is open','2024-03-26 22:40:07'),(31,'https://x.com/K4rm4ness/status/1772778252400259433?s=20','#badgelife badge list for DC32 is up!','2024-03-26 22:41:20'),(32,'https://x.com/aivillage_dc/status/1772980820694733152?s=20','AIV Call for everything: talks, presentations, art, music, and more!','2024-03-27 22:39:13'),(33,'https://defcon.social/@DianaInitiative/112173723464917095','Diana Initiative - Tickets for #TDI2024 are on sale now!','2024-03-28 23:07:34'),(34,'https://x.com/RedTeamVillage_/status/1773742019791192496?s=20','RTV Call for Volunteers','2024-03-29 22:43:52'),(35,'https://x.com/DC_BHV/status/1773773094147989719?s=20','BHV Call For Papers','2024-03-29 22:47:05'),(36,'https://x.com/RedTeamVillage_/status/1774851757937422583?s=20','RTV Call for Sponsors reminder','2024-04-01 23:38:36'),(37,'https://x.com/RedTeamVillage_/status/1775153763231142162?s=20','RTV call for Workshops reminder','2024-04-03 01:39:47'),(38,'https://x.com/sec_defcon/status/1775348243502632967?s=20','Social Engineering Village Call fors','2024-04-03 01:50:07'),(39,'https://x.com/ReconVillage/status/1775415120925241724?s=20','Recon Village Call For Sponsors','2024-04-06 09:18:47'),(40,'https://x.com/sec_defcon/status/1775529767871393902?s=20','SEV Call for Volunteers ','2024-04-06 09:22:51'),(41,'https://x.com/aivillage_dc/status/1772980820694733152?s=20','AIV Call for Papers','2024-04-06 09:25:55'),(43,'https://x.com/BlackInCyberCo1/status/1776024604726743480?s=20','Blacks In Cyber Call for Papers','2024-04-06 09:36:57'),(44,'https://x.com/BlueTeamVillage/status/1776074783458725926?s=20','BTV Call for Content, workshops, panels, and hands-on or otherwise interactive content.','2024-04-06 09:38:22'),(45,'https://x.com/quantum_village/status/1776279511086031145?s=20','Quantum Village Call for Talks/Workshops, Volunteers/Scientists/Creators','2024-04-06 09:47:06'),(46,'https://x.com/ReconVillage/status/1776562005140484374?s=20','Recon Village Call for Papers','2024-04-06 09:55:43'),(47,'https://x.com/defcon_music/status/1775625331258626434?s=20','DEF CON A&E Call For Soundtracks/Music','2024-04-06 10:27:33'),(48,'https://x.com/ErezYalon/status/1775852574823907485?s=20','App Sec Village Call for Papers','2024-04-06 14:17:31'),(49,'https://x.com/defcon/status/1776729301863526485?s=20','DEF CON Resorts World room block announced','2024-04-06 14:40:48'),(50,'https://x.com/sec_defcon/status/1777126607968432226','SE Village Call for Competitors','2024-04-08 18:44:07'),(51,'https://x.com/v3rbaal/status/1778280081460166901','DEF CON call for Demo Labs','2024-04-11 22:11:49'),(52,'https://defcon.org/html/defcon-32/dc-32-press.html','DEF CON Press Registration opens','2024-04-11 23:01:16'),(53,'https://forum.defcon.org/node/248125','DEF CON Forum list of Villages','2024-04-14 02:10:05'),(54,'https://defcon.org/html/defcon-32/dc-32-villages.html','DEF CON 32 Village List page','2024-04-14 02:10:54'),(55,'https://dcddv.org/dc32-vol-call','Data Dup Village Call for Volunteers ','2024-04-14 19:33:50'),(56,'https://x.com/BlackInCyberCo1/status/1779857451514290604','Lituation 2.0 BIC Village Networking Sessions & Dance Party','2024-04-15 21:27:18'),(57,'https://x.com/tzionit411/status/1780091251447964027','App Sec Village Call For Workshops, Panels, Hands-on Activities','2024-04-15 22:05:47'),(58,'https://aivillage.org/','AIV Project Demo Submissions','2024-04-17 23:31:29'),(59,'https://forum.defcon.org/node/248689','Industrial Control Systems Village CFP','2024-04-20 02:01:02'),(60,'https://x.com/DC_BHV/status/1781135658666299567','Blue Team Village CFP','2024-04-20 02:16:19'),(61,'https://x.com/DEFCONPolicy/status/1781291572492968064','Policy @ DEF CON CFP deadline approaching','2024-04-20 02:18:59'),(62,'https://x.com/RedTeamVillage_/status/1781344547722686500','RTV Call For Volunteers','2024-04-20 02:21:16'),(63,'https://x.com/BlackInCyberCo1/status/1781427720670355917','Backs in Cyber Village CFP','2024-04-20 02:29:13'),(64,'https://x.com/DCGVR/status/1781506682042057026','DEF CON Groups VR CFP','2024-04-20 02:35:33'),(65,'https://x.com/DefconParrot/status/1781430904159649880','DEF CON Pre-Reg ending June 5','2024-04-20 03:15:39'),(66,'https://x.com/_sn0ww/status/1781798999546380447','SECV Call for Vishing Competition','2024-04-21 02:43:12'),(70,'https://forms.gle/Y9KrdctPgTBTds9i8','Ham Radio Village Call For Staff','2024-04-23 06:04:54'),(71,'https://forms.gle/7gtaP6HCtpXG5RJq8','Ham Radio Village Call For Papers','2024-04-23 06:05:15'),(72,'https://forms.gle/bEbYESarAcP49Nhb6','Ham Radio Village Call For VEs','2024-04-23 06:05:38'),(73,'https://x.com/defcon/status/1782525437849051531','DEF CON Room Block at the Rio with shuttle','2024-04-23 06:58:13'),(74,'https://x.com/0xTib3rius/status/1782439228808310794','YT video: 10 Tips for DEF CON Newbies','2024-04-23 07:04:58'),(75,'https://forum.defcon.org/node/249014','Toxic BBQ','2024-04-23 20:58:53'),(76,'https://cfp.cryptovillage.org/','Crypto Privacy Village CFP','2024-04-24 00:02:21'),(77,'https://dcddv.org/dc32-cfp-open','Data Duplication Village CFP','2024-04-25 22:36:47'),(78,'https://docs.google.com/forms/d/e/1FAIpQLSd16D5Vc_s_4CfI33I-ToJGgH8fImFA1H3xJ_T7d22NGA-2FQ/viewform','Car Hacking Village CFP','2024-04-25 23:03:18'),(79,'https://x.com/hardhatbrigade/status/1783687986057765031','Hard Hat Brigade','2024-04-26 00:31:42'),(80,'https://forum.defcon.org/node/249033','DEF CON MUD contest','2024-04-26 22:12:51'),(81,'https://forum.defcon.org/node/249042','DEF CON 32 CTF Quals Begin','2024-04-27 23:09:20'),(82,'https://x.com/ICS_Village/status/1785032019652624520','Industrial Control Systems Village CFP','2024-04-29 22:50:03'),(83,'https://x.com/DC_Makers/status/1772353954698952849','Makers Community Call for Presentations, Workshops, Sponsors','2024-04-29 23:01:15'),(84,'https://x.com/SecurityBSides/status/1784919679762354209','BSides Calendar','2024-04-29 23:11:44'),(85,'https://x.com/DC_HHV/status/1785503813916590231','Hardware Hacking Village CFP opens','2024-04-30 20:17:03'),(86,'https://x.com/0xTib3rius/status/1785418324697878982','Feet Feud official @defcon contest','2024-04-30 20:28:06'),(87,'https://x.com/see_ess/status/1785504280666898558','DEF CON Shoot announcement ','2024-04-30 20:47:12'),(88,'https://telecomvillage.com/','Telecom Village CFP','2024-05-01 23:22:35'),(89,'https://x.com/bradanlane/status/1785463018240782636','Announce the 2024 eChallengeCoin!','2024-05-02 01:01:26'),(90,'https://forum.defcon.org/node/249073','DC32 Creative Writing Short Story Contest','2024-05-07 04:20:53'),(91,'https://x.com/DCGVR/status/1786592775913476343','DEF CON Groups VR Call For Papers','2024-05-07 04:54:13'),(92,'https://x.com/BlueTeamVillage/status/1786863119152677010','Blue Team Village Call For Papers','2024-05-07 04:56:30'),(93,'https://x.com/toool/status/1787220457214664961','Lock Pick Village Call For Papers','2024-05-07 05:01:33'),(94,'https://x.com/BlackInCyberCo1/status/1787241013582475323','Blacks In Cyber Call For Papers','2024-05-07 05:10:12'),(95,'https://x.com/IoTvillage/status/1786448131644682298','Internet Of Things Village Call For Papers','2024-05-07 05:34:58'),(96,'https://x.com/DC_BHV/status/1787502434576740454','Bio Hacking Village Call For Papers','2024-05-07 05:47:39'),(97,'https://x.com/ErezYalon/status/1787543860198904016','App Sec Village Call For Papers','2024-05-07 05:49:14'),(98,'https://x.com/AdversaryVillag/status/1787916756134113573','Adversary Village Call for papers and workshops','2024-05-08 04:51:26'),(99,'https://www.indiegogo.com/projects/society-of-shenanigans-defcon-32-badge#/','Society of Shenanigans Defcon 32 Badge','2024-05-08 05:33:30'),(100,'https://x.com/BSidesLV/status/1788258108130623989','BSidesLV Donor Drive','2024-05-09 04:48:41'),(101,'https://x.com/dcskytalks/status/1788211868437238227','SkyTalks will be part of BSides Las Vegas! ','2024-05-09 19:28:15'),(102,'https://www.indiegogo.com/projects/badgelife-wearable-art-by-altbier-for-dc32/coming_soon','Badgelife Wearable Art by altbier for DC32','2024-05-11 05:01:43'),(103,'https://x.com/physsec/status/1789389382304043076','Physical Security Village Call for Volunteers/Talks/Exhibits','2024-05-11 21:21:19'),(104,'https://www.aerospacevillage.org/defcon-32','Aerospace Village Call For Activities/Talks/Volunteers','2024-05-12 00:16:26'),(106,'https://x.com/phishstories/status/1789852573534507089','Phish Stories Part 2 is now up and available','2024-05-12 21:57:45'),(107,'https://forum.defcon.org/node/249073','DC 32 - Creative Writing Short Story Contest','2024-05-13 04:47:21'),(108,'https://x.com/paymentvillage/status/1789976676467638778','Payment Village - first hardware device at DEF CON - Badge?','2024-05-13 04:50:16'),(109,'https://x.com/RedTeamVillage_/status/1790472210936713530','Red Team Village Call for Volunteers','2024-05-15 06:23:01'),(110,'https://x.com/cloudvillage_dc/status/1791143572642898362','Cloud Village Call For Volunteers ','2024-05-17 06:12:44'),(111,'https://x.com/cloudvillage_dc/status/1791494995515703749','Cloud Village Call For Papers','2024-05-19 06:18:20'),(112,'https://x.com/sec_defcon/status/1791516338436886629','Social Engineering Community Village Call For Volunteers','2024-05-19 06:38:35'),(113,'https://x.com/defcon_music/status/1791873372424733175','DEF CON Call For Music/Artists/Soundtrack','2024-05-19 06:58:45'),(114,'https://www.wallofsheep.com/blogs/news/packet-hacking-village-talks-at-def-con-32-call-for-presentations-now-open','Packet Hacking Village Call For Presentations','2024-05-20 07:33:05'),(115,'https://x.com/BugBountyDEFCON/status/1790047051297792228','Bug Bounty Village Call For Papers','2024-05-20 07:47:46'),(116,'https://forum.defcon.org/node/249196','LAS VEGAS LOOP - TUNNEL SYSTEM - LVCC INFO','2024-05-20 20:23:42'),(117,'https://x.com/rfhackers/status/1792711322519670792','Radio Frequency Village Call For Papers','2024-05-21 05:55:34'),(118,'https://x.com/DCFurs/status/1792976431238263086','DC Furs Call For Presentations','2024-05-22 07:57:23'),(119,'https://www.votingvillage.org/cfp','Voting Machine Village CFP','2024-06-12 04:53:37'),(120,'https://docs.google.com/forms/d/e/1FAIpQLSfwKc0QWc1dGsKwDb5nigPbAzgsIiB5-tFBGhf6MmIrqTfQTg/viewform','Hardware Hacking Village Call for Volunteers','2024-06-12 05:38:47'),(121,'https://x.com/aivillage_dc/status/1816223938571030731','AI Villages Dunk-A-Fed pool party','2024-07-25 01:41:03'),(122,'https://x.com/K4rm4ness/status/1816259920242541018','updated #badgelife badge list','2024-07-25 01:41:53'),(123,'https://x.com/AppSec_Village/status/1816158408438952384','AppSec Village schedule is now live!','2024-07-25 01:46:03'),(124,'https://x.com/sec_defcon/status/1816111009813389573','SEV is running a FULL DAY Vishing Competition','2024-07-25 02:12:16'),(125,'https://www.wallofsheep.com/pages/dc32','Packet Hacking Village schedule','2024-07-25 02:14:44'),(126,'https://x.com/blanketfortcon/status/1816276392570675473','Blanket Fort Con and Party','2024-07-25 02:17:38'),(127,'https://x.com/dcgothcon/status/1816204466766377000','Goth Con Party','2024-07-25 02:19:25'),(128,'https://x.com/djjackalope/status/1815928764100141128','Miss Jackalope DJ schedule for #hackersummercamp','2024-07-25 02:22:43'),(129,'https://x.com/Horizon3ai/status/1816216308746203598','Horizon3.AI Meetup','2024-07-25 02:31:53'),(130,'https://x.com/SoberInCyber/status/1816161118538354811','Sober Speakeasy networking event','2024-07-25 02:36:27'),(131,'https://x.com/JackRhysider/status/1810418346409726280','Darknet Diaries Masquerade Party','2024-07-25 02:39:11'),(132,'https://x.com/reInventParties/status/1816175027810615560','Hacker Summer Camp Party list','2024-07-25 02:41:46'),(133,'https://x.com/rekdt/status/1815948488238125548','SusiBurrito Con','2024-07-25 02:43:03'),(134,'https://x.com/A_P_Delchi/status/1815989821594296496','HDA room schedule','2024-07-25 02:47:50'),(135,'https://x.com/monorailcon/status/1816188699232854306','Monorail Con and HighRoller con','2024-07-25 03:20:53'),(136,'https://x.com/Queercon/status/1816865200886411714','Queercon schedule of events','2024-07-27 08:24:19'),(137,'https://queercon.org/badge/','Queercon Badge','2024-07-27 08:26:57'),(138,'https://www.eff.org/deeplinks/2024/06/betting-your-digital-rights-eff-benefit-poker-tournament-def-con-32','EFF DEF CON benefit poker tournament','2024-07-27 09:24:43'),(139,'https://x.com/bradanlane/status/1817160535755903380','DC NextGen','2024-07-27 09:45:07'),(140,'https://x.com/HamRadioVillage/status/1817376902690099252','HRV Ham In A Day Class','2024-07-27 20:02:29'),(141,'https://x.com/HDA_DEFCON/status/1818744198562230405','HDA Heads up! discount Monorail tickets','2024-08-01 08:01:00'),(142,'https://x.com/HDA_DEFCON/status/1818751347610521600','HDA Info Pack','2024-08-01 08:02:40'),(143,'https://x.com/dakacki/status/1818699082807853061','DEF CON 32 Hotline','2024-08-01 08:03:26'),(144,'https://x.com/wallofsheep/status/1819527542849577159','DJ list for the Packet Hacking Village','2024-08-04 00:57:42'),(145,'https://x.com/defcon/status/1819886804931326420','simple considerations to make DC32 go smoother','2024-08-04 01:03:49'),(146,'https://x.com/defcon/status/1819479153667985525','Merch speed tip','2024-08-04 01:05:31'),(147,'https://x.com/tf2shmoo/status/1819542904421150750','Hack Fortress registration','2024-08-04 01:09:27'),(148,'https://x.com/DefconRaffle/status/1819820418909241372','Black Badge Raffle','2024-08-04 01:12:57'),(149,'https://x.com/dcgothcon/status/1818313268814885017','GothCon DJ lineup','2024-08-04 01:15:22'),(150,'https://x.com/5n4ck3y/status/1819099024583975034','Check out the latest @ANDnXOR video','2024-08-04 01:21:41'); /*!40000 ALTER TABLE `DCannouncements` ENABLE KEYS */; UNLOCK TABLES; -- -- Table structure for table `articles` -- DROP TABLE IF EXISTS `articles`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!50503 SET character_set_client = utf8mb4 */; CREATE TABLE `articles` ( `title` varchar(60) NOT NULL, `content` text NOT NULL, `sortorder` tinyint NOT NULL, `id` int NOT NULL AUTO_INCREMENT, `hash` varchar(32) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=578 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `articles` -- LOCK TABLES `articles` WRITE; /*!40000 ALTER TABLE `articles` DISABLE KEYS */; INSERT INTO `articles` VALUES ('\'Important Message\'','\'
There are a few things that we would like everyone to be aware of, leading up to DEF CON 32.
\n\nWe have a beautiful culture of #stickerlife at DEF CON, and we hope that it can continue well into the future. Refer to the conference schedule for \"sticker swaps\". We\'re also putting up multiple sticker walls this year -- it was a hit last year, and we hope that having a couple of them will be even more awesome this year.
\n\nThe LVCVA (Las Vegas Convention and Visitors Authority, owners of the LVCC) has a zero-tolerance policy with regard to adhering anything at all to their property, including stickers. Please DFIU. If you are caught adhering anything to LVCC property, you will likely be trespassed from the property by Las Vegas Police. Beyond stickers, you may also not use tape, sticky putty, tacks, or even non-stick clings.
\n\nThe LVCC will not be searching or scanning people or bags entering the facility.
\n\nAs always, human badges (that were not pre-purchased) are exclusively sold using cash (US currency). Merch is the same. No credit cards, debit cards, mobile payments, cryptocurrency, or any means other than USD cash will be accepted at either human registration or DEF CON Merch. We recommend bringing cash with you: there are only two ATMs inside the LVCC.
\n\nFood and beverage operations inside the LVCC, including the food court and bars, only accept cards and mobile payments. You cannot use cash to purchase food or beverage inside the LVCC.
\n\nVendors are permitted to conduct transactions via whatever means they choose. We do not have a list of which vendors are accepting cash vs card.
\n\nThe LVCC has many modern water-bottle filling stations, so free water will be readily available for those who bring their own reusable water bottles.
\n\nDCTV will exclusively be streaming online this year, and will not be available on any hotel TV channels.
\n\nLVCC prohibits attendees from bringing outside food and beverage into the convention center, except in cases of medical or dietary necessity.
\n\nPublic photography is allowed*. It’s okay to take photos of your friends if they’re cool with it. We’ve setup several “selfie spots” that are amazing art pieces created specifically for the yearly theme where you can take cool photos.
\n\nWe want you to take consenting photos of each other and we want others to see the wide range of attendees we have at DEF CON having a good time. What we don’t want to see are group shots taken without consent/warning, images taken by the press, video of people standing in lines, etc.
\n\nOfficial Press & DEF CON Policy Village rules may differ, please refer to them. At DEF CON you may see our official photography goons capturing the uniqueness that is to be expected at DEF CON; they adhere to our photo policy.
\n\nGroups & individuals participating in public on stage (events, contests, or activities) are allowed* to be photographed.
\n\nPhotography in the CTF room is NOT permitted without consent of the individuals to be photographed.
\n\nCrowd shots are VERY discouraged, if so desired you must alert the crowd to give them time to opt out. For example: \" Hey, I\'m taking a photo, if you don\'t want to be in it hide your face\" .
\n\nTaking photos of people in hallways, lines, hanging out, at random, is not allowed without consent. Respect the rights of the individual not to be photographed. Deletion of photos can be requested by staff.
\n\nWhen taking pictures of your friends please use “portrait mode” because this will blur the picture background, respecting the privacy of those inadvertently captured.
\n\nNOTE: It is permissible to record violations of the DEF CON CoC to share with our safety team (link) to help us investigate and take action.
\n\nWelcome to DEF CON 32!
\n\nHuman Registration and DEF CON Official Merch are both planning on opening in approximately an hour -- 08:00 local.
\n\nIf you aren\'t already familiar with how Human Registration works, in HackerTracker, please go to readme.nfo -> Registration. If you\'ve pre-registered, please ensure that you have your QR code available. If presenting it on a smartphone, please ensure that the display is set to be as bright as possible. If you\'re buying a badge on-site, please remember that sales are CASH ONLY. Please have exact change whenever possible.
\n\nThe products being sold in DEF CON Official Merch this year are also now available in Hacker Tracker. In Hacker Tracker, please go to Merch. To learn more about how the process works, please go to readme.nfo -> DEF CON Merch.
\n\nPlease note that humans are not required to have a badge prior to visiting merch.
\n\nFinally, we have prepared some infographics to help you with your badge. Please go to readme.nfo -> Badge Usage PSA. Don\'t lose your badge! We cannot replace lost badges.
\n\'',0,575,'8c1ef85a4a57e6b2f3ef967e7a02e151'),('\'Parking at LVCC\'','\'As of Friday at 09: 45, the LVCC Diamond Lot is currently full. You may choose to park in the Bronze lot, which is near the south hall. Parking (regardless of lot) is $15 per day. If you choose to use the Bronze lot, you may wish to use the Vegas Loop local transport. The Vegas Loop South Station is in the Bronze lot, and can take you to the Vegas Loop West Station, which is in the Diamond lot (near the West Hall). Use of the Loop is free for DEF CON staff and attendees.More information about the Loop, including operating hours, can be found in readme.nfo -> Local Transportation.
\n\'',0,576,'c0cd6794322d24fba07ab7f3af65d0af'),('\'Use cellular if possible\'','\'For the most optimal Hacker Tracker experience, we recommend using cellular data rather than DEF CON Wi-Fi -- if your cell data plan permits. The conference network is currently bandwidth-limited, and content updates may be slower than expected.
\n\'',0,577,'7b613be4bb3f23d00fbf8d53bfbdcdac'); /*!40000 ALTER TABLE `articles` ENABLE KEYS */; UNLOCK TABLES; -- -- Table structure for table `documents` -- DROP TABLE IF EXISTS `documents`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!50503 SET character_set_client = utf8mb4 */; CREATE TABLE `documents` ( `title` varchar(60) NOT NULL, `content` text NOT NULL, `sortorder` tinyint NOT NULL, `id` int NOT NULL AUTO_INCREMENT, `hash` varchar(32) NOT NULL, PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=2236 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `documents` -- LOCK TABLES `documents` WRITE; /*!40000 ALTER TABLE `documents` DISABLE KEYS */; INSERT INTO `documents` VALUES ('\'Code of Conduct\'','\'DEF CON provides a forum for open discussion between participants, where radical viewpoints are welcome and a high degree of skepticism is expected. However, insulting or harassing other participants is unacceptable. We want DEF CON to be a safe and productive environment for everyone. It’s not about what you look like but what’s in your mind and how you present yourself that counts at DEF CON.
\n\nWe do not condone harassment against any participant, for any reason. Harassment includes deliberate intimidation and targeting individuals in a manner that makes them feel uncomfortable, unwelcome, or afraid.
\n\nParticipants asked to stop any harassing behavior are expected to comply immediately. We reserve the right to respond to harassment in the manner we deem appropriate, including but not limited to expulsion without refund and referral to the relevant authorities.
\n\nThis Code of Conduct applies to everyone participating at DEF CON - from attendees and exhibitors to speakers, press, volunteers, and Goons.
\n\nAnyone can report harassment. If you are being harassed, notice that someone else is being harassed, or have any other concerns, you can contact a Goon, go to the registration desk, or info booth.
\n\nConference staff will be happy to help participants contact hotel security, local law enforcement, or otherwise assist those experiencing harassment to feel safe for the duration of DEF CON.
\n\nRemember: The CON is what you make of it, and as a community we can create a great experience for everyone.
\n\n3-2-1 Rule - Rule for the minimum required daily activities during the span of the DEF CON conference: 3 hours of sleep, 2 meals, 1 shower. The 0 for \"zero stickers applied to venue\" is silent.
\n\n6-3-2 - It\'s like 3-2-1, except more. Recommended by some hackers and nearly all conference organizers.
\n\nA&E - Arts & Entertainment, the DEF CON department in charge of overseeing arts, music, and all other forms of entertainment.
\n\nAEV - Aerospace Village
\n\nAIV - A. I. Village
\n\nAP - The Alexis Park hotel, where DEF CON was held in the early days.
\n\nASV - AppSec Village
\n\nBH - See \"BlackHat\", below.
\n\nBHV - Biohacking Village
\n\nBICV - Blacks In Cybersecurity Village
\n\nBlack Badge - The Black Badge is the highest award DEF CON gives to contest winners of certain events. A Black Badge allows free entrance to DEF CON for life. There has never been a raffle to give away a black badge, and there never will be.
\n\nBlackHat - BlackHat is a conference unrelated to DEF CON, that happens in Las Vegas shortly before DEF CON. The Dark Tangent founded both DEF CON and BlackHat.
\n\nBlue Team - A blue team is a group of defenders who work to improve an organization\'s security by identifying security threats and risks, analyzing the network environment, and responding to incidents when they occur.
\n\nBSides - Unrelated to DEF CON, SecurityBSides conferences are conferences or gatherings of individuals in a local area.
\n\nBSidesLV - BSides Las Vegas is an unrelated conference that happens in Las Vegas shortly before DEF CON.
\n\nBTV - Blue Team Village -- a community built for and by defenders
\n\nC&E - The DEF CON department the oversees contests (and sometimes events).
\n\nChatham House Rule - When a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed. Wikipedia
\n\nCHV - Car Hacking Village
\n\nCOC - Code of Conduct. All activities happening within the DEF CON conference boundary are required to strictly follow the DEF CON Code of Conduct. The Code of Conduct is available in HackerTracker, in the printed program, and
[dc-policy.html](https://www.defcon.org/html/links/dc-policy.html)\">here.
Con - Shortened form of the word \"conference\". Many of the activities that take place refer to themselves as a con. For example, the meetup of the LGBTQIA+ community is referred to as \"Queercon\".
\n\nContest - In HackerTracker, the tag \"Contest\" is applied to contests that were pre-approved by DEF CON, and are also listed in the printed program. These vary in location, type, and format. Villages, communities, and etc., may also run contests that were not pre-approved by DEF CON, but those won\'t carry the \"Contest\" tag.
\n\nCPV - Crypto & Privacy Village
\n\nCTF - Capture The Flag, a subset of \"contest\". The DEF CON Capture the Flag (CTF), the largest open computer security hacking game, is a hacking competition where teams of hackers attempt to attack and defend computers. In addition to the official DEF CON CTF, there are many CTF events run by various organizations and villages. There may also be unofficial CTFs held by general attendees and others.
\n\nDC32 - DEF CON 32. Broadly speaking, \"DC\" followed by a number refers to the number of the that year\'s conference. For example, year 2024 is DEF CON 32.
\n\nDCG - DEF CON Groups. DEF CON Groups are worldwide, local chapters of hackers, thinkers, makers and others. DEF CON Groups are usually identified by the area code of the area where they are located in the US, and by other numbers when outside of the US e.g., DC801, DC201, etc.
\n\nDCIB - DEF CON Information Booth. Now known as an NFO Node.
\n\nDCTV - DEF CON TV. DEF CON broadcasts various conference speaking tracks and events on venue audio/visual networks. Access to these broadcasts varies by venue, but generally can be found on the hotel TV systems. DCTV also broadcasts to online streaming services, when possible.
\n\nDDV - The DEF CON Data Duplication Village. This village is designed to help the information security community by providing replication of the large amount of data DEF CON has collected over the years.
\n\nDEVOPS - The DEF CON department that oversees the DEF CON Discord instance and supporting infrastructure.
\n\nDFIU - \"Don\'t fuck it up\"
\n\nDISP - Dispatch, the DEF CON department that triages and escalates interdepartmental requests.
\n\nDT - \"DT\", or \"The Dark Tangent\", refers to Jeff Moss, the founder of DEF CON.
\n\nEFF - The Electronic Frontier Foundation, a nonprofit organization defending civil liberties in the digital world.
\n\nEV or ESV - Embedded Village, formerly Embedded Systems Village. Not to be confused with Electric Vehicle.
\n\nExhibitor - Exhibitors are professional organizations looking to connect to the unique DEF CON audience; the hacker, the researcher, and the student. Exhibitors were considered vendors until DC31. The difference is largely that you walk out of Vendors carrying physical merchandise, but you walk out of Exhibitors with a dream.
\n\nFed - Employees of the Federal (US) government. Typically used in the context of the DEF CON \"Spot the Fed\" competition, an informal game at DEF CON where the object of the game is to identify who among the attendees is an employee of the federal government.
\n\nGoon - DEF CON staff. They have many roles including safety, speaker coordination, vendor room coordination, network operations, etc.
\n\nHackerTracker - A conference information and scheduling application for iOS and Android. HackerTracker is the official conference app of DEF CON. HackerTracker also powers info.defcon.org.
\n\nHam - \"Ham\" is a common term for amateur radio operator. See also Ham Radio Village.
\n\nHDA - \"Hackers with Disabilities\" -- the DEF CON team that works to ensure that the DEF CON experience is the best it can be for the ADA/accessible community.
\n\nHHV - Hardware Hacking Village, which also operates Soldering Skills Village
\n\nHR - Human Registration
\n\nHRV - Ham Radio Village
\n\nHuman - General attendees of the DEF CON conference.
\n\nICSV - Industrial Control Systems Village -- dedicated to securing ICS/SCADA systems.
\n\nInhuman - All DEF CON goers who are not \"human\". (Goons, village staff, speakers, contractors, etc.)
\n\nIOTV - Internet of Things Village -- The IoT Village advocates for advancing security in the Internet of Things (IoT) industry by bringing researchers and industry together.
\n\nLinecon - Originally referred to the line for [human] badges to enter the con. Has since grown to encompass any line at DEF CON: any long line has the potential to turn into a con.
\n\nLPV - Lock Pick Village -- a dedicated space at DEF CON that\'s arranged around the topic of lock picking, lock bypass, and physical security topics.
\n\nMerch - The DEF CON Merch department sells DEF CON branded apparel and other merchandise. (The most popular items tend to sell-out relatively quickly, and there\'s often a linecon for merch.)
\n\nNFO - The DEF CON department that provides information, assistance, and navigational guidance to DEF CON hackers. May also refer to an old-school text file commonly associated with hacker culture. \"NFO\" is pronounced \"info\".
\n\nNFO Node - Formerly known as an \"infobooth\", these are the locations where NFO goons can most often be found.
\n\nPac-Man Rule - Letting someone (typically unknown to you) join you or your group\'s conversation. Read more about it here.
\n\nPAYV - Payment Village
\n\nPHV - Packet Hacking Village
\n\nPM&E -- The DEF CON department that oversees Parties, Meetups, and Events.
\n\nPOL - Policy@DEFCON Village
\n\nPSV - Physical Security Village
\n\nPurple Team - Purple teaming is a security methodology that brings together offensive security professionals (red teams) and defensive security professionals (blue teams) to enhance cyber capabilities through continuous feedback and knowledge transfer.
\n\nQM - QuarterMaster, the DEF CON department that oversees supplies and physical logistics.
\n\nQV - Quantum Village
\n\nRed Team - A red team is a group of security professionals who act as hackers to test an organization\'s defenses.
\n\nREG - Registration, the DEF CON department that oversees badge issuance.
\n\nREV - Recon Village
\n\nRFV - Radio Frequency Village
\n\nRTV - Red Team Village
\n\nScav / scav hunt - The scavenger hunt -- a long-running event at DEF CON.
\n\nSE - Social Engineering -- a tactic that uses psychological manipulation to trick people into making security mistakes or giving away sensitive information.
\n\nSECV, SEV - SE Community Village is a village dedicated to the techniques and principles of Social Engineering
\n\nSOC - The SOC is the Department of Fun Enforcement. If you have a safety or security concern, please seek out a SOC Goon.
\n\nSPKR - The DEF CON department that ensures Speakers are prepared to be in the right place at the right time to give their talk.
\n\nSSV - Soldering Skills Village, which is a function of Hardware Hacking Village
\n\nSWAG - See Merch.
\n\nTDI - The Diana Initiative, an unrelated conference that happens in Las Vegas shortly before DEF CON.
\n\nTEV - Tamper Evident Village
\n\nTLV - Telecom Village
\n\nUber Badge - See Black Badge
\n\nVendor - An organization selling physical merchandise at DEF CON. All vendors are in the same physical space, and a list of vendors is available in HackerTracker. See also Exhibitor.
\n\nVILL - The DEF CON department that works to ensure Villages are as successful as possible.
\n\nVillage - Villages are autonomous organizations, often non-profit, that gather at DEF CON for a shared hacking experience. Each village has a focus on some distinct aspect of hacking or cybersecurity. Villages create and execute on their own programming, which often includes hands-on activities (like workshops, or physical construction/deconstruction), talks, panel discussions, group conversations, or parties.
\n\nVortex / the Vortex - When one is caught up in hallway conversations on the way from one DEF CON activity to another, it\'s referred to as being caught up in the Vortex.
\n\nVV, VMV, VMHV - Voting Village
\n\nWISP - Women in Security and Privacy
\n\nXRV - XR Village
\n\nXZBT - The DEF CON department that oversees Exhibitors.
\n\'',0,2225,'3bb6aaad880aac0fb10bb270ac4727d1'),('\'Badge Usage PSA\'','\'Welcome to DEF CON 32!
\n\nPlease refer to Badge Assembly PSA for advice about attaching your badge to your lanyard. Don\'t lose your badge! We cannot replace it. Make sure that the clips close completely.
\n\nBadge Power PSA shows you which button powers the badge on, and what to do if that doesn\'t work.
\n\'',0,2226,'fd4440e09c85f94167da896a5db3bf23'),('\'Registration\'','\'Our human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.
\n\nA badge is required for each human age 8 and older.
\n\nYou are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don\'t know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.
\n\nLinecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
\n\nOnline badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
\n\nPlease help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
\n\nYou will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash -- it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site -- they will not be mailed or shipped.
\n\nWe can scan the QR code either from your phone\'s display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.
\n\nIf you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 until July 15, and $84 on and after July 15.
\n\nOnline purchases are provided a receipt via email when the purchase is made.
\n\nOnline purchase -- often referred to as pre-registration -- does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.
\n\nBadges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.
\n\nThere are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.
\n\nWe are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge is available here. You are welcome to print your own copy of the receipt on plain paper.
\n\nIf you attend BlackHat, it is possible to purchase a DEF CON badge with your BlackHat registration. If you did so, please get your DEF CON badge from BlackHat before they close.
\n\nBlackHat should send you an email with instructions for how to obtain your DEF CON badge. In case you missed it, you can go to the second floor, at the concierge desk, halfway down Black Hat Blvd.
\n\nWant to buy multiple badges? No problem! We\'re happy to sell you however many badges you want to pay for.
\n\nIf you lose your badge, there is unfortunately no way for us to replace it. You\'ll have to buy a replacement at full price. Please don\'t lose your badge. :(
\n\nIf you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
\n\nIf you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.
\n\'',0,2227,'0f98b7f230f3c91292f0de4c99e263f2'),('\'Photography Policy\'','\'Photos & Recording
\n\nPublic photography is allowed*. It’s okay to take photos of your friends if they’re cool with it. We’ve setup several “selfie spots” that are amazing art pieces created specifically for the yearly theme where you can take cool photos.
\n\nWe want you to take consenting photos of each other and we want others to see the wide range of attendees we have at DEF CON having a good time. What we don’t want to see are group shots taken without consent/warning, images taken by the press, video of people standing in lines, etc.
\n\nOfficial Press & DEF CON Policy Village rules may differ, please refer to them. At DEF CON you may see our official photography goons capturing the uniqueness that is to be expected at DEF CON; they adhere to our photo policy.
\n\nGroups & individuals participating in public on stage (events, contests, or activities) are allowed* to be photographed.
\n\nPhotography in the CTF room is NOT permitted without consent of the individuals to be photographed.
\n\nCrowd shots are VERY discouraged, if so desired you must alert the crowd to give them time to opt out. For example: \" Hey, I\'m taking a photo, if you don\'t want to be in it hide your face\" .
\n\nTaking photos of people in hallways, lines, hanging out, at random, is not allowed without consent. Respect the rights of the individual not to be photographed. Deletion of photos can be requested by staff.
\n\nWhen taking pictures of your friends please use “portrait mode” because this will blur the picture background, respecting the privacy of those inadvertently captured.
\n\nNOTE: It is permissible to record violations of the DEF CON CoC to share with our safety team (link) to help us investigate and take action.
\n\nThis year, HackerTracker has artwork of the merch -- you can decide ahead of time if you are interested in a product. HackerTracker is also showing stock status – if an item goes out of stock, that’ll be indicated in-app; this is on a best-effort basis, and some products move fast. We’re also experimenting with the concept of an in-app wish list. We hope that it makes the product selection process faster and easier for everyone. If you don\'t want to make a wish list in Hacker Tracker, you can have a merch goon create the order on your behalf.
\n\nHere’s the process, from beginning to end:
\n\nIf you find something that seems to have been lost, please take that item to the nearest NFO Node. The item will enter the DEF CON Lost & Found system.
\n\nIf you\'ve lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in room LVCC - L2 - W238. You may also call Lost & Found at +1 (725) 377-5045.
\n\nThe Lost & Found department plans to be open Thursday - Saturday, during all hours that the conference operates. On Sunday, the Lost & Found department will open with the venue at 08:00, but will close at the beginning of DEF CON 32 Closing Ceremonies (15:00). Shortly thereafter, all remaining lost items will be transferred to the LVCC West Lobby Security Office. If you need to reach LVCC\'s West Lobby Security Office, you may call +1 (702) 943-3532.
\n\'',0,2230,'1c1ecba6ad0b80ad52f0a2c15c785259'),('\'Important Message\'','\'There are a few things that we would like everyone to be aware of, leading up to DEF CON 32.
\n\nWe have a beautiful culture of #stickerlife at DEF CON, and we hope that it can continue well into the future. Refer to the conference schedule for \"sticker swaps\". We\'re also putting up multiple sticker walls this year -- it was a hit last year, and we hope that having a couple of them will be even more awesome this year.
\n\nThe LVCVA (Las Vegas Convention and Visitors Authority, owners of the LVCC) has a zero-tolerance policy with regard to adhering anything at all to their property, including stickers. Please DFIU. If you are caught adhering anything to LVCC property, you will likely be trespassed from the property by Las Vegas Police. Beyond stickers, you may also not use tape, sticky putty, tacks, or even non-stick clings.
\n\nThe LVCC will not be searching or scanning people or bags entering the facility.
\n\nAs always, human badges (that were not pre-purchased) are exclusively sold using cash (US currency). Merch is the same. No credit cards, debit cards, mobile payments, cryptocurrency, or any means other than USD cash will be accepted at either human registration or DEF CON Merch. We recommend bringing cash with you: there are only two ATMs inside the LVCC.
\n\nFood and beverage operations inside the LVCC, including the food court and bars, only accept cards and mobile payments. You cannot use cash to purchase food or beverage inside the LVCC.
\n\nVendors are permitted to conduct transactions via whatever means they choose. We do not have a list of which vendors are accepting cash vs card.
\n\nThe LVCC has many modern water-bottle filling stations, so free water will be readily available for those who bring their own reusable water bottles.
\n\nDCTV will exclusively be streaming online this year, and will not be available on any hotel TV channels.
\n\nLVCC prohibits attendees from bringing outside food and beverage into the convention center, except in cases of medical or dietary necessity.
\n\nPublic photography is allowed*. It’s okay to take photos of your friends if they’re cool with it. We’ve setup several “selfie spots” that are amazing art pieces created specifically for the yearly theme where you can take cool photos.
\n\nWe want you to take consenting photos of each other and we want others to see the wide range of attendees we have at DEF CON having a good time. What we don’t want to see are group shots taken without consent/warning, images taken by the press, video of people standing in lines, etc.
\n\nOfficial Press & DEF CON Policy Village rules may differ, please refer to them. At DEF CON you may see our official photography goons capturing the uniqueness that is to be expected at DEF CON; they adhere to our photo policy.
\n\nGroups & individuals participating in public on stage (events, contests, or activities) are allowed* to be photographed.
\n\nPhotography in the CTF room is NOT permitted without consent of the individuals to be photographed.
\n\nCrowd shots are VERY discouraged, if so desired you must alert the crowd to give them time to opt out. For example: \" Hey, I\'m taking a photo, if you don\'t want to be in it hide your face\" .
\n\nTaking photos of people in hallways, lines, hanging out, at random, is not allowed without consent. Respect the rights of the individual not to be photographed. Deletion of photos can be requested by staff.
\n\nWhen taking pictures of your friends please use “portrait mode” because this will blur the picture background, respecting the privacy of those inadvertently captured.
\n\nNOTE: It is permissible to record violations of the DEF CON CoC to share with our safety team (link) to help us investigate and take action.
\n\nThese locations do not accept cash. All sales are conducted using a credit or debit card only.
\n\nPlanned hours for the food court are as follows:
\n\nIf you have a 🚑 🏥 Medical or 👮 Police Emergency: Call 911.
\n\nIf you have questions about what\'s happening in or around DEF CON, or otherwise need help answering a question: please visit one of the NFO Nodes (formerly known as information booth) located throughout LVCC West. They\'re highlighted in teal (green-ish) on the venue maps.
\n\nMental wellness and physical safety are both important to us at DEF CON. If you’re struggling, scared, or just need someone to voice a concern to, DEF CON Hotline is here to support you. Help is available to all, especially if talking to DEF CON Goons in person isn’t a good option for you.
\n\nHotline is confidential and available well into the early morning hours on conference days. Volunteers are standing by to listen and, if needed, connect you to appropriate support services. Whether that’s SOC Goons or external services we partner with such as Kick at Darkness, The Rape Crisis Center Las Vegas, and the Nevada Coalition to End Domestic and Sexual Violence to provide expert resources for survivors. The Hotline team is diverse and undergoes extensive training including dedicated support for LGBTQ+. Hotline is here to listen.
\n\nYou can reach DEF CON Hotline Goons during normal hours of operation to anonymously report any behavior violating our code of conduct or to find an empathic ear by phone call, text, or Signal at +1 (725) 222-0934, or reaching out on Discord @defconhotline.
\n\nIf you are in need of First Aid, there is a nurse on-duty in room W1056-MA. It\'s under the escalators near human registration. If you cannot find it, ask a goon for help. SOC goons in particular are able to quickly summon medical help.
\n\nHere are the concise walking instructions:
\n\nA shuttle service will run between the Las Vegas Convention Center West Hall and the Rio Hotel and Casino. Departures are as follows:
\n\nDay | \nBegin | \nEnd | \nRio | \nLVCC | \n
---|---|---|---|---|
Mon | \n08:00 | \n11:30 | \nevery :00 | \nevery :30 | \n
Mon | \n18:00 | \n21:30 | \nevery :00 | \nevery :30 | \n
Tue | \n08:00 | \n11:30 | \nevery :00 | \nevery :30 | \n
Tue | \n18:00 | \n21:30 | \nevery :00 | \nevery :30 | \n
Wed | \n08:00 | \n23:30 | \nevery :00 | \nevery :30 | \n
Thu | \n03:00 | \n07:30 | \nevery :00 | \nevery :30 | \n
Thu | \n06:00 | \n23:30 | \nevery :00 and :30 | \nevery :00 and :30 | \n
Fri | \n00:00 | \n03:30 | \nevery :00 and :30 | \nevery :00 and :30 | \n
Fri | \n06:00 | \n23:30 | \nevery :00 and :30 | \nevery :00 and :30 | \n
Sat | \n00:00 | \n03:30 | \nevery :00 and :30 | \nevery :00 and :30 | \n
Sat | \n06:00 | \n23:30 | \nevery :00 and :30 | \nevery :00 and :30 | \n
Sun | \n00:00 | \n03:30 | \nevery :00 and :30 | \nevery :00 and :30 | \n
Sun | \n06:00 | \n19:30 | \nevery :00 and :30 | \nevery :00 and :30 | \n
The times listed in the Rio column are the times that the shuttle departs Rio, and the times listed in the LVCC column are the times that the shuttle departs the LVCC West Hall. Maximum capacity varies throughout the day.
\n\nThe LVCC Loop hours are as follows:
\n\nThe Las Vegas Monorail arrives and departs every 4 to 8 minutes, and its hours are:
\n\nTo walk from the LVCC West Hall to the Monorail (Westgate Station):
\n\nDEF CON thrives on community collaboration and has operated for over 30 years successfully working with hundreds of vendors including the dozens that have helped with our badges over the years. For this year’s Raspberry Pi badges, DEF CON hired Entropic Engineering to do the hardware development and firmware. After going overbudget by more than 60%, several bad-faith charges, and with a product still in preproduction, DEF CON issued a stop work order. Any claims that DEF CON did not pay Entropic Engineering for its hardware or firmware development are false. Unfortunately, we heard that these issues with Entropic Engineering were not unique to DEF CON. We decided at that point to finish the badge on our own. We paid to send engineers to Vietnam to work onsite to finalize and test the badges in order to ensure they would be done on time for the conference. We never removed Entropic Engineering’s logo from our badge, it is still on the PCB. However, Entropic was not involved in the design and production of the case, and we removed their logo we had added as a courtesy.
\n\nWe were happy to still include one of their contractors on the badge panel session. Unfortunately, shortly before the talk was set to take place DEF CON became aware that unauthorized code had been included in the firmware we had paid Entropic Engineering to produce, claiming credit for the whole badge and promoting their coin wallet to solicit money from DEF CON attendees above and beyond what we had negotiated. When asked about the unauthorized code, the engineer said it had been done as a “joke” two months ago and forgot to remove it, and we decided as an organization not to have him on stage while we kept the slides in the talk giving him credit for his work. We communicated the change in advance of the talk, and this individual decided to show up for the panel anyway. He refused to leave, demanding that our security team remove him. Wanting to ensure that the other people involved in creating the badge were able to deliver their presentation, we complied with his wishes and escorted him off the stage, where he was free to continue attending the conference.
\n\nAny issues of non-payment are between him and Entropic Engineering; DEF CON fulfilled its financial obligations.
\n\'',0,2235,'58a1148c2ef71d0b693f519fc454f0e8'); /*!40000 ALTER TABLE `documents` ENABLE KEYS */; UNLOCK TABLES; -- -- Table structure for table `events` -- DROP TABLE IF EXISTS `events`; /*!40101 SET @saved_cs_client = @@character_set_client */; /*!50503 SET character_set_client = utf8mb4 */; CREATE TABLE `events` ( `day` varchar(16) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL, `hour` varchar(2) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL, `starttime` varchar(6) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL, `endtime` varchar(6) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL, `continuation` char(1) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL, `village` varchar(64) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL, `track` varchar(90) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL, `title` varchar(512) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL, `speaker` varchar(256) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL, `hash` varchar(64) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL, `desc` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL, `modflag` tinyint DEFAULT NULL, `autoincre` int NOT NULL AUTO_INCREMENT, PRIMARY KEY (`autoincre`), KEY `title` (`title`(255)), KEY `hash` (`hash`) ) ENGINE=InnoDB AUTO_INCREMENT=617881 DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_unicode_ci; /*!40101 SET character_set_client = @saved_cs_client */; -- -- Dumping data for table `events` -- LOCK TABLES `events` WRITE; /*!40000 ALTER TABLE `events` DISABLE KEYS */; INSERT INTO `events` VALUES ('4_Sunday','08','08:00','15:59','N','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'Title: Human Registration OpenOur human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.
\n\nA badge is required for each human age 8 and older.
\n\nYou are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don\'t know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.
\n\nLinecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
\n\nOnline badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
\n\nPlease help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
\n\nYou will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash -- it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site -- they will not be mailed or shipped.
\n\nWe can scan the QR code either from your phone\'s display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.
\n\nIf you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 until July 15, and $84 on and after July 15.
\n\nOnline purchases are provided a receipt via email when the purchase is made.
\n\nOnline purchase -- often referred to as pre-registration -- does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.
\n\nBadges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.
\n\nThere are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.
\n\nWe are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt on plain paper.
\n\nIf you attend BlackHat, it is possible to purchase a DEF CON badge with your BlackHat registration. If you did so, please get your DEF CON badge from BlackHat before they close.
\n\nBlackHat should send you an email with instructions for how to obtain your DEF CON badge. In case you missed it, you can go to the second floor, at the concierge desk, halfway down Black Hat Blvd.
\n\nWant to buy multiple badges? No problem! We\'re happy to sell you however many badges you want to pay for.
\n\nIf you lose your badge, there is unfortunately no way for us to replace it. You\'ll have to buy a replacement at full price. Please don\'t lose your badge. :(
\n\nIf you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
\n\nIf you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.
\n\n\'',NULL,613969),('4_Sunday','09','08:00','15:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'\'',NULL,613970),('4_Sunday','10','08:00','15:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'\'',NULL,613971),('4_Sunday','11','08:00','15:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'\'',NULL,613972),('4_Sunday','12','08:00','15:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'\'',NULL,613973),('4_Sunday','13','08:00','15:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'\'',NULL,613974),('4_Sunday','14','08:00','15:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'\'',NULL,613975),('4_Sunday','15','08:00','15:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'\'',NULL,613976),('1_Thursday','08','08:00','19:59','N','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'Title: Human Registration OpenOur human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.
\n\nA badge is required for each human age 8 and older.
\n\nYou are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don\'t know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.
\n\nLinecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
\n\nOnline badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
\n\nPlease help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
\n\nYou will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash -- it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site -- they will not be mailed or shipped.
\n\nWe can scan the QR code either from your phone\'s display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.
\n\nIf you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 until July 15, and $84 on and after July 15.
\n\nOnline purchases are provided a receipt via email when the purchase is made.
\n\nOnline purchase -- often referred to as pre-registration -- does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.
\n\nBadges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.
\n\nThere are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.
\n\nWe are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt on plain paper.
\n\nIf you attend BlackHat, it is possible to purchase a DEF CON badge with your BlackHat registration. If you did so, please get your DEF CON badge from BlackHat before they close.
\n\nBlackHat should send you an email with instructions for how to obtain your DEF CON badge. In case you missed it, you can go to the second floor, at the concierge desk, halfway down Black Hat Blvd.
\n\nWant to buy multiple badges? No problem! We\'re happy to sell you however many badges you want to pay for.
\n\nIf you lose your badge, there is unfortunately no way for us to replace it. You\'ll have to buy a replacement at full price. Please don\'t lose your badge. :(
\n\nIf you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
\n\nIf you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.
\n\n\'',NULL,613977),('1_Thursday','09','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613978),('1_Thursday','10','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613979),('1_Thursday','11','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613980),('1_Thursday','12','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613981),('1_Thursday','13','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613982),('1_Thursday','14','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613983),('1_Thursday','15','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613984),('1_Thursday','16','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613985),('1_Thursday','17','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613986),('1_Thursday','18','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613987),('1_Thursday','19','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613988),('2_Friday','08','08:00','19:59','N','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'Title: Human Registration OpenOur human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.
\n\nA badge is required for each human age 8 and older.
\n\nYou are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don\'t know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.
\n\nLinecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
\n\nOnline badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
\n\nPlease help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
\n\nYou will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash -- it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site -- they will not be mailed or shipped.
\n\nWe can scan the QR code either from your phone\'s display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.
\n\nIf you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 until July 15, and $84 on and after July 15.
\n\nOnline purchases are provided a receipt via email when the purchase is made.
\n\nOnline purchase -- often referred to as pre-registration -- does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.
\n\nBadges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.
\n\nThere are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.
\n\nWe are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt on plain paper.
\n\nIf you attend BlackHat, it is possible to purchase a DEF CON badge with your BlackHat registration. If you did so, please get your DEF CON badge from BlackHat before they close.
\n\nBlackHat should send you an email with instructions for how to obtain your DEF CON badge. In case you missed it, you can go to the second floor, at the concierge desk, halfway down Black Hat Blvd.
\n\nWant to buy multiple badges? No problem! We\'re happy to sell you however many badges you want to pay for.
\n\nIf you lose your badge, there is unfortunately no way for us to replace it. You\'ll have to buy a replacement at full price. Please don\'t lose your badge. :(
\n\nIf you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
\n\nIf you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.
\n\n\'',NULL,613989),('2_Friday','09','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613990),('2_Friday','10','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613991),('2_Friday','11','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613992),('2_Friday','12','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613993),('2_Friday','13','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613994),('2_Friday','14','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613995),('2_Friday','15','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613996),('2_Friday','16','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613997),('2_Friday','17','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613998),('2_Friday','18','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613999),('2_Friday','19','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,614000),('3_Saturday','08','08:00','18:59','N','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'Title: Human Registration OpenOur human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.
\n\nA badge is required for each human age 8 and older.
\n\nYou are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don\'t know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.
\n\nLinecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
\n\nOnline badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
\n\nPlease help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
\n\nYou will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash -- it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site -- they will not be mailed or shipped.
\n\nWe can scan the QR code either from your phone\'s display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.
\n\nIf you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 until July 15, and $84 on and after July 15.
\n\nOnline purchases are provided a receipt via email when the purchase is made.
\n\nOnline purchase -- often referred to as pre-registration -- does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.
\n\nBadges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.
\n\nThere are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.
\n\nWe are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt on plain paper.
\n\nIf you attend BlackHat, it is possible to purchase a DEF CON badge with your BlackHat registration. If you did so, please get your DEF CON badge from BlackHat before they close.
\n\nBlackHat should send you an email with instructions for how to obtain your DEF CON badge. In case you missed it, you can go to the second floor, at the concierge desk, halfway down Black Hat Blvd.
\n\nWant to buy multiple badges? No problem! We\'re happy to sell you however many badges you want to pay for.
\n\nIf you lose your badge, there is unfortunately no way for us to replace it. You\'ll have to buy a replacement at full price. Please don\'t lose your badge. :(
\n\nIf you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
\n\nIf you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.
\n\n\'',NULL,614001),('3_Saturday','09','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614002),('3_Saturday','10','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614003),('3_Saturday','11','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614004),('3_Saturday','12','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614005),('3_Saturday','13','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614006),('3_Saturday','14','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614007),('3_Saturday','15','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614008),('3_Saturday','16','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614009),('3_Saturday','17','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614010),('3_Saturday','18','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614011),('0_Wednesday','17','17:00','05:59','N','MISC','LVCC West','\'Linecon\'','\'\'','MISC_381386fad586fba701d99803361083d7','\'Title: LineconLinecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
\n\nOnline badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
\n\nPlease help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
\n\nPlease also review the \"Human Registration Open\" event, and familiarize yourself with the important notes therein.
\n\n\'',NULL,614012),('2_Friday','20','20:00','01:59','N','SOC','LVCC West/Floor 2/W222-Creator Stage 4','\'Hacker Karaoke\'','\'\'','SOC_e58fd6d4f855c683234a6e2646e83c37','\'Title: Hacker KaraokeWe are the event to go to if you want to hang out, enjoy the festivities, sing along, and show ones hidden talent.
\n\n\'',NULL,614013),('3_Saturday','20','20:00','01:59','N','SOC','LVCC West/Floor 2/W222-Creator Stage 4','\'Hacker Karaoke\'','\'\'','SOC_f0941f9b16741e52db3cbcad0cf73684','\'Title: Hacker KaraokeWe are the event to go to if you want to hang out, enjoy the festivities, sing along, and show ones hidden talent.
\n\n\'',NULL,614014),('2_Friday','12','12:00','13:30','N','SOC','LVCC West/Floor 3/W322-W327','\'Veilid Dev and Community Meetup\'','\'\'','SOC_a9f0dc3c49aa37b9346511987fd2dc30','\'Title: Veilid Dev and Community MeetupCult of the Dead Cow and Hackers.Town are bringing you a meet and greet and chat session about Veilid Framework. Come by, say hi, talk shop, let’s see each other in person and have a little fun! Veilid Foundation directors and many of the primary contributors will be there to share progress over the last year. Come by and help us to restore the future and ensure the privacy of the internet for generations to come!
\n\n\'',NULL,614015),('2_Friday','13','12:00','13:30','Y','SOC','LVCC West/Floor 3/W322-W327','\'Veilid Dev and Community Meetup\'','\'\'','SOC_a9f0dc3c49aa37b9346511987fd2dc30','\'\'',NULL,614016),('3_Saturday','11','11:00','16:59','N','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_40171a976a1119add9e4dae9ff3ce06c','\'Title: Ham Radio ExamsHam radio is the original group of electronic hackers, starting long before computers, circuit chips, or even transistors. Continuing this pioneer spirit, The Ham Radio Village is offering free ham radio exams again at DEF CON! All are welcome to come and take the exam and get their amateur radio license upon passing. All three levels (technician, general, and amateur extra) of exams will be offered during DEF CON at the Ham Radio Village. Examinees are encouraged to study the question pool and take practice exams on ham.study.
\n\nEverything we do today involves wireless communications of some sort, and a basic knowledge of how radio works is crucial. Getting your amateur radio license and entering the world of amateur radio will better equip you with knowledge about what goes on in the radio frequency domain, and this can be applied to other RF topics (like RFID credentials, WiFi, or anything else that communicated wirelessly)
\n\n\'',NULL,614017),('3_Saturday','12','11:00','16:59','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_40171a976a1119add9e4dae9ff3ce06c','\'\'',NULL,614018),('3_Saturday','13','11:00','16:59','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_40171a976a1119add9e4dae9ff3ce06c','\'\'',NULL,614019),('3_Saturday','14','11:00','16:59','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_40171a976a1119add9e4dae9ff3ce06c','\'\'',NULL,614020),('3_Saturday','15','11:00','16:59','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_40171a976a1119add9e4dae9ff3ce06c','\'\'',NULL,614021),('3_Saturday','16','11:00','16:59','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_40171a976a1119add9e4dae9ff3ce06c','\'\'',NULL,614022),('2_Friday','13','13:00','15:59','N','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_a6347a9439b4afd66d31779aaed1d471','\'Title: Ham Radio ExamsHam radio is the original group of electronic hackers, starting long before computers, circuit chips, or even transistors. Continuing this pioneer spirit, The Ham Radio Village is offering free ham radio exams again at DEF CON! All are welcome to come and take the exam and get their amateur radio license upon passing. All three levels (technician, general, and amateur extra) of exams will be offered during DEF CON at the Ham Radio Village. Examinees are encouraged to study the question pool and take practice exams on ham.study.
\n\nEverything we do today involves wireless communications of some sort, and a basic knowledge of how radio works is crucial. Getting your amateur radio license and entering the world of amateur radio will better equip you with knowledge about what goes on in the radio frequency domain, and this can be applied to other RF topics (like RFID credentials, WiFi, or anything else that communicated wirelessly)
\n\n\'',NULL,614023),('2_Friday','14','13:00','15:59','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_a6347a9439b4afd66d31779aaed1d471','\'\'',NULL,614024),('2_Friday','15','13:00','15:59','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_a6347a9439b4afd66d31779aaed1d471','\'\'',NULL,614025),('4_Sunday','10','10:00','13:30','N','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_232a9dc4ccc6cf1a27bcb31ac3c35e9d','\'Title: Ham Radio ExamsHam radio is the original group of electronic hackers, starting long before computers, circuit chips, or even transistors. Continuing this pioneer spirit, The Ham Radio Village is offering free ham radio exams again at DEF CON! All are welcome to come and take the exam and get their amateur radio license upon passing. All three levels (technician, general, and amateur extra) of exams will be offered during DEF CON at the Ham Radio Village. Examinees are encouraged to study the question pool and take practice exams on ham.study.
\n\nEverything we do today involves wireless communications of some sort, and a basic knowledge of how radio works is crucial. Getting your amateur radio license and entering the world of amateur radio will better equip you with knowledge about what goes on in the radio frequency domain, and this can be applied to other RF topics (like RFID credentials, WiFi, or anything else that communicated wirelessly)
\n\n\'',NULL,614026),('4_Sunday','11','10:00','13:30','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_232a9dc4ccc6cf1a27bcb31ac3c35e9d','\'\'',NULL,614027),('4_Sunday','12','10:00','13:30','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_232a9dc4ccc6cf1a27bcb31ac3c35e9d','\'\'',NULL,614028),('4_Sunday','13','10:00','13:30','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_232a9dc4ccc6cf1a27bcb31ac3c35e9d','\'\'',NULL,614029),('2_Friday','16','16:00','18:59','N','SOC','LVCC West/Floor 2/W236','\'DCG Atlanta (DC404,678,770,470)\'','\'\'','SOC_2d9d2aaf7e52b8c188facabbff0256e0','\'Title: DCG Atlanta (DC404,678,770,470)They say Atlanta is the city too busy to hate, but it also has too much traffic for its widespread hacker fam to get together in a single meetup. So instead, we\'re meeting up in the desert during DEF CON! The one time of year when intown, northern burbs, south siders, and anyone else connected to DC404\'s 25+ year legacy can catch up and share stories. Join us and meet your fellow ATL hackers!
\n\n\'',NULL,614030),('2_Friday','17','16:00','18:59','Y','SOC','LVCC West/Floor 2/W236','\'DCG Atlanta (DC404,678,770,470)\'','\'\'','SOC_2d9d2aaf7e52b8c188facabbff0256e0','\'\'',NULL,614031),('2_Friday','18','16:00','18:59','Y','SOC','LVCC West/Floor 2/W236','\'DCG Atlanta (DC404,678,770,470)\'','\'\'','SOC_2d9d2aaf7e52b8c188facabbff0256e0','\'\'',NULL,614032),('2_Friday','16','16:00','18:59','N','SOC','LVCC West/Floor 2/HallwayCon Lounge past W234','\'DEF CON Holland Group Presents: VrijMiBo\'','\'\'','SOC_0ab1f7ea505e06c6e06c15366482e491','\'Title: DEF CON Holland Group Presents: VrijMiBoIn The Netherlands it\'s a tradition to catch up with your colleagues just before the end of the workday on Friday when the weekend starts to kick in. In The Netherlands this is called the \"VrijMiBo\" (Vrijdag/Friday - Middag/Afternoon Borrel/Drink)
\n\n\"VrijMiBo/Friday afternoon Drink\" at DEF CON is a perfect moment to talk about what your favorite thing is at DEF CON, show your cool handmade badges, impress other hackers about your latest hacks, make new friends, gossip about your boss and show your cat or dog pictures.
\n\nVrijdag Middag Borrel, Freitag Mittags Getränk, Apéritif du vendredi après-midi, trago de viernes por la tarde.
\n\n\'',NULL,614033),('2_Friday','17','16:00','18:59','Y','SOC','LVCC West/Floor 2/HallwayCon Lounge past W234','\'DEF CON Holland Group Presents: VrijMiBo\'','\'\'','SOC_0ab1f7ea505e06c6e06c15366482e491','\'\'',NULL,614034),('2_Friday','18','16:00','18:59','Y','SOC','LVCC West/Floor 2/HallwayCon Lounge past W234','\'DEF CON Holland Group Presents: VrijMiBo\'','\'\'','SOC_0ab1f7ea505e06c6e06c15366482e491','\'\'',NULL,614035),('2_Friday','19','19:00','00:59','N','SOC','LVCC West/Floor 3/W305-W306','\'BlanketFort Con\'','\'\'','SOC_3589b58e1c3b4c861d72f814bb005056','\'Title: BlanketFort Con21:00 - 02:00\nBIC Village Party with DJ Roma\nAs the sun sets, gather around for a celebration of Reggae, Soca, Dancehall, Hiphop, Pop, R&B, Regional Hits and Caribbean Dance Style! All Flags Welcome! Rep Your Flag!
\n\nSpeakers:BIC Village Staff,DJ RomaThe Arcade Party is back! Come play your favorite classic arcade games while jamming out to Keith Myers DJing. Your favorite custom built 16 player LED foosball table will be ready for some competitive games. This epic party, free for DEF CON 32 attendees to enjoy and play, is hosted by the Military Cyber Professionals Association (a tech ed charity) and friends.
\n\n\'',NULL,614038),('2_Friday','21','21:00','01:59','N','SOC','LVCC West/Floor 3/W322-W324, W327','\'GOTHCON 2024\'','\'\'','SOC_10961b1065b79aa093037d3f89697282','\'Title: GOTHCON 2024Returning for their 7th year, Gothcon invites you to come dance the night away with a line-up of some of the community\'s best dark dance music DJ\'s from across the US! Dress however you would like in whatever makes you feel comfortable and happy, and all are welcome (except nazis). Follow @dcgothcon on X for current updates on lineup and other surprises we have in store.
\n\n\'',NULL,614039),('2_Friday','22','22:00','00:59','N','SOC','LVCC West/Floor 3/W325-W326','\'QueerCon\'','\'\'','SOC_3f83b6abb75c205b5f947a7f2d55460e','\'Title: QueerConA fun gathering space for the lgbtqia+ community to listen to DJ dance music and party together. An inclusive and vibrant option with others in the community.
\n\n\'',NULL,614040),('2_Friday','21','21:00','01:59','N','MISC','LVCC West/Floor 2/W208','\'Capitol Technology University (CTU)\'','\'\'','MISC_69bdc69a03b889dabbcab04ed96958cc','\'Title: Capitol Technology University (CTU)Join Capitol Technology University for a night of fun, drinks, and networking amongst like-minded peers! Capitol Tech\'s industry-expert leadership will be discussing exciting career paths in cybersecurity, as well as the future of cyber higher education.
\n\n\'',NULL,614041),('3_Saturday','19','19:30','21:59','N','SOC','LVCC West/Floor 2/W228','\'DC Next Gen party\'','\'\'','SOC_ee33f9344baebf037d9a604da0bf3b7f','\'Title: DC Next Gen partyParty with DEF CON NextGen. Enjoy some music, and some good conversation with other young DEF CON attendees!
\n\n\'',NULL,614042),('3_Saturday','20','19:30','21:59','Y','SOC','LVCC West/Floor 2/W228','\'DC Next Gen party\'','\'\'','SOC_ee33f9344baebf037d9a604da0bf3b7f','\'\'',NULL,614043),('3_Saturday','21','19:30','21:59','Y','SOC','LVCC West/Floor 2/W228','\'DC Next Gen party\'','\'\'','SOC_ee33f9344baebf037d9a604da0bf3b7f','\'\'',NULL,614044),('3_Saturday','21','21:00','01:59','N','SOC','LVCC West/Floor 1/W106-W109-Chillout 1','\'VETCON\'','\'\'','SOC_620b0283fcab01e1a7b5c32e976737ae','\'Title: VETCONWelcome to VETCON, the DEFCON Community event and of course, THE VETCON Party where veterans, active duty military, and even civilians looking for a taste of the action come together for a cyber rendezvous. Because let\'s face it, sometimes you need a little civilian perspective to hack the system!
\n\n\'',NULL,614045),('3_Saturday','19','19:00','20:59','N','SOC','LVCC West/Floor 3/W305-W306','\'Women, gender non-conforming and non-binary meetup with The Diana Initiative\'','\'\'','SOC_36087f7c2c361f8319f247855de1b105','\'Title: Women, gender non-conforming and non-binary meetup with The Diana InitiativeThe Diana Initiative is hosting a meetup where we’d love to get all the gender non conforming, non-binary and women attendees together to hang out and make friends! DEF CON is better with friends.
\n\n\'',NULL,614046),('3_Saturday','20','19:00','20:59','Y','SOC','LVCC West/Floor 3/W305-W306','\'Women, gender non-conforming and non-binary meetup with The Diana Initiative\'','\'\'','SOC_36087f7c2c361f8319f247855de1b105','\'\'',NULL,614047),('3_Saturday','14','14:00','15:59','N','MISC','LVCC West/Floor 2/HallwayCon Lounge past W234','\'DC Book Club Discussion\'','\'\'','MISC_aeac33f8ccc20cfdba1124558b593de4','\'Title: DC Book Club DiscussionA quieter space for those who want to discuss what they are reading, recommend books, and trade books too. We will have a logo themed sticker.
\n\n\'',NULL,614048),('3_Saturday','15','14:00','15:59','Y','MISC','LVCC West/Floor 2/HallwayCon Lounge past W234','\'DC Book Club Discussion\'','\'\'','MISC_aeac33f8ccc20cfdba1124558b593de4','\'\'',NULL,614049),('3_Saturday','17','17:00','18:59','N','SOC','LVCC West/Floor 2/HallwayCon Lounge past W234','\'Sticker Swap at DEF CON 32\'','\'\'','SOC_2d2c21d4cc456150d400e9e706297712','\'Title: Sticker Swap at DEF CON 32We\'ve ran The UnOfficial DEF CON Sticker Swap for 5 years now. Maybe a few other things. This year will be the officially official DC Sticker Swap, come visit for sticker hacker culture and to swap a bit of history.
\n\n\'',NULL,614050),('3_Saturday','18','17:00','18:59','Y','SOC','LVCC West/Floor 2/HallwayCon Lounge past W234','\'Sticker Swap at DEF CON 32\'','\'\'','SOC_2d2c21d4cc456150d400e9e706297712','\'\'',NULL,614051),('2_Friday','19','19:30','21:59','N','SOC','LVCC West/Floor 2/W228','\'Lawyers Meet\'','\'\'','SOC_12d9bb3c452ddc0af1a451f0d286cecf','\'Title: Lawyers MeetIf you’re a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join Jeff McNamara for a friendly get-together, drinks, and conversation.
\n\n\'',NULL,614052),('2_Friday','20','19:30','21:59','Y','SOC','LVCC West/Floor 2/W228','\'Lawyers Meet\'','\'\'','SOC_12d9bb3c452ddc0af1a451f0d286cecf','\'\'',NULL,614053),('2_Friday','21','19:30','21:59','Y','SOC','LVCC West/Floor 2/W228','\'Lawyers Meet\'','\'\'','SOC_12d9bb3c452ddc0af1a451f0d286cecf','\'\'',NULL,614054),('3_Saturday','21','21:00','00:59','N','SOC','LVCC West/Floor 3/W325-W326','\'Jack Rhysider Masquerade Party\'','\'Jack Rhysider\'','SOC_7eafb4ccc01d53dc4ce63af35323036e','\'Title: Jack Rhysider Masquerade PartyCome party with Jack Rhysider at the Darknet Diaries Masquerade party! You\'re not going to want to miss this event as there will be free swag, killer music, interactive exhibits, and of course Jack Rhysider.
\n\nSpeakerBio: Jack RhysiderRAA For Workgroups 3.11 is a continuation of the Rent an Assassin series of parties from DC Shenanigans. Based on the World of Assassination from the Hitman video game franchise, RAA has been serving up clandestine client acquisition events in top-secret locations since DC30. This year marks our first-ever official DEF CON event, and we are excited to bring you some of the best DJs (and shenanigans) DEF CON has to offer.
\n\n\'',NULL,614056),('3_Saturday','18','18:30','21:30','N','MISC','LVCC West/Floor 3/W307-W308','\'EFF Tech Trivia\'','\'\'','MISC_62dd7dca8ddbbea810385e693417c24a','\'Title: EFF Tech TriviaEFF\'s team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Trophy and EFF swag pack. The second and third place teams will also win great EFF gear.
\n\n\'',NULL,614057),('3_Saturday','19','18:30','21:30','Y','MISC','LVCC West/Floor 3/W307-W308','\'EFF Tech Trivia\'','\'\'','MISC_62dd7dca8ddbbea810385e693417c24a','\'\'',NULL,614058),('3_Saturday','20','18:30','21:30','Y','MISC','LVCC West/Floor 3/W307-W308','\'EFF Tech Trivia\'','\'\'','MISC_62dd7dca8ddbbea810385e693417c24a','\'\'',NULL,614059),('3_Saturday','21','18:30','21:30','Y','MISC','LVCC West/Floor 3/W307-W308','\'EFF Tech Trivia\'','\'\'','MISC_62dd7dca8ddbbea810385e693417c24a','\'\'',NULL,614060),('1_Thursday','19','19:00','20:59','N','SOC','LVCC West/Floor 2/W236','\'DC702\'','\'\'','SOC_280d4a85d7b068cdfd4b49e6f9261f63','\'Title: DC702Join the local DC702 Group in this year\'s official DEF CON Meetup! The meetup will be casual and include typical meetup activities (e.g., socializing, \"challenges,\" lockpicking, etc.) and maybe a few little surprises. To stay up-to-date, check out dc702.space/dc32-meetup.
\n\n\'',NULL,614061),('1_Thursday','20','19:00','20:59','Y','SOC','LVCC West/Floor 2/W236','\'DC702\'','\'\'','SOC_280d4a85d7b068cdfd4b49e6f9261f63','\'\'',NULL,614062),('2_Friday','16','16:00','17:59','N','SOC','LVCC West/Floor 2/W231-W233','\'QueerCon Mixer\'','\'\'','SOC_dab821107df7c4b6f4b0a591aa0ff54d','\'Title: QueerCon MixerCome by this informal mixer to meet others in the lgbtqia+ community who are a part of this wonderful world that is InfoSec. This is a safe and inclusive space to meet and talk to others with your shared experience and is a nice environment to network and unwind with a drink.
\n\n\'',NULL,614063),('2_Friday','17','16:00','17:59','Y','SOC','LVCC West/Floor 2/W231-W233','\'QueerCon Mixer\'','\'\'','SOC_dab821107df7c4b6f4b0a591aa0ff54d','\'\'',NULL,614064),('1_Thursday','16','16:00','17:59','N','SOC','LVCC West/Floor 2/W231-W233','\'QueerCon Mixer\'','\'\'','SOC_170a44cd66a49cd672b83e9eea03c1ea','\'Title: QueerCon MixerCome by this informal mixer to meet others in the lgbtqia+ community who are a part of this wonderful world that is InfoSec. This is a safe and inclusive space to meet and talk to others with your shared experience and is a nice environment to network and unwind with a drink.
\n\n\'',NULL,614065),('1_Thursday','17','16:00','17:59','Y','SOC','LVCC West/Floor 2/W231-W233','\'QueerCon Mixer\'','\'\'','SOC_170a44cd66a49cd672b83e9eea03c1ea','\'\'',NULL,614066),('3_Saturday','16','16:00','17:59','N','SOC','LVCC West/Floor 2/W231-W233','\'QueerCon Mixer\'','\'\'','SOC_bf6cc0be1356352925ee472955a86e74','\'Title: QueerCon MixerCome by this informal mixer to meet others in the lgbtqia+ community who are a part of this wonderful world that is InfoSec. This is a safe and inclusive space to meet and talk to others with your shared experience and is a nice environment to network and unwind with a drink.
\n\n\'',NULL,614067),('3_Saturday','17','16:00','17:59','Y','SOC','LVCC West/Floor 2/W231-W233','\'QueerCon Mixer\'','\'\'','SOC_bf6cc0be1356352925ee472955a86e74','\'\'',NULL,614068),('2_Friday','05','05:00','07:59','N','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_c16b116eadb4f82c230817eedcf1de71','\'Title: Defcon.runThursday, Friday, Saturday and Sunday: 05:00 to 08:00, with random pop up meetings throughout the day in the con space.
\n\nDefcon.run is an evolution of the now long running DEF CON 4x5K running event. Due to stupendous growth, we’ve been forced to change up the format. This year\'s activity will look to match up folks for fun runs, and rucks (!), in small distributed groups around Las Vegas. It’s the same old event but at a distributed scale!
\n\nShow up in the morning, go for a run with folks, have a good time!
\n\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances. Full Information at https://defcon.run
\n\n\'',NULL,614069),('2_Friday','06','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_c16b116eadb4f82c230817eedcf1de71','\'\'',NULL,614070),('2_Friday','07','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_c16b116eadb4f82c230817eedcf1de71','\'\'',NULL,614071),('1_Thursday','05','05:00','07:59','N','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_4e35ae98afffdcd903897e56741069f4','\'Title: Defcon.runThursday, Friday, Saturday and Sunday: 05:00 to 08:00, with random pop up meetings throughout the day in the con space.
\n\nDefcon.run is an evolution of the now long running DEF CON 4x5K running event. Due to stupendous growth, we’ve been forced to change up the format. This year\'s activity will look to match up folks for fun runs, and rucks (!), in small distributed groups around Las Vegas. It’s the same old event but at a distributed scale!
\n\nShow up in the morning, go for a run with folks, have a good time!
\n\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances. Full Information at https://defcon.run
\n\n\'',NULL,614072),('1_Thursday','06','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_4e35ae98afffdcd903897e56741069f4','\'\'',NULL,614073),('1_Thursday','07','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_4e35ae98afffdcd903897e56741069f4','\'\'',NULL,614074),('3_Saturday','05','05:00','07:59','N','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_3100939c3e5ac6750d19074e0d10806f','\'Title: Defcon.runThursday, Friday, Saturday and Sunday: 05:00 to 08:00, with random pop up meetings throughout the day in the con space.
\n\nDefcon.run is an evolution of the now long running DEF CON 4x5K running event. Due to stupendous growth, we’ve been forced to change up the format. This year\'s activity will look to match up folks for fun runs, and rucks (!), in small distributed groups around Las Vegas. It’s the same old event but at a distributed scale!
\n\nShow up in the morning, go for a run with folks, have a good time!
\n\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances. Full Information at https://defcon.run
\n\n\'',NULL,614075),('3_Saturday','06','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_3100939c3e5ac6750d19074e0d10806f','\'\'',NULL,614076),('3_Saturday','07','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_3100939c3e5ac6750d19074e0d10806f','\'\'',NULL,614077),('4_Sunday','05','05:00','07:59','N','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_10c9d7a573475b6c1b492ee27d39805e','\'Title: Defcon.runThursday, Friday, Saturday and Sunday: 05:00 to 08:00, with random pop up meetings throughout the day in the con space.
\n\nDefcon.run is an evolution of the now long running DEF CON 4x5K running event. Due to stupendous growth, we’ve been forced to change up the format. This year\'s activity will look to match up folks for fun runs, and rucks (!), in small distributed groups around Las Vegas. It’s the same old event but at a distributed scale!
\n\nShow up in the morning, go for a run with folks, have a good time!
\n\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances. Full Information at https://defcon.run
\n\n\'',NULL,614078),('4_Sunday','06','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_10c9d7a573475b6c1b492ee27d39805e','\'\'',NULL,614079),('4_Sunday','07','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_10c9d7a573475b6c1b492ee27d39805e','\'\'',NULL,614080),('1_Thursday','15','15:00','20:59','N','MISC','Other / See Description','\'Toxic BBQ\'','\'\'','MISC_6dc5f8b8e9df485f0f6a0086e6a6dc8b','\'Title: Toxic BBQThe humans of Vegas invite you to our unofficial welcome party. Whether it\'s your 1st or 18th time, we\'re still in the EXACT SAME PLACE. Join us off-Strip in the shade for a volunteer-run grill and chill.
\n\nWe stock the larder with the basics: burgers, dogs, meatless delights, and all the fixin\'s. You procure your favorite food, drinks, and sides to keep the party going. Volunteer for setup, grill-up, or clean-up. Most of all, show up and become a part of what makes Toxic BBQ the best place to start your con.
\n\nCheck out https://www.toxicbbq.org for more news, and watch #ToxicBBQ for the latest info.
\n\nOff-site at Sunset Park, Foxtail Pavilion
\n\n\'',NULL,614081),('1_Thursday','16','15:00','20:59','Y','MISC','Other / See Description','\'Toxic BBQ\'','\'\'','MISC_6dc5f8b8e9df485f0f6a0086e6a6dc8b','\'\'',NULL,614082),('1_Thursday','17','15:00','20:59','Y','MISC','Other / See Description','\'Toxic BBQ\'','\'\'','MISC_6dc5f8b8e9df485f0f6a0086e6a6dc8b','\'\'',NULL,614083),('1_Thursday','18','15:00','20:59','Y','MISC','Other / See Description','\'Toxic BBQ\'','\'\'','MISC_6dc5f8b8e9df485f0f6a0086e6a6dc8b','\'\'',NULL,614084),('1_Thursday','19','15:00','20:59','Y','MISC','Other / See Description','\'Toxic BBQ\'','\'\'','MISC_6dc5f8b8e9df485f0f6a0086e6a6dc8b','\'\'',NULL,614085),('1_Thursday','20','15:00','20:59','Y','MISC','Other / See Description','\'Toxic BBQ\'','\'\'','MISC_6dc5f8b8e9df485f0f6a0086e6a6dc8b','\'\'',NULL,614086),('0_Wednesday','11','11:00','11:59','N','MISC','Other / See Description','\'The Unofficial DEF CON Shoot\'','\'\'','MISC_1b51cb07e52a70b2748f1e212dc8a934','\'Title: The Unofficial DEF CON ShootWednesday August 7th Registration usually opens at 11am
\n\nOFFSITE: Pro Gun Vegas Address: 12801 US 95 South Boulder City, NV 89005
\n\n\'',NULL,614087),('3_Saturday','20','20:00','23:59','N','MISC','LVCC West/Floor 3/W320','\'DEF CON Movie Night\'','\'\'','MISC_0a0fc389dac1eb2293554b0298f33a78','\'Title: DEF CON Movie NightThe Illuminati Party is excited to open our doors once again to all those who wish to join us at DEF CON for an OPEN party welcoming all of our Hacker Family! Follow us on X (Twitter: @IlluminatiParty)
\n\n\'',NULL,614097),('3_Saturday','18','18:30','22:30','N','SOC','LVCC West/Floor 2/W237','\'Policy Mixer @ DEF CON\'','\'\'','SOC_74f1c7d6771d14a9f6478258e2cab8fe','\'Title: Policy Mixer @ DEF CONWe know DEF CON and Vegas can be a lot. If you\'re a friend of Bill W who\'s looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
\n\n\'',NULL,614108),('3_Saturday','17','17:00','17:59','N','SOC','LVCC West/Floor 3/W301','\'Friends of Bill W\'','\'\'','SOC_bf3488df81f32b94c1c5001dd8dca345','\'Title: Friends of Bill WWe know DEF CON and Vegas can be a lot. If you\'re a friend of Bill W who\'s looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
\n\n\'',NULL,614109),('1_Thursday','17','17:00','17:59','N','SOC','LVCC West/Floor 3/W301','\'Friends of Bill W\'','\'\'','SOC_d82fa234b6bccaa39eed029b0259fbd7','\'Title: Friends of Bill WWe know DEF CON and Vegas can be a lot. If you\'re a friend of Bill W who\'s looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
\n\n\'',NULL,614110),('4_Sunday','12','12:00','12:59','N','SOC','LVCC West/Floor 3/W301','\'Friends of Bill W\'','\'\'','SOC_79907c5ed02f53a855cb6912ea810658','\'Title: Friends of Bill WWe know DEF CON and Vegas can be a lot. If you\'re a friend of Bill W who\'s looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
\n\n\'',NULL,614111),('2_Friday','17','17:00','17:59','N','SOC','LVCC West/Floor 3/W301','\'Friends of Bill W\'','\'\'','SOC_10e7ed1b9ec6e9a9989f10a35afb6eb0','\'Title: Friends of Bill WWe know DEF CON and Vegas can be a lot. If you\'re a friend of Bill W who\'s looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
\n\n\'',NULL,614112),('2_Friday','12','12:00','12:59','N','SOC','LVCC West/Floor 3/W301','\'Friends of Bill W\'','\'\'','SOC_363177989f2a4e3cba48816cf7d2c994','\'Title: Friends of Bill WWe know DEF CON and Vegas can be a lot. If you\'re a friend of Bill W who\'s looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
\n\n\'',NULL,614113),('1_Thursday','12','12:00','12:59','N','SOC','LVCC West/Floor 3/W301','\'Friends of Bill W\'','\'\'','SOC_beb6314bc431a98448738e2e32a71413','\'Title: Friends of Bill WWe know DEF CON and Vegas can be a lot. If you\'re a friend of Bill W who\'s looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
\n\n\'',NULL,614114),('2_Friday','17','17:30','21:30','N','MISC','LVCC West/Floor 3/W307-W308','\'Ask the EFF\'','\'\'','MISC_c727e02df6e2f3aa4149b35c597adf5f','\'Title: Ask the EFFElectronic Frontier Foundation (EFF) is excited to be back at DEF CON. Our expert panelists will offer brief updates on EFF\'s work defending your digital rights, before opening the floor for attendees to ask their questions. This dynamic conversation centers challenges DEF CON attendees actually face, and is an opportunity to connect on common causes.
\n\n\'',NULL,614115),('2_Friday','18','17:30','21:30','Y','MISC','LVCC West/Floor 3/W307-W308','\'Ask the EFF\'','\'\'','MISC_c727e02df6e2f3aa4149b35c597adf5f','\'\'',NULL,614116),('2_Friday','19','17:30','21:30','Y','MISC','LVCC West/Floor 3/W307-W308','\'Ask the EFF\'','\'\'','MISC_c727e02df6e2f3aa4149b35c597adf5f','\'\'',NULL,614117),('2_Friday','20','17:30','21:30','Y','MISC','LVCC West/Floor 3/W307-W308','\'Ask the EFF\'','\'\'','MISC_c727e02df6e2f3aa4149b35c597adf5f','\'\'',NULL,614118),('2_Friday','21','17:30','21:30','Y','MISC','LVCC West/Floor 3/W307-W308','\'Ask the EFF\'','\'\'','MISC_c727e02df6e2f3aa4149b35c597adf5f','\'\'',NULL,614119),('3_Saturday','18','18:30','19:30','N','CON','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'Feet Feud (Hacker Family Feud)\'','\'\'','CON_e944509c1cc0ee704d2c11c5c8292f90','\'Title: Feet Feud (Hacker Family Feud)Feet Feud (Hacker Family Feud) is a Cybersecurity-themed Family Feud style game arranged by members of the OnlyFeet CTF team and hosted by Toeb3rius (aka Tib3rius). Both survey questions and their answers are crowd-sourced from the Cybersecurity community. Two teams (Left Foot and Right Foot) captained by members of OnlyFeet and comprised of audience members go head to head, trying to figure out the top answers to the survey questions.
\n\nAttendees can either watch the game or volunteer to play on one of the two teams. Audience participation is also encouraged if either of the two teams fails to get every answer of a survey question.
\n\nUltimately Feet Feud is about having a laugh, watching people in the industry attempt to figure out what randomly surveyed people from the Cybersecurity community put as answers to a number of security / tech related questions.
\n\n\'',NULL,614120),('3_Saturday','19','18:30','19:30','Y','CON','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'Feet Feud (Hacker Family Feud)\'','\'\'','CON_e944509c1cc0ee704d2c11c5c8292f90','\'\'',NULL,614121),('2_Friday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W303','\'Docker Exploitation Framework\'','\'Emmanuel Law,Rohit Pitke\'','DL_bc8645298fd42b03085afba46105505a','\'Title: Docker Exploitation FrameworkDocker Exploitation Framework is a cross-platform framework that is focused on attacking container environments (think Kubernetes, docker, etc). It can identify vulnerabilities, misconfigurations, and potential attack vectors. It also helps to automate different stages of a successful kill-chain through features such as:
\n\nEmmanuel Law (@libnex) has over a decade of security research experience. He has presented at various international conferences such as Black Hat USA Arsenal, Troopers, Kiwicon, Ruxcon etc. He has also released tools such as Shadow Workers for browser exploitation. He is currently working as a Senior Staff Security Engineer in San Francisco Bay Area.
\n\nSpeakerBio: Rohit PitkeRohit Pitke has been working in the security industry over a decade in various fields like application and infrastructure security, offensive security and security software development. He has presented in various conferences like AppSec USA, AppSec Rome, NullCon.
\n\n\n\'',NULL,614122),('2_Friday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W303','\'Docker Exploitation Framework\'','\'Emmanuel Law,Rohit Pitke\'','DL_bc8645298fd42b03085afba46105505a','\'\'',NULL,614123),('2_Friday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W303','\'distribRuted - Distributed Attack Framework\'','\'Ismail Melih Tas,Numan Ozdemir\'','DL_cbfa76c8730e852ec7ca5e765f4fdc3e','\'Title: distribRuted - Distributed Attack FrameworkPenetration testing tools often face limitations such as IP blocking, insufficient computing power, and time constraints. However, by executing these tests across a distributed network of hundreds of devices, these challenges can be overcome. Organizing such a large-scale attack efficiently is complex, as the number of nodes increases, so does the difficulty in orchestration and management. distribRuted provides the necessary infrastructure and orchestration for distributed attacks. This framework allows developers to easily create and execute specific distributed attacks using standard application modules. Users can develop their attack modules or utilize pre-existing ones from the community. With distribRuted, automating, managing, and tracking a distributed attack across hundreds of nodes becomes straightforward, thereby enhancing efficiency, reducing time and costs, and eliminating Single Point of Failure (SPoF) in penetration testing.
\n\nSpeakers:Ismail Melih Tas,Numan OzdemirMelih Tas is a VP in Application Security at a multi-national financial company in London, UK, and the founder and CEO of VulnHero and Siber Ninja, two cybersecurity startups. He has previously worked as a Senior Security Consultant at Synopsys, a Tech Lead at Garanti BBVA Bank, and a Security Researcher at Nortel-Networks Netas. Melih holds a Ph.D. in Cyber Security, has presented at renowned hacker conferences including DEF CON and Black Hat, and is a published academic author with a focus on VoIP security and Application Security.
\n\nSpeakerBio: Numan Ozdemir, Cybersecurity Researcher and Computer ProgrammerNuman Ozdemir is a cybersecurity researcher and computer programmer currently pursuing a degree in Mathematics and Computer Science. His research interests include blockchain and application security.
\n\n\n\'',NULL,614124),('2_Friday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W303','\'distribRuted - Distributed Attack Framework\'','\'Ismail Melih Tas,Numan Ozdemir\'','DL_cbfa76c8730e852ec7ca5e765f4fdc3e','\'\'',NULL,614125),('2_Friday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W303','\'Automated Control Validation with Tommyknocker\'','\'Jeremy Banker\'','DL_b99c31b85dd7561492555543c473f98f','\'Title: Automated Control Validation with TommyknockerTommyknocker is an open source project designed to facilitate automation of continuous security control validation, bringing some of the processes developers have been using for years for regressing testing, to the security world. It allows users to easily create test scenarios using docker images and standard scripts to perform one or more test actions, followed by the ability to easily check common tooling (SIEM, IDS, Log aggregators) for any expected alerts or log entries. Using Tommyknocker, security organizations can add test cases each time a new security control is created, so that any time a change is made in the environment, the continued functioning of existing controls can be validated. Many times, security organizations will only test controls when they are first implemented, and potentially a few times a year for audit purposes. With Tommyknocker, controls can be tested multiple times per day, ensuring that alerts are raised as soon as possible when a control ceases to function correctly, or is compromised by a threat actor.
\n\nSpeakerBio: Jeremy BankerJeremy is an accomplished software developer and lifelong hacker with a combined 10 years of experience in software development and cybersecurity. After working his way up from customer support, and earning a Master\'s degree in Information Security, Jeremy helped found the Security Product Engineering, Automation and Research group at VMware. Having spoken at both Blackhat Arsenal and Def Con Demolabs on his open source projects, he continues to be passionate about sharing new tools and technologies with the community. In his spare time, Jeremy enjoys gardening, camping, and tinkering with all manner of technology.
\n\n\n\'',NULL,614126),('2_Friday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W303','\'Automated Control Validation with Tommyknocker\'','\'Jeremy Banker\'','DL_b99c31b85dd7561492555543c473f98f','\'\'',NULL,614127),('2_Friday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W304','\'Zip It Up, Sneak It In - Introduction of apkInspector\'','\'Kaloyan Velikov,Leonidas Vasileiadis\'','DL_d82c3fd9763d664b6a80fa9bdba4f9ae','\'Title: Zip It Up, Sneak It In - Introduction of apkInspectorapkInspector is a tool designed to tackle Android APKs, helping to uncover and decode the evasive tactics used by malware. It can decompress APK entries and extract detailed information such as entry names and sizes, making it easy to analyze the contents of an app. The tool also processes and decodes Android XML (AXML) files into a human-readable format, all while considering the sneaky evasion tactics that malware might employ. apkInspector is able to also identify specific evasion techniques used by malware to bypass static analysis, providing crucial insights for security analysis. It is built to function both as a standalone command-line interface (CLI) for direct operations and as a library that can be integrated into other security tools, enhancing its utility and adaptability in various cybersecurity environments.
\n\nSpeakers:Kaloyan Velikov,Leonidas VasileiadisKaloyan Velikov is a security professional that has also been in the cybersecurity field for more than five years. While he is proficient in web application and network security pentesting, as well as various device assessments, in the recent years he has been busy learning the testing of mobile applications and device configurations. This led to a more focused specialization in pentesting on both the Android and iOS platforms. He is always eager to try new tools and see how they can be implemented into the penetration testing playbook. Kaloyan is always up for a challenge even if there is a skill gap and extra research will be required to proceed. He also loves to share the knowledge he has obtained, because it is great to help each other to succeed in our assignments.
\n\nSpeakerBio: Leonidas VasileiadisMeet Leonidas, an enthusiast in Android’s security landscape, a physicist with a double master\'s in cybersecurity and over five years of dedicated cybersecurity experience. He’s not just about flashy titles; he’s got the certifications to prove he can push buttons and hack the world. Passionate about web and mobile security, he loves building solutions with code. He’s a firm believer that sharing is caring and enjoys unraveling the complexities of cyber threats as much as he loves tackling riddles. Dive into his session to explore sneaky Android malware tricks, leaving equipped to spot and stop them like a pro.
\n\n\n\'',NULL,614128),('2_Friday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W304','\'Zip It Up, Sneak It In - Introduction of apkInspector\'','\'Kaloyan Velikov,Leonidas Vasileiadis\'','DL_d82c3fd9763d664b6a80fa9bdba4f9ae','\'\'',NULL,614129),('2_Friday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W304','\'BypassIT - Using AutoIT & Similar Tools for Covert Payload Delivery\'','\'Ezra Woods,Mike Manrod\'','DL_13ce746138f9bd82c6b7cf9d36c3674e','\'Title: BypassIT - Using AutoIT & Similar Tools for Covert Payload DeliveryBypassIT is a framework for covert delivery of malware, using AutoIT, AutoHotKey, and other Live off the Land (LotL) tools to deliver payloads and avoid detection. These techniques were derived from reversing attacks observed in the wild by DarkGate and other MaaS actors, revealing universal principles and methods useful for red teaming or internal testing. The framework will consist of a series of tools, techniques, and methods along with testing and reporting on effectiveness, as it relates to evading multiple specific antivirus products.
\n\nSpeakers:Ezra Woods,Mike ManrodEzra Woods is a recent cybersecurity graduate from Grand Canyon University, working as an Information Security Analyst for Arizona\'s Department of Economic Security. Captain of Grand Canyon University\'s collegiate cyber defense team, and Team Lead for the Arizona Cyber Threat Response Alliance\'s Threat Intelligence Support Unit (TISU).
\n\nSpeakerBio: Mike Manrod, Chief Information Security Officer at Grand Canyon EducationMike serves as the Chief Information Security Officer for Grand Canyon Education, responsible for leading the security team and formulating the vision and strategy for protecting students, staff, and information assets across the enterprise. He also serves as Adjunct Faculty for Grand Canyon University, teaching Malware Analysis and Threat Intelligence. Previous experiences include serving as a threat prevention engineer for Check Point and working as a consultant and analyst for other organizations.
\n\n\n\'',NULL,614130),('2_Friday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W304','\'BypassIT - Using AutoIT & Similar Tools for Covert Payload Delivery\'','\'Ezra Woods,Mike Manrod\'','DL_13ce746138f9bd82c6b7cf9d36c3674e','\'\'',NULL,614131),('2_Friday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W304','\'HIDe & SEEK\'','\'Jonathan Fischer,Matthew Richard\'','DL_0d4e905a7c8011c179317609d0d5b082','\'Title: HIDe & SEEKThe Injectyll-HIDe project (released at DEF CON 30) is back and better than ever! The hardware implant utilizes the same standard features that you have come to know and love (keystroke recording, keystroke injection, mouse jiggler, etc.) but it has evolved into so much more. The functionality has been steadily growing over its initial release to offer users even more tools! But wait, there’s more! We’re proud to show off the new SEEK shields this year at the CON! Tired of running a covert mesh network? Want to try out new RF technologies? We’ve added LoRa and LoRaWAN to the mix as well! These shields are field swappable and work with the existing C2 and implant code to give you the versatility that you need to continue evading detection. Attendees should be prepared to flip 0ut over these features, as well as some new additions to the project that we will be announcing at DEF CON. Who’s ready for a high stakes game of hacker’s HIDe and SEEK?
\n\nSpeakers:Jonathan Fischer,Matthew RichardJonathan Fischer (a.k.a. c4m0ufl4g3) is a hardware and IoT security enthusiast that started off designing, programming, and implementing electronic controls for industrial control systems and off-highway machinery. After a decade in that industry, Jonathan obtained his BS in Computer Science and transitioned over to the cyber security industry where he has been working as a Red Team consultant and researcher for more than seven years at a Fortune 500 company. Since joining the cyber security industry, Jonathan has earned various industry certifications (OSCP, GXPN, etc.) and continues to leverage his unique experience in his research into hardware hacking. Jonathan has presented his research at conferences such as DEF CON Demo Labs, ShmooCon, THOTCON, BSides LV, and Hardware Hacking Village. He is also the co-creator of Injectyll-HIDe, an open-source hardware implant designed for use by red teams.
\n\nSpeakerBio: Matthew RichardMatthew Richard is a software developer that enjoys coding in low level languages. His favorite text editor is Neovim. As an average Neovim enjoyer he is obligated to stand on the side of Vi in the text editor war, but chooses to be on the side of Ed to make everyone equally unhappy. His operating system of choice is NixOS... by the way. :)
\n\n\n\'',NULL,614132),('2_Friday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W304','\'HIDe & SEEK\'','\'Jonathan Fischer,Matthew Richard\'','DL_0d4e905a7c8011c179317609d0d5b082','\'\'',NULL,614133),('2_Friday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W305','\'Volatile Vault - Data Exfiltration in 2024\'','\'Moritz Laurin Thomas,Patrick Eisenschmidt\'','DL_119e743d254bc28d35dc4ceab24dbc9c','\'Title: Volatile Vault - Data Exfiltration in 2024In red team operations, selecting the right tools for data exfiltration is critical, yet comes with obstacles such as triggering Data Exfiltration Prevention (DEP) systems. We present \"Volatile Vault\" as a solution, a custom-built platform tailored to evade DEP detection. Our tool encrypts the data on the client-side and then provides a modular approach for uploading said data. Some of the currently implemented upload strategies are chunked HTTP uploads to multiple domain fronted endpoints (AWS) or QUIC as an alternative protocol.
\n\nSpeakers:Moritz Laurin Thomas,Patrick EisenschmidtMoritz is a senior red team security consultant at NVISO ARES (Adversarial Risk Emulation & Simulation). He focuses on research & development in red teaming to support, enhance and extend the team’s capabilities in red team engagements of all sorts. Before joining the offensive security community, Moritz worked on a voluntary basis as a technical malware analyst for a well-known internet forum with focus on evading detections and building custom exploits. When he isn’t infiltrating networks or exfiltrating data, he is usually knees deep in research and development, dissecting binaries and developing new tools.
\n\nSpeakerBio: Patrick Eisenschmidt, Red Team Lead at NVISO ARESPatrick has gained extensive experience in the offensive security domain. Currently, he serves as the Red Team Lead at NVISO ARES (Adversarial Risk Emulation & Simulation). In this role, he supervises a team of operators and directs both high-profile Red Team operations and Tiber/TLPT Assessments. Beyond leadership, Patrick actively participates in crafting intricate spear phishing campaigns and boosts the Red Team\'s effectiveness by developing and maintaining open-source methodologies and tools.
\n\n\n\'',NULL,614134),('2_Friday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W305','\'Volatile Vault - Data Exfiltration in 2024\'','\'Moritz Laurin Thomas,Patrick Eisenschmidt\'','DL_119e743d254bc28d35dc4ceab24dbc9c','\'\'',NULL,614135),('2_Friday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W305','\'Tengu Marauder\'','\'Leonardo Serrano,Lexie Thach\'','DL_d1895d4d92747a8f2fd078de134189c7','\'Title: Tengu MarauderThe Tengu Marauder, derived from a previous security drone project, is a portable wheeled robot equipped with an ESP32 Marauder, currently in its testing phase. Designed for simplicity and efficiency, the Tengu Marauder serves as an alternative and interactive tool for WiFi network security testing. Its capabilities include WiFi scanning, deauthentication attacks, packet sniffing, and other wireless security tests. The compact design ensures ease of construction and maintenance using readily available parts and straightforward code integration. Essentially an advanced RC robot, the Tengu Marauder operates headless via XBee, providing a fun and engaging platform for testing the security of network-controlled devices over WiFi, such as IoT smart home devices and smaller WiFi-controlled drones like the Ryze Tello. This project would not have been possible without the development help, test runs, and support from the Philadelphia RAICES organization, the Philadelphia DEFCON group, and DeciSym.AI.
\n\nSpeakers:Leonardo Serrano,Lexie ThachLeonardo Serrano is a dedicated community organizer who spends his time learning more about the cyberz, connecting people, and supporting cool projects. His focus is primarily on threat modeling and the intersection of security architecture, process, and decision-making. Leo runs a hackerspace in Philadelphia called “The Tooolbox” with his partners where he hopes to showcase the amazing hackers who call Philadelphia home.
\n\nSpeakerBio: Lexie ThachLexie Thach has worked in cybersecurity for ten years in various positions. During this time, I developed a strong affinity for electrical engineering, programming, and robotics engineering. Despite not having a traditional academic background, I have extensive hands-on experience from my eight years in the US Air Force, specializing in cybersecurity and tactical networks for aircraft missions and operations. My focus on securing and testing the security of autonomous systems stems from these experiences, and I am passionate about sharing the techniques I have learned. Currently I run a local hackerspace in Philadelphia in support of DC215 called The Tooolbox where anyone can come to learn new hacking tools, try to build offensive or defensive security robots and we have 3D printers on standby for any prototyping people want.
\n\n\n\'',NULL,614136),('2_Friday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W305','\'Tengu Marauder\'','\'Leonardo Serrano,Lexie Thach\'','DL_d1895d4d92747a8f2fd078de134189c7','\'\'',NULL,614137),('2_Friday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W305','\'SCAGoat - Exploiting Damn Vulnerable SCA Application\'','\'Hare Krishna Rai,Prashant Venkatesh\'','DL_7b96db2c10042d1826a9203bb6a02ce3','\'Title: SCAGoat - Exploiting Damn Vulnerable SCA ApplicationSCAGoat is a deliberately insecure web application designed for learning and testing Software Composition Analysis (SCA) tools. It offers a hands-on environment to explore vulnerabilities in Node.js and Java Springboot applications, including actively exploitable CVEs like CVE-2023-42282 and CVE-2021-44228 (log4j). This application can be utilized to evaluate various SCA and container security tools, assessing their capability to identify vulnerable packages and code reachability. As part of our independent research, the README includes reports from SCA tools like semgrep, snyk, and endor labs. Future research plans include incorporating compromised or malicious packages to test SCA tool detection and exploring supply chain attack scenarios.
\n\nSpeakers:Hare Krishna Rai,Prashant VenkateshAs a Product Security Engineer, Hare Krishna Rai\'s passion for cybersecurity drives him to excel in various areas. He specializes in conducting penetration testing, actively participates in security Capture The Flag (CTF) competitions, and performs code reviews to ensure secure code development. His expertise extends to leveraging Static Application Security Testing (SAST) techniques in languages like Java, Python, JavaScript, JSP, among others.
\n\nSpeakerBio: Prashant Venkatesh, Manager, Product SecurityPrashant Venkatesh is an information security expert with over 20 years of experience. He presently works as Manager, Product Security at an ecommerce company. Prashant is an enthusiastic participant in the field who consistently coordinates, reviews papers, and presents his work at numerous InfoSec conferences, including Blackhat Nullcon and c0c0n. He is also active through the OWASP Bay Area chapter Leadership and is co-founder of the annual Seasides Conference in India.
\n\n\n\'',NULL,614138),('2_Friday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W305','\'SCAGoat - Exploiting Damn Vulnerable SCA Application\'','\'Hare Krishna Rai,Prashant Venkatesh\'','DL_7b96db2c10042d1826a9203bb6a02ce3','\'\'',NULL,614139),('2_Friday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W306','\'Bluetooth Landscape Exploration & Enumeration Platform (BLEEP)\'','\'Paul Wortman\'','DL_a9eec34216b1694807070a674a600290','\'Title: Bluetooth Landscape Exploration & Enumeration Platform (BLEEP)The purpose of the tool platform is to provide both novice and experienced Bluetooth researchers a “swiss-army knife” for device exploration and enumeration. The Bluetooth Landscape Exploration & Enumeration Platform (BLEEP) is capable of discovering Bluetooth Low Energy (BLE) devices, connecting to them, and enumerating the device as well. BLEEP leverages Python3, BlueZ, and the Linux D-Bus to provide a terminal user interface for identifying and interacting with BLE implements. The I/O capabilities of the toolset include read I/O, performing writes, and capturing of notification signals. The purpose of using these low-level libraries is to maintain small granularity control over the interactivity between BLEEP and the BLE environment.
\n\nSpeakerBio: Paul WortmanDr. Wortman has a PhD in Electrical and Computer Engineering from the University of Connecticut with research that ranged from network analysis to cyber security risk evaluation. He now focuses on Bluetooth protocol and devices research.
\n\n\n\'',NULL,614140),('2_Friday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W306','\'Bluetooth Landscape Exploration & Enumeration Platform (BLEEP)\'','\'Paul Wortman\'','DL_a9eec34216b1694807070a674a600290','\'\'',NULL,614141),('2_Friday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W306','\'Skynet\'','\'Craig Chamberlain,Rewanth Tammana\'','DL_f4e54b9f1961a0a7d47eee8815449018','\'Title: SkynetSkynet is an AI project (just kidding.) It is meant to be a sort of unified theory of detection, enabling us to plot any detection artifact types on screen around an entity and decision them faster and more accurately. While plotting alert sets, attack trees, and kill chains has been done, for the presentation of alert sets and cases, we are planning to use graphing as the primary presentation, triage and decisioning mechanism, at scale, using a novel combination of heuristics and machine learning. It is an alert manager made by users, for users.
\n\nSpeakers:Craig Chamberlain,Rewanth TammanaCraig Chamberlain has been working on threat hunting and detection for most of his life and has contributed to several SIEM-like products you may have used. Most of them had unnecessarily simple alert pages and workflow, which makes him sad, and this is his attempt to put things right. He has presented at numerous conferences including the SANS Threat Hunting Summit; RSA 2024; CactusCon; the ISC2 Congress; SOURCE Boston; and several B-Sides conferences in Washington DC, San Francisco, NoVA, Boston, and Rochester.
\n\nSpeakerBio: Rewanth TammanaRewanth Tammana is a security ninja, open-source contributor, and an independent consultant. Previously, Senior Security Architect at Emirates NBD National Bank of Dubai). He is passionate about DevSecOps, Cloud, and Container Security. He added 17,000+ lines of code to Nmap. Rewanth speaks and delivers training at numerous security conferences worldwide. He was recognized as one of the MVP researchers on Bugcrowd (2018), published an IEEE research paper on ML and security, and more.
\n\n\n\'',NULL,614142),('2_Friday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W306','\'Skynet\'','\'Craig Chamberlain,Rewanth Tammana\'','DL_f4e54b9f1961a0a7d47eee8815449018','\'\'',NULL,614143),('2_Friday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W306','\'Garak\'','\'Erick Galinkin,Leon Derczynski\'','DL_22418485c4e7451b8bf4611b5fdc4b80','\'Title: GarakGarak, Generative AI Red-teaming and Assessment Kit, is a vulnerability scanner for large language models (LLMs) and dialogue systems. It has a host of different probes, each working on different vulnerabilities and payloads. It connects to a broad range of different LLMs. The attacks range between static tests of fixed prompts, to dynamically assembled prompts, to probes that respond to existing model behavior when working out their next move. Community contribution plays a big part of Garak already, with an active repo & over 300 members in the Discord. Garak can assess and attack anything that takes text and returns text, and is already used by many industry players in assessment of internal and external models, including NVIDIA and Microsoft as well as a range of emerging AI Security startups; it’s the #1 ranked tool for LLM security on Hackernews. But we think it’s mostly a lot of fun.
\n\nSpeakers:Erick Galinkin,Leon DerczynskiErick Galinkin is a Research Scientist at NVIDIA working on the security assessment and protection of large language models. Previously, he led the AI research team at Rapid7 and has extensive experience working in the cybersecurity space. He is an alumnus of Johns Hopkins University and holds degrees in applied mathematics and computer science. Outside of his work, Erick is a lifelong student, currently at Drexel University and is renowned for his ability to be around equestrians.
\n\nSpeakerBio: Leon Derczynski, Principal Research Scientist, LLM Security at NVIDIALeon Derczynski is principal research scientist in LLM Security at NVIDIA and prof in natural language processing at ITU Copenhagen. He’s on the OWASP LLM Top 10 core team, and consults with governments and supranational bodies. He co-wrote a paper on how LLM red teaming is like demon summoning, that you should definitely read. He’s been doing NLP since 2005, deep learning since it was more than one layer, and LLM security for about two years, which is almost a lifetime in this field. Finally, Prof. Derczynski also contributes to ML Commons, and regularly appears in national and international media.
\n\n\n\'',NULL,614144),('2_Friday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W306','\'Garak\'','\'Erick Galinkin,Leon Derczynski\'','DL_22418485c4e7451b8bf4611b5fdc4b80','\'\'',NULL,614145),('2_Friday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W307','\'Nebula - 3 Years of Kicking *aaS and Taking Usernames\'','\'Bleon Proko\'','DL_0c19920ceb8bbc1222acd85178f4926c','\'Title: Nebula - 3 Years of Kicking *aaS and Taking UsernamesCloud Penetration Testing has become a hot topic in the offensive community, as the cloud based infrastructures have been slowly taking the place on-prem ones used to have. This requires a tool to help with it. Nebula is a cloud Pentest Framework, which offers reconnaissance, enumeration, exploitation, post exploitation on AWS, Azure, DigitalOcean and above all opportunity to extend even more. It is built modulary for each provider and each attack, allowing for a diversity in attack surface. This coupled with the client-server architecture, allows for a collaborated team assessment of a hybrid cloud environment.
\n\nSpeakerBio: Bleon ProkoBleon Proko is an info-sec passionate about Infrastructure Penetration Testing and Security, including Active Directory, Cloud (AWS, Azure, GCP, Digital Ocean), Hybrid Infrastructures, as well as Defense, Detection and Thread Hunting. He has presented in conferences like BlackHat and BSides on topics related to Cloud Penetration Testing and Security. His research include Nebula, a Cloud Penetration Testing Framework (https://github.com/gl4ssesbo1/Nebula) and other blogs, which you can also find on his blog (blog.pepperclipp.com). He is also the author of the upcoming book \"Deep Dive into Clouded Waters: An overview in Digital Ocean\'s Pentest and Security\" (https://leanpub.com/deep-dive-into-clouded-waters-an-overview-in-digitaloceans-pentest-and-security)
\n\n\n\'',NULL,614146),('2_Friday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W307','\'Nebula - 3 Years of Kicking *aaS and Taking Usernames\'','\'Bleon Proko\'','DL_0c19920ceb8bbc1222acd85178f4926c','\'\'',NULL,614147),('2_Friday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W307','\'The World Wide Paraweb\'','\'Nathan Sidles\'','DL_65e4b901098d95b71da050e0a66bb596','\'Title: The World Wide ParawebParaweb empowers people to publish and surf invisibly on a World Wide Web without the telltale traffic patterns that can betray our use of Tor and VPNs to network monitors. Paraweb is a wide-area hypermedia information retrieval initiative that combines steganography and open Web 1.0-inspired protocols to hijack and embed itself as a parasitic communications network inside existing social network websites like Tumblr, Instagram, and Reddit. Paraweb publishers can steganographically encode HTML-based, para-hyperlinked sites within innocuous media, then post those media on social network sites indistinguishably from benign content creators. Paraweb surfers can traverse these media as benign social network users, decoding the contents of para-sites as they appear normally in their searches, traversals, and feeds. Paraweb traffic is designed to blend indistinguishably with normal Web 2.0 and social network traffic, enabling Paraweb netizens to “hide in plain sight.” Paraweb’s loose and open-source combination of steganography and web-based protocols extends the hard-shell defenses of the encrypted web to the realms of deniability and stealth.
\n\nSpeakerBio: Nathan SidlesNathan Sidles is a person.
\n\n\n\'',NULL,614148),('2_Friday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W307','\'The World Wide Paraweb\'','\'Nathan Sidles\'','DL_65e4b901098d95b71da050e0a66bb596','\'\'',NULL,614149),('2_Friday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W307','\'XenoboxX - Hardware Sandbox Toolkit\'','\'Cesare Pizzi\'','DL_6f5036a428c7dd5360ed977b041a1b13','\'Title: XenoboxX - Hardware Sandbox ToolkitMalware frequently employs anti-VM techniques, which can vary in their difficulty to detect and counteract. While integrating anti-detection measures in our labs is a frequently used option, we should also consider using a real hardware sandbox, even if this sounds weird. By leveraging the awesome PCILeech project and DMA hardware access, XenoboxX provides a suite of tools for analysis tasks, such as dumping dynamically allocated memory and searching for IoC. These tools allow us to inject code at kernel level through DMA, making detection significantly more challenging and giving a new perspective to the analysis.
\n\nSpeakerBio: Cesare Pizzi, Security Researcher, Analyst, and Technology EnthusiastCesare Pizzi is a Security Researcher, Analyst, and Technology Enthusiast. Mainly focused on low level programming, he developed a lot of OpenSource software, sometimes hardware related (USBvalve) and sometimes not.
\n\nDoing a lot of reverse engineering too. He likes to share his job when possible (at Defcon, Insomni\'hack, Nullcon. etc). Contributor of several OS Security project (Volatility, OpenCanary, PersistenceSniper, Speakeasy, CETUS, TinyTracer, etc) and CTF player.
\n\n\n\'',NULL,614150),('2_Friday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W307','\'XenoboxX - Hardware Sandbox Toolkit\'','\'Cesare Pizzi\'','DL_6f5036a428c7dd5360ed977b041a1b13','\'\'',NULL,614151),('2_Friday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W308','\'Cloud Offensive Breach and Risk Assessment (COBRA)\'','\'Anand Tiwari,Harsha Koushik\'','DL_1a3578bb0b0fa1dca25bf4508e1ccf57','\'Title: Cloud Offensive Breach and Risk Assessment (COBRA)Cloud Offensive Breach and Risk Assessment (COBRA) is an open-source tool designed to empower users to simulate attacks within multi-cloud environments, offering a comprehensive evaluation of security controls. By automating the testing of various threat vectors including external and insider threats, lateral movement, and data exfiltration, CNBAS enables organizations to gain insights into their security posture vulnerabilities. CNBAS is designed to conduct simulated attacks to assess an organization\'s ability to detect and respond to security threats effectively.
\n\nSpeakers:Anand Tiwari,Harsha KoushikAnand Tiwari is an information security professional with a strong technical background working as a Product Manager (PM), focusing on the more technical aspects of a cloud security product. He tries to fill it in by doing in-depth technical research and competitive analysis, given business issues, strategy, and a deep understanding of what the product should do and how the products actually work. He has authored ArcherySec—an open source-tool and has presented at BlackHat, DEF CON USA, and HITB conferences. He has successfully given workshops at many conferences such as DevOpsDays Istanbul, Boston.
\n\nSpeakerBio: Harsha KoushikHarsha Koushik is a security engineer and researcher, passionate about securing digital systems. Specializing in Cloud-Native Application Platform Protection (CNAPP), tackling emerging cyber threats while working at large scales. Additionally, Harsha hosts the security podcast \'Kernel-Space,\' exploring insightful discussions on the latest trends and issues in cybersecurity.
\n\n\n\'',NULL,614152),('2_Friday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W308','\'Cloud Offensive Breach and Risk Assessment (COBRA)\'','\'Anand Tiwari,Harsha Koushik\'','DL_1a3578bb0b0fa1dca25bf4508e1ccf57','\'\'',NULL,614153),('2_Friday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W308','\'Serberus\'','\'Patrick Kiley\'','DL_03079d13ee1708fbf309e3fe17d9e1c0','\'Title: SerberusThe Serberus is a serial Man-in-the-Middle hardware hacking tool designed to connect to embedded devices . It has 4 channels and has headers to interface with up to 3 UARTs simultaneously and also has the ability to connect to JTAG, SPI, I2C and SWD interfaces. During this talk I will introduce the Serberus and what makes it different than other, similar tools. It has a level shifter and switch to allow you to connect to logic voltages of 1.8, 2.5 and 3.3v or any arbitrary voltage between 1.65v and 5.5v, matching that of your target. The Serberus is unique in that it was designed to use open source tools like the Akheron proxy in order to MitM serial communications. I will demonstrate the Serberus connecting to a wifi router, to a JTAG, I2C or SPI target and I will also show the MitM capabilities on the serial connection between an aircraft transponder and its avionics system. The Serberus project is free and open source with all board layouts, gerbers and schematics published.
\n\nSpeakerBio: Patrick Kiley, Principal Consultant at MandiantPrincipal Consultant at Mandiant (a division of Google Cloud) has over 20 years of information security experience working with both private sector employers and the Department of Energy/National Nuclear Security Administration (NNSA). Patrick has spoken at DEF CON, BlackHat, Bsides and RSA. Patrick can usually be found in the Car Hacking or Aerospace village where he volunteered for several years. His passion is embedded systems security and has released research in Avionics, embedded systems and even bricked his own Tesla while trying to make it faster.
\n\n\n\'',NULL,614154),('2_Friday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W308','\'Serberus\'','\'Patrick Kiley\'','DL_03079d13ee1708fbf309e3fe17d9e1c0','\'\'',NULL,614155),('2_Friday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W308','\'Hopper - Distributed Fuzzer\'','\'Luciano Remes,Wade Cappa\'','DL_ed156ab2077bc2663b7d78d5b086cf3d','\'Title: Hopper - Distributed FuzzerHopper is a Coverage-Guided Greybox Distributed Fuzzer, inspired by AFL++, and written in Golang. Like other fuzzers, Hopper operates as a standard command-line interface tool, allowing you to run fuzz campaigns to find vulnerabilities and exploits in software. Hopper\'s mutation algorithm, energy assigning strategy, and out-of-process coverage gathering, are all inspired by AFL++, the current state of the art fuzzer. However, Hopper\'s distributed strategy differs substantially than AFL++ in an attempt to define a new distributed fuzzing paradigm. AFL++ and LibFuzzer have clear scaling limitations in larger environments, notably the AFL++’s rudimentary multi-machine mode. As an early prototype, Hopper addresses these limitations by implementing a deduplicating communication schema that establishes a consistency invariant, minimizing repeated work done by fuzzing nodes. Hopper is a standalone, new piece of software developed from scratch in the spirit of exploration, this is not yet another python plugin/extension for AFL++. Hopper is currently available on GitHub, including containerized runnable campaign demos. Tooling and observability are first class features, in the form of a TUI to monitor fuzzing campaigns, usage docs, and quick-start scripts for orchestrating fuzz campaigns.
\n\nSpeakers:Luciano Remes,Wade CappaLuciano Remes received a B.S. in Computer Science from the University of Utah, where he did 2 years of grant-funded Systems research under the FLUX Research Group, finally working on his Thesis Hopper: Distributed Fuzzer. During this time, he also interned at AWS EC2 and Goldman Sachs SPARC infrastructure teams, as well as a few startups including Blerp and Basecamp. Currently, he\'s a Software Engineer at Palantir Technologies building distributed network infrastructure.
\n\nSpeakerBio: Wade Cappa, Software Engineer at Palantir TechnologiesWade Cappa recently graduated from Washington State University with a B.S in Computer Science and is now working at Palantir Technologies as a Software Engineer on distributed data systems. He previously worked at Microsoft in the Semantic Machines department, creating a dynamically linked debugging utility for an internal use tooling language. In his freetime he is working with a high-performance-computing research group on a cutting edge distributed strategy for approximating submodular monotonic optimizations.
\n\n\n\'',NULL,614156),('2_Friday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W308','\'Hopper - Distributed Fuzzer\'','\'Luciano Remes,Wade Cappa\'','DL_ed156ab2077bc2663b7d78d5b086cf3d','\'\'',NULL,614157),('3_Saturday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W303','\'Maestro\'','\'Chris Thompson\'','DL_084e6518193fd70288867a239a56b0a5','\'Title: MaestroMaestro is a post-exploitation tool designed to interact with Intune/EntraID from a C2 agent on a user\'s workstation without requiring knowledge of the user\'s password or Azure authentication flows, token manipulation, and web-based administration console. Maestro makes interacting with Intune and EntraID from C2 much easier, as the operator does not need to obtain the user\'s cleartext password, extract primary refresh token (PRT) cookies from the system, run additional tools or a browser session over a SOCKS proxy, or deal with Azure authentication flows, tokens, or conditional access policies in order to execute actions in Azure on behalf of the logged-in user. Maestro enables attack paths between on-prem and Azure. For example, by running Maestro on an Intune admin\'s machine, you can execute PowerShell scripts on any enrolled device without ever knowing the admin\'s credentials!
\n\nSpeakerBio: Chris Thompson, Principal Consultant at SpecterOpsChris Thompson (@_Mayyhem) is a Principal Consultant at SpecterOps, where he conducts red team operations, research, tool development, and training. Chris has instructed at Black Hat USA/EU and spoken at Arsenal, DEF CON Demo Labs, SO-CON, and Troopers. He is the primary author of Maestro and SharpSCCM and co-author of Misconfiguration Manager, an open-source tool and knowledge base that can be used to help demonstrate, mitigate, and detect attacks that abuse Microsoft Configuration Manager (formerly SCCM).
\n\n\n\'',NULL,614158),('3_Saturday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W303','\'Maestro\'','\'Chris Thompson\'','DL_084e6518193fd70288867a239a56b0a5','\'\'',NULL,614159),('3_Saturday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W303','\'Open Hardware Design for BusKill Cord\'','\'Melanie Allen\'','DL_068f761f4c2e9eaf3ef6d4ad9755f69b','\'Title: Open Hardware Design for BusKill CordAn open hardware design for BusKill cables that uses 3D printing and easily sourceable components. BusKill cables are hardware Dead Man’s Switches that use USB events to trigger a laptop to lock, shutdown, or self-destruct when the laptop is physically separated from the operator.
\n\nSpeakerBio: Melanie AllenMelanie Allen is a 3D-printing enthusiast and volunteer hardware developer with the BusKill project.
\n\n\n\'',NULL,614160),('3_Saturday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W303','\'Open Hardware Design for BusKill Cord\'','\'Melanie Allen\'','DL_068f761f4c2e9eaf3ef6d4ad9755f69b','\'\'',NULL,614161),('3_Saturday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W303','\'MITRE Caldera for OT\'','\'Blaine Jeffries,Devon Colmer\'','DL_2cfb66d8b4680182aaa1ef32c2f56da4','\'Title: MITRE Caldera for OTCaldera for Operational Technology (C4OT) is an extension to the open-source Caldera adversary emulation platform. Adversary emulation has long helped defenders of information systems exercise and improve their cyber defenses by using real adversary techniques. While Caldera has been out since 2021, C4OT was released September 2023. Specifically, C4OT exposes native OT protocol functions to Caldera. The initial release of C4OT supported three popular OT protocols (Modbus, BACnet, and DNP3). Since then, we have added support for two more protocols (IEC61850 and Profinet). Today, we are actively working on support for the space protocol GEMS. By utilizing Caldera and the C4OT plugins, end-users can emulate threat activity across both Enterprise and Operational networks with ease.
\n\nSpeakers:Blaine Jeffries,Devon ColmerBlaine Jeffries is an Operational Technology Security Engineer at MITRE with a focus on defensive cybersecurity research, threat intelligence and adversary emulation. At MITRE, Blaine currently serves as a co-lead of Caldera for OT and supports a variety of DoD and government sponsors. Prior to joining MITRE, Blaine served in the US Air Force as a Cyberspace Operations Officer. Currently he holds degrees in Electrical Engineering and Cyberspace Operations.
\n\nSpeakerBio: Devon Colmer, Cybersecurity Engineer, Critical Infrastructure Protection Innovation Center at MITRE CorpDevon Colmer is a Cybersecurity Engineer in MITRE’s Critical Infrastructure Protection Innovation Center, working principally in OT adversary emulation and detection engineering. Prior to joining MITRE, Devon served as a Submarine Officer in the US Navy. He has led the development of OT plugins for MITRE’s adversary emulation platform, Caldera, and is currently researching a common data model for OT protocols.
\n\n\n\'',NULL,614162),('3_Saturday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W303','\'MITRE Caldera for OT\'','\'Blaine Jeffries,Devon Colmer\'','DL_2cfb66d8b4680182aaa1ef32c2f56da4','\'\'',NULL,614163),('3_Saturday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W304','\'Tempest\'','\'Kirk Trychel\'','DL_ded1c0264b7dd87e3fe9732889715d5e','\'Title: TempestTempest is a command and control framework written in 100% Rust. It began as a research project and personal challenge, but has grown into a very effective c2 framework. The original concept was to write a simple yet effective c2 framework, and design continues to focus on this simple goal. Because it started out as a research project with a learning goal, the framework is not directly based on any existing c2 frameworks and the vast majority of code will not be found anywhere else.
\n\nSpeakerBio: Kirk Trychel, Senior Red Team Engineer at Box.comKirk Trychel is a Senior Red Team Engineer with Box.com and a lifelong hacker. He has lead Red Teams with the Department of Defense, Secureworks Adversary Group, and CrowdStrike Adversary Emulations. Always eager to hack the newest technology, Kirk has produced original research across many areas of offensive security. His diverse experience combines with a passion to understand and expand attack surfaces, and do what defenders have not considered. Besides breaching systems, Kirk loves sharing his knowledge with the community and helping enhance organizations’ security posture.
\n\n\n\'',NULL,614164),('3_Saturday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W304','\'Tempest\'','\'Kirk Trychel\'','DL_ded1c0264b7dd87e3fe9732889715d5e','\'\'',NULL,614165),('3_Saturday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W304','\'The Metasploit Framework v6.4\'','\'Jack Heysel,Spencer McIntyre\'','DL_7eb8537941c559e934cf4ba6e19eba4c','\'Title: The Metasploit Framework v6.4The Metasploit Framework released version 6.4 earlier this year, including multiple improvements to Kerberos-related attack workflows. The latest changes added support for forging diamond and sapphire tickets, as well as dumping tickets from compromised hosts. Metasploit users can now exploit unconstrained delegation in Active Directory environments for privilege escalation as well as use pass-the-ticket authentication for the Windows secrets dump module. These new Kerberos improvements increase the ways in which tickets can be forged, gathered, as well as used. Additionally, Metasploit has added support for new protocol based sessions, allowing users to interact with targets without uploading payloads, thus increasing their evasive capabilities. These new sessions can be established to database, SMB and LDAP servers. Once opened, they enable users to interact and run post modules with them, all without running a payload on the remote host. Finally, version 6.4 includes a complete overhaul of how Metasploit handles its own DNS queries. These improvements ensure that users pivoting their traffic over compromised hosts are not leaking their queries and offer a high degree of control over how queries should be resolved. This demonstration will cover these latest improvements and show how the changes can be combined for new, streamlined attack workflows using the latest Metasploit release.
\n\nSpeakers:Jack Heysel,Spencer McIntyreJack Heysel is a Senior Security Researcher at Rapid7, where he contributes to and helps maintain the Metasploit Framework. Jack started at Rapid7 in 2016 working on their vulnerability management solution. He transitioned to the Metasploit team in 2021 and has been happily writing and reviewing exploits ever since. While AFK, Jack enjoys exploring the mountains and outdoors that surround his home.
\n\nSpeakerBio: Spencer McIntyre, Security Research Manager at Rapid7Spencer McIntyre is a Security Research Manager at Rapid7, where he works on the Metasploit Framework. He has been contributing to Metasploit since 2010, a committer since 2014, and a core team member at Rapid7 since 2019. Previously, Spencer worked at a consulting firm working with clients from various industries, including healthcare, energy, and manufacturing. He is an avid open-source contributor and comic book reader.
\n\n\n\'',NULL,614166),('3_Saturday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W304','\'The Metasploit Framework v6.4\'','\'Jack Heysel,Spencer McIntyre\'','DL_7eb8537941c559e934cf4ba6e19eba4c','\'\'',NULL,614167),('3_Saturday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W304','\'Vovk - Advanced YARA Rule Generator v2.0\'','\'Benjamyn Whiteman,Vishal Thakur\'','DL_43f6329b7b39c29be932b64ab5117a1f','\'Title: Vovk - Advanced YARA Rule Generator v2.0Vovk is a toolset that can be used to create YARA rules. The Vovk DEF CON 2024 version will be released at DEF CON.
\n\nSpeakers:Benjamyn Whiteman,Vishal ThakurBenjamyn Whiteman has worked in the InfoSec industry for the past 7 years in roles that include Security Engineering, Forensics Analysis and Global CSIRTs. Ben regularly presents his research at internal company summits and security conferences. Ben has been training and mentoring new cyber security professionals for a few years now and also presented his research at HackSydney 2022 and 2023. Currently, Ben is a part of the Global CSOC for TikTok USDS as the Lead Analyst at Sydney, Australia.
\n\nSpeakerBio: Vishal Thakur, Senior Director, Cyber Fusion Center at TikTok USDSVishal Thakur has worked in the information security industry for many years in hands-on technical roles, specializing in Incident Response with a heavy focus on Emerging Threats, Malware Analysis and Research. He has presented his research at international conferences (BlackHat, DEFCON, FIRST, SANS DFIR Summit) and has also run training/workshops at some of these conferences. Vishal is currently working as Senior Director, Cyber Fusion Center at TikTok USDS. In past roles, Vishal worked as a Senior Researcher at Salesforce, helping their Incident Response Centre with advanced threat analysis and developing DFIR tools and has been a part of the Incident Response team at the Commonwealth Bank of Australia. For the past few years, Vishal has been involved in ML and AI security and has been researching this subject.
\n\n\n\'',NULL,614168),('3_Saturday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W304','\'Vovk - Advanced YARA Rule Generator v2.0\'','\'Benjamyn Whiteman,Vishal Thakur\'','DL_43f6329b7b39c29be932b64ab5117a1f','\'\'',NULL,614169),('3_Saturday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W305','\'5Ghoul Framework - 5G NR Attacks & 5G OTA Fuzzing\'','\'Matheus Eduardo Garbelini,Sudipta Chattopadhyay\'','DL_68dcc1e397c9fe0ee2cdeeb2a98ef693','\'Title: 5Ghoul Framework - 5G NR Attacks & 5G OTA Fuzzing5Ghoul Fuzzer is an over-the-air security testing tool and fuzzing framework that leverages a rogue 5G NR base station to systematically create test cases targeting 5G-capable smartphones or Qualcomm USB-based modems. Moreover, such framework contains test case scripts to launch attacks exploiting 10 implementation-level vulnerabilities ranging from DoS to Downgrades that affect commercial 5G modems from major chipset vendors such as Qualcomm and MediaTek. The tool is released open sourced, but it is also continuously experimented with newer devices. For example, there are two more 5G implementation vulnerabilities that are under embargo and will be released by the end of this month in the open source repository and website maintained for the project.
\n\nSpeakers:Matheus Eduardo Garbelini,Sudipta ChattopadhyayMatheus Eduardo Garbelini is a Research fellow at Singapore University of Technology and Design (SUTD) and a White Hat Wireless Hacker by hobby. Through his research in wireless fuzzing, he discovered implementation vulnerabilities in the chipset of countless Bluetooth, Wi-Fi, and 5G commercial IoT devices.
\n\nSpeakerBio: Sudipta Chattopadhyay, Associate Professor at Singapore University of Technology and Design (SUTD)Sudipta Chattopadhyay is an Associate Professor at Singapore University of Technology and Design (SUTD) and hacks code during his spare time. His general research interests lie in the broad area of cyber security including but not limited to security for AI, Wireless Technologies, and Internet of Things (IoTs). Together with Matheus, he discovered SweynTooth, BrakTooth and 5Ghoul, families of Bluetooth and 5G NR vulnerabilities that affected billions of devices worldwide.
\n\n\n\'',NULL,614170),('3_Saturday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W305','\'5Ghoul Framework - 5G NR Attacks & 5G OTA Fuzzing\'','\'Matheus Eduardo Garbelini,Sudipta Chattopadhyay\'','DL_68dcc1e397c9fe0ee2cdeeb2a98ef693','\'\'',NULL,614171),('3_Saturday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W305','\'CODASM - Hiding Payloads in Plain .text\'','\'Moritz Laurin Thomas\'','DL_733e32e87d7339d50163b9a392cc234d','\'Title: CODASM - Hiding Payloads in Plain .textCODASM aims to decrease a stageless payload\'s Shannon entropy, which was found to be a simple but annoying detection vector used by EDRs. It\'s a Python program that processes arbitrary binary inputs and produces a C program consisting of two parts: a buffer holding generated x86-64 ASM instructions with the original payload encoded into it, and a set of functions that can decode the ASM at runtime. The buffer is designed to be compiled into the final payload\'s .text section, thus it looks like regular (if not functional) code to AVs, EDRs and analysts. This encoding effectively decreases the payload\'s Shannon entropy but comes with a significant increase in output size. The demo will cover usage of the tool and dissection/reverse engineering of the resulting payload.
\n\nSpeakerBio: Moritz Laurin Thomas, Senior Red Team Security Consultant at NVISO ARESMoritz is a senior red team security consultant at NVISO ARES (Adversarial Risk Emulation & Simulation). He focuses on research & development in red teaming to support, enhance and extend the team’s capabilities in red team engagements of all sorts. Before joining the offensive security community, Moritz worked on a voluntary basis as a technical malware analyst for a well-known internet forum with focus on evading detections and building custom exploits. When he isn’t infiltrating networks or exfiltrating data, he is usually knees deep in research and development, dissecting binaries and developing new tools.
\n\n\n\'',NULL,614172),('3_Saturday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W305','\'CODASM - Hiding Payloads in Plain .text\'','\'Moritz Laurin Thomas\'','DL_733e32e87d7339d50163b9a392cc234d','\'\'',NULL,614173),('3_Saturday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W305','\'TheAllCommander 2.0\'','\'Matthew Handy\'','DL_c5b919b6edd0c44eebb428c4bdcdacd8','\'Title: TheAllCommander 2.0TheAllCommander is an open-source tool which offers red teams and blue teams a framework to rapidly prototype and model malware communications, as well as associated client-side indicators of compromise. The framework provides a structured, documented, and object-oriented API for both the client and server, allowing anyone to quickly implement a novel communications protocol between a simulated malware daemon and its command and control server. For Blue Teamers, this allows rapid modeling of emerging threats and comprehensive testing in a controlled manner to develop reliable detection models. For Red Teamers, this framework allows rapid iteration and development of new protocols and communications schemes with an easy to use Python interface. The framework has many tools or techniques used by red teams built in to allow out-of-the-box modeling, including emulated client browser HTTPS traffic Remote Desktop tunneling, and UAC bypass.
\n\nSpeakerBio: Matthew Handy, NASAMatt Handy completed his BS in Computer Science at the University of Maryland, College Park (UMD) in 2010, and MS in CyberSecurity at Johns Hopkins in 2014. He has worked for NASA\'s Goddard Space Flight Center doing satellite ground systems development since 2009. He has specialized in secure software systems development and has helped to develop several missions over the course of his career. In his off time, he enjoys doing independent security research and creating tools like TheAllCommander to help make a more secure cyber world.
\n\n\n\'',NULL,614174),('3_Saturday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W305','\'TheAllCommander 2.0\'','\'Matthew Handy\'','DL_c5b919b6edd0c44eebb428c4bdcdacd8','\'\'',NULL,614175),('3_Saturday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W306','\'Testbed Virtual Factory\'','\'Borja Pintos Castro,Camilo Piñón Blanco\'','DL_0694832aa2f73fbe8f9ec233b74e20d0','\'Title: Testbed Virtual FactoryAs the landscape of industrial control systems (ICS) evolves, the security vulnerabilities inherent in these systems have become increasingly important. In response to this escalating situation, in this paper, we present the development of a virtualized cybersecurity research testbed tailored for these environments. Addressing the challenge of limited access to proprietary OT network data for research purposes, our this talk proposes a comprehensive framework for simulating industrial environments, aiming to facilitate the development and testing of cybersecurity solutions by providing functionalities for network traffic logging, attack impact simulation, generation of labeled multivariate time series sensor datasets, among others, bridging the gap between theoretical research and practical application needs, especially in situations of low data availability and data-driven cybersecurity research.
\n\nSpeakers:Borja Pintos Castro,Camilo Piñón BlancoBorja Pintos-Castro is passionate about cybersecurity, he spends the day reading and tinkering. He obtained a degree in Computer Engineering from the University of A Coruña. He also has a Master of Computer Security by the International University of La Rioja. Now, he is a researcher at Gradiant in the Security and Privacy Area and specifically in Cybersecurity industry 4.0 projects. Currently, he manages some industrial security projects, specifically analyzing network traffic and using honeypots to detect threats and attacks. He has the certification OSCP (PEN-200) from Offensive Security.
\n\nSpeakerBio: Camilo Piñón BlancoCamilo Piñón-Blanco graduated in Telecommunication Technologies Engineering (2021) and Master in Telecommunication Engineering (2023) from the University of Vigo, both specializing in Telematics Engineering. He did his Bachelor’s Thesis with GRADIANT, focused on detection of cyber-attacks in industrial networks with Machine Learning techniques. He has worked at the atlanTTic research center as a researcher, dealing with natural language processing and text data analysis. In 2022 he re-joined the GRADIANT as an Engineer-Researcher in Security and Privacy, within the Privacy & Security Analytics line, where he has done his Master\'s Thesis on anomaly detection in time series through UEBA and LSTM neural networks. His main lines of work are applied machine learning, data analysis and software development.
\n\n\n\'',NULL,614176),('3_Saturday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W306','\'Testbed Virtual Factory\'','\'Borja Pintos Castro,Camilo Piñón Blanco\'','DL_0694832aa2f73fbe8f9ec233b74e20d0','\'\'',NULL,614177),('3_Saturday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W306','\'GC2 - The First Serverless Command & Control\'','\'Lorenzo Grazian\'','DL_84d14491ed20c4cd1b0bd7191acbed1b','\'Title: GC2 - The First Serverless Command & ControlGC2 is the first serverless command and control. This project aims to demonstrate how attackers could take advantage of third-party tools (Google Sheets and Google Drive) to execute commands and exfiltrate information from a compromised system. First released in 2021, became well known in April 2023 after being mentioned in Google\'s Threat Horizons Report.
\n\nSpeakerBio: Lorenzo GrazianLorenzo Grazian has more than 6 years of experience in red teaming, penetration testing and source code review mainly in the financial and transport industries. He worked and led local and global cybersecurity projects. Besides his offensive security background, he developed several tools to support offensive security activities.
\n\n\n\'',NULL,614178),('3_Saturday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W306','\'GC2 - The First Serverless Command & Control\'','\'Lorenzo Grazian\'','DL_84d14491ed20c4cd1b0bd7191acbed1b','\'\'',NULL,614179),('3_Saturday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W306','\'Drop-Pi\'','\'Doug Kent,Robert Ditmer\'','DL_644728957a127f8ac18846df2a8b30f0','\'Title: Drop-PiThe Drop-Pi is a suite of software developed on a Raspberry Pi to facilitate the automatic bypassing of 802.1x/NAC implementations (pre 802.1x-2010 standards) and establish discrete remote access into target networks. Designed with physical penetration testing in mind, the Drop-Pi can establish remote access inside a target network within a matter of seconds after being plugged in, affording assessors with a quick in and out on an objective. Its built with common and easily sourced hardware which allows for easy and quick provisioning of multiple Drop-Pi devices. When it\'s not feasible to utilize a target network for egress traffic, the Drop-Pi can easily be configured to employ a wireless connection or mobile hotspot to facilitate access in and out of the network.
\n\nSpeakers:Doug Kent,Robert DitmerDoug has worked at State Farm for about 20 years. Working on mostly security technologies ranging from Active Directory, PKI, Endpoint protection and finally landing recently on the Pentesting team. Doug has a passion for identifying vulnerabilities and partnering with control solution teams to protect State Farm data and fulfill our promise to customers. He strives to help others with offensive security skills by providing training, guidance, and kill chain demonstrations.
\n\nSpeakerBio: Robert Ditmer, Red Team at State FarmRob has been on the State Farm Pentesting Team for 3 years and has recently moved the Red Team. Prior to his time at State Farm, he has worked with various other companies as a penetration testing consultant - enabling him to experience a wide range of technologies and their differing implementations. Rob enjoys the challenge of developing tools and infrastructure to better the skills and abilities of the State Farms Red Team.
\n\n\n\'',NULL,614180),('3_Saturday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W306','\'Drop-Pi\'','\'Doug Kent,Robert Ditmer\'','DL_644728957a127f8ac18846df2a8b30f0','\'\'',NULL,614181),('3_Saturday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W307','\'Cyber Security Transformation Chef (CSTC)\'','\'Florian Haag,Matthias Göhring\'','DL_e3bfc01574b28595a5a371d6c52ef28f','\'Title: Cyber Security Transformation Chef (CSTC)Imagine GCHQ\'s CyberChef integrated in BurpSuite with live modification of requests at your fingertips. That\'s exactly what we had in mind when we built the Cyber Security Transformation Chef (CSTC) a few years ago. The CSTC is an extension to the popular BurpSuite Proxy built for experts working with web applications. It enables users to define recipes that are applied to outgoing or incoming HTTP requests/responses automatically. Whatever quirks and specialties an application might challenge you with during an assessment, the CSTC has you covered. Furthermore, it allows to quickly apply custom formatting to a chosen message, if a more detailed analysis is needed. After the initial release the CSTC is finally back! It contains new features and improvements such as many new operations to be used in recipes, inclusion of community requested features and a refactoring of the codebase. Alongside the CTSC we will launch a new public repository with recipes we found useful in our experience as penetration testers and of course open for contribution by the community. This helps the community to solve common challenges and getting started working with the CSTC.
\n\nSpeakers:Florian Haag,Matthias GöhringFlorian Haag is a managing security consultant at usd AG with experience in penetration testing, software security assessments as well as code reviews. He is specialized in penetration tests of thick client applications, leveraging his background in software development to reverse engineer proprietary client applications and network protocols. In addition, he maintains several open source tools for web application pentesting presented at international conferences like BlackHat and DEF CON.
\n\nSpeakerBio: Matthias Göhring, Security Consultant and Penetration Tester at usd AGMatthias Göhring is security consultant and penetration tester at usd AG, an information security company based in Germany with the mission #moresecurity. He is Head of usd HeroLab, the division of usd specialized in technical security assessments. In addition, he holds lectures at Technical University Darmstadt and University of Applied Sciences Darmstadt on ethical hacking and penetration testing. In previous scientific work, he focused on network and communication security as well as software security.
\n\n\n\'',NULL,614182),('3_Saturday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W307','\'Cyber Security Transformation Chef (CSTC)\'','\'Florian Haag,Matthias Göhring\'','DL_e3bfc01574b28595a5a371d6c52ef28f','\'\'',NULL,614183),('3_Saturday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W307','\'MPT - Pentest in Action\'','\'Jyoti Raval\'','DL_dca69f4877e28b773ef1fd8e70b3d97c','\'Title: MPT - Pentest in ActionIn ever evolving software development world, security is also becoming fast paced. Hence, each product going through the pentest cycle has to be managed effectively and efficiently. Managing multiple pentests and testers is important. A single pane of glass view for managing pentests and testers is what the goal of this tool is.
\n\nSpeakerBio: Jyoti Raval, Senior Staff Product Security Leader at Baker HughesJyoti Raval works as Senior Staff Product Security Leader at Baker Hughes. She is responsible for securing product end-to-end and involved in various phases of security life cycle. She is author of the Phishing Simulation Assessment and MPT tools, and has presented at Defcon, BlackHat, Nullcon, HITB, OWASP NZ and Infosec Girls. She also heads OWASP Pune chapter.
\n\n\n\'',NULL,614184),('3_Saturday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W307','\'MPT - Pentest in Action\'','\'Jyoti Raval\'','DL_dca69f4877e28b773ef1fd8e70b3d97c','\'\'',NULL,614185),('3_Saturday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W307','\'Moriarty\'','\'Anthony “Coin” Rose,Jake “Hubble” Krasnov\'','DL_60e6808b8690a98f9f2850557c499134','\'Title: MoriartyMoriarty is a.NET tool designed to identify vulnerabilities for privilege escalation in Windows environments. Building upon Watson and Sherlock, Moriarty extends their capabilities by incorporating advanced scanning techniques for newer vulnerabilities and integrating additional checks. This tool supports a wide range of Windows versions, from Windows 10 to Windows 11 and Server versions 2016, 2019, and 2022. Moriarty differentiates itself by its ability to enumerate missing KBs and detect a variety of vulnerabilities linked to privilege escalation, offering suggestions for potential exploits. The tool\'s extensive database includes well-known vulnerabilities such as PrintNightmare (CVE-2021-1675), Log4Shell (CVE-2021-44228), and SMBGhost (CVE-2020-0796), among others.
\n\nSpeakers:Anthony “Coin” Rose,Jake “Hubble” KrasnovAnthony \"Coin\" Rose, CISSP, is a Lead Security Researcher and Chief Operating Officer at BC Security, where he specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. He has presented at numerous security conferences, including Black Hat, DEF CON, HackMiami, and RSA conferences. Anthony is the author of various offensive security tools, including Empire and Starkiller, which he actively develops and maintains. He is recognized for his work, revealing wide-spread vulnerabilities in Bluetooth devices and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
\n\nSpeakerBio: Jake “Hubble” Krasnov, Red Team Operations Lead and Chief Executive Officer at BC SecurityJake \"Hubble\" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security. He has spent the first half of his career as an Astronautical Engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. Jake has presented at DEF CON, where he taught courses on offensive PowerShell and has been recognized by Microsoft for his discovery of a vulnerability in AMSI. Jake has authored numerous tools, including Invoke-PrintDemon and Invoke-ZeroLogon, and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
\n\n\n\'',NULL,614186),('3_Saturday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W307','\'Moriarty\'','\'Anthony “Coin” Rose,Jake “Hubble” Krasnov\'','DL_60e6808b8690a98f9f2850557c499134','\'\'',NULL,614187),('3_Saturday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W308','\'MITRE Caldera\'','\'Mark Perry,Rachel Murphy\'','DL_0faa48b47ab79bcb5746d2c721ba3f9c','\'Title: MITRE CalderaMITRE Caldera is a scalable, automated adversary emulation, open-source cybersecurity platform developed by MITRE. It empowers cyber practitioners to save time, money, and energy through automated security assessments. Caldera not only tests and evaluates detection/analytic and response platforms, but it also provides the capability for your red team to perform manual assessments with computer assistance. This is achieved by augmenting existing offensive toolsets. The framework can be extended to integrate with any custom tools you may have. The development team behind the platform is a group of red teamers, software developers, exploit writers, cyber threat analysts, AI researchers, cybersecurity engineers, and computer scientists. They all pursue the common goal of building a premier adversary emulation platform for our security defenders around the world.
\n\nSpeakers:Mark Perry,Rachel MurphyMark Perry is a Lead Applied Cyber Security Engineer at MITRE Corp, where he specializes in adversary emulation and work development. With a robust background in infrastructure and cyber security frameworks, Mark brings extensive expertise to his role, focusing on fortifying systems against sophisticated cyber threats. He has worked on projects involving adversary emulation, red teaming, cyber threat intelligence, and software development. Mark also leads development and delivery of Caldera workshops, providing participants with practical, hands-on training utilizing cybersecurity techniques. Additionally, he actively promotes Caldera’s benefactor program, fostering community support and engagement to further the development of cybersecurity tools and resources. Outside of his professional endeavors, Mark enjoys traveling and is a supercar enthusiast.
\n\nSpeakerBio: Rachel Murphy, Cyber Security Engineer at MITRE CorpRachel Murphy is a Cyber Security Engineer at MITRE Corp. She has a B.S. in Mechanical Engineering and prior to joining MITRE, she worked as a mechanical engineer at NASA performing thermal analysis for the International Space Station at Johnson Space Center in Houston, TX. Rachel has worked on projects in adversary emulation, red teaming, cyber threat intelligence, and software development. Part of this work includes supporting Caldera’s research in artificial intelligence, developing Caldera workshops like this one, and promoting Caldera’s benefactor program. She has also served as a red team operator for MITRE Engenuity’s ATT&CK Evaluations.
\n\n\n\'',NULL,614188),('3_Saturday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W308','\'MITRE Caldera\'','\'Mark Perry,Rachel Murphy\'','DL_0faa48b47ab79bcb5746d2c721ba3f9c','\'\'',NULL,614189),('3_Saturday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W308','\'FACTION\'','\'Josh Summitt\'','DL_800349f1de6b150f90abe9dc7c5c91d1','\'Title: FACTIONFACTION is an all-encompassing solution for streamlined security assessment workflows and enhancing collaboration within your teams. In addition, It\'s fully open source and extendable so it can integrate within diverse environments. FACTION\'s key benefits are that it cuts reporting time down to more than half for manual pen-tests, keeps tabs on all outstanding vulnerabilities with custom alerts based on your SLAs, becomes the hub of shared information for your assessments enabling other teammates to replay attacks you share, facilitates large scale assessment scheduling that typically becomes hard to manage when your teams are doing more than 100 assessments a year, and is fully extendable with REST APIs and FACTION Extensions.
\n\nSpeakerBio: Josh Summitt, Founder at Faction SecurityWith over 18 years of experience in application security, Josh has played diverse roles—from being a penetration tester and reverse engineer to serving as a full-stack developer and CTO of a cybersecurity startup. He founded Faction Security, an organization committed to hosting open-source tools with the goal of supporting security teams by providing resources that enhance collaboration and efficiency. In addition to making open-source security tools, Josh builds custom modular synths and generally enjoys making strange and unusual noise-making devices.
\n\n\n\'',NULL,614190),('3_Saturday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W308','\'FACTION\'','\'Josh Summitt\'','DL_800349f1de6b150f90abe9dc7c5c91d1','\'\'',NULL,614191),('2_Friday','06','06:00','06:59','N','MISC','Other / See Description','\'CycleOverride DEF CON Bike Ride\'','\'\'','MISC_4e40e6c3074413bf6e06b08e7cb239a9','\'Title: CycleOverride DEF CON Bike RideAt 6am on Friday, the @cycle_override crew will be hosting the 13th DEF CON Bikeride. We\'ll meet at a local bikeshop, get some rental bicycles, and about 7am will make the ride out to Red Rocks. It\'s about a 15 mile ride, all downhill on the return journey. So, if you are crazy enough to join us, get some water, and head over to cycleoverride.org for more info. See you at 6am Friday! @jp_bourget @gdead @heidishmoo.
\n\n\'',NULL,614192),('1_Thursday','10','10:00','17:59','N','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'Title: HDA Community - Open for Accessibility Questions/HelpDEF CON has made HDA a community, and we now have a community room! This room will be dedicated to the attendees with ADA needs, their friends, helpers, and anyone who wants to hang out and be social! So far we plan on providing charging stations, chill out sessions, an open call for a modular synth jam session, and more to come! Let\'s all work together to make DEFCON Awesomely Accessible!
\n\n(Please note that on Thursday, we will be open only to provide assistance to those in need. Regular community programming will begin on Friday.)
\n\nHang out, chill out deck out your mobility device and more!
\n\n\'',NULL,614193),('1_Thursday','11','10:00','17:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'\'',NULL,614194),('1_Thursday','12','10:00','17:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'\'',NULL,614195),('1_Thursday','13','10:00','17:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'\'',NULL,614196),('1_Thursday','14','10:00','17:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'\'',NULL,614197),('1_Thursday','15','10:00','17:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'\'',NULL,614198),('1_Thursday','16','10:00','17:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'\'',NULL,614199),('1_Thursday','17','10:00','17:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'\'',NULL,614200),('4_Sunday','10','10:00','14:59','N','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_6e132a36a72a6c800bc962fbc791f56c','\'Title: HDA Community - Open for Accessibility Questions/HelpDEF CON has made HDA a community, and we now have a community room! This room will be dedicated to the attendees with ADA needs, their friends, helpers, and anyone who wants to hang out and be social! So far we plan on providing charging stations, chill out sessions, an open call for a modular synth jam session, and more to come! Let\'s all work together to make DEFCON Awesomely Accessible!
\n\n(Please note that on Thursday, we will be open only to provide assistance to those in need. Regular community programming will begin on Friday.)
\n\nHang out, chill out deck out your mobility device and more!
\n\n\'',NULL,614201),('4_Sunday','11','10:00','14:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_6e132a36a72a6c800bc962fbc791f56c','\'\'',NULL,614202),('4_Sunday','12','10:00','14:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_6e132a36a72a6c800bc962fbc791f56c','\'\'',NULL,614203),('4_Sunday','13','10:00','14:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_6e132a36a72a6c800bc962fbc791f56c','\'\'',NULL,614204),('4_Sunday','14','10:00','14:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_6e132a36a72a6c800bc962fbc791f56c','\'\'',NULL,614205),('3_Saturday','10','10:00','23:59','N','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'Title: HDA Community - Open for Accessibility Questions/HelpDEF CON has made HDA a community, and we now have a community room! This room will be dedicated to the attendees with ADA needs, their friends, helpers, and anyone who wants to hang out and be social! So far we plan on providing charging stations, chill out sessions, an open call for a modular synth jam session, and more to come! Let\'s all work together to make DEFCON Awesomely Accessible!
\n\n(Please note that on Thursday, we will be open only to provide assistance to those in need. Regular community programming will begin on Friday.)
\n\nHang out, chill out deck out your mobility device and more!
\n\n\'',NULL,614206),('3_Saturday','11','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614207),('3_Saturday','12','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614208),('3_Saturday','13','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614209),('3_Saturday','14','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614210),('3_Saturday','15','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614211),('3_Saturday','16','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614212),('3_Saturday','17','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614213),('3_Saturday','18','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614214),('3_Saturday','19','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614215),('3_Saturday','20','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614216),('3_Saturday','21','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614217),('3_Saturday','22','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614218),('3_Saturday','23','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614219),('2_Friday','10','10:00','23:59','N','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'Title: HDA Community - Open for Accessibility Questions/HelpDEF CON has made HDA a community, and we now have a community room! This room will be dedicated to the attendees with ADA needs, their friends, helpers, and anyone who wants to hang out and be social! So far we plan on providing charging stations, chill out sessions, an open call for a modular synth jam session, and more to come! Let\'s all work together to make DEFCON Awesomely Accessible!
\n\n(Please note that on Thursday, we will be open only to provide assistance to those in need. Regular community programming will begin on Friday.)
\n\nHang out, chill out deck out your mobility device and more!
\n\n\'',NULL,614220),('2_Friday','11','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614221),('2_Friday','12','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614222),('2_Friday','13','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614223),('2_Friday','14','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614224),('2_Friday','15','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614225),('2_Friday','16','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614226),('2_Friday','17','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614227),('2_Friday','18','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614228),('2_Friday','19','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614229),('2_Friday','20','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614230),('2_Friday','21','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614231),('2_Friday','22','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614232),('2_Friday','23','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614233),('2_Friday','18','18:00','23:59','N','HDA','LVCC West/Floor 1/W110','\'HDA Chillout w/ Dj Delchi\'','\'\'','HDA_8433ef85d844b923fb40d27bb2aec6b3','\'Title: HDA Chillout w/ Dj DelchiChillout to etherial / downtempo tunes and hang with your community
\n\n\'',NULL,614234),('2_Friday','19','18:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Chillout w/ Dj Delchi\'','\'\'','HDA_8433ef85d844b923fb40d27bb2aec6b3','\'\'',NULL,614235),('2_Friday','20','18:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Chillout w/ Dj Delchi\'','\'\'','HDA_8433ef85d844b923fb40d27bb2aec6b3','\'\'',NULL,614236),('2_Friday','21','18:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Chillout w/ Dj Delchi\'','\'\'','HDA_8433ef85d844b923fb40d27bb2aec6b3','\'\'',NULL,614237),('2_Friday','22','18:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Chillout w/ Dj Delchi\'','\'\'','HDA_8433ef85d844b923fb40d27bb2aec6b3','\'\'',NULL,614238),('2_Friday','23','18:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Chillout w/ Dj Delchi\'','\'\'','HDA_8433ef85d844b923fb40d27bb2aec6b3','\'\'',NULL,614239),('2_Friday','14','14:00','15:59','N','HDA','LVCC West/Floor 1/W110','\'HDA Presents : Naomi Brockwell\'','\'Naomi Brockwell\'','HDA_29f5a98215e95cc4ff3fa783697f4007','\'Title: HDA Presents : Naomi BrockwellTalk on health info privacy
\n\nSpeakerBio: Naomi Brockwell, NBTVThreat actors skillfully deploy malware to evade detection, outmaneuvering traditional security tools. In this workshop, \"Dissecting Malware for Defense - Crafting Custom Yara Rules\", you\'ll harness the power of malware analysis and crowdsourced intelligence to build tailored Yara rules. These rules will supercharge your security systems, enabling you to detect emerging threats, enhance threat hunting, and accurately pinpoint malicious activity. This fast-paced course will guide you in mastering static and behavioral detections, empowering you to safeguard your organization. By the end, you\'ll expertly translate malware analysis insights into high-quality Yara rules, bolstering your defensive arsenal.
\n\nSpeakers:Francisco Perdomo,Josh StroscheinFrancisco is a skilled security professional with a strong background in detection engineering and a keen interest in reverse engineering. With extensive blue team experience, he currently works as a Security Engineer at Google\'s VirusTotal Research team where he leverages his operational expertise to investigate malware trends and create insightful technical content. Francisco\'s background includes roles as a SecOps Engineer and Professor of Computer Security.
\n\nSpeakerBio: Josh Stroschein, Reverse Engineer, FLARE team at GoogleJosh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, RE, and other security topics.
\n\n\n\'',NULL,614242),('1_Thursday','10','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Dissecting Malware for Defense - Crafting Custom Yara Rules\'','\'Francisco Perdomo,Josh Stroschein\'','WS_916b7fc14c69c0c10ac7aa10ee2aa185','\'\'',NULL,614243),('1_Thursday','11','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Dissecting Malware for Defense - Crafting Custom Yara Rules\'','\'Francisco Perdomo,Josh Stroschein\'','WS_916b7fc14c69c0c10ac7aa10ee2aa185','\'\'',NULL,614244),('1_Thursday','12','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Dissecting Malware for Defense - Crafting Custom Yara Rules\'','\'Francisco Perdomo,Josh Stroschein\'','WS_916b7fc14c69c0c10ac7aa10ee2aa185','\'\'',NULL,614245),('1_Thursday','09','09:00','12:59','N','WS','Springhill Suites/Desert Inn','\'Sold Out - Med Team vs Red Team: Intro into Medical Device Hacking\'','\'Alex Delifer,Michael \"v3ga\" Aguilar\'','WS_e4d9b90115bb0a497db663ef5f4957a0','\'Title: Sold Out - Med Team vs Red Team: Intro into Medical Device HackingConnected medical device and medical device security assessments utilize a varying and wide range of practices, from reverse engineering to hardware exploitation. If you have ever been curious about how to get started, this is the class for you. We will be covering how to get started in Adversarial Medical Device testing, tooling, tactics, exploits and certain bypasses to restrictions you may encounter during testing these devices. Use the tactics learned to exploit devices within\nthe Device Lab!
\n\nSpeakers:Alex Delifer,Michael \"v3ga\" AguilarAlex is medical device testing sledgehammer. He is a DevSecOps guru for a large medical device company and cut his teeth building, maintaining and hacking medical devices.
\n\nSpeakerBio: Michael \"v3ga\" Aguilar, Principle Consultant at Secureworks Adversary GroupMichael Aguilar (v3ga) is a Principle Consultant for Secureworks Adversary Group. He runs Adversary Simulation operations, Physical Security and Network/Web based assessments as well as Adversarial Medical Device Tests. When not doing computer things, he reads a lot and likes to run to de-stress. He is also an avid fan of playing guitar really fast and screaming at people.
\n\n\n\'',NULL,614246),('1_Thursday','10','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Med Team vs Red Team: Intro into Medical Device Hacking\'','\'Alex Delifer,Michael \"v3ga\" Aguilar\'','WS_e4d9b90115bb0a497db663ef5f4957a0','\'\'',NULL,614247),('1_Thursday','11','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Med Team vs Red Team: Intro into Medical Device Hacking\'','\'Alex Delifer,Michael \"v3ga\" Aguilar\'','WS_e4d9b90115bb0a497db663ef5f4957a0','\'\'',NULL,614248),('1_Thursday','12','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Med Team vs Red Team: Intro into Medical Device Hacking\'','\'Alex Delifer,Michael \"v3ga\" Aguilar\'','WS_e4d9b90115bb0a497db663ef5f4957a0','\'\'',NULL,614249),('1_Thursday','09','09:00','12:59','N','WS','Springhill Suites/Dean Martin','\'Sold Out - Offensive SCCM: Abusing Microsoft\'s C2 Framework\'','\'Chris Thompson,Duane Michael,Garrett Foster\'','WS_665320585f620bdcb0b32818922e4a11','\'Title: Sold Out - Offensive SCCM: Abusing Microsoft\'s C2 FrameworkMicrosoft Configuration Manager, formerly SCCM (System Center Configuration Manager), is a powerful technology that has been used to deploy software to Windows systems in the majority of enterprise environments since it was released by Microsoft in 1994. Although SCCM has a high potential for abuse due to its privileged access to entire fleets of servers and workstations, it has not been heavily researched or leveraged by security professionals until recently, presumably due to the time-consuming installation process and learning curve. In this workshop, students will be provided access to a live environment that reflects an enterprise SCCM deployment, gain an understanding of how the different components of SCCM interact, and learn how to execute recently discovered attack primitives that can be used compromise SCCM clients, servers, and entire hierarchies. By completing both guided exercises and optional CTF challenges in this lab environment, students will learn how to demonstrate the impact of attack paths involving SCCM.
\n\nBy the end of this workshop, participants will be able to:\n - understand the foundational concepts needed to attack and defend SCCM\n - understand SCCM defaults and configurations that can be abused\n - use SCCM to complete a realistic attack chain, including recon, privilege escalation, credential gathering, site takeover, and lateral movement\n - understand how to use offensive security tools to interact with SCCM, such as SCCMHunter, SharpSCCM, sccmwtf, PXEThief, and ntlmrelayx
\n\nTo get the most out of this training, participants will benefit from reviewing the following resources, although they are not required:\n - Misconfiguration Manager (misconfigurationmanager.com)\n - System Center Configuration Manager Current Branch Unleashed, by Kerrie Meyler\n - Configuration Manager Terminology\n - Looking Inside Configuration Manager\n - Network Design\n - Client Management
\n\nThis workshop is the second version of Flipping the Coin and features upgraded attack paths, and lab environments.
\n\nBy the end of the workshop, attendees will:
\n\nUnderstand and perform common offensive attacks (supported by the Metasploit Framework) against Windows Domains, including:
\n\nUnderstand the process of detecting attacks against Windows infrastructure, including how to design and implement their own detection rules based on attendees’ previous attacks, using:
\n\nUnderstand and appreciate how the actions and processes of red and blue teams are interlinked, for the greater collective good.
Recommended (but not required) prior reading:
\n\nMuch of the material and core concepts of the workshop remain the same from the DEF CON 31 workshop with some updated topics for DEF CON 32, including an updated environment, and gMSA attacks within the lab.
\n\nSince 2022, Chris, Duane, and Garrett have released a combined 8 blog posts and authored 3 tools (SharpSCCM, SCCMHunter, and Misconfiguration Manager) that demonstrate novel offensive techniques to abuse SCCM functionality.
\n\nSpeakers:Chris Thompson,Duane Michael,Garrett FosterChris Thompson (@_Mayyhem) is a Principal Consultant at SpecterOps, where he conducts red team operations, research, tool development, and training. Chris has instructed at Black Hat USA/EU and spoken at Arsenal, DEF CON Demo Labs, SO-CON, and Troopers. He is the primary author of Maestro and SharpSCCM and co-author of Misconfiguration Manager, an open-source tool and knowledge base that can be used to help demonstrate, mitigate, and detect attacks that abuse Microsoft Configuration Manager (formerly SCCM).
\n\nSpeakerBio: Duane Michael, Managing Consultant at SpecterOpsDuane Michael (@subat0mik) is a Managing Consultant at SpecterOps, where he conducts red team operations, penetration tests, research, course development, and training. Duane has instructed courses on red teaming and vulnerability research at BH USA/EU, NorthSec, and SO-CON. He has presented at Arsenal and DEF CON Demo Labs, contributes to various open source projects, and is a co-author of Misconfiguration Manager.
\n\nSpeakerBio: Garrett Foster, Senior Consultant at SpecterOpsGarrett Foster (@garrfoster) is a Senior Consultant at SpecterOps, where he conducts red team operations, penetration testing, research, training, and course development. Garrett has presented at WWHF and BsidesPDX. Garrett is a the primary author of SCCMHunter and a co-author of Misconfiguration Manager.
\n\n\n\'',NULL,614250),('1_Thursday','10','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Offensive SCCM: Abusing Microsoft\'s C2 Framework\'','\'Chris Thompson,Duane Michael,Garrett Foster\'','WS_665320585f620bdcb0b32818922e4a11','\'\'',NULL,614251),('1_Thursday','11','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Offensive SCCM: Abusing Microsoft\'s C2 Framework\'','\'Chris Thompson,Duane Michael,Garrett Foster\'','WS_665320585f620bdcb0b32818922e4a11','\'\'',NULL,614252),('1_Thursday','12','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Offensive SCCM: Abusing Microsoft\'s C2 Framework\'','\'Chris Thompson,Duane Michael,Garrett Foster\'','WS_665320585f620bdcb0b32818922e4a11','\'\'',NULL,614253),('1_Thursday','09','09:00','12:59','N','WS','Springhill Suites/Dunes','\'Sold Out - Supercharge SAST: Semgrep Strategies for Secure Software\'','\'Arjun Gopalakrishna,Gautam Peri,Marcelo Ribeiro\'','WS_f94f8c9e29269370b68167fc1ca0427e','\'Title: Sold Out - Supercharge SAST: Semgrep Strategies for Secure SoftwareArjun Gopalakrishna is a Senior Software Security Engineering Manager in Azure Security with more than a decade of experience at Microsoft. His work has been instrumental in fortifying Microsoft\'s Azure platform against a myriad of cyberthreats. His expertise lies in developing and implementing robust security measures to protect cloud-based systems and data. Arjun has presented at DEFCON in 2021, in addition to numerous security talks internally at Microsoft. Arjun\'s commitment to continuous learning and development, coupled with his passion for cybersecurity, continues to drive his contributions to the field.
\n\nSpeakerBio: Gautam Peri, Senior Security Engineer, EPSF SERPENT Team at MicrosoftGautam Peri is a Senior Security Engineer in EPSF SERPENT (Service Pentest) team at Microsoft. He has over 8 years of experience as a security professional in multiple organizations including Microsoft and Citibank N.A. He started his career as a software developer and became a security professional. Currently, Gautam focuses on securing in Azure Edge & Platform & Devices services at Microsoft. He is passionate about identifying vulnerabilities at scale. Gautam presented at multiple internal events and got accepted to OWASP BASC (Boston Application Security Conference) 2024. Gautam holds CISSP & GCPN certifications, he is committed to continuous learning and development and drives internal knowledge share events.
\n\nSpeakerBio: Marcelo Ribeiro, Senior Offensive Security Engineer in Azure Security at MicrosoftMarcelo Ribeiro is a Senior Offensive Security Engineer in Azure Security with over 20 years of experience in various organizations, including Microsoft, IBM, and the Brazilian Navy. As a former Navy Officer, Marcelo was instrumental in establishing the Brazilian Navy\'s Cyber Security capacity. He also played a pivotal role in building IBM\'s DFIR (Digital Forensics and Incident Response) practice in Latin America. Currently, Marcelo focuses on enhancing the security of Microsoft\'s Azure platform against the constantly evolving cyber threats landscape. Always seeking new challenges, Marcelo\'s commitment to learning keeps his passion for cybersecurity alive. Marcelo holds several certifications, including CISSP, CISM, OSCP, CEH, GXPN, GPEN, GWAPT, GAWN, GPYC, GREM, GISP, GICSP, GRID, GNFA, GCIH, GCIA, GSEC, and MCSE, among others. In 2023, Marcelo was inducted into the EC-Council\'s CEH Hall of Fame in recognition of his outstanding career achievements.
\n\n\n\'',NULL,614254),('1_Thursday','10','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Supercharge SAST: Semgrep Strategies for Secure Software\'','\'Arjun Gopalakrishna,Gautam Peri,Marcelo Ribeiro\'','WS_f94f8c9e29269370b68167fc1ca0427e','\'\'',NULL,614255),('1_Thursday','11','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Supercharge SAST: Semgrep Strategies for Secure Software\'','\'Arjun Gopalakrishna,Gautam Peri,Marcelo Ribeiro\'','WS_f94f8c9e29269370b68167fc1ca0427e','\'\'',NULL,614256),('1_Thursday','12','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Supercharge SAST: Semgrep Strategies for Secure Software\'','\'Arjun Gopalakrishna,Gautam Peri,Marcelo Ribeiro\'','WS_f94f8c9e29269370b68167fc1ca0427e','\'\'',NULL,614257),('1_Thursday','09','09:00','12:59','N','WS','Springhill Suites/Sands','\'Sold Out - Tracing The Pain Away - Practical Binary Tracing Techniques For Defeating Modern Malware Protections\'','\'Sean ,Serrgei Frankoff\'','WS_a7bae4a943c6eba0eadbf8e8f16a6589','\'Title: Sold Out - Tracing The Pain Away - Practical Binary Tracing Techniques For Defeating Modern Malware ProtectionsCode obfuscation is fast becoming a normal part of modern Windows malware. Pioneered by Emotet and popularized by the Conti ransomware leaks, we now see even simple credential stealers using commercial grade code virtualization! The solution… if you can’t reverse it, just run it!\nIn this workshop we will cover different tracing techniques that can be used to bypass and extract information from protected code. The workshop is divided into modules covering tracing with x64dbg, dynamic binary instrumentation with PIN, and API tracing with DTrace. A challenge binary is provided with each module for students to practice and the final challenge is a real world malware sample that has been virtualized.\nThis workshop is aimed at reverse engineers and malware analysts who have experience analyzing malware and are comfortable with debugging in userland. If you don’t have experience with malware but you do have a few hours behind the debugger you should have no problem completing the workshop. \nStudents must bring a laptop/workstation capable of running a Windows Virtual Machine (VM) and a preinstalled Windows 10 (64bit) 20H1(or later) VM with at least 50G of free space. You will be provided with detailed tools installation and setup instructions prior to the workshop
\n\nSpeakers:Sean ,Serrgei FrankoffSean, a co-founder of OpenAnalysis Inc., splits his time between reverse engineering, tracking malware and building automated malware analysis systems. Sean brings over a decade of experience working in a number of incident response, malware analysis and reverse engineering roles.
\n\nSpeakerBio: Serrgei Frankoff, Co-founder at OpenAnalysisSergei is a co-founder of OpenAnalysis Inc. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis, and producing tutorials for the OALABS YouTube channel. With over a decade in the security industry Sergei has extensive experience working at the intersection of incident response and threat intelligence.
\n\n\n\'',NULL,614258),('1_Thursday','10','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Tracing The Pain Away - Practical Binary Tracing Techniques For Defeating Modern Malware Protections\'','\'Sean ,Serrgei Frankoff\'','WS_a7bae4a943c6eba0eadbf8e8f16a6589','\'\'',NULL,614259),('1_Thursday','11','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Tracing The Pain Away - Practical Binary Tracing Techniques For Defeating Modern Malware Protections\'','\'Sean ,Serrgei Frankoff\'','WS_a7bae4a943c6eba0eadbf8e8f16a6589','\'\'',NULL,614260),('1_Thursday','12','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Tracing The Pain Away - Practical Binary Tracing Techniques For Defeating Modern Malware Protections\'','\'Sean ,Serrgei Frankoff\'','WS_a7bae4a943c6eba0eadbf8e8f16a6589','\'\'',NULL,614261),('1_Thursday','14','14:00','17:59','N','WS','Springhill Suites/Dunes','\'Sold Out - 64-bit Intel Assembly Language Programming for Hackers\'','\'Wesley McGrew\'','WS_744b69e867aa50670c8296c1192fc140','\'Title: Sold Out - 64-bit Intel Assembly Language Programming for HackersAssembly language has a reputation for being intimidating, but once\nyou learn the basics--and know how to read the documentation for the\nrest--there\'s nothing you can\'t follow. There are many interesting\nfields of study in computer security that depend on the \"\"closer to the\nmetal\"\" knowledge you\'ll gain from learning to code in assembly:\n- Software reverse engineering\n- Vulnerability and exploit research\n- Malware/implant development\n- Digital forensics\n...among others. There is no substitute for the confidence that you\ngain from being able to research and understand computer systems at\nlower levels of abstraction.\nThe purpose of this workshop is to introduce Intel x64 assembly language to the attendees. We will be using the Microsoft Macro Assembler, and we will be examining our code step-by-step in the x64dbg debugger. No prior programming experience is required--we will be working on things from first principles. There will be few slides.\nConcepts will be presented primarily within the x64dbg environment, with a focus on experimentation and using primary documentation. Attendees can follow along with their own laptops and programming environments.\nWe will cover the following topics:\n- Assembling and linking code\n- The execution environment of x64 programs\n- Memory\n- Registers\n- A wide variety of instructions\n- Addressing modes\n- How to read instruction documentation in the Intel manuals\n- Moving data around\n- Stack operations\n- x64 ABI and calling conventions\n- Representing data\n- Integer math\n- Program flow: conditional execution, loops\n- Leveraging the Windows API\n- How to read MSDN articles on Windows API functions\n- Resources for reference and future learning
\n\nSpeakerBio: Wesley McGrew, Senior Cybersecurity Fellow at MartinFederalDr. Wesley McGrew directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and malware analysis at DEF CON and Black Hat USA and taught a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.
\n\n\n\'',NULL,614262),('1_Thursday','15','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - 64-bit Intel Assembly Language Programming for Hackers\'','\'Wesley McGrew\'','WS_744b69e867aa50670c8296c1192fc140','\'\'',NULL,614263),('1_Thursday','16','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - 64-bit Intel Assembly Language Programming for Hackers\'','\'Wesley McGrew\'','WS_744b69e867aa50670c8296c1192fc140','\'\'',NULL,614264),('1_Thursday','17','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - 64-bit Intel Assembly Language Programming for Hackers\'','\'Wesley McGrew\'','WS_744b69e867aa50670c8296c1192fc140','\'\'',NULL,614265),('1_Thursday','14','14:00','17:59','N','WS','Springhill Suites/Frontier','\'Sold Out - Dodging the EDR Bullet: A Workshop on Malware Stealth Tactics\'','\'Dimitri Di Cristofaro,Giorgio \"gbyolo\" Bernardinetti\'','WS_49ebb7fd9b9b276744e25b2b127f3f98','\'Title: Sold Out - Dodging the EDR Bullet: A Workshop on Malware Stealth TacticsThe workshop will walk through a number of state of the art techniques used for detection and will show the process of thinking used to research and develop cutting-edge evasion techniques. We will dive deep into interesting aspects of Windows and AV internals with respect to malware development.\nThe focus will be on the mindset used to defeat security products starting with the analysis of a variety of detection mechanisms and ending with the final development of countermeasures. Moreover, the training will contain a number of live demonstrations to practically show how to apply those concepts and how to integrate them, showing how to develop evasive implants and post-exploitation tools.\nBy altering the fundamental rules of engagement, we can confound EDR systems and reshape their perception of the digital environment.\nThe workshop will dig deep into the internals of certain aspects of AV/EDRs and the Windows operating system to identify the area to exploit to lower the detection rate, it will involve the usage of Visual Studio and debuggers.
\n\nSpeakers:Dimitri Di Cristofaro,Giorgio \"gbyolo\" BernardinettiDimitri \"GlenX\" Di Cristofaro is a senior security consultant and researcher at the London office of SECFORCE LTD where he performs Red Teams on a daily basis. The main focus of his research activities is about Red Teaming and in particular on identifying new ways of attacking operating systems and looking for cutting edge techniques to increase stealthiness in strictly monitored environments. He enjoys malware writing and offensive tools development as well as producing electronic music in his free time.
\n\nSpeakerBio: Giorgio \"gbyolo\" Bernardinetti, Lead Researcher, System Securitiy Division at CNITGiorgio \"gbyolo\" Bernardinetti is lead researcher at the System Securitiy division of CNIT. His research activities are geared towards Red Teaming support activities, in particular design and development of advanced evasion techniques in strictly monitored environments, with emphasis on (but not limited to) the Windows OS, both in user-space and kernel-space. He is certified OSCP and OSCE, and enjoys playing electric guitar in his free time.
\n\n\n\'',NULL,614266),('1_Thursday','15','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Dodging the EDR Bullet: A Workshop on Malware Stealth Tactics\'','\'Dimitri Di Cristofaro,Giorgio \"gbyolo\" Bernardinetti\'','WS_49ebb7fd9b9b276744e25b2b127f3f98','\'\'',NULL,614267),('1_Thursday','16','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Dodging the EDR Bullet: A Workshop on Malware Stealth Tactics\'','\'Dimitri Di Cristofaro,Giorgio \"gbyolo\" Bernardinetti\'','WS_49ebb7fd9b9b276744e25b2b127f3f98','\'\'',NULL,614268),('1_Thursday','17','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Dodging the EDR Bullet: A Workshop on Malware Stealth Tactics\'','\'Dimitri Di Cristofaro,Giorgio \"gbyolo\" Bernardinetti\'','WS_49ebb7fd9b9b276744e25b2b127f3f98','\'\'',NULL,614269),('1_Thursday','14','14:00','17:59','N','WS','Springhill Suites/Dean Martin','\'Sold Out - Flipping the Coin: Red and Blue Teaming in Windows Environments (++)\'','\'Angus Strom,Troy Defty\'','WS_2a26a18632f1bdecc6eb435ccfd4b29f','\'Title: Sold Out - Flipping the Coin: Red and Blue Teaming in Windows Environments (++)Red and blue are two sides of the same coin. Offensive and defensive teams deliver the best results when working together; sharing knowledge, ideas, and understanding with each other. And a core part of this information exchange is understanding each respective perspective. This is the overarching theme of the workshop; attackers thinking like defenders, and defenders thinking like attackers.
\n\nThis workshop is the second version of Flipping the Coin and features upgraded attack paths, and lab environments.
\n\nBy the end of the workshop, attendees will:
\n\nUnderstand and perform common offensive attacks (supported by the Metasploit Framework) against Windows Domains, including:
\n\nUnderstand the process of detecting attacks against Windows infrastructure, including how to design and implement their own detection rules based on attendees’ previous attacks, using:
\n\nUnderstand and appreciate how the actions and processes of red and blue teams are interlinked, for the greater collective good.
Recommended (but not required) prior reading:\n- https://nooblinux.com/metasploit-tutorial/\n- https://posts.specterops.io/introducing-bloodhound-enterprise-attack-path-management-for-everyone-39cfd8d6eb7c\n- https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview\n- https://socprime.com/blog/sigma-rules-the-beginners-guide/\n- https://github.com/socprime/SigmaUI\n- https://blog.netwrix.com/2021/11/30/how-to-detect-pass-the-hash-attacks/\n- https://posts.specterops.io/certified-pre-owned-d95910965cd2\n- https://www.elastic.co/guide/en/security/current/suspicious-print-spooler-point-and-print-dll.html
\n\nMuch of the material and core concepts of the workshop remain the same from the DEF CON 31 workshop with some updated topics for DEF CON 32, including an updated environment, and gMSA attacks within the lab.
\n\nSpeakers:Angus Strom,Troy DeftyAngus (0x10f2c_) is currently a Senior Security Engineer working at a tech company. He obtained a love for all things computers by scavenging computer parts from local garbage pickups as a kid, and then trying to make them work together without blowing up. Angus eventually realised that a career could be made out of his skills hacking together poorly written LUA code in Garry’s mod, and finished a Bachelors in Network Security. In his professional career Angus has 5+ years working in Security Consulting, working across many industries and gaining many shells. More recently Angus has made the move to a security engineer focused role. When not hacking he loves to ski on the little snow that Australia has, and loves to paint small miniatures while listening to Drone Metal.
\n\nSpeakerBio: Troy Defty, Security Engineering ManagerFollowing over a decade in the UK and Australian InfoSec industries, including an 8-and-a-half year stint in red teaming, Troy jumped the proverbial fence from red to blue, and is currently a Security Engineering Manager at a tech company. His interest and experience is in detection engineering, red teaming, threat modelling, hardware, and assessing ICS environments. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and making piano-related noise.
\n\n\n\'',NULL,614270),('1_Thursday','15','14:00','17:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Flipping the Coin: Red and Blue Teaming in Windows Environments (++)\'','\'Angus Strom,Troy Defty\'','WS_2a26a18632f1bdecc6eb435ccfd4b29f','\'\'',NULL,614271),('1_Thursday','16','14:00','17:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Flipping the Coin: Red and Blue Teaming in Windows Environments (++)\'','\'Angus Strom,Troy Defty\'','WS_2a26a18632f1bdecc6eb435ccfd4b29f','\'\'',NULL,614272),('1_Thursday','17','14:00','17:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Flipping the Coin: Red and Blue Teaming in Windows Environments (++)\'','\'Angus Strom,Troy Defty\'','WS_2a26a18632f1bdecc6eb435ccfd4b29f','\'\'',NULL,614273),('1_Thursday','14','14:00','17:59','N','WS','Springhill Suites/Sands','\'Sold Out - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 201\'','\'James Hawk\'','WS_f46116a98663d08bba52c97372d4fa0f','\'Title: Sold Out - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 201In the 201 version of Hide your kids, turn off your Wi-Fi, they Rogue APing up in here, we will launch the next level of attacks using Rogue APs and other wireless tools. We will look into different ways to attack wireless networks and leverage credentials harvested to gain a foothold, PITM, deliver payloads, and demonstrate impact to the client. During the workshop we will walk through different attacks against OPEN, WPA2, and 802.1X networks. During the CTF participants will have the chance to attack a simulated client network to leverage the attacks learned during the workshop. We will be using EAPHAMMER, BERATE_AP, WIFIPUMPKIN3, BETTERCAP, and RESPONDER. This workshop will be at the Intermediate level(all skill levels welcome), participants should have a solid knowledge of Linux, 802.11, networking, and using virtual machines. It is recommended that all students use the provided VM.
\n\nSpeakerBio: James Hawk, Senior Consultant, Proactive Services at Google Public SectorJames Hawk (He/Him) is a Senior Consultant with Google Public Sector, within Proactive Services. He is the wireless subject matter expert for his team. James has led and contributed to multiple assessments (Red Teams and Pen Tests). He has developed internal training and tool updates for 802.11 for his company and team. James is a 20-year veteran of the U.S. Army and has over 10 years of hands-on experience in wireless technologies. James is always researching/testing 802.11 attacks against his home lab. He is a fan of hockey, Letter Kenny, and almost anything Sci-Fi.
\n\n\n\'',NULL,614274),('1_Thursday','15','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 201\'','\'James Hawk\'','WS_f46116a98663d08bba52c97372d4fa0f','\'\'',NULL,614275),('1_Thursday','16','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 201\'','\'James Hawk\'','WS_f46116a98663d08bba52c97372d4fa0f','\'\'',NULL,614276),('1_Thursday','17','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 201\'','\'James Hawk\'','WS_f46116a98663d08bba52c97372d4fa0f','\'\'',NULL,614277),('1_Thursday','14','14:00','17:59','N','WS','Springhill Suites/Desert Inn','\'Sold Out - Long Live Empire: A C2 Workshop for Modern Red Teaming\'','\'Jake “Hubble” Krasnov,Kevin \"Kent\" Clark,Rey \"Privesc\" Bango\'','WS_1518e70f7837e049f31b467bf40f31d7','\'Title: Sold Out - Long Live Empire: A C2 Workshop for Modern Red TeamingCommand and Control (C2) play a crucial role for Red Teams and Advanced Persistent Threats (APTs), establishing persistent access and control over targeted networks. This workshop offers an in-depth exploration of the C2 frameworks, with a specific focus on the open-source Empire framework. Participants will gain valuable insights into the deployment, features, and real-world application of C2 in offensive security. Attendees will learn how to leverage Empire to create, customize, and execute advanced attack scenarios, honing their skills as red team operators. \nThrough practical exercises, attendees will learn to navigate the Empire framework, from basic setup to deploying sophisticated C2 infrastructures. The workshop covers key aspects such as listener configurations, agent management, and the utilization of Empire\'s diverse modules for effective post-exploitation. A unique feature of this training is the inclusion of a mini Capture-The-Flag (CTF) challenge, offering participants a hands-on opportunity to apply their skills in a controlled, competitive environment. \nBy the conclusion of this workshop, participants will be equipped with the knowledge and skills to leverage the Empire framework effectively in their red team operations, enhancing their capabilities in conducting advanced cyber attacks and navigating the complexities of modern cybersecurity landscapes. \nKey Workshop Highlights: \nComprehensive Introduction to Empire: Gain a solid understanding of Empire\'s capabilities, setup procedures, and its role in modern offensive operations. \nHands-On Deployment and Configuration: Learn through doing, with exercises designed to build proficiency in configuring Empire, managing agents, and customizing listeners. \nAdvanced Attack Scenarios: Delve into sophisticated techniques for post-exploitation, credential harvesting, and evasion, enhancing your arsenal as a red team operator. \nReal-World Application: Translate workshop learnings into actionable skills through a mini CTF challenge, simulating real-world offensive scenarios in a cloud-hosted environment.
\n\nSpeakers:Jake “Hubble” Krasnov,Kevin \"Kent\" Clark,Rey \"Privesc\" BangoJake \"Hubble\" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security. He has spent the first half of his career as an Astronautical Engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. Jake has presented at DEF CON, where he taught courses on offensive PowerShell and has been recognized by Microsoft for his discovery of a vulnerability in AMSI. Jake has authored numerous tools, including Invoke-PrintDemon and Invoke-ZeroLogon, and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
\n\nSpeakerBio: Kevin \"Kent\" Clark, Security Consultant at TrustedSecKevin \"Kent\" Clark is a Security Consultant with TrustedSec and a Red Team Instructor with BC Security. His previous work includes Penetration Testing and Red Team Operator, focusing on initial access and active directory exploitation. Kevin contributes to open-source tools such as PowerShell Empire and publishes custom security toolkits such as Badrats and WindowsBinaryReplacements. Kevin authors a cybersecurity blog at https://henpeebin.com/kevin/blog.
\n\nSpeakerBio: Rey \"Privesc\" Bango, Principal Cloud Advocate at MicrosoftRey \"Privesc\" Bango is a Principal Cloud Advocate at Microsoft focused on empowering companies and information technologists to take full advantage of transformative technologies. He works to build patterns and practices that streamline the development of solutions that take advantage of Artificial Intelligence and Machine Learning while ensuring that trust and confidence are a top priority, whether through security or responsible use of technology. Since 1989, Rey has explored the world of information technology through the lens of software developer, open-source contributor, cybersecurity practitioner, and an advocate for the secure and responsible use of artificial intelligence for social good.
\n\n\n\'',NULL,614278),('1_Thursday','15','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Long Live Empire: A C2 Workshop for Modern Red Teaming\'','\'Jake “Hubble” Krasnov,Kevin \"Kent\" Clark,Rey \"Privesc\" Bango\'','WS_1518e70f7837e049f31b467bf40f31d7','\'\'',NULL,614279),('1_Thursday','16','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Long Live Empire: A C2 Workshop for Modern Red Teaming\'','\'Jake “Hubble” Krasnov,Kevin \"Kent\" Clark,Rey \"Privesc\" Bango\'','WS_1518e70f7837e049f31b467bf40f31d7','\'\'',NULL,614280),('1_Thursday','17','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Long Live Empire: A C2 Workshop for Modern Red Teaming\'','\'Jake “Hubble” Krasnov,Kevin \"Kent\" Clark,Rey \"Privesc\" Bango\'','WS_1518e70f7837e049f31b467bf40f31d7','\'\'',NULL,614281),('2_Friday','09','09:00','12:59','N','WS','Springhill Suites/Desert Inn','\'Sold Out - Finding the Needle: An Introduction to Detection Engineering\'','\'Kathy Zhu,Troy Defty\'','WS_55ce12c74a5675c413494ecb02dac3e2','\'Title: Sold Out - Finding the Needle: An Introduction to Detection EngineeringAs defenders, we are always outnumbered, but we are by no means outmaneuvered. Attackers may hide in the haystack of haystacks, but with scalable detection logic, efficient coding practices, a thorough investigation methodology, and a reasonable corpus of computing, we can still determine which haystack to look within, and subsequently find the needle.
\n\nThis is often made possible by a detection pipeline. And knowing how detection pipelines work, and the role each component plays, can help us write more efficient, more accurate detections to make life hard for the attacker. By reducing the attacker\'s window of opportunity, whilst making the subsequent investigation easier for the would-be analyst, we can maintain a strong defensive position, forcing the attacker to burn significantly more resources in an attempt to make progress.
\n\nThis workshop will run attendees through implementing a simple detection pipeline in code, and some basic detection rules, to understand how to:\n- Ingest and normalize arbitrary log data, and make such data available for downstream detection rules;\n- Implement detection logic, to isolate potentially malicious behaviour;\n- Enrich log data with more context, aiding investigation; and\n- Draw relationships from individual log entries, to reduce investigative noise.
\n\nAttendees should be comfortable with either Python 3 or Golang, including core language syntax and the execution environment of their preferred language.
\n\nSpeakers:Kathy Zhu,Troy DeftyHaving worked in the security industry for 8+ years, Kathy is currently a Security Engineering Tech Lead in the detection space at Google. Her interest and experience is in detection engineering and software development. Outside of work, she also enjoys running, the outdoors, and reading.
\n\nSpeakerBio: Troy Defty, Security Engineering ManagerFollowing over a decade in the UK and Australian InfoSec industries, including an 8-and-a-half year stint in red teaming, Troy jumped the proverbial fence from red to blue, and is currently a Security Engineering Manager at a tech company. His interest and experience is in detection engineering, red teaming, threat modelling, hardware, and assessing ICS environments. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and making piano-related noise.
\n\n\n\'',NULL,614282),('2_Friday','10','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Finding the Needle: An Introduction to Detection Engineering\'','\'Kathy Zhu,Troy Defty\'','WS_55ce12c74a5675c413494ecb02dac3e2','\'\'',NULL,614283),('2_Friday','11','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Finding the Needle: An Introduction to Detection Engineering\'','\'Kathy Zhu,Troy Defty\'','WS_55ce12c74a5675c413494ecb02dac3e2','\'\'',NULL,614284),('2_Friday','12','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Finding the Needle: An Introduction to Detection Engineering\'','\'Kathy Zhu,Troy Defty\'','WS_55ce12c74a5675c413494ecb02dac3e2','\'\'',NULL,614285),('2_Friday','09','09:00','12:59','N','WS','Springhill Suites/Sands','\'Sold Out - Machine Learning for N00bs\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_257a900048db1900c3d30216c297af7d','\'Title: Sold Out - Machine Learning for N00bsEvery technical product is now incorporating machine learning at an explosive rate. But most people, even those with strong technical skills, don\'t understand how it works, what its capabilities are, and what security risks come with it. In this workshop, we\'ll make machine learning models using simple Python scripts, train them, and evaluate their worth. Projects include computer vision, breaking a CAPTCHA, deblurring images, regression, and classification tasks. We will perform poisoning and evasion attacks on machine learning systems, and implement deep neural rejection to block such attacks.\nNo experience with programming or machine learning is required, and the only software required is a Web browser. We will use TensorFlow on free Google Colab cloud systems. \nAll materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.
\n\nSpeakers:Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam BowneElizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.
\n\nSpeakerBio: Irvin Lemus, Cyber Range Engineer at By Light IT Professional ServicesIrvin Lemus, CISSP is a Cyber Range Engineer at By Light IT Professional Services, training military personnel through international cyber security exercises. Irvin has been in the field since 2006, involved with cybersecurity competitions since 2015 as a trainer, coach, and mentor. He also has taught IT and Cybersecurity courses at Coastline and Cabrillo Colleges. He is the BACCC Cyber Competitions Regional Coordinator, Board member at Pacific Hackers and is a speaker at DEFCON. He describes himself as, \"A professional troublemaker who loves hacking all the things.\"
\n\nSpeakerBio: Kaitlyn Handelman, Offensive Security Engineer at AmazonKaitlyn Handelman is an offensive security engineer at Amazon. Her focus is cybersecurity in space. In addition to traditional penetration testing, Kaitlyn works on physical devices and RF signals. In her free time, she enjoys ham radio, astronomy, and her cat, Astrocat.
\n\nSpeakerBio: Sam Bowne, Instructor at City College San FranciscoSam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000, and is the founder of Infosec Decoded, Inc. He has given talks and hands-on trainings at Black Hat USA, RSA, DEF CON, DEF CON China, HOPE, and many other conferences.\nCredentials: PhD, CISSP, DEF CON Black Badge Co-Winner
\n\n\n\'',NULL,614286),('2_Friday','10','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Machine Learning for N00bs\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_257a900048db1900c3d30216c297af7d','\'\'',NULL,614287),('2_Friday','11','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Machine Learning for N00bs\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_257a900048db1900c3d30216c297af7d','\'\'',NULL,614288),('2_Friday','12','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Machine Learning for N00bs\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_257a900048db1900c3d30216c297af7d','\'\'',NULL,614289),('2_Friday','09','09:00','12:59','N','WS','Springhill Suites/Frontier','\'Sold Out - Small Choices, Global Repercussions: A Tabletop Exercise about Decision-Making in Healthcare Cybersecurity\'','\'Isabel Straw,Jorge Acevedo Canabal,Nathan Case\'','WS_8b75a366a43f2c8c5026d5191a1f5cb2','\'Title: Sold Out - Small Choices, Global Repercussions: A Tabletop Exercise about Decision-Making in Healthcare CybersecurityIn the unpredictable world of healthcare, the ability to respond effectively to emergencies and technology failures is paramount to ensuring patient safety and continuity of care. As hospitals and emergency rooms increasingly rely on technology to deliver critical services, it\'s essential for all personnel to understand the complex interplay between technology, emergency response, and the potential cascading effects of failures. This immersive workshop is designed to equip participants with the knowledge and skills needed to navigate emergencies and technology failures in healthcare environments. Through a series of simulated scenarios encompassing various emergency situations and technology breakdowns, participants will explore the intricate challenges of maintaining operational resilience in the face of adversity.\nFrom power outages to cyberattacks, participants will learn how to identify, assess, and respond to emergencies with a focus on mitigating second and third-order consequences. Leveraging real-time data and insights from tools and techniques, participants will gain practical experience in detecting anomalies, coordinating response efforts, and minimizing disruption to patient care.\nKey Learning Objectives:\nUnderstand the complex interplay between technology, emergency response, and the potential cascading effects of failures in healthcare environments.\nExplore various emergency scenarios and technology failures, including power outages, cyberattacks, and system malfunctions.\nGain practical experience in assessing the impact of emergencies and technology failures on patient care and operational continuity.\nLearn how to use the available tools for real-time monitoring, detection, and response to security incidents and technology failures.\nDiscuss strategies for mitigating second and third-order consequences of emergencies and technology failures, including communication, collaboration, and contingency planning.
\n\nSpeakers:Isabel Straw,Jorge Acevedo Canabal,Nathan CaseUK Emergency Doctor, Artificial intelligence in Health PHD & Cybersecurity Researcher, Fulbright & Thouron Alum (Global Health Scholar)
\n\nSpeakerBio: Jorge Acevedo Canabal, Adjunct Professor at University of Puerto RicoMDPhysician, Adjunct Professor at University of Puerto Rico with Research in Natural Disaster Recovery, Emerging Healthcare Crises, Cyber Resiliency, and Vulnerable Populations (rare genetic disease, extremes of human life-span)
\n\nSpeakerBio: Nathan CaseCISO, CTO, Incident Responder, Tinkerer, and Dumpster fire guru
\n\n\n\'',NULL,614290),('2_Friday','10','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Small Choices, Global Repercussions: A Tabletop Exercise about Decision-Making in Healthcare Cybersecurity\'','\'Isabel Straw,Jorge Acevedo Canabal,Nathan Case\'','WS_8b75a366a43f2c8c5026d5191a1f5cb2','\'\'',NULL,614291),('2_Friday','11','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Small Choices, Global Repercussions: A Tabletop Exercise about Decision-Making in Healthcare Cybersecurity\'','\'Isabel Straw,Jorge Acevedo Canabal,Nathan Case\'','WS_8b75a366a43f2c8c5026d5191a1f5cb2','\'\'',NULL,614292),('2_Friday','12','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Small Choices, Global Repercussions: A Tabletop Exercise about Decision-Making in Healthcare Cybersecurity\'','\'Isabel Straw,Jorge Acevedo Canabal,Nathan Case\'','WS_8b75a366a43f2c8c5026d5191a1f5cb2','\'\'',NULL,614293),('2_Friday','09','09:00','12:59','N','WS','Springhill Suites/Dean Martin','\'Sold Out - Traumatic Library Loading : If you want to use it, you have to implement it...\'','\'Yoann Dequeker\'','WS_2cac49c1189f264df54e8c86d40c0bcd','\'Title: Sold Out - Traumatic Library Loading : If you want to use it, you have to implement it...DLL Loading is one of the most important parts of the Windows system. When you install, run, use, or hack a system, you will always use DLL. This DLL mechanism has been exploited for several years for malware development through several techniques : DLL injection, DLL sideloading, Reflective DLL but do you really know how Windows is loading a DLL ? Do you know how it links all sections ? Which structures are used to store internally ? How does it resolve dependencies ? And are you able to design your own Perfect DLL Loader that fully integrate with the WIN32API? \nIn this workshop, you will lose you sanity and dive into the Windows DLL mechanism. Armed with your decompiler and your brain, step by step, you will build your own (almost) Perfect DLL loader.\nYou will try to load from the simple AMSI.DLL to the most complexe WINHTTP.DLL. At each step, you will dive deeper into the Windows DLL Loader and the Windows Internals.\nMalware developers, you will be able to use this code as a PE loader that never failed me for the last years and a DLL loader that does not raise the LoadImage kernel callback you can use on your own C2 beacon.\nWARNING: while this is a windows internal DISCOVERY discovery course, it is still a HIGHLY TECHNICAL workshop. You should have some entry-level knowledge on Windows systems, C programing and reverse engineering to fully enjoy the workshop.\nIt is expected from the student to bring a laptop with either a Windows 10 or Windows 10 VM, a C compiler (Mingw or MSVC), a decompiler (IDA Free or Ghidra), the WinDBG debugger and the Sysinternals suite. I will personally use the following toolchain : WIN10, MSVC, IDA, WinDBG Preview.
\n\nSpeakerBio: Yoann Dequeker, Red Team Operator at WavestoneYoann Dequeker (@OtterHacker) is a red team operator at Wavestone entitle with OSCP and CRTO certification. Aside from his RedTeam engagements and his contributions to public projects such as Impacket, he spends time working on Malware Development to ease beacon deployment and EDR bypass during engagements and is currently developing a fully custom C2. His research leads him to present his results on several conferences such as LeHack (Paris), Insomni\'hack (Swiss) or even through a 4-hour malware workshop at Defcon31 (Las Vegas). All along the year, he publishes several white papers on the techniques he discovered or upgraded and the vulnerabilities he found on public products.
\n\n\n\'',NULL,614294),('2_Friday','10','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Traumatic Library Loading : If you want to use it, you have to implement it...\'','\'Yoann Dequeker\'','WS_2cac49c1189f264df54e8c86d40c0bcd','\'\'',NULL,614295),('2_Friday','11','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Traumatic Library Loading : If you want to use it, you have to implement it...\'','\'Yoann Dequeker\'','WS_2cac49c1189f264df54e8c86d40c0bcd','\'\'',NULL,614296),('2_Friday','12','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Traumatic Library Loading : If you want to use it, you have to implement it...\'','\'Yoann Dequeker\'','WS_2cac49c1189f264df54e8c86d40c0bcd','\'\'',NULL,614297),('2_Friday','09','09:00','12:59','N','WS','Springhill Suites/Dunes','\'Sold Out - Whitebox Web Exploit Development\'','\'Cale Smith,Priyanka Joshi\'','WS_492617df489b8b3c0ed3b01f453e9d57','\'Title: Sold Out - Whitebox Web Exploit DevelopmentGain experience popping root shells on real world web applications and taking your hacking skills to the next level. Students will learn accessible and powerful vulnerability discovery techniques to identify, exploit and chain vulnerabilities for root shells. Getting hands-on experience using free and widely available Linux utilities to debug and dynamically monitor applications, to more effectively discover and exploit vulnerabilities. Using a whitebox approach students will rapidly discover and exploit non-trivial bugs. A progressive hint system will be used during the labs to incrementally reveal step-by-step progressions of each exploit exercise in case students are stuck or fall behind.\nCourse Objectives:\n--Students will gain hands-on experience analyzing and developing exploits for real world application vulnerabilities.\n--Students will learn how to discover vulnerabilities and subsequently weaponize them in an exploit chain to spawn remote shells on application servers.\n--Students will gain experience using open source linux tools like strace and tcpdump to analyze application behavior and isolate vulnerabilities.\n--Students will gain experience weaponizing web application vulnerabilities and writing exploits\nUpon Completion of this training, attendees will know:\n--How to identify situations where openbox application vulnerability assessments are appropriate and how to leverage this powerful context.\n--How to utilize openbox penetration testing methodologies to achieve more thorough and effective assessments.\n--How to leverage vulnerability chaining to assemble multiple medium criticality findings into a single remote root exploit.
\n\nSpeakers:Cale Smith,Priyanka JoshiCale Smith is a nerd who loves both building but also breaking, so he can get better at building. He is passionate about understanding how anything and everything works, improving security along the way is just a bonus. Also, he is passionate about sharing his passion and created this course to pass along some of the more accessible techniques he has picked. His professional career originated exclusively as a builder, but has been focusing on the security and breaking side for the last 15 years. During that time he has dabbled in the web weenie life, cloud, binary, IoT and mobile most recently. Currently he manages a device oriented AppSec team at Amazon. While AFK he is probably riding a bike or climbing rocks.
\n\nSpeakerBio: Priyanka Joshi, Security Engineer, Ring AppSec at AmazonPriyanka Joshi started her career through the academic path of computer engineering followed by a masters degree in information security. Her learning journey truly began doing security engineering in the industry. She discovered her passion in the identity space during her first software security engineer job at an ancient mid sized company. There she focused on research, development, maintenance and security testing of OAuth2.0/OpenID implementations for over two years. In her current appsec engineer role at Amazon, she enjoys working on secure design assessments, bug bounty triage and fix validation, consults and security testing of web services. Outside of work, she enjoys hiking, sketching, music, watching anime and reading manga.
\n\n\n\'',NULL,614298),('2_Friday','10','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Whitebox Web Exploit Development\'','\'Cale Smith,Priyanka Joshi\'','WS_492617df489b8b3c0ed3b01f453e9d57','\'\'',NULL,614299),('2_Friday','11','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Whitebox Web Exploit Development\'','\'Cale Smith,Priyanka Joshi\'','WS_492617df489b8b3c0ed3b01f453e9d57','\'\'',NULL,614300),('2_Friday','12','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Whitebox Web Exploit Development\'','\'Cale Smith,Priyanka Joshi\'','WS_492617df489b8b3c0ed3b01f453e9d57','\'\'',NULL,614301),('2_Friday','14','14:00','17:59','N','WS','Springhill Suites/Sands','\'Sold Out - Dissecting and Defeating Ransomware\'s Evasion Tactics\'','\'Aaron Rosenmund,Josh Stroschein,Ryan Chapman\'','WS_4216a8a5ca52106b718a41589d07eab1','\'Title: Sold Out - Dissecting and Defeating Ransomware\'s Evasion TacticsGain a deeper understanding of how ransomware evades analysis and learn how to identify and counter these techniques. This workshop will explore common evasion methods, how they work, and how you can develop the skills to write code that re-enacts these methods. This workshop will begin by showing you how ransomware builders work. How do the builders generate reliable, viable ransomware code? You’ll learn! Once built, how do these malicious binaries implement analysis evasion techniques? Which techniques are used often? How do they function? We\'ll dive into the most prevalent techniques to show you how they work and why. Finally, you will learn how to re-enact some of these techniques along with more advanced methods within your own code. Are you ready to take your reverse engineering and coding skills to the next levels? – Let’s do this! And remember: #RansomwareSucks!
\n\nSpeakers:Aaron Rosenmund,Josh Stroschein,Ryan ChapmanAaron Rosenmund is the Senior Director of Content Strategy & Curriculum for Pluralsight, where he has also authored over 115 courses and technical labs across offensive and defensive security operations topics. Part time work includes service as an Cyber Warfare Operations office in the Delaware Air National guard, where he has also led a 100+ member red team for the largest cyber exercise in the Nation, Cybershield.
\n\nSpeakerBio: Josh Stroschein, Reverse Engineer, FLARE team at GoogleJosh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, RE, and other security topics.
\n\nSpeakerBio: Ryan ChapmanRyan Chapman is the author of SANS’ “FOR528: Ransomware and Cyber Extortion” course, teaches SANS’ “FOR610: Reverse Engineering Malware” course, works as a threat hunter @ $dayJob, and is an author for Pluralsight. Ryan has a passion for life-long learning, loves to teach people about ransomware-related attacks, and enjoys pulling apart malware.
\n\n\n\'',NULL,614302),('2_Friday','15','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Dissecting and Defeating Ransomware\'s Evasion Tactics\'','\'Aaron Rosenmund,Josh Stroschein,Ryan Chapman\'','WS_4216a8a5ca52106b718a41589d07eab1','\'\'',NULL,614303),('2_Friday','16','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Dissecting and Defeating Ransomware\'s Evasion Tactics\'','\'Aaron Rosenmund,Josh Stroschein,Ryan Chapman\'','WS_4216a8a5ca52106b718a41589d07eab1','\'\'',NULL,614304),('2_Friday','17','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Dissecting and Defeating Ransomware\'s Evasion Tactics\'','\'Aaron Rosenmund,Josh Stroschein,Ryan Chapman\'','WS_4216a8a5ca52106b718a41589d07eab1','\'\'',NULL,614305),('2_Friday','14','14:00','17:59','N','WS','Springhill Suites/Frontier','\'Sold Out - From an attacker\'s lair to your home: A practical journey through the world of Malware\'','\'Sebastian Tapia De la torre\'','WS_d7371a45a7409c6ca2285aefea14b217','\'Title: Sold Out - From an attacker\'s lair to your home: A practical journey through the world of MalwareAre you ready to dive deep into the world of malware analysis? Join me for an immersive workshop that will demystify the process of dissecting and analyzing malicious software. Throughout this hands-on session, participants will explore essential techniques and methodologies for uncovering the inner workings of malware and identifying potential threats.\nDuring the workshop we will analyze different kinds of malware, from malicious documents, .NET malware and more . Through practical demonstrations attendees will learn how to conduct static and dynamic analysis effectively, gaining valuable insights into malware behaviors and characteristics. Moreover, attendees will gain firsthand experience in executing and analyzing techniques used by attackers, deepening their understanding of how threat actors operate and how to detect and mitigate their malware effectively.\nBy the end of the workshop, attendees will have developed practical skills and techniques for analyzing real-world malware samples, empowering them to defend against evolving cyberthreats effectively.
\n\nSpeakerBio: Sebastian Tapia De la torre, Offensive Security ArchitectSebastian\'s journey into cybersecurity began with a childhood fascination for taking things apart and figuring out how they worked. As he grew older, this curiosity evolved into a passion for hacking and uncovering vulnerabilities in websites and applications, landing him a role in vulnerability management. Eventually, he pivoted into a Security Architect role, where he applied offensive thinking with defensive strategies to advance the security posture of the company he works for. Now an Offensive Security Architect, Sebastian specializes in designing and leading purple team exercises, leveraging real attacker TTPs to test and enhance their security posture effectively.
\n\n\n\'',NULL,614306),('2_Friday','15','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - From an attacker\'s lair to your home: A practical journey through the world of Malware\'','\'Sebastian Tapia De la torre\'','WS_d7371a45a7409c6ca2285aefea14b217','\'\'',NULL,614307),('2_Friday','16','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - From an attacker\'s lair to your home: A practical journey through the world of Malware\'','\'Sebastian Tapia De la torre\'','WS_d7371a45a7409c6ca2285aefea14b217','\'\'',NULL,614308),('2_Friday','17','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - From an attacker\'s lair to your home: A practical journey through the world of Malware\'','\'Sebastian Tapia De la torre\'','WS_d7371a45a7409c6ca2285aefea14b217','\'\'',NULL,614309),('2_Friday','14','14:00','17:59','N','WS','Springhill Suites/Dean Martin','\'Sold Out - Ghidra Analysis & Automation Masterclass\'','\'Max \"Libra\" Kersten\'','WS_b7238e38113340dcd559f0a93fca3cd3','\'Title: Sold Out - Ghidra Analysis & Automation MasterclassReverse engineering is done for a variety of reasons, most commonly to analyze malware, when searching for (and when looking to understand) vulnerabilities, or simply because of one’s curiosity. The NSA understood this early on and developed a framework to aid them in their reversing endeavors, which they open-sourced in early 2019: Ghidra. Since then, Ghidra has been one of the industry standard tools to analyze files, mainly due to its active development, as well as due to its accessible and versatile nature.
\n\nThis four-hour workshop primarily focuses on the analyst mindset and fundamental knowledge with regards to reverse engineering, including but not limited to understanding Ghidra’s core capabilities such as the disassembly and decompiler views, creating and retyping data structures, writing scripts to extend and automate tasks, and the creation and use of function recognition databases for FunctionID and BSim.
\n\nThe concepts behind the capabilities of Ghidra are the focus of the theory and during the hands-on exercises, allowing one to transfer the gained knowledge to another tool if so desired. As such, this class is perfect for aspiring and beginning analysts, while also providing background information and additional techniques for intermediate analysts.
\n\nThe workshop’s materials will partially consist of multiple malware samples, the precautions for which will be explained in-detail during the workshop, ensuring the safety and integrity of the systems of the attendees. A laptop with a preinstalled Intel based 64-bit Ubuntu 22.04 VM, along with Ghidra, Eclipse, and OpenJDK 21 is required.
\n\nAdditionally, knowing how to read C/C++ is required when dealing with decompiled code. Being able to read and write Java is required for the automation scripting, even though Python 2 can be used as well. If you cannot write Java and would still like to participate, you are welcome, but do note that this will impede some parts of the workshop’s exercises.
\n\nSpeakerBio: Max \"Libra\" KerstenMax Kersten is a malware analyst, blogger, and speaker who aims to make malware analysis more approachable for those who are starting. In 2019, Max graduated cum laude with a bachelor\'s in IT & Cyber Security, during which Max also worked as an Android malware analyst. Currently, Max works as a malware analyst at Trellix, where he analyses APT malware and creates open-source tooling to aid such research. Over the past few years, Max spoke at international conferences, such as DEFCON, Black Hat (USA, EU, MEA, Asia), Botconf, Confidence-Conference, HackYeahPL, and HackFestCA. Additionally, he gave guest lectures and workshops for DEFCON, Botconf, several universities, and private entities.
\n\n\n\'',NULL,614310),('2_Friday','15','14:00','17:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Ghidra Analysis & Automation Masterclass\'','\'Max \"Libra\" Kersten\'','WS_b7238e38113340dcd559f0a93fca3cd3','\'\'',NULL,614311),('2_Friday','16','14:00','17:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Ghidra Analysis & Automation Masterclass\'','\'Max \"Libra\" Kersten\'','WS_b7238e38113340dcd559f0a93fca3cd3','\'\'',NULL,614312),('2_Friday','17','14:00','17:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Ghidra Analysis & Automation Masterclass\'','\'Max \"Libra\" Kersten\'','WS_b7238e38113340dcd559f0a93fca3cd3','\'\'',NULL,614313),('2_Friday','14','14:00','17:59','N','WS','Springhill Suites/Dunes','\'Sold Out - Hack the connected plant!\'','\'Alexandrine Torrents,Arnaud Soullié\'','WS_b7abb1fa014fea6a6b4fdef4f9937437','\'Title: Sold Out - Hack the connected plant!Tired of legacy ICS systems? Attend this workshop to hack the next generation of Industrial Control Systems! No more Modbus, no more standard PLC, no more Purdue model!\nThis workshop is designed to show what the future might look like for Industrial Control Systems, and how it will impact cybersecurity.\nWe’ll bring a realistic ICS setup that features all the fancy current and future trends: SD-WAN and Zero Trust, OPC-UA, MQTT, Digital Twin, Edge devices and soft-PLCs to control a small-scale industrial process simulation.\nAfter a short introduction, we’ll get into hacking! We will walk you through a CTF-style exercise to go from 0 to full industrial process hacking! The CTF will be guided so that everyone learns something and gets a chance to get most flags!
\n\nSpeakers:Alexandrine Torrents,Arnaud SoulliéAlexandrine Torrents is a cybersecurity expert at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.
\n\nSpeakerBio: Arnaud Soullié, Senior Manager at WavestoneArnaud Soullié (@arnaudsoullie) is a Senior Manager at Wavestone, a global consulting company. For 14 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He spoke and taught workshops at numerous security conferences on ICS topics : BlackHat Europe, BruCon, CS3STHLM, BSides Las Vegas, DEFCON... He is also the creator of the DYODE project, an opensource data diode aimed at ICS. He has been teaching ICS cybersecurity training since 2015
\n\n\n\'',NULL,614314),('2_Friday','15','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Hack the connected plant!\'','\'Alexandrine Torrents,Arnaud Soullié\'','WS_b7abb1fa014fea6a6b4fdef4f9937437','\'\'',NULL,614315),('2_Friday','16','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Hack the connected plant!\'','\'Alexandrine Torrents,Arnaud Soullié\'','WS_b7abb1fa014fea6a6b4fdef4f9937437','\'\'',NULL,614316),('2_Friday','17','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Hack the connected plant!\'','\'Alexandrine Torrents,Arnaud Soullié\'','WS_b7abb1fa014fea6a6b4fdef4f9937437','\'\'',NULL,614317),('2_Friday','14','14:00','17:59','N','WS','Springhill Suites/Desert Inn','\'Sold Out - Learning to Hack Bluetooth Low Energy with BLE CTF\'','\'Alek Amrani,Ryan Holeman\'','WS_d75f8653a17b9ee668ccbb8764aa96ff','\'Title: Sold Out - Learning to Hack Bluetooth Low Energy with BLE CTFBLE CTF is a series of Bluetooth Low Energy challenges in a capture-the-flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. \nOver the past few years, BLE CTF has expanded to support multiple platforms and skill levels. Various books, workshops, training, and conferences have utilized it as an educational platform and CTF. As an open source, low-cost of entry, and expandable education solution, BLE CTF has helped progress Bluetooth security research.\nThis workshop will teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. For this workshop, we will undergo a series of exercises to teach beginner students new concepts and allow more seasoned users to try new tools and techniques. After completing this workshop, you should have a good solid understanding of how to interact with and hack on BLE devices in the wild.\nIf you have done BLE CTF in the past, this class is still valuable. For advanced users, we offer BLE CTF Infinity, a sequel to BLE CTF. The workshop will also showcase new hardware platforms and client tools for interacting with and completing the exercises.\nTo prepare for the workshop, please follow the setup documentation located at https://github.com/hackgnar/ble_ctf/blob/master/docs/workshop_setup.md
\n\nSpeakers:Alek Amrani,Ryan HolemanAlek Amrani is bad at expense reports.
\n\nSpeakerBio: Ryan Holeman, CISO at Stability AIRyan Holeman resides in Austin, Texas, where he works as the CISO for Stability AI. He is currently pursuing a Ph.D. in cyber defense from Dakota State University. He has spoken at respected venues such as Black Hat, DEF CON, Lockdown, BSides, Ruxcon, Notacon, and Shmoocon. You can keep up with his current activity, open source contributions, and general news on his blog. His spare time is mostly spent digging into various network protocols, random hacking, creating art, and shredding local skateparks.
\n\n\n\'',NULL,614318),('2_Friday','15','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Learning to Hack Bluetooth Low Energy with BLE CTF\'','\'Alek Amrani,Ryan Holeman\'','WS_d75f8653a17b9ee668ccbb8764aa96ff','\'\'',NULL,614319),('2_Friday','16','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Learning to Hack Bluetooth Low Energy with BLE CTF\'','\'Alek Amrani,Ryan Holeman\'','WS_d75f8653a17b9ee668ccbb8764aa96ff','\'\'',NULL,614320),('2_Friday','17','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Learning to Hack Bluetooth Low Energy with BLE CTF\'','\'Alek Amrani,Ryan Holeman\'','WS_d75f8653a17b9ee668ccbb8764aa96ff','\'\'',NULL,614321),('3_Saturday','09','09:00','12:59','N','WS','Springhill Suites/Dunes','\'Sold Out - Capture the Flag 101\'','\'Micah Silverman\'','WS_98d0f882a8354a4f1fd8cff47a9eac29','\'Title: Sold Out - Capture the Flag 101Capture the Flag (CTF) is a competition where teams and individuals compete to solve security challenges. The one that collects most flags the fastest wins the competition (and typically, prizes).\nCTF-101 is an interactive workshop where we attendees learn about CTF competitions and common security vulnerabilities in a game-like environment. A couple of challenges are presented throughout the session and our hosts walk through how to solve them and provide support as attendees try to solve the challenges during the live hacking part of the workshop. Plus, there’s a leaderboard for attendees to track their progress.
\n\nSpeakerBio: Micah Silverman, Director of Security Relations at SnykMicah is Snyk\'s Director of Security Relations. With 29 years of Java Experience (yup, that\'s from the beginning) and 23 years as a security professional Micah\'s authored numerous articles, co-authored a Java EE book, and spoken at many conferences. He\'s a maker, who\'s built full-size MAME arcade cabinets and repaired old electronic games (http://afitnerd.com/2011/10/16/weekend-project-fix-dark-tower/). He brings his love of all things security and Java to a conference near you!
\n\n\n\'',NULL,614322),('3_Saturday','10','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Capture the Flag 101\'','\'Micah Silverman\'','WS_98d0f882a8354a4f1fd8cff47a9eac29','\'\'',NULL,614323),('3_Saturday','11','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Capture the Flag 101\'','\'Micah Silverman\'','WS_98d0f882a8354a4f1fd8cff47a9eac29','\'\'',NULL,614324),('3_Saturday','12','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Capture the Flag 101\'','\'Micah Silverman\'','WS_98d0f882a8354a4f1fd8cff47a9eac29','\'\'',NULL,614325),('3_Saturday','09','09:00','12:59','N','WS','Springhill Suites/Frontier','\'Sold Out - Hacking Apps on Salesforce\'','\'Rodney David Beede\'','WS_d794fe6f7f4ae5ed68bbd3388cb8a22c','\'Title: Sold Out - Hacking Apps on SalesforceThis training will cover how to discover vulnerabilities in custom Salesforce applications hosted on the Salesforce PaaS platform. This is not hacking Salesforce itself, but instead custom applications deployed by customers of Salesforce. You should already know OWASP Top 10 fundamentals such as how XSS or injection attacks work. You will learn how to find vulnerabilities specific to Salesforce apps such as SOQL injection, SOSL, cross-site scripting filter bypasses, and bypassing access controls of hidden functions to exfiltrate data.\nA new open-source tool “PaaS Cloud Goat” will be used to provide a simulated vulnerable Salesforce application for testing. Students will be expected to use a MitM proxy tool (Burp Suite) to craft malicious attacks to exploit the application. This training will provide a lab manual and live walk-through of the attack process and methods. We will also cover source code review and practice how to find vulnerabilities in code and translate them to working exploits of the simulator app.
\n\nTakeaways:\n1. Hands-on learning opportunity of pen testing custom Salesforce applications\n2. Detailed training documentation material about the underlying flaws\n3. Consolidated list of common Salesforce application vulnerabilities
\n\nSpeakerBio: Rodney David Beede, Principal ConsultantRodney is a principal consultant and has specialized in web and cloud security for over 10 years. He has spoken at multiple conferences on topics from cloud security engineering to IoT device hacking. He has multiple CVEs for discovered web application security vulnerabilities. He started his career in enterprise web application software development but shifted to the security industry with his master\'s thesis research project \"A Framework for Benevolent Computer Worms\" 2012.
\n\n\n\'',NULL,614326),('3_Saturday','10','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Hacking Apps on Salesforce\'','\'Rodney David Beede\'','WS_d794fe6f7f4ae5ed68bbd3388cb8a22c','\'\'',NULL,614327),('3_Saturday','11','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Hacking Apps on Salesforce\'','\'Rodney David Beede\'','WS_d794fe6f7f4ae5ed68bbd3388cb8a22c','\'\'',NULL,614328),('3_Saturday','12','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Hacking Apps on Salesforce\'','\'Rodney David Beede\'','WS_d794fe6f7f4ae5ed68bbd3388cb8a22c','\'\'',NULL,614329),('3_Saturday','09','09:00','12:59','N','WS','Springhill Suites/Desert Inn','\'Sold Out - Hacking The Metal: A Spark of Intelligence\'','\'eigentourist\'','WS_87823cbf53064a0eadf88b156ca3ecec','\'Title: Sold Out - Hacking The Metal: A Spark of IntelligenceWe live in a time of unexpected transformation. Machines can hold conversations, compose prose and poetry, and generate very convincing deepfakes. The field of AI where this all happens – deep learning – has a long history, starting with one simple building block: the neural network.\nIn this workshop, we will tour through the evolution of neural networks and discover that much of their evolution occurred in the world of low-level programming. Using C, C++ and a bit of assembly language, we will learn the fundamentals behind neural networks in their various forms, and build a foundation of knowledge that will allow us to understand how we arrived at large language models, the current state of the art. Most importantly, we will discover how far we can stretch everyday hardware to run deep learning models that solve interesting problems.
\n\nSpeakerBio: eigentouristEigentourist is a programmer who learned the craft in the early 1980s. He began formal education in computer science when the height of software engineering discipline meant avoiding the use of GOTO statements. Over the course of his career, he has created code of beautiful simplicity and elegance, and of horrific complexity and unpredictability. Sometimes, it\'s hard to tell which was which. Today, he works on systems integration and engineering in the healthcare industry.
\n\n\n\'',NULL,614330),('3_Saturday','10','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Hacking The Metal: A Spark of Intelligence\'','\'eigentourist\'','WS_87823cbf53064a0eadf88b156ca3ecec','\'\'',NULL,614331),('3_Saturday','11','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Hacking The Metal: A Spark of Intelligence\'','\'eigentourist\'','WS_87823cbf53064a0eadf88b156ca3ecec','\'\'',NULL,614332),('3_Saturday','12','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Hacking The Metal: A Spark of Intelligence\'','\'eigentourist\'','WS_87823cbf53064a0eadf88b156ca3ecec','\'\'',NULL,614333),('3_Saturday','09','09:00','12:59','N','WS','Springhill Suites/Sands','\'Sold Out - Industrial Control Systems: how to secure them in practice!\'','\'Alexandrine Torrents\'','WS_51d86da1c90492e4eec30bdb276d4e05','\'Title: Sold Out - Industrial Control Systems: how to secure them in practice!\"Pentesting ICS is too easy and you are looking for a new challenge? Attend this workshop to discover and practice how to secure Industrial Control Systems! This workshop is designed to show some key cybersecurity measures to implement on Industrial Control Systems.\nWe’ll bring a realistic but simple ICS setup and let you secure it step by step. After a short introduction, we’ll deep dive in several hands-on exercises: ICS inventory, backups, network security, system hardening and detection.\n\"
\n\nSpeakerBio: Alexandrine Torrents, Cybersecurity Expert at WavestoneAlexandrine Torrents is a cybersecurity expert at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.
\n\n\n\'',NULL,614334),('3_Saturday','10','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Industrial Control Systems: how to secure them in practice!\'','\'Alexandrine Torrents\'','WS_51d86da1c90492e4eec30bdb276d4e05','\'\'',NULL,614335),('3_Saturday','11','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Industrial Control Systems: how to secure them in practice!\'','\'Alexandrine Torrents\'','WS_51d86da1c90492e4eec30bdb276d4e05','\'\'',NULL,614336),('3_Saturday','12','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Industrial Control Systems: how to secure them in practice!\'','\'Alexandrine Torrents\'','WS_51d86da1c90492e4eec30bdb276d4e05','\'\'',NULL,614337),('3_Saturday','09','09:00','12:59','N','WS','Springhill Suites/Dean Martin','\'Sold Out - Sharp Security from All Angles: Mastering Security in .NET Core 8 and Angular 17 Applications\'','\'Or Sahar,Yariv Tal\'','WS_9e587a9de4a64349640f01571f588f5e','\'Title: Sold Out - Sharp Security from All Angles: Mastering Security in .NET Core 8 and Angular 17 ApplicationsWe’ve developed an interactive workshop for all those who want to learn secure coding practices and/or experience attacking with up-to-date technologies.\nWe prefer simplicity:\nAttacks are performed with swagger and C# scripts, and exploit XSS, CSRF, SSRF, and SQLI. We’ll also steal secrets and cookies.\nSecure coding practices are summarized in an easy-to-remember acronym (PREVENT).\nParticipants will transform RecipeRealm, a naive webapi+angular recipes repository, into a secure solution.\nThrough the hands-on real-world coding exercises, we will cover dealing with a vulnerable third party, using the built-in defense mechanism of Angular, implementing antiCSRF mechanisms, coding a secure data layer, and how to protect a web API from being exploited to get information about our internal assets.
\n\nSpeakers:Or Sahar,Yariv TalOr Sahar is a security researcher and the co-founder of Secure From Scratch. With two decades of experience in software development and security, she specializes in penetration testing, application security, and instructing on secure coding practices. Currently pursuing a second Master\'s degree in computer science, Or Sahar holds a BSc in software engineering and is certified as an OSCE.
\n\nSpeakerBio: Yariv TalYariv Tal is a senior developer turned security researcher. He graduated Summa Cum Laude with a BSc in Software Engineering and is currently pursuing a Master\'s degree in Computer Science. Yariv leverages his four decades of programming experience, university lecturing, and BootCamp mentoring to promote a \"secure from scratch\" coding philosophy.
\n\n\n\'',NULL,614338),('3_Saturday','10','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Sharp Security from All Angles: Mastering Security in .NET Core 8 and Angular 17 Applications\'','\'Or Sahar,Yariv Tal\'','WS_9e587a9de4a64349640f01571f588f5e','\'\'',NULL,614339),('3_Saturday','11','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Sharp Security from All Angles: Mastering Security in .NET Core 8 and Angular 17 Applications\'','\'Or Sahar,Yariv Tal\'','WS_9e587a9de4a64349640f01571f588f5e','\'\'',NULL,614340),('3_Saturday','12','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Sharp Security from All Angles: Mastering Security in .NET Core 8 and Angular 17 Applications\'','\'Or Sahar,Yariv Tal\'','WS_9e587a9de4a64349640f01571f588f5e','\'\'',NULL,614341),('3_Saturday','14','14:00','17:59','N','WS','Springhill Suites/Dunes','\'Sold Out - Crash Course in Physical Access Control Systems\'','\'Lorenzo Pedroncelli,Randy Belbin\'','WS_47729bad318e90808072e8ca8f9eeaaf','\'Title: Sold Out - Crash Course in Physical Access Control SystemsThis Physical Access Control Learning Lab will teach attendees about physical access control and the systems involved. Many of the subjects being taught will be related to their cybersecurity counterparts and lots of focus placed on the why of each concept, not only the fun parts.
\n\nSpeakers:Lorenzo Pedroncelli,Randy BelbinLorenzo has been working with technology since childhood, directly out of high school he went to work for the National Laboratories. Lorenzo helped drive a new security initiative for High Performance Computing, eventually moving to another National Laboratory to do the same. After leaving government contracting Lorenzo joined RSA and started his first \"official\" job in cybersecurity as a consultant for NetWitness helping customers improve their knowledge and use of the SIEM. Most recently Lorenzo switched into supporting RSA\'s internal security operations, leading the Converged Security team including the Incident Response, Data Security, Cloud Security, and Endpoint Security programs, among others.
\n\nSpeakerBio: Randy Belbin, RSARandy began his Information Technology and cybersecurity career in the MSP space over a decade ago, before joining RSA as a Sales Engineer in 2016. In the years since, Randy has become an industry expert for Identity and Access Management. In 2022, Randy moved to RSA’s Security and Risk office to lead the identity program at the newly independent RSA. As part of the security team, Randy has been able to broaden his experience and currently assists with physical security, cloud security, and incident response, in addition to his role as the identity guy.
\n\n\n\'',NULL,614342),('3_Saturday','15','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Crash Course in Physical Access Control Systems\'','\'Lorenzo Pedroncelli,Randy Belbin\'','WS_47729bad318e90808072e8ca8f9eeaaf','\'\'',NULL,614343),('3_Saturday','16','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Crash Course in Physical Access Control Systems\'','\'Lorenzo Pedroncelli,Randy Belbin\'','WS_47729bad318e90808072e8ca8f9eeaaf','\'\'',NULL,614344),('3_Saturday','17','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Crash Course in Physical Access Control Systems\'','\'Lorenzo Pedroncelli,Randy Belbin\'','WS_47729bad318e90808072e8ca8f9eeaaf','\'\'',NULL,614345),('3_Saturday','14','14:00','17:59','N','WS','Springhill Suites/Desert Inn','\'Sold Out - Email Detection Engineering and Threat Hunting\'','\'Alfie Champion,Josh Kamdjou\'','WS_34131ec52fd35ae3b2d887985097f54b','\'Title: Sold Out - Email Detection Engineering and Threat HuntingEmail remains the #1 initial access vector for commodity malware and nation state actors. Historically, tackling email-based threats has been considered the purview of black-box vendor solutions, with defenders having limited scope (or tooling!) to swiftly and effectively respond to emerging attacker activity and novel offensive tradecraft.\nIn this workshop, attendees will be given detailed insight into the latest techniques used to deliver prevalent malware strains, including Pikabot and DarkGate, and will hunt through email data to identify this malicious activity, developing rules to detect and block these attacks.\nInitially attendees will be introduced to the foundational technologies that enable threat hunting, detection engineering, and response in the email domain, before being given access to the email data of a fictitious company seeded with benign and real-world attack data. Throughout the day, participants will learn to hunt common phishing techniques including:\n- QR codes\n- Image-as-content\n- Drive-by delivery via links and HTML smuggling\n- Excel attachments with embedded links to SMB shares\n- ISO attachments\n- PDF attachments with embedded links to malware (PDF -> URL -> ZIP -> WSF)\n- VIP impersonations\n- BEC\nAttendees will be guided through the rule creation process, utilizing free and open detection engines including Sublime and Yara, and will be introduced to the signals and email attributes that can be used to craft high-fidelity rules, including targeted user groups, sentiment analysis, sender domain age, and attachment analysis. Having completed the workshop, attendees will have a strong understanding of the tools and techniques at their disposal to defend their organizations from all manor of email threats.
\n\nSpeakers:Alfie Champion,Josh KamdjouAlfie specialises in the delivery of attack detection and adversary emulation services, actively contributing education content, tooling and blogs to further the industry. He has previously worked with organisations across multiple industry verticals to uplift and validate their detective capability through red or purple team engagements, and now leads the global adversary emulation function at a FTSE 250 company. He has previously spoken at BlackHat USA, RSA and Blue Team Con 2022, among others, and is the co-founder of DelivrTo.
\n\nSpeakerBio: Josh Kamdjou, Founder and CEO at Sublime SecurityJosh has been doing offensive security-related things for the past 12 years. He\'s spent most of his professional career breaking into networks via spear-phishing and other methods, and building software for both the public (Department of Defense) and private sectors. Josh is the Founder and CEO of Sublime Security, and in his private life enjoys weight lifting, Martial Arts, soccer, and spending time with his niece and nephew.
\n\n\n\'',NULL,614346),('3_Saturday','15','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Email Detection Engineering and Threat Hunting\'','\'Alfie Champion,Josh Kamdjou\'','WS_34131ec52fd35ae3b2d887985097f54b','\'\'',NULL,614347),('3_Saturday','16','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Email Detection Engineering and Threat Hunting\'','\'Alfie Champion,Josh Kamdjou\'','WS_34131ec52fd35ae3b2d887985097f54b','\'\'',NULL,614348),('3_Saturday','17','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Email Detection Engineering and Threat Hunting\'','\'Alfie Champion,Josh Kamdjou\'','WS_34131ec52fd35ae3b2d887985097f54b','\'\'',NULL,614349),('3_Saturday','14','14:00','17:59','N','WS','Springhill Suites/Sands','\'Sold Out - Master Class: Hands-On Machine Learning to Enhance Malware Analysis, Classification, and Detection\'','\'Solomon Sonya\'','WS_941a719327044372247fc3bd7f76c78e','\'Title: Sold Out - Master Class: Hands-On Machine Learning to Enhance Malware Analysis, Classification, and DetectionMalware continues to increase in prevalence and sophistication. VirusTotal reported a daily submission of 2M+ malware samples. Of those 2 million malware daily submissions, over 1 million were unique malware samples. Successfully exploiting networks and systems has become a highly profitable operation for malicious threat actors. Traditional detection mechanisms including antivirus software fail to adequately detect new and varied malware. Artificial Intelligence provides advanced capabilities that can enhance cybersecurity. The purpose of this workshop is to provide an immersive, hands on projects that teach security analysts how to train Machine Learning models to detect thousands and thousands of unique malware samples. This workshop delivers a new framework that uses Machine Learning models to analyze malware, produce uniform datasets for additional analysis, and classify malicious samples into malware families. Additionally, this research presents a new Ensemble Classification Facility we developed that leverages several Machine Learning models to enhance malware classification. To our knowledge, this is the first research that utilizes Machine Learning to provide enhanced classification of an entire 200+ gigabyte-malware family corpus consisting of 80K+ unique malware samples and 70+ unique malware families. New, labeled datasets are released to aid in future classification of malware. It is time we leverage the capabilities of Artificial Intelligence and Machine Learning to enhance detection and classification of malware. Topics taught through hands-on projects include Machine Learning, Natural Language Processing, and Deep Learning models. This workshop provides a pathway to incorporate Artificial Intelligence into the automated malware analysis domain.
\n\nSpeakerBio: Solomon Sonya, Computer Science Graduate Student at Purdue UniversitySolomon Sonya (@0xSolomonSonya) is a Computer Science Graduate Student at Purdue University. He earned his undergraduate degree in Computer Science and Master’s Degrees in Computer Science, Information Systems Engineering, and Operational Strategy. Solomon routinely develops new cybersecurity tools and presents research, leads workshops, and delivers keynote addresses at cyber security conferences around the world. Prior to attending Purdue, Solomon was the Director of Cyber Operations Training. Prior to that position, Solomon was a Distinguished Computer Science Instructor at the United States Air Force Academy, Research Scholar at the University of Southern California, Los Angeles, and an Adjunct Faculty Instructor with the Advanced Course in Engineering Cyberspace Security (ACE) at the Air Force Research Lab in Rome, NY.
\n\n\n\'',NULL,614350),('3_Saturday','15','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Master Class: Hands-On Machine Learning to Enhance Malware Analysis, Classification, and Detection\'','\'Solomon Sonya\'','WS_941a719327044372247fc3bd7f76c78e','\'\'',NULL,614351),('3_Saturday','16','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Master Class: Hands-On Machine Learning to Enhance Malware Analysis, Classification, and Detection\'','\'Solomon Sonya\'','WS_941a719327044372247fc3bd7f76c78e','\'\'',NULL,614352),('3_Saturday','17','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Master Class: Hands-On Machine Learning to Enhance Malware Analysis, Classification, and Detection\'','\'Solomon Sonya\'','WS_941a719327044372247fc3bd7f76c78e','\'\'',NULL,614353),('3_Saturday','14','14:00','17:59','N','WS','Springhill Suites/Frontier','\'Sold Out - Playing with RFID\'','\'Vinnie \"kernelpaniek\" Vanhoecke\'','WS_c854c4fe8bc9c8933f09aee6f251d438','\'Title: Sold Out - Playing with RFIDGet ready for everything you always wanted to know about RFID, but were afraid to ask! The workshop will start with a basic introduction to Radio-frequency Identification (RFID) and build to a set of practical hands-on challenges. The workshop delves into the theory behind RFID, including different types and protocols (insecure vs. secure types), and how to perform an assessment. Several hands-on assignments will punctuate the theory portion, preparing participants for challenges (of increasing difficulty) on an RFID simulation device, all while participants obtain points for the CTF contest. The objective is to make this workshop fun and accessible to a wide audience. The RFID protocols discussed and in the challenges will be limited to HID and Mifare Classic Instructions and walkthroughs for three devices will be available in the workshop materials, including:\n * Proxmark3\n * Flipper Zero\n * ACR122U\nACR122U devices will be available from the instructor during the workshop.
\n\nSpeakerBio: Vinnie \"kernelpaniek\" Vanhoecke, Senior Security Consultant at Bishop FoxVinnie Vanhoecke (OSCE, OSCP) is a Senior Security Consultant at Bishop Fox, where he focuses on web application assessments (static and dynamic), external and internal network penetration testing, and cloud security assessments. He also has extensive experience in red teaming and mobile application assessments for Android. As hobby he likes anything from space to nature, HAM radio, 3D printing and any other IT related topic. Vinnie holds a Bachelor of Computer Science with a Computer and Cybercrime Professional specialisation from Howest in Bruges, Belgium.
\n\n\n\'',NULL,614354),('3_Saturday','15','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Playing with RFID\'','\'Vinnie \"kernelpaniek\" Vanhoecke\'','WS_c854c4fe8bc9c8933f09aee6f251d438','\'\'',NULL,614355),('3_Saturday','16','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Playing with RFID\'','\'Vinnie \"kernelpaniek\" Vanhoecke\'','WS_c854c4fe8bc9c8933f09aee6f251d438','\'\'',NULL,614356),('3_Saturday','17','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Playing with RFID\'','\'Vinnie \"kernelpaniek\" Vanhoecke\'','WS_c854c4fe8bc9c8933f09aee6f251d438','\'\'',NULL,614357),('2_Friday','12','12:00','12:59','N','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Aw, man…pages!\'','\'\'','CON_68a88044135c2b54fe86254cf8062b6d','\'Title: Aw, man…pages!How well do you know your man pages? Find out by teaming up with up to 3 other people (or come solo and get matched up with some new friends) and play \"Aw, man...pages!\". Across several rounds, your knowledge of man pages will be tested to the limit. Can you remember what command line flag is being described by its help text? Can you identify a tool just from a man page snippet? Can you provide the long-form flag when only given the short? Will you prove yourself worthy to be crowned the man page champion?
\n\n\'',NULL,614358),('2_Friday','13','13:00','14:59','N','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'AI Art Battle\'','\'\'','CON_080fb07bea1f9b990c23b9587767c261','\'Title: AI Art BattleWelcome to the “AI Art Battle\" Generative AI Art Contest!
\n\nThis unique competition invites creative minds to dive into the world of artificial intelligence and art. The challenge is to craft the most imaginative prompts that will be used by generative AI models to create artwork.
\n\nContestants will not be creating the art themselves; instead, they will focus on designing prompts for well-known topics that push the boundaries of creativity and innovation.
\n\nHow It Works:
\n\nSelect a Topic: Contestants will choose from a list of random topics.
\n\nThese could range from historical events, famous literary works, mythical creatures, futuristic landscapes, to iconic pop culture references.
\n\nCraft a Prompt:
\n\nUsing their creativity, contestants will write a detailed prompt designed to guide AI models in generating original artwork. The prompts should be clear, imaginative, and offer enough detail to spark the AI\'s artistic capabilities.
\n\nSubmission: Each contestant will submit their prompt and the intended outcome.
\n\nAI Generation: The submitted prompts will be fed into a generative AI art model, which will create corresponding artworks based on the prompts.
\n\nA random panel will determine who the winners are.
\n\nSchedule:\n- 13:00 - 13:30 setup\n- 13:30 - 14:00 qualifiers\n- 14:00 - 15:00 contest
\n\n\'',NULL,614359),('2_Friday','14','13:00','14:59','Y','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'AI Art Battle\'','\'\'','CON_080fb07bea1f9b990c23b9587767c261','\'\'',NULL,614360),('3_Saturday','11','11:00','12:59','N','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'DEF CON 32 Beard and Mustache Contest\'','\'\'','CON_61b7a1579e5dc73d0c92ab963c2cbc56','\'Title: DEF CON 32 Beard and Mustache ContestHeld every year since DEF CON 19 in 2011 (R.I.P. Riviera), (Except during that COVID thing - but we are not going to talk about that COVID thing), the DEF CON (unofficial) Beard and Mustache Contest highlights the intersection of facial hair and hacker culture.
\n\nFor 2024 there will be four categories for the competition you may only enter one:\n- Full beard: Self-explanatory, for the truly bearded.\n- Partial Beard: For those sporting Van Dykes, Goatees, Mutton Chops, and other partial beard styles.\n- Mustache only: Judging on the mustache only, even if bearded. Bring your Handlebars, Fu Manchus, or whatever adorns your upper lip.\n- Freestyle: Anything goes, including fake and creatively adorned beards. Creative women often do well in the Freestyle category.
\n\n\'',NULL,614361),('3_Saturday','12','11:00','12:59','Y','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'DEF CON 32 Beard and Mustache Contest\'','\'\'','CON_61b7a1579e5dc73d0c92ab963c2cbc56','\'\'',NULL,614362),('3_Saturday','13','13:00','14:59','N','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Hack3r Runw@y\'','\'\'','CON_2d14ee578545fd9a332282ba75ca44dd','\'Title: Hack3r Runw@yGet ready to strut your stuff, hackers! We\'re thrilled to announce the 6th annual Hack3r Runw@y returning to DEF CON 32, bigger and bolder than ever.
\n\nCalling all glamorous geeks, crafty coders, and fashionably functional folks: Dust off your soldering irons, grab your needles and threads, and unleash your creativity! Hack3r Runw@y challenges you to reimagine fashion through the lens of hacking.
\n\nShow us your wearable tech wonders in the following 4 categories for a chance to win in each category plus one coveted People’s Choice trophy where ANYONE can win, but there will be a twist. Did you see this year\'s theme (hint).
\n\nSmart wear that wows: Integrate LEDs, microcontrollers, and sensors into your designs for dazzling functionality.
\n\nDigital design that dazzles: light it up with LEDs, bling with lights, but keep it passive.
\n\nFunctional Fashion: masks and shields, hazmat suit, lockpick earrings, and cufflink shims.
\n\nExtraordinary style: Elevate your daily wardrobe with unique fabrics, passive design, 3d textures, optical illusions, cosplay, and security-inspired patterns.
\n\nNo matter your skill level, Hack3r Runw@y has a place for you! Whether you\'re a seasoned maker or a coding newbie, join us in celebrating the convergence of creativity, technology, and style.
\n\nWinners selected by judges selection based on:
\n\nUniqueness\nTrendy\nPractical\nCouture\nCreativity\nRelevance\nOriginality\nPresentation\nMastery
\n\n\'',NULL,614363),('3_Saturday','14','13:00','14:59','Y','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Hack3r Runw@y\'','\'\'','CON_2d14ee578545fd9a332282ba75ca44dd','\'\'',NULL,614364),('3_Saturday','16','16:00','18:59','N','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Crash and Compile\'','\'\'','CON_724b417aa2293953ff2d45f1c911e3a0','\'Title: Crash and CompileIn-person contest\nFriday: 10:00 to 15:00, Qualifications \nContest Area\nSaturday: 16:00 - 19:00\nContest Stage
\n\nWhat happens when you take an ACM style programming contest, smash it head long into a drinking game, throw in a mix of our most distracting helpers, then shove the resulting chaos incarnate onto a stage? You get the contest known as Crash and Compile.
\n\nTeams are given programming challenges and have to solve them with code. If your code fails to compile? Take a drink. Segfault? Take a drink. Did your code fail to produce the correct answer when you ran it? Take a drink. We set you against the clock and the other teams. And because our \"Team Distraction\" think watching people simply code is boring, they have taken it upon themselves to be creative in hindering you from programming, much to the enjoyment of the audience. At the end of the night, one team will have proven their ability, and walk away with the coveted Crash and Compile trophy.
\n\nCrash and Compile is looking for the top programmers to test their skills in our contest. Do you have the problem solving and programming ability to complete our challenges? More importantly can you do so with style that sets your team ahead of the others? We encourage you to try your hand at the Crash and Compile qualifiers. Gather your team and see if you have the coding chops to secure your place as one of the top teams to move on to the main contest event.
\n\nQualifications for Crash and Compile will take place 10:00 to 15:00. Come see us in contest area West Hall 4, or if you are excited to get started, qualifying can be completed from anywhere, as it takes place online at https://crashandcompile.org. You need a two hour block of time to complete the qualifying round. Points are awarded based on time to complete and problem difficulty.
\n\n\'',NULL,614365),('3_Saturday','17','16:00','18:59','Y','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Crash and Compile\'','\'\'','CON_724b417aa2293953ff2d45f1c911e3a0','\'\'',NULL,614366),('3_Saturday','18','16:00','18:59','Y','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Crash and Compile\'','\'\'','CON_724b417aa2293953ff2d45f1c911e3a0','\'\'',NULL,614367),('2_Friday','10','10:00','14:59','N','CON','LVCC West/Floor 1/Hall 4/Contest Area','\'Crash and Compile - Qualifications\'','\'\'','CON_2bb9d1b7ea6710c41dab3f9ca2258a1a','\'Title: Crash and Compile - QualificationsWhat happens when you take an ACM style programming contest, smash it head long into a drinking game, throw in a mix of our most distracting helpers, then shove the resulting chaos incarnate onto a stage? You get the contest known as Crash and Compile.
\n\nTeams are given programming challenges and have to solve them with code. If your code fails to compile? Take a drink. Segfault? Take a drink. Did your code fail to produce the correct answer when you ran it? Take a drink. We set you against the clock and the other teams. And because our \"Team Distraction\" think watching people simply code is boring, they have taken it upon themselves to be creative in hindering you from programming, much to the enjoyment of the audience. At the end of the night, one team will have proven their ability, and walk away with the coveted Crash and Compile trophy.
\n\nCrash and Compile is looking for the top programmers to test their skills in our contest. Do you have the problem solving and programming ability to complete our challenges? More importantly can you do so with style that sets your team ahead of the others? We encourage you to try your hand at the Crash and Compile qualifiers. Gather your team and see if you have the coding chops to secure your place as one of the top teams to move on to the main contest event.
\n\nQualifications for Crash and Compile will take place 10:00 to 15:00. Come see us in contest area West Hall 4, or if you are excited to get started, qualifying can be completed from anywhere, as it takes place online at https://crashandcompile.org. You need a two hour block of time to complete the qualifying round. Points are awarded based on time to complete and problem difficulty.
\n\n\'',NULL,614368),('2_Friday','11','10:00','14:59','Y','CON','LVCC West/Floor 1/Hall 4/Contest Area','\'Crash and Compile - Qualifications\'','\'\'','CON_2bb9d1b7ea6710c41dab3f9ca2258a1a','\'\'',NULL,614369),('2_Friday','12','10:00','14:59','Y','CON','LVCC West/Floor 1/Hall 4/Contest Area','\'Crash and Compile - Qualifications\'','\'\'','CON_2bb9d1b7ea6710c41dab3f9ca2258a1a','\'\'',NULL,614370),('2_Friday','13','10:00','14:59','Y','CON','LVCC West/Floor 1/Hall 4/Contest Area','\'Crash and Compile - Qualifications\'','\'\'','CON_2bb9d1b7ea6710c41dab3f9ca2258a1a','\'\'',NULL,614371),('2_Friday','14','10:00','14:59','Y','CON','LVCC West/Floor 1/Hall 4/Contest Area','\'Crash and Compile - Qualifications\'','\'\'','CON_2bb9d1b7ea6710c41dab3f9ca2258a1a','\'\'',NULL,614372),('2_Friday','16','16:00','18:59','N','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Pub Quiz\'','\'\'','CON_a6e7dab92ea7df545d7279d3fc43c7be','\'Title: Pub QuizWe are back with another Pub Quiz at DEF CON. Here at Pub Quiz, we felt the need to add additional prizes for 4th and 5th place. We had a very successful one last year and we have made some improvements to make it every better. So do you like Pub Quizzes?? If you do then get your butts to join us in participating in the 2nd Pub Quiz at DEF CON 32.
\n\nQuiz will consist of 7 rounds question will include 90’s/2000’s TV and Movies, DefCon trivia, music, anime, and a little sex. The theme for our Pub Quiz will be all things that make DEF CON attendees exceptional. There will be a little something for everyone. The quiz will consist of visual and audio rounds along with some Con questions; we need to make sure we stimulate you peeps. We encourage people to get into teams of 5 or 6.
\n\nThis is a social event, so we try to get people into Teams. You never know you may meet the love of your life. Did I mention CASH! Yes we will have cold hard cash prizes for the 1st, 2nd, 3rd, 4th, and 5th high scoring groups. As always if we do have ties will be break those ties with a good old fashion dance off from a person of the tied teams. The hosts and a few goons will help in judging.
\n\n\'',NULL,614373),('2_Friday','17','16:00','18:59','Y','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Pub Quiz\'','\'\'','CON_a6e7dab92ea7df545d7279d3fc43c7be','\'\'',NULL,614374),('2_Friday','18','16:00','18:59','Y','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Pub Quiz\'','\'\'','CON_a6e7dab92ea7df545d7279d3fc43c7be','\'\'',NULL,614375),('2_Friday','14','14:00','15:59','N','CON','LVCC West/Floor 1/Hall 4/Contest Area','\'Hack3r Runw@y - Signups\'','\'\'','CON_59a542cd9cf1c3cb763d6d40f8b510e7','\'Title: Hack3r Runw@y - SignupsGet ready to strut your stuff, hackers! We\'re thrilled to announce the 6th annual Hack3r Runw@y returning to DEF CON 32, bigger and bolder than ever.
\n\nCalling all glamorous geeks, crafty coders, and fashionably functional folks: Dust off your soldering irons, grab your needles and threads, and unleash your creativity! Hack3r Runw@y challenges you to reimagine fashion through the lens of hacking.
\n\nShow us your wearable tech wonders in the following 4 categories for a chance to win in each category plus one coveted People’s Choice trophy where ANYONE can win, but there will be a twist. Did you see this year\'s theme (hint).
\n\nSmart wear that wows: Integrate LEDs, microcontrollers, and sensors into your designs for dazzling functionality.
\n\nDigital design that dazzles: light it up with LEDs, bling with lights, but keep it passive.
\n\nFunctional Fashion: masks and shields, hazmat suit, lockpick earrings, and cufflink shims.
\n\nExtraordinary style: Elevate your daily wardrobe with unique fabrics, passive design, 3d textures, optical illusions, cosplay, and security-inspired patterns.
\n\nNo matter your skill level, Hack3r Runw@y has a place for you! Whether you\'re a seasoned maker or a coding newbie, join us in celebrating the convergence of creativity, technology, and style.
\n\nWinners selected by judges selection based on:
\n\nUniqueness\nTrendy\nPractical\nCouture\nCreativity\nRelevance\nOriginality\nPresentation\nMastery
\n\n\'',NULL,614376),('2_Friday','15','14:00','15:59','Y','CON','LVCC West/Floor 1/Hall 4/Contest Area','\'Hack3r Runw@y - Signups\'','\'\'','CON_59a542cd9cf1c3cb763d6d40f8b510e7','\'\'',NULL,614377),('2_Friday','10','10:00','10:45','N','DC','LVCC West/Floor 3/W322-W327','\'Behind Enemy Lines: Going undercover to breach the LockBit Ransomware Operation\'','\'Jon DiMaggio\'','DC_19d657d9996a79658aabf8ce1de14c54','\'Title: Behind Enemy Lines: Going undercover to breach the LockBit Ransomware OperationDelve into the clandestine world of the LockBit ransomware gang! In this revealing presentation, I will recount my two-year journey spent infiltrating the inner ranks of the LockBit crime syndicate. Learn about the strategies employed to earn the trust of key individuals within the syndicate, including the gang\'s leader, LockBitSupp.
\n\nYou will see firsthand accounts of these exchanges, and I will detail the intricacies of my relationship with LockBit\'s leadership and its network of affiliate hackers. You will also gain insight into the unintended consequences of my actions, including how my perceived breach of their infrastructure impacted the syndicate\'s operations. More importantly, I will share how I assisted in unmasking the real-world person behind the mask of LockBitSupp.
\n\nJoin me as I illustrate the pivotal role of human intelligence in tandem with cyber threat intelligence to combat ransomware threats. This talk offers a compelling narrative of real-world efforts to thwart ransomware activities and safeguard organizations from LockBit ransomware attacks.
\n\nJon DiMaggio is the chief security strategist at Analyst1 and has over 16 years of experience hunting, researching, and writing about advanced cyber threats. In 2022, Jon\'s authored his first book, \"The Art of Cyberwarfare,\" which earned him the prestigious SANS Difference Makers Award, solidifying his status as a thought leader in the industry. The following year, SANs recognized his work once again, awarding his most notable research, \"The Ransomware Diaries,\" detailing his operation to infiltrate the real-world humans behind the LockBit criminal operation. Jon’s other notable achievements include his appearance on 60 Minutes, where he discussed his undercover operations infiltrating some of the world top ransomware gangs. Jon’s research has been featured in The New York Times, Wired, Bloomberg, Fox, CNN, Reuters, and other news organizations.
\n\n\n\'',NULL,614378),('2_Friday','10','10:00','10:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Mobile Mesh RF Network Exploitation: Getting the Tea from goTenna\'','\'Erwin Karincic,Woody\'','DC_b874ceb930aacaad622e97a6aca9d6c1','\'Title: Mobile Mesh RF Network Exploitation: Getting the Tea from goTennaFalse sense of security in devices that guarantee security is worse than no security at all. One device used by personnel who require communication security is goTenna Pro radio that creates an \"off-the-grid\" encrypted mobile mesh network.This network does not require any traditional cellular or satellite infrastructure and they may be found locally in your community. The datasheet says it is using AES-256 encryption. Has anyone bothered to verify that it is being implemented in the most secure manner? We examined this device and found that it was possible to fingerprint and track every off-the-grid message regardless of encryption. We also identified vulnerabilities that result in interception and decryption of the most secure encryption algorithm AES-256 as well as injection of messages into the existing mesh network. We don’t just trust what datasheets say, we verify it for you. We will explain our testing methodologies and demonstrate exploitation in a live demo. We will discuss the operational implications of these vulnerabilities and safe ways of using these devices that decrease the chance of a compromise. The tools developed as part of this research will be released open-source to inform what was possible to inspire future research against similar devices. We will discuss how we worked with goTenna to remedy these issues.
\n\nSpeakers:Erwin Karincic,WoodyErwin is an experienced security researcher specializing in both hardware and software reverse engineering, binary analysis, and exploit development across a range of processor architectures. He has notable experience in implementing complex Radio Frequency (RF) waveforms using Software Defined Radios (SDRs) for cybersecurity applications, complemented by his proficiency in designing, simulating, and fabricating antennas tailored for such applications. His past work includes extensive TCP/IP networking experience, designing worldwide secure communication systems. Erwin holds a number of prestigious certifications, including OSCP, OSCE, OSWE, OSEE, and CCIE Enterprise Infrastructure.
\n\nSpeakerBio: WoodyWoody thinks Linux is a member of the Charlie Brown gang who can lift heavy things but not always spell them. He has had some success with RF exploits in the past with the first ever goTenna exploit talk in the RF wireless village as well as the first attack against Ford Raptor key fobs with RaptorCaptor exploit. Woody’s unique background, familiar to some, gives him a creative aspect to the impact of goTenna Pro research in the physical and RF world. Woody is also a staff member in the RFHacker Sanctuary, a member of Security Tribe, and has appeared on a few episodes of Hak5 describing novel device attacks.
\n\n\n\'',NULL,614379),('2_Friday','10','10:00','10:20','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Securing CCTV Cameras Against Blind Spots\'','\'Jacob Shams\'','DC_6f0862dfacdd0c1435f7a740134921f9','\'Title: Securing CCTV Cameras Against Blind SpotsIn recent years, CCTV footage has been integrated in systems to observe areas and detect traversing malicious actors (e.g., criminals, terrorists). However, this footage has \"blind spots\", areas where objects are detected with lower confidence due to their angle/distance from the camera.
\n\nIn this talk, we investigate a novel side effect of object detection in CCTV footage; location-based confidence weakness.
\n\nWe demonstrate that a pedestrian\'s position (distance, angle, height) in footage impacts an object detector\'s confidence.
\n\nWe analyze this phenomenon in four lighting conditions (lab, morning, afternoon, night) using five object detectors (YOLOv3, Faster R-CNN, SSD, DiffusionDet, RTMDet).
\n\nWe then demonstrate this in footage of pedestrian traffic from three locations (Broadway, Shibuya Crossing, Castro Street), showing they contain \"blind spots\" where pedestrians are detected with low confidence. This persists across various locations, object detectors, and times of day. A malicious actor could take advantage of this to avoid detection.
\n\nWe propose TipToe, a novel evasion attack leveraging \"blind spots\" to construct a minimum confidence path between two points in a CCTV-recorded area.\nWe demonstrate its performance on footage of Broadway, Shibuya Crossing, and Castro Street, observed by YOLOv3, Faster R-CNN, SSD, DiffusionDet, and RTMDet.
\n\nTipToe reduces max/average confidence by 0.10 and 0.16, respectively, on paths in Shibuya Crossing observed by YOLOv3, with similar performance for other locations and object detectors.
\n\nJacob Shams is a Ph.D. student at Ben-Gurion University of the Negev (BGU). His work addresses the security of AI models and systems, model extraction attacks, deep neural network (DNN) watermarking, and robustness of computer vision (CV) models.
\n\nJacob is a Ph.D. researcher at Cyber@Ben-Gurion University (CBG) and is working on multiple research projects in the area of AI security. Jacob holds a B.Sc. in Software Engineering from BGU and an M.Sc. in Software and Information Systems Engineering from BGU.
\n\n\n\'',NULL,614380),('2_Friday','10','10:00','10:20','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Welcome to DEF CON\'','\'Jeff \"The Dark Tangent\" Moss\'','DC_4c24e326fbac9b1ae0b87feb3b3b03b8','\'Title: Welcome to DEF CONHolding upwards of $400,000, ATMs continue to be a target of opportunity and have seen over a 600% increase in crime in just the last few years. During this time, I led security research with another colleague into the enterprise ATM industry resulting in the discovery of 6 zero-day vulnerabilities affecting Diebold Nixdorf’s Vynamic Security Suite (VSS), the most prolific ATM security solution in the market. 10 minutes or less is all that a malicious actor would need to gain full control of any system running VSS via offline code injection and decryption of the primary Windows OS. Diebold Nixdorf is one of three major North American enterprise class ATM manufacturers with a global presence in the financial, casino/gaming, and point-of-sale markets. Similar attack surfaces are currently being used in the wild and impact millions of systems across the globe. Furthermore, VSS is known to be present throughout the US gaming industry, including most of the ATM/cash-out systems across Vegas.
\n\nIn this session, I will publicly disclose this research, review the discovery process, and dive into the technical intricacies of each vulnerability. The Full Disk Encryption module of VSS conducts a complex integrity validation process to ensure a trusted system state, performed as a layered approach during system initialization. Examination of the workflow will highlight various deficiencies that I will demonstrate through PoC exploitation.
\n\nEach vulnerability presented in this session has been observed to have a recursive impact across all major versions of VSS and represents a systemic ongoing risk. We will explore the root-cause, vendor remediation steps, and short-comings thereof – perpetuating the attack narrative. In conclusion, proper mitigation techniques and procedures will be covered, providing valuable insights into defending against potential compromise.
\n\nMatt Burch is an independent vulnerability researcher with 20 years of experience in the information security industry and 15 years of focus in adversarial testing and simulation. He specializes in ATM, IoT, mobile application, and IP based vulnerability research. With this diverse background, he has successfully identified unique deficiencies in high-security products – awarding him numerous CVE accreditations.
\n\n\n\'',NULL,614382),('2_Friday','10','10:30','11:15','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Defeating magic by magic:Using ALPC security features to compromise RPC services\'','\'WangJunJie Zhang,YiSheng He\'','DC_bccf51c0761724b27733f5522754dfcd','\'Title: Defeating magic by magic:Using ALPC security features to compromise RPC servicesAdvanced Local Procedure Call (ALPC) is an Inter Process Communication method in the Windows kernel. In the past few years, Windows ALPC and RPC vulnerabilities have emerged in an endless stream. These vulnerabilities are mainly based on TOCTOU file operations, memory corruption vulnerabilities in RPC services and ALPC syscalls in ntoskrnl.
\n\nWindows kernel provides a variety of security measures to ensure that the data and context accepted by the ALPC and RPC servers are safe. We noticed the attack surface in the security mechanism of the ALPC kernel, and we found a security flaw in this mechanism (magic) and successfully obtained the system privilege from unauthorized users (defeating magic by magic).
\n\nIn this talk, we will first overview the communication mechanism of ALPC and RPC services. We will discuss the details of ALPC and RPC in the marshal/unmarshal process that has not been disclosed before. We\'ll also talk about the kernel security mechanism in ALPC syscalls. Then we will analyze some historical bugs in ALPC and RPC, and disclose the details of the vulnerability we found, discussing how we bypassed the security mechanism through a small security flaw in security mechanisms. Later we\'ll discuss the exploitation, you will learn about the multiple ways. Finally, We\'ll make conclusions and share our opinions on this attack surface, including some tips and opinions on how to find these kinds of bugs.
\n\nWangJunJie Zhang is a senior security researcher of Hillstone Network Security Research Institute. His work involved exploit development and bug hunting. He is currently focusing on windows components and kernel security and he has reported many vulnerabilities to Microsoft and RedHat and got acknowledgements. He was also listed on Microsoft Most Valuable Researcher from 2020 to 2023. He was also the speaker of CansecWest 2023 and HITBSecConf Amsterdam 2023 conference.
\n\nSpeakerBio: YiSheng HeYiSheng He is a member of OWASP, (ISC)², CSA and other organizations. He is the organizer of the DCG86020 event. He has obtained various international professional certifications such as CISSP, CCSK, CISA, and participated in many open source security projects. He obtained a large number of CVE numbers and received acknowledgements from Microsoft, Apple and other companies. He also participated in many CTF competitions and won good ranking. His research interests include AIoT and WEB security. He was also the speaker of CansecWest 2023 and HITBSecConf Amsterdam 2023 conference.
\n\n\n\'',NULL,614383),('2_Friday','11','10:30','11:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Defeating magic by magic:Using ALPC security features to compromise RPC services\'','\'WangJunJie Zhang,YiSheng He\'','DC_bccf51c0761724b27733f5522754dfcd','\'\'',NULL,614384),('2_Friday','10','10:30','11:15','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Spies and Bytes: Victory in the Digital Age\'','\'General Paul M. Nakasone\'','DC_4bc652369191619a62b9ebeddcfc0b91','\'Title: Spies and Bytes: Victory in the Digital AgeJoin General Paul M. Nakasone, U.S. Army (Retired), for a deep dive into the realities of modern cyber warfare at DefCon. With critical stories from his extensive career, General Nakasone will expose the details of national security in the digital era.
\n\nThe longest-serving leader of both the National Security Agency and U.S. Cyber Command, General Nakasone has been on the frontlines of America\'s cyber defense. He will share firsthand accounts of defending against nation-state hackers, securing critical infrastructure during global crises, and the strategies that kept adversaries at bay.
\n\nThis talk will examine the evolving nature of conflict, where the battlefield extends into cyberspace and unique partnerships must be built to offer agility and resilience. General Nakasone will discuss the persistent threats posed by sophisticated hackers and the innovative defenses employed to counteract them. He’ll delve into the importance of intelligence sharing, international alliances, and transparency in operations.
\n\nLooking ahead, General Nakasone will present a forward-thinking vision for the future of warfare. He’ll highlight the necessity for adaptive cyber strategies, resilient defenses, and the cultivation of new leadership to address emerging threats.
\n\nSpeakerBio: General Paul M. Nakasone, Founding Director at Vanderbilt’s Institute of National SecurityPaul M. Nakasone, General, U.S. Army (Retired), is the founding director of Vanderbilt’s Institute of National Security. With over three decades of distinguished service in the Army, his career began at the end of the Cold War and included pivotal moments such as being at the Pentagon on 9-11, deploying to combat zones in Iraq and Afghanistan, and spearheading cyber operations. His service spanned the Trump and Biden administrations, culminating as the Director of the National Security Agency and Commander of U.S. Cyber Command. Over nearly six years, he led the largest element of the US Intelligence Community and the Defense Department’s cyber forces through three national elections, a global pandemic, and escalating threats to the homeland.
\n\nThroughout his career, General Nakasone has been a transformative leader, adept at navigating complex challenges. He implemented a persistent strategy in deploying cyber forces to combat nation-state hackers and expanded cooperation with international, interagency, and private sector partners to enhance insights into national adversaries. His efforts to increase operational transparency have significantly bolstered public trust in both the Agency and Command.
\n\nHe remains deeply committed to fostering national service and leadership development.
\n\n\n\'',NULL,614385),('2_Friday','11','10:30','11:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Spies and Bytes: Victory in the Digital Age\'','\'General Paul M. Nakasone\'','DC_4bc652369191619a62b9ebeddcfc0b91','\'\'',NULL,614386),('2_Friday','11','11:00','11:20','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'No Symbols When Reversing? No Problem: Bring Your Own\'','\'Max \"Libra\" Kersten\'','DC_2d4ac9e3c9846a156d6028a9cff40e45','\'Title: No Symbols When Reversing? No Problem: Bring Your OwnThe goal of this talk is to share a tried and tested method on how to deal with thousands of unknown functions in a given file, significantly decreasing the time spent on the analysis. The example throughout the talk is the Golang based qBit family, but is applicable to any kind of binary. While this talk focuses on using Ghidra, given its free and open-source nature, it is equally possible with other industry standard tools. The focus will be on scripts, as well as the creation and usage of FunctionID and BSim databases. By combining these, you will be able to create your own symbols, and bring them anywhere you go, for any language of choice.
\n\nWhile the symbols are portable, an aggregation of them scales very well over any number of analysts. As such, this methodology works well for individual researchers, but when scaling it for a team of researchers, the outcome will be greater than the sum of its parts.
\n\nThis talk will use (malicious) Golang binaries as examples and provide a large dataset of symbols for this language. The scripts, as well as FunctionID and BSim databases, mentioned in this talk will all be made publicly available at the time of this talk.
\n\nIn no particular order:
\n\nMax Kersten is a malware analyst, blogger, and speaker who aims to make malware analysis more approachable for those who are starting. In 2019, Max graduated cum laude with a bachelor\'s in IT & Cyber Security, during which Max also worked as an Android malware analyst. Currently, Max works as a malware analyst at Trellix, where he analyses APT malware and creates open-source tooling to aid such research. Over the past few years, Max spoke at international conferences, such as DEFCON, Black Hat (USA, EU, MEA, Asia), Botconf, Confidence-Conference, HackYeahPL, and HackFestCA. Additionally, he gave guest lectures and workshops for DEFCON, Botconf, several universities, and private entities.
\n\n\n\'',NULL,614387),('4_Sunday','11','11:30','12:15','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Open sesame - or how vulnerable is your stuff in electronic lockers\'','\'Dennis Giese,Braelynn\'','DC_5b28b63e4cc44caf996ec9a758ee6748','\'Title: Open sesame - or how vulnerable is your stuff in electronic lockersPhysical security is often overlooked in many organizational threat models. An increasing amount of physical security devices with smart components are being introduced to the market with widespread adoption. This creates an enticing attack surface for physical red teams.
\n\nLockers and cabinets equipped with electronic smart locks can be found in many places such as offices, factories, hospitals, labs, and gyms. With remote and hybrid work increasing in popularity, shared use office setups becoming the default. Co-working spaces in offices are now commonplace with lockers being installed for employee device storage. People generally trust that their belongings will be secure in these lockers and entrust the locks with sensitive information, like their personal PIN.
\n\nIs there a more stealthy way to get into lockers that don\'t involve using a crowbar?
\n\nIn this talk we will analyze the vulnerabilities affecting locks manufactured by the \"global leader in keyless lock solutions,\" Digilock and Schulte-Schlagbaum AG (SAG). Both companies have been in the physical security industry for many decades. What went wrong in the development of these devices and how can these vulnerabilities be fixed? We will also discuss several other vendors operating in this space and compare findings.
\n\nWe will demonstrate practical physical and side-channel attacks targeting locks that accept a standard PIN and RFID. Learn why it is poor practice to reuse the same secret PIN for lockers and safes and devices such as mobile phones and laptops (especially if they are stored inside the lockers).
\n\nSpeakers:Dennis Giese,BraelynnDennis Giese is a researcher with the focus on the security and privacy of IoT devices. While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices. His most known projects are the documentation and hacking of various vacuum robots. He calls himself a \"robot collector\" and his current vacuum robot army consists of over 60 different models from various vendors. He talked about his research at the Chaos Communication Congress, REcon BRX, NULLCON, and DEFCON.
\n\nSpeakerBio: Braelynn, Security Consultant at Leviathan Security GroupBraelynn is a security consultant at Leviathan Security Group where she conducts security assessments of products for startups, Fortune 500 companies, and everything in between. She enjoys partaking in CTFs and researching the security anything that piques her curiosity. She has previously presented this research at conferences such as Chaos Communication Congress.
\n\n\n\'',NULL,614388),('4_Sunday','12','11:30','12:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Open sesame - or how vulnerable is your stuff in electronic lockers\'','\'Dennis Giese,Braelynn\'','DC_5b28b63e4cc44caf996ec9a758ee6748','\'\'',NULL,614389),('2_Friday','11','11:00','11:45','N','DC','LVCC West/Floor 3/W322-W327','\'The XZ Backdoor Story: The Undercover Operation That Set the Internet on Fire\'','\'Thomas Roccia\'','DC_1705ef50da6fa270bf24e84caafc7b95','\'Title: The XZ Backdoor Story: The Undercover Operation That Set the Internet on FireOn Fri, 29 Mar 2024, at exactly 08:51:26, OSS security received a message from Andres Freund, a software engineer at Microsoft, stating he had discovered a backdoor in upstream xz/liblzma that could compromise SSH servers. The open-source project XZ, specifically the liblzma library, has been compromised by a mysterious maintainer named Jia Tan, putting the entire internet at risk. Fortunately, this discovery helped us avoid the worst.
\n\nBut what happened? How long has this rogue maintainer been part of the project? Who is Jia Tan? Was he involved in other projects? How does the backdoor work? And what should we learn from this?
\n\nThese are questions we will attempt to answer. First, we will discuss the discovery, which is so riddled with coincidences and chance that it\'s hard not to think about all the ones we\'ve missed. Then, we\'ll examine the process itself, from gaining trust within the project to deploying the backdoor, dissecting the operating methods and the main protagonists. We will also dive into the technical details, explaining how the backdoor is deployed and how it can be exploited.
\n\nThe XZ backdoor is not just an incredible undercover operation but also a gigantic puzzle to solve. Beyond the technical background, there is a story to tell here, to capitalize on what went wrong and what we could improve.
\n\nThomas Roccia is working as a Senior Security Researcher at Microsoft and works on malware research, generative AI and threat intelligence. In addition to his work at Microsoft, Thomas also runs SecurityBreak, an online platform where he showcases his latest projects and research findings.
\n\nThomas has travelled the world to manage critical outbreaks and has been on the front lines of some of the most well-known threats. He has tracked cybercrime and nation-state campaigns and has worked closely with law enforcement agencies.
\n\nIn addition to his professional work, Thomas is a regular speaker at security conferences and is committed to contributing to the open-source community through various projects. He runs the Unprotect Project, an open malware evasion techniques database, since 2015. He is also the author of the book Visual Threat Intelligence, an illustrated guide for threat researchers. Thomas\'s work has been quoted by multiple media outlets around the world.
\n\n\n\'',NULL,614390),('2_Friday','11','11:30','12:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'High Intensity Deconstruction: Chronicles of a Cryptographic Heist\'','\'Babak Javadi,Aaron Levy,Nick Draffen\'','DC_f5ea130b64716fafd53371b9e062b953','\'Title: High Intensity Deconstruction: Chronicles of a Cryptographic HeistIntroduced in 2011, HID Global’s iCLASS SE solution is one of the world’s most widely-deployed Electronic Physical Access Control platforms. HID\'s iCLASS SE Readers are ubiquitous in electronic physical access control and used in most government agencies and Fortune 500 companies. The readers can be easily seen and identified in almost every form of mainstream media. Almost 13 years after iCLASS SE’s introduction, ground-breaking research and technical exploits will be disclosed publicly for the first time.
\n\nIn this talk, we detail the process by which we reverse engineered the complex hardware and software chain of trust securing HID’s iCLASS SE platform.
\n\nOver a seven-year research period, we analyzed hardware, firmware, and software elements the ecosystem, uncovering an unfortunate series of pitfalls and implementation defects. These flaws culminated in an attack chain that allowed for the recovery of sensitive cryptographic key material from secure elements, which have received CC EAL 5+ accreditation. This chain resulted in revealing some cryptographic keys to the kingdom.
\n\nFinally, we provide comprehensive guidance on technical and operational mitigations for end customers to identify practical risks and reduce impact.
\n\nInspirational (research done on previous generation system)
\n\nBabak Javadi is the Founder of The CORE Group and Co-Founder of the Red Team Alliance, a covert entry training and certification body. As a professional red teamer with over a decade of field experience, Babak’s expertise includes a wide range of disciplines, from high security mechanical cylinders to alarm systems and physical access control platforms. Babak’s community contributions include the co-founding of The Open Organisation of Lockpickers (TOOOL) where he served on the Board of Directors for over 13 years.
\n\nSpeakerBio: Aaron Levy, Lead of Security Engineering at CloverAaron Levy is an independent security researcher that was credited in the discovery of CVE-2018-10897 and CVE-2019-11630. In his day job, he leads Security Engineering for Clover, a Payments and Point of Sale company that is a subsidiary of Fiserv.
\n\nSpeakerBio: Nick Draffen, Product Security ArchitectNick Draffen is a Product Security Architect, focusing on the protection of laboratory instruments and their software. Outside of work, he dives into research, reverse engineering, and hardware hacking, leveraging his technical expertise to both build and break things. He is a member of the Security Tribe and volunteers with the RF Village, creating and overseeing challenges for the RF CTF at various security conferences. Always eager to lend a helping hand, he is known for his ability to pull just the right tool from his extensive bag of tricks.
\n\n\n\'',NULL,614391),('2_Friday','12','11:30','12:45','Y','DC','LVCC West/Floor 1/Hall 1/Track 4','\'High Intensity Deconstruction: Chronicles of a Cryptographic Heist\'','\'Babak Javadi,Aaron Levy,Nick Draffen\'','DC_f5ea130b64716fafd53371b9e062b953','\'\'',NULL,614392),('2_Friday','11','11:30','12:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Listen to the whispers: web timing attacks that actually work\'','\'James \"albinowax\" Kettle\'','DC_c0a54f893744b2ed46107978f68b2cc1','\'Title: Listen to the whispers: web timing attacks that actually workWebsites are riddled with timing oracles eager to divulge their innermost secrets. It\'s time we started listening to them.
\n\nIn this session, I\'ll unleash novel attack concepts to coax out server secrets including masked misconfigurations, blind data-structure injection, hidden routes to forbidden areas, and a vast expanse of invisible attack-surface.
\n\nThis is not a theoretical threat; every technique will be illustrated with multiple real-world case studies on diverse targets. Unprecedented advances have made these attacks both accurate and efficient; in the space of ten seconds you can now reliably detect a sub-millisecond differential with no prior configuration or \'lab conditions\' required. In other words, I\'m going to share timing attacks you can actually use.
\n\nTo help, I\'ll equip you with a suite of battle-tested open-source tools enabling both hands-free automated exploitation, and custom attack scripting. I\'ll also share a little CTF to help you hone your new skillset.
\n\nWant to take things further? I\'ll help you transform your own attack ideas from theory to reality, by sharing a methodology refined through testing countless concepts on thousands of websites. We\'ve neglected this omnipresent and incredibly powerful side-channel for too long.
\n\n\n\nSpeakerBio: James \"albinowax\" Kettle, Director of Research at PortSwiggerJames \'albinowax\' Kettle is the Director of Research at PortSwigger, the makers of Burp Suite. He\'s best known for his HTTP Desync Attacks research, which popularised HTTP Request Smuggling. James has extensive experience cultivating novel attack techniques, including web cache poisoning, browser-powered desync attacks, server-side template injection, and password reset poisoning. James is also the author of multiple popular open-source tools including Param Miner, Turbo Intruder, and HTTP Request Smuggler. He is a frequent speaker at numerous prestigious venues including both Black Hat USA and EU, OWASP AppSec USA and EU, and DEF CON.
\n\n\n\'',NULL,614393),('2_Friday','12','11:30','12:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Listen to the whispers: web timing attacks that actually work\'','\'James \"albinowax\" Kettle\'','DC_c0a54f893744b2ed46107978f68b2cc1','\'\'',NULL,614394),('2_Friday','16','16:00','16:59','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Making the DEF CON 32 Badge\'','\'Mar Williams\'','DC_5af26b9d170031262b2b80551eea87c1','\'Title: Making the DEF CON 32 BadgeThis fireside chat will feature an in depth conversation between DNSA Neuberger and Dark Tangent on a variety of cybersecurity and emerging technology topics such as artificial intelligence and quantum computing. DNSA Neuberger has served in a variety of senior intelligence and cybersecurity roles within the National Security Agency, including Director of NSA’s cybersecurity organization and Deputy Director of NSA’s intelligence operations. She has also held multiple positions at the Department of Defense and the private sector, and now leads development of the Biden Administration’s policies on cybersecurity and emerging technologies from the White House. She and DT will delve into the latest and most pressing issues in these domains that concern the White House and how hackers can influence tech-related discussions to improve policy and operational outcomes.
\n\nSpeakers:Anne Neuberger,Jeff \"The Dark Tangent\" MossAs the Deputy National Security Advisor for Cyber and Emerging Tech, I serve as an advisor to the President on matters related to cybersecurity, digital innovation, and emerging technologies. I coordinate the interagency response to cyber threats and engage with allies and partners on cyber cooperation. With over 25 years of experience in the government and private sector, I try to bring a unique perspective and experience to this work, which is primarily around advancing US national security interests, enhancing cyber resilience, and fostering innovation and collaboration between the private and public sectors.
\n\nPrior to joining the White House, I led the establishment of the NSA\'s Cybersecurity Directorate, bringing together thousands of intelligence analysts, cybersecurity professionals, cryptographers, researchers, and technologists. I previously led NSA’s global intelligence operations, and served as a White House Fellow. I care deeply about public service, inspired by the gifts this country has provided my family and so many other refugee and immigrant families.
\n\nSpeakerBio: Jeff \"The Dark Tangent\" Moss, DEF CON CommunicationsOne of the best parts of DEF CON is the glitz and glam of Vegas, the gambling capital of the world. Many have explored hacking casinos (on and off stage). Unfortunately, it’s just not like it is portrayed in the Oceans franchise.. in real life there’s much less action, no George Clooney, and it’s a lot harder to pull off a successful heist.
\n\nFortunately I’m not your typical hacker, I’m an AI hacker. I use adversarial machine learning techniques to disrupt, deceive and disclose information from Artificial Intelligence systems.
\n\nI chose my target carefully: Canberra Casino. It’s the best casino in my city.. It’s also the only casino but that’s not the point. \nThe casino industry is at an interesting inflection point. Many large casinos have already adopted AI for surveillance and gameplay monitoring, smaller casinos are starting to make the transition, and there’s only a couple of companies in the world that provide this software. It’s ripe for exploitation.
\n\nIn this talk I’m going to show you how I bypassed Casino Canberra\'s AI systems - facial recognition, surveillance systems and gameplay monitoring. AI Security is the new cyber security threat, and attacks on AI systems could have broad implications including misdiagnoses in medical imaging, navigation errors in autonomous vehicles.. and successful casino heists.
\n\nHarriet Farlow is the CEO of AI Security company Mileva Security Labs, a PhD Candidate in Machine Learning Security, and creative mind behind the YouTube channel HarrietHacks. She missed the boat on computer hacking so now she hacks AI and Machine Learning models instead. Her career has spanned consulting, academia, a start-up and Government, but don’t judge her for that one. She also has a Bachelor in Physics and a Master in Cyber Security. She calls Australia home but has lived in the UK and the US. Her ultimate hack was in founding her own AI Security company but if Skynet takes over she will deny everything and pretend the AI stood for Artificial Insemination, like her Mum thinks it does. (Sorry Mum but I’m not really a Medical Doctor).
\n\n\n\'',NULL,614397),('2_Friday','12','12:00','13:15','N','DC','LVCC West/Floor 3/W322-W327','\'Veilid Dev and Community Meetup\'','\'The_Gibson\'','DC_186a95fad380579578ab6d98db0229bb','\'Title: Veilid Dev and Community MeetupIn this talk we will explore vulnerabilities in Amazon Web Services (AWS) products which allowed us to gain access to cloud environments.
\n\nTraditionally, adversaries have abused misconfigurations and leaked credentials to gain access to AWS workloads. Things like exposed long-lived access keys and exploiting the privileges of virtual machines have allowed adversaries to breach cloud resources. However, these mistakes are on the customer side of the shared responsibility model. In this session, we will cover vulnerabilities in AWS services that have been fixed and that previously allowed us to access cloud resources.
\n\nWe will start with an exploration of how Identity and Access Management (IAM) roles establish trust with AWS services and cover the mechanisms that prevent an adversary from assuming roles in other AWS accounts. We’ll then demonstrate a vulnerability that bypassed those protections. We’ll cover a real world example of a confused deputy vulnerability we found in AWS AppSync that allowed us to hijack IAM roles in other accounts.
\n\nNext, we\'ll highlight potential misconfigurations involving IAM roles leveraging sts:AssumeRoleWithWebIdentity. These misconfigurations cloud permit unauthorized global access to these roles without the need for authentication, affecting services like Amazon Cognito, GitHub Actions, and more.
\n\nFinally, we’ll cover a vulnerability we found in AWS Amplify that exposed customer IAM roles associated with the service to takeover, allowing anyone the ability to gain a foothold in that victim account. We’ll also discuss how security practitioners can secure their environments, even against a zero-day like one we’ll demonstrate.
\n\nJoin us to learn how attackers search for and exploit vulnerabilities in AWS services to gain access to cloud environments.
\n\n\n\nSpeakerBio: Nick Frichette, Staff Security Researcher at DatadogNick Frichette is a Staff Security Researcher at Datadog, where he specializes in offensive AWS security. He is known for finding multiple zero-day vulnerabilities in AWS services and regularly publishing on new attack techniques. In addition to his research, Nick is the creator and primary contributor to Hacking the Cloud, an open source encyclopedia of offensive security capabilities for cloud environments. He is also a part of the AWS Community Builder Program, where he develops content on AWS security.
\n\n\n\'',NULL,614400),('2_Friday','13','12:30','13:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnerabilities for Initial Access\'','\'Nick Frichette\'','DC_3636822d82a49c08bfae1cbc44e87c2c','\'\'',NULL,614401),('2_Friday','13','13:00','13:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Defeating EDR Evading Malware with Memory Forensics\'','\'Andrew Case,Austin Sellers,Golden Richard,David McDonald,Gustavo Moreira\'','DC_c1c26f2da67a095689ceeaf14e369d66','\'Title: Defeating EDR Evading Malware with Memory ForensicsEndpoint detection and response (EDR) software has gained significant market share due to its ability to examine system state for signs of malware and attacker activity well beyond what traditional anti-virus software is capable of detecting. This deep inspection capability of EDRs has led to an arms race with malware developers who want to evade EDRs while still achieving desired goals, such as code injection, lateral movement, and credential theft. This monitoring and evasion occurs in the lowest levels of hardware and software, including call stack frames, exception handlers, system calls, and manipulation of native instructions. Given this reality, EDRs are limited in how much lower they can operate to maintain an advantage. The success of EDR bypasses has led to their use in many high-profile attacks and by prolific ransomware groups.
\n\nIn this talk, we discuss our research effort that led to the development of new memory forensics techniques for the detection of the bypasses that malware uses to evade EDRs. This includes bypass techniques, such as direct and indirect system calls, module overwriting, malicious exceptions handlers, and abuse of debug registers. Our developed capabilities were created as new plugins to the Volatility memory analysis framework, version 3, and will be released after the talk.
\n\nAndrew Case is the Director of Research at Volexity and has significant experience in incident response handling and malware analysis. He has conducted numerous large-scale investigations that span enterprises and industries. Case is a core developer of the Volatility memory analysis framework, and a co-author of the highly popular and technical forensics analysis book \"The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory.\"
\n\nSpeakerBio: Austin Sellers, Detection Engineer at VolexityAustin Sellers is a Detection Engineer at Volexity where he focuses on automating large scale memory analysis and threat detection techniques. He has significant experience in developing memory analysis datasets that allow for automated verification and testing of kernel and userland memory forensics techniques.
\n\nSpeakerBio: Golden Richard, Professor of Computer Science and Engineering and Associate Director for Cybersecurity at Center for Computation and Technology (CCT) at LSUGolden G. Richard III is a cybersecurity researcher and teacher and a Fellow of the American Academy of Forensic Sciences. He has over 40 years of practical experience in computer systems and computer security and is a devoted advocate for applied cybersecurity education. He is currently Professor of Computer Science and Engineering and Associate Director for Cybersecurity at the Center for Computation and Technology (CCT) at LSU. He also supports NSA\'s CAE-CO internship program, teaching memory forensics, vulnerability analysis, and other topics to cleared interns. His primary research interests are memory forensics, digital forensics, malware analysis, reverse engineering, and operating systems. Dr. Richard earned his BS in Computer Science from the University of New Orleans and MS and PhD in Computer Science from The Ohio State University.
\n\nSpeakerBio: David McDonald, Volcano team at VolexityDavid McDonald is a researcher and software engineer with 3 years of digital forensics R&D experience. His passion for this field began with his involvement in the University of New Orleans CTF team, as well as through his time as a Systems Programming teaching assistant. After over two years of digital forensics research and development on Cellebrite\'s computer forensics team, he joined Volexity\'s Volcano team, where he now works to develop next-generation memory analysis solutions.
\n\nSpeakerBio: Gustavo Moreira, Senior Security Engineer at VolexityGustavo Moreira is a Senior Security Engineer at Volexity. He has significant experience in reverse engineering, incident response handling, embedded systems development and security, Windows and Linux internals, and automation of large scale malware analysis.
\n\n\n\'',NULL,614402),('2_Friday','13','13:00','13:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'If Existing Cyber Vulnerabilities Magically Disappeared Overnight, What Would Be Next?\'','\'Dr. Stefanie Tompkins,Dr. Renee Wegrzyn,Peiter “Mudge” Zatko\'','DC_ed9dcb6248e0a086ed7e715fde3f209e','\'Title: If Existing Cyber Vulnerabilities Magically Disappeared Overnight, What Would Be Next?The DEF CON community challenges the status quo, bringing a diversity of perspectives and ideas to identify hidden problems and solutions. While DARPA lays claim to the origin of the ARPANET/internet, vast communities of people with different interests created its novel components. The DARPA Cyber Grand Challenge helped launch the field of vulnerability detection and remediation and numerous DARPA Cyber Fast Track program performers continue to contribute to DEF CON.
\n\nWhat if current vulnerabilities all magically disappeared overnight and critical infrastructure were “safe and secure” for the time being. What would come next?
\n\nIn this talk, Dr. Stefanie Tompkins will discuss the value of the hacker community and many of the contributions that have come from it, as well as the growth and synergy of the two communities. She’ll also explore the question of what comes next.
\n\nFor a deeper dive into the real-world impacts of DARPA cyber technologies, Dr. Renee Wegrzyn, the inaugural director of the Advanced Research Projects Agency for Health (ARPA-H), will join Stefanie and a moderator. They will discuss efforts that impact DEF CON areas of interest and inform ARPA-H work, from Cyber Fast Track to current work focused on securing and defending hospitals and the health tech ecosystem from cyberattacks.
\n\nSpeakers:Dr. Stefanie Tompkins,Dr. Renee Wegrzyn,Peiter “Mudge” ZatkoDr. Stefanie Tompkins is the director of the Defense Advanced Research Projects Agency (DARPA). Prior to this assignment, she was the vice president for research and technology transfer at Colorado School of Mines.
\n\nTompkins has spent much of her professional life leading scientists and engineers in developing new technology capabilities. She began her industry career as a senior scientist and later assistant vice-president and line manager at Science Applications International Corporation, where she spent 10 years conducting and managing research projects in planetary mapping, geology, and imaging spectroscopy. As a program manager in DARPA’s Strategic Technology Office, she created and managed programs in ubiquitous GPS-free navigation as well as in optical component manufacturing. Tompkins has also served as the deputy director of DARPA’s Strategic Technology Office, director of DARPA’s Defense Sciences Office – the agency’s most exploratory office in identifying and accelerating breakthrough technologies for national security – as well as the acting DARPA deputy director.
\n\nTompkins received a Bachelor of Arts degree in geology and geophysics from Princeton University and Master of Science and Doctor of Philosophy degrees in geology from Brown University. She has also served as a military intelligence officer in the U.S. Army.
\n\nSpeakerBio: Dr. Renee Wegrzyn, First Director at Advanced Research Projects Agency for Health (ARPA-H)Dr. Renee Wegrzyn is the first director of the Advanced Research Projects Agency for Health (ARPA-H). Bringing a wealth of experience from both the private sector and groundbreaking institutions like DARPA and IARPA, her leadership and vision continue to push the boundaries of health research and development. Dr. Wegrzyn\'s illustrious career has earned her numerous accolades, including the prestigious Superior Public Service Medal for her contributions at DARPA. She holds a Ph.D. and a bachelor\'s degree in applied biology from the Georgia Institute of Technology, and she further honed her expertise as an Alexander von Humboldt Fellow in Heidelberg, Germany.
\n\nSpeakerBio: Peiter “Mudge” Zatko, Chief Information Officer at DARPAPeiter “Mudge” Zatko is a distinguished scientist and cybersecurity expert with a career spanning significant roles in both public and private sectors. He returned to DARPA as the agency’s chief information officer in 2024. He previously was a program manager in both the Strategic Technology Office (STO) and Information Innovation Office (I2O). During his tenure in STO, Mudge was pivotal in developing DARPA’s Cyber Analytic Framework, which set a new standard in cybersecurity strategy. He later transitioned to I2O, where he continued to shape DARPA’s cyber initiatives.
\n\nFollowing his impactful career at DARPA, Mudge held key positions in industry, notably serving as corporate vice president of R&D at Motorola Mobility, deputy director at Google’s Advanced Technology and Projects division, and head of security and IT at fintech leader Stripe. Later, Mudge joined the executive team at Twitter, where he oversaw IT, infosec, global platform moderation and services, and corporate security/physical infrastructure.
\n\nMost recently, Mudge returned to the public sector as a Senior Government Executive and Senior Executive Service member, reporting to Director Jen Easterly at the Cybersecurity and Infrastructure Security Agency under the Department of Homeland Security.
\n\nMudge holds a distinguished record of leadership and innovation in cybersecurity and technology, contributing significantly to both national security and private sector advancements.
\n\n\n\'',NULL,614403),('2_Friday','13','13:00','13:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Sshamble: Unexpected Exposures in the Secure Shell\'','\'HD Moore,Rob King\'','DC_9707ef21088bf1cd32abf713d54ee927','\'Title: Sshamble: Unexpected Exposures in the Secure ShellThe Secure Shell (SSH) has evolved from a remote shell service to a standardized secure transport that is second only to Transport Layer Security (TLS) in terms of exposure and popularity. SSH is no longer just for POSIX operating systems; SSH services can be found in everything from network devices, to source code forges, to Windows-based file transfer tools. While OpenSSH is still the most prominent implementation, it\'s now just one of dozens, and these include a handful of libraries that drive a wide range of applications. This presentation digs deep into SSH, the lesser-known implementations, many of the surprising security issues found along the way, and how to exploit them. As part of this talk, we will release an open source tool, dubbed \"sshamble\", that assists with research and security testing of SSH services.
\n\nSpeakers:HD Moore,Rob KingHD has focused on vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure. HD serves as the CEO and co-founder of runZero, a provider of cutting-edge cyber asset attack surface management (CAASM) software and cloud services. Prior to founding runZero, he held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD\'s professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and breaking into financial institutions. When he\'s not working, he enjoys hacking on weird Go projects, building janky electronics, running in circles, and playing single-player RPGs.
\n\nSpeakerBio: Rob King, Director of Security Research at runZeroRob King is the Director of Security Research at runZero. Over his career Rob has served as a senior researcher with KoreLogic, the architect for TippingPoint DVLabs, and helped get several startups off the ground. Rob helped design SC Magazine\'s Data Leakage Prevention Product of the Year for 2010, and was awarded the 3Com Innovator of the Year Award in 2009. He has been invited to speak at BlackHat, Shmoocon, SANS Network Security, and USENIX.
\n\n\n\'',NULL,614404),('2_Friday','13','13:30','14:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Digital Emblems: When markings are required under international law, but you don’t have a rattle-can handy\'','\'Bill Woodcock\'','DC_21bc6a9f97944d72c92e0797a61937a3','\'Title: Digital Emblems: When markings are required under international law, but you don’t have a rattle-can handyThere are physical markings that are required under hundreds of different international laws, some governing transport of goods across national borders, some offering humanitarian protections on the battlefield, some seeking to protect the environment or genetic diversity… What they all have in common is that they’re currently represented by visual marks applied to objects. Many of these processes are undergoing “digitalization,” and becoming machine-readable, or electronically-signaled. A standards effort currently underway in the IETF seeks to create a common global marking protocol which would allow open-standards-based devices to scan, cryptographically validate, and display the digital versions of these marks. This session will relate the state of the standards effort, the scope of markings that have been considered thus far, and seek input on security or privacy vulnerabilities which may exist in the proposed standard.
\n\nSpeakerBio: Bill Woodcock, Executive Director at Packet Clearing HouseBill Woodcock is the executive director of Packet Clearing House, the intergovernmental treaty organization that supports the operation of critical Internet infrastructure, including Internet exchange points and the core of the domain name system. Since entering the Internet industry in 1985, Bill has helped establish more than three hundred Internet exchange points. In 1989, Bill developed the anycast routing technique that now protects the domain name system. In 1998 he was one of the principal drivers of California 17538.4, the world’s first anti-spam legislation. Bill was principal author of the Multicast DNS and Operator Requirements of Infrastructure Management Methods IETF drafts. In 2002 he co-founded INOC-DBA, the security-coordination hotline system that interconnects the network operations centers of more than three thousand Internet Service Providers and Security Operations Centers around the world. And in 2007, Bill was one of the two international liaisons deployed by NSP-Sec to the Estonian CERT during the Russian cyber-attack. In 2011, Bill authored the first survey of Internet interconnection agreements, as input to the OECD’s analysis of the Internet economy. Bill served on the Global Commission on the Stability of Cyberspace and on the Commission on Caribbean Communications Resilience. He\'s on the board of directors of the M3AA Foundation, and was on the board of the American Registry for Internet Numbers for fifteen years. Now, Bill’s work focuses principally on the security and economic stability of critical Internet infrastructure.
\n\n\n\'',NULL,614405),('2_Friday','14','13:30','14:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Digital Emblems: When markings are required under international law, but you don’t have a rattle-can handy\'','\'Bill Woodcock\'','DC_21bc6a9f97944d72c92e0797a61937a3','\'\'',NULL,614406),('2_Friday','13','13:30','14:15','N','DC','LVCC West/Floor 3/W322-W327','\'Xiaomi The Money - Our Toronto Pwn2Own Exploit and Behind The Scenes Story\'','\'Ken Gannon,Ilyes Beghdadi\'','DC_7c7b15575eacf6eab6fa4a2620c05e96','\'Title: Xiaomi The Money - Our Toronto Pwn2Own Exploit and Behind The Scenes StoryAt Pwn2Own Toronto 2023, NCC Group was one of the two teams that compromised the Xiaomi 13 Pro. The exploit chain involved using a malicious HTML hyperlink and uploading a potentially malicious application to the Xiaomi app store.
\n\nHowever, this talk is not just about the technical details of the exploit. While researching the final exploit, NCC Group discovered how an exploit could work in one region of the world, but not in other regions, and how the researchers had to travel to Canada for a day just to test if the exploit would work in Canada. This talk also discusses just how far Xiaomi is willing to go to make sure their device isn\'t hacked at Pwn2Own, and why only two teams were able to successfully compromise the device during the competition.
\n\nSpeakers:Ken Gannon,Ilyes BeghdadiKen is a Principal Security Consultant at NCC Group who specializes in mobile security and doing security research on mobile devices. He occasionally complains about Xiaomi and other phone manufacturers.
\n\nSpeakerBio: Ilyes Beghdadi, Senior Application Security Engineer at Census LabsIlyes is a Senior Application Security Engineer at Census Labs. At the time of the Pwn2Own research and entry, he was a Security Consultant at NCC Group who worked on reverse engineering Android malware.
\n\n\n\'',NULL,614407),('2_Friday','14','13:30','14:15','Y','DC','LVCC West/Floor 3/W322-W327','\'Xiaomi The Money - Our Toronto Pwn2Own Exploit and Behind The Scenes Story\'','\'Ken Gannon,Ilyes Beghdadi\'','DC_7c7b15575eacf6eab6fa4a2620c05e96','\'\'',NULL,614408),('2_Friday','14','14:00','14:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'DEF CON Unplugged: Cocktails & Cyber with Jeff & Jen\'','\'Jen Easterly\'','DC_b235a87a57f514959ff4072098f459b3','\'Title: DEF CON Unplugged: Cocktails & Cyber with Jeff & JenJoin DEF CON Founder Jeff Moss for an Ask Me Anything with CISA Director Jen Easterly. REAL WORLD DEF CON: Where hackers stop being polite and start getting real.
\n\nSpeakerBio: Jen Easterly, Director at Cybersecurity and Infrastructure Security Agency (CISA)Jen Easterly is the Director of the Cybersecurity and Infrastructure Security Agency (CISA). She was nominated by President Biden in April 2021 and unanimously confirmed by the Senate on July 12, 2021. Before coming to CISA, Jen was Head of Firm Resilience at Morgan Stanley. A two-time recipient of the Bronze Star, Jen retired from the U.S. Army after more than 20 years, including deployments in Haiti, the Balkans, Iraq, and Afghanistan. Responsible for standing up the Army’s first cyber battalion, she was also instrumental in the creation of United States Cyber Command. A graduate of West Point, Jen holds a master’s degree from the University of Oxford, where she studied as a Rhodes Scholar. She is the recipient of numerous honors, including the George C. Marshall Award in Ethical Leadership and the National Defense University Admiral Grace Hopper Award. She is a proud Mom, a mental health advocate, a Rubik’s Cube enthusiast, and an aspiring electric guitarist.
\n\n\n\'',NULL,614409),('2_Friday','14','14:00','14:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Optical Espionage: Using Lasers to Hear Keystrokes Through Glass Windows\'','\'samy kamkar\'','DC_30321d0470644b5a07335f58464eb5ea','\'Title: Optical Espionage: Using Lasers to Hear Keystrokes Through Glass WindowsSashay away from this talk with the knowledge to perform state-of-the-art espionage, no technical background required.
\n\nIn the realm of privilege escalation and data exfiltration, the physical world quietly screams secrets. We\'ll demystify the fascinating physics behind signals and how various forms of energy--infrared, visible, and ultraviolet light, radio, ultrasound, audible sound, mechanical vibration, and temperature--can be interpreted as waves that unintentionally leak information, even in air-gapped (non-networked) systems. We\'ll observe how air is in fact not an effective gap or barrier as radio, light, sound, and vibration excitedly travel through it. We\'ll explore how all electrical signals radiate electromagnetism (light or radio) that can be intercepted and how we can reverse this process, producing electromagnetism to inject desired electrical signals into our target.
\n\nWe\'ll delve into historical and seminal side-channel/TEMPEST attacks from our friends at the NSA, KGB, and past DEF CON pioneers. You\'ll learn about the essential electrical and optical components combined for cutting-edge eavesdropping, including what our target is typing from a distance.
\n\nWhile others believe they\'re obtaining noise, we will extract signal, and you\'ll leave this talk hearing the world in a new light.
\n\nSamy Kamkar is a security researcher, sometimes known for creating The MySpace Worm, the fastest spreading (non-biological) virus of all time. As a teenager, this led to a raid by the Secret Service and a court-ordered ban from computers, the Internet, and MySpace. After years of virtuous, upstanding behavior and a legal technological reinstatement, he now attempts to develop and illustrate terrifying vulnerabilities with playfulness, where his exploits have been branded:
\n\n“Controversial” -The Wall Street Journal
\n\n“Horrific” -The New York Times
\n\n“Now I want to fill my USB ports up with cement” -Gizmodo
\n\nSamy\'s open source software, hardware, and research highlight insecurities and privacy implications in everyday technologies. From NAT Slipstreaming and Evercookies, which bypass firewalls by simply visiting a web page and produce virtually immutable respawning cookies, to RollJam and SkyJack, a cryptography-agnostic radio-based car exploitation device and drones that wirelessly hijack and autonomously control swarms of other drones within wireless distance.
\n\nHis work has been cited by the NSA, triggered hearings on Capitol Hill, and is the basis for security advancements across nearly all major web browsers, smartphones, and vehicles.
\n\n\n\'',NULL,614410),('2_Friday','14','14:00','14:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'The Way To Android Root: Exploiting Your GPU On Smartphone\'','\'Xiling Gong,Eugene Rodionov,Xuan Xing\'','DC_907162ad5a3b938f755bb1207bd78657','\'Title: The Way To Android Root: Exploiting Your GPU On SmartphoneGPU security is a vital area of mobile security highlighted both by public security research as well as by in-the-wild attacks. Due to the high complexity of the GPU software/firmware along with a widely available attack surface, issues in GPU provide strong exploitation primitives for local privilege escalation attacks by the code running in unprivileged context.
\n\nIn this talk, we will focus our research on the Qualcomm Adreno GPU, which is a very popular GPU implementation in mobile devices. We will do a deep dive into Adreno GPU kernel module implementation focusing on the most recent GPU versions, reveal its complex and new attack surfaces, and discuss vulnerabilities we discovered in this component.
\n\nIn total we identified 9+ exploitable vulnerabilities in Adreno GPU driver leading to kernel code execution and affecting Qualcomm-based devices using the latest GPU models. We will demonstrate the exploitation of one of the race condition issues on a fully-patched widely used Android device to obtain root privileges from zero-permission application with 100% success rate.
\n\nAndroid kernel mitigations such as CFI and W^X create significant hurdles for exploiting vulnerabilities in kernel to achieve code execution. Also race condition usually means unstable, low success rate. We\'ll explain how we overcome these challenges with a novel, generic exploit method that leverages GPU features to achieve arbitrary physical memory read/write. This technique bypasses key mitigations (CFI, W^X) and has broader implications for kernel heap buffer overflows. We will cover the technical details of the exploitation, and especially the novel generic exploit method.
\n\nWe will also discuss the action items that the vendors could take to minimize the impact of this exploit method, as well as general methods to improve the overall security status of the GPU.
\n\nSpeakers:Xiling Gong,Eugene Rodionov,Xuan XingXiling Gong is a Security Researcher at Google on the Android Red Team. Xiling focuses on finding and exploiting vulnerabilities in the low-level components of the Android platform and Pixel devices. Xiling has been a speaker at CanSecWest 2018, Black Hat USA 2019, Def Con 27, Black Hat Asia 2021 and Black Hat USA 2023, Def Con 31.
\n\nSpeakerBio: Eugene Rodionov, Technical Leader, Android Red Team at GoogleEugene Rodionov, PhD, is the technical leader of the Android Red Team at Google. In his current position, Eugene focuses on finding and exploiting vulnerabilities in the low-level components of the Android platform and Pixel devices. Prior to that, Rodionov performed offensive security research on UEFI firmware for Client Platforms at Intel, and ran internal research projects and performed in-depth analysis of complex threats at ESET. His fields of interest include reverse engineering, vulnerability analysis, firmware security and anti-rootkit technologies. Rodionov is a co-author of the \"Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats\" book and has spoken at security conferences such as Black Hat, REcon, ZeroNights, and CARO.
\n\nSpeakerBio: Xuan Xing, Manager, Android Red Team at GoogleXuan Xing is the manager of the Android Red Team at Google. For the past years, Xuan focused on finding security vulnerabilities in various low level components of Android/Pixel devices. He is passionate about software fuzzing for security research. In Black Hat USA 2022 Xuan presented the \"Google Reimagined a Phone. It was Our Job to Red Team and Secure it\" talking about Pixel ABL security auditing.
\n\n\n\'',NULL,614411),('2_Friday','14','14:30','15:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Breaching AWS Accounts Through Shadow Resources\'','\'Yakir Kadkoda,Michael Katchinskiy,Ofek Itach\'','DC_cce038fb8dff01b7fa4ade0c1e33b70f','\'Title: Breaching AWS Accounts Through Shadow ResourcesThe cloud seems complex, but it\'s what happens behind the scenes that really complicates things. Some services utilize others as resources as part of their logic/operation. Interestingly enough, it turns out that this could lead to catastrophic results if done unsafely.
\n\nThis talk will present six critical vulnerabilities that we found in AWS, along with the stories and methodologies behind them. These vulnerabilities, which were all promptly acknowledged and fixed by AWS, could allow external attackers to breach almost any AWS account. The vulnerabilities range from remote code execution, which could lead to full account takeover, to information disclosure, potentially exposing sensitive data, or causing denial of service. The session will share our story of discovery, how we were able to identify commonalities among them, and how we developed a method to uncover more vulnerabilities and enhance the impact by using common techniques leading to privilege escalation. We will then detail our approach for mapping service external resources and release our Open-Source tool to research service internal API calls. We will also present a method to check if accounts have been vulnerable to this vector in the past.
\n\nWe will conclude our talk with the lessons learned during this research and our future line of research. We will highlight new areas that cloud researchers need to explore when hunting for cloud vulnerabilities and highlight best practices for developers to use in complex environments.
\n\n\n\nSpeakers:Yakir Kadkoda,Michael Katchinskiy,Ofek ItachYakir Kadkoda is a Lead Security Researcher at Aqua\'s research team, Team Nautilus. He combines his expertise in vulnerability research with a focus on discovering and analyzing new security threats and attack vectors in cloud native environments, supply chain security, and CI/CD processes. Prior to joining Aqua, Yakir worked as a red teamer. Yakir has shared his cybersecurity insights at major industry events like Black Hat and RSA.
\n\nSpeakerBio: Michael KatchinskiyMichael Katchinskiy is a Security Researcher and a Computer Science student at the Technion. His work focuses on researching and analyzing new attack vectors in cloud-native environments, specializing in Kubernetes and integrating CNAPP data to detect and prevent attacks.
\n\nSpeakerBio: Ofek Itach, Senior Security Researcher at AquaOfek Itach is a Senior Security Researcher at Aqua, specializing in cloud research. His work centers on identifying and analyzing attack vectors in cloud environments, enhancing security measures for cloud platforms and cloud environments.
\n\n\n\'',NULL,614412),('2_Friday','15','14:30','15:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Breaching AWS Accounts Through Shadow Resources\'','\'Yakir Kadkoda,Michael Katchinskiy,Ofek Itach\'','DC_cce038fb8dff01b7fa4ade0c1e33b70f','\'\'',NULL,614413),('2_Friday','14','14:30','15:15','N','DC','LVCC West/Floor 3/W322-W327','\'Joe and Bruno\'s Guide to Hacking Time: Regenerating Passwords from RoboForm\'s Password Generator\'','\'Joe \"Kingpin\" Grand,Bruno Krauss\'','DC_cbbacfc77fb86075121ef1b56ffa3d25','\'Title: Joe and Bruno\'s Guide to Hacking Time: Regenerating Passwords from RoboForm\'s Password GeneratorImagine if you could go back in time to precompute all passwords that could have been generated by an off-the-shelf password generator? With RoboForm versions prior to June 2015, you can!
\n\nIn Joe and Bruno\'s Guide to Hacking Time, Joe and Bruno share their story, process, and experiences of reverse engineering RoboForm, finding a weakness in the randomness of the password generation routine, and creating a wrapper to generate all possible passwords that could have been generated within a specific time frame. Their work, using Cheat Engine, Ghidra, x64dbg, and custom code, was done specifically to help someone recover over $3 million of Bitcoin locked in a software wallet, but the attack could be exploited against any account or system protected by a password generated by RoboForm before their 7.9.14 release when this problem was fixed.
\n\nJoe Grand, also known as Kingpin, is a computer engineer, hardware hacker, teacher, daddy, honorary doctor, occasional YouTuber, creator of the first electronic badges for DEFCON, member of L0pht Heavy Industries, and former technological juvenile delinquent.
\n\nSpeakerBio: Bruno KraussBruno Krauss is a software engineer and Bitcoin enthusiast. He demonstrated his knack for password cracking at the age of 13 by bypassing his secondary school\'s IT security to mine BTC on their PCs and now specializes in cryptocurrency recovery.
\n\n\n\'',NULL,614414),('2_Friday','15','14:30','15:15','Y','DC','LVCC West/Floor 3/W322-W327','\'Joe and Bruno\'s Guide to Hacking Time: Regenerating Passwords from RoboForm\'s Password Generator\'','\'Joe \"Kingpin\" Grand,Bruno Krauss\'','DC_cbbacfc77fb86075121ef1b56ffa3d25','\'\'',NULL,614415),('2_Friday','15','15:00','15:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Abusing Windows Hello Without a Severed Hand\'','\'Ceri Coburn,Dirk-jan Mollema\'','DC_269b106fe2c11825f1ea93a2f1f73955','\'Title: Abusing Windows Hello Without a Severed HandWindows Hello is touted by Microsoft as the modern de facto authentication scheme on Windows platforms, supporting authentication and encryption backed by biometrics. In a world that is quickly accelerating towards a passwordless existence, what new threats do we face in this complex landscape? We will take a deep dive into the inner working of Windows Hello. Via the release of a new tool, it will be demonstrated how an attacker on a fully compromised Windows host can leverage secrets backed by Windows Hello biometrics without needing the biometric data that protects them. We will also show how the hardware protections of Windows Hello and its accompanying Primary Refresh Tokens can be defeated, making it possible to use Windows Hello for identity persistency and PRT stealing, in some cases even without Administrator access on the host.
\n\n\n\nSpeakers:Ceri Coburn,Dirk-jan MollemaAfter a 20 year career within the software development space, Ceri was looking for a new challenge and moved into pen testing back in 2019. During that time he has created and contributed to several open source offensive tools such as Rubeus, BOFNET and SweetPotato and on the odd occasion contributed to projects on the defensive side too. After speaking at DEF CON 31 for the first-time last year, he is now back for more. He currently works as a red team operator and offensive security dev at Pen Test Partners.
\n\nSpeakerBio: Dirk-jan Mollema, Security Researcher at Outsider SecurityDirk-jan Mollema is a hacker and researcher of Active Directory and Microsoft Entra (Azure AD) security. In 2022 he started his own company, Outsider Security, where he performs penetration tests and reviews of enterprise networks and cloud environments. He blogs at dirkjanm.io, where he publishes his research, and shares updates on the many open source security tools he has written over the years. He presented previously at TROOPERS, DEF CON, Black Hat and BlueHat and has been awarded as one of Microsoft\'s Most Valuable Researchers multiple times.
\n\n\n\'',NULL,614416),('2_Friday','15','15:00','15:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?\'','\'Ryan Johnson\'','DC_90ae3a446106860b3d195e27d4bf69ae','\'Title: Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?Do you consider the list of mobile apps you use and the frequency at which you use them private information? What about the GPS coordinates of the cell towers to which your smartphone connects? The Android framework restricts third-party apps from freely obtaining this information – unless the user explicitly grants the app access. Android is a diverse ecosystem that comes with many benefits, but device vendors can still unintentionally expose app usage and device location in a variety of ways. We uncover privacy leaks of both types of data, where pre-loaded vendor software exposes app usage and location to co-located software. We also explore various local exposures of this data, where it is leaked to resources that do not require any special permissions or privileges to access.
\n\nWe discovered these leakages across several major vendors, including Samsung, Nokia, Transsion brands (i.e., Tecno, Infinix, and Itel), and additional vendors that utilize a pre-installed Qualcomm app for performance monitoring. We cover each of these exposures in detail. App usage reveals the subset of the apps that the user actually interacts with, which can be collected, combined with location data, and analyzed for advertising, profiling, and establishing user pattern-of-life.
\n\nDr. Ryan Johnson is a Senior Director, R&D at Quokka (formerly Kryptowire). His research interests are static and dynamic analysis of Android apps and reverse engineering. He is a co-founder of Quokka and has presented at DEF CON, Black Hat (USA, Asia, & MEA), IT-Defense, and @Hack. His research in Android security has been assigned dozens of CVEs and is responsible for discovering the Adups spyware that affected millions of Android smartphones.
\n\n\n\'',NULL,614417),('2_Friday','15','15:00','15:59','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'DC101 Panel\'','\'Nikita Kronenberg,Drew \"aNullValue\" Stemen,Grifter,AdaZebra\'','DC_aa35b1767cf97c352765dea22d80f74b','\'Title: DC101 PanelAI is transforming social engineering. Using tools like ChatGPT, Gemini, and Copilot, attackers can make phishing and vishing attacks nearly impossible to distinguish from legitimate Interactions. This presentation will demonstrate how virtually anyone with a pulse can now use AI to craft sophisticated phishing sites and conduct vishing operations with unprecedented subtlety and effectiveness. These next-generation techniques are transforming the landscape of social engineering.
\n\nYou will learn how to replicate these advanced techniques to elevate your own social-engineering game. You will learn how criminals can manipulate AI tools to simulate real-world attacks and gain a deeper insight into their tactics. You’ll learn how to use A.I. to enhance how you attack now & ways for it to supplement skills you don’t currently have.
\n\nYou will learn how to leverage these techniques to transform an organization’s, traditional, “security awareness” mentality into a “situational awareness” mindset. Using real-world examples, we demonstrate turning potential threats into teachable moments.
\n\nThis session is essential for anyone looking to harness the power of AI in hacking and Red Teaming. We offer practical skills to engage employees and enhance your approach to social engineering both offensively and defensively. And yes, we do this with a certain theme in mind as I ENGAGE the audience as we boldly go where no Hackers have gone before!
\n\n\n\nSpeakerBio: Jayson E. StreetJayson E. Street referred to in the past as:
\n\nA \"notorious hacker\" by FOX25 Boston, \"World Class Hacker\" by National Geographic Breakthrough Series and described as a \"paunchy hacker\" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.
\n\nHe\'s a Simulated Adversary for hire. The author of the \"Dissecting the hack: Series\" ( Which has been taught in colleges and Jayson also appears in college text books as well). Also, the DEF CON Groups Global Ambassador. He\'s spoken at DEF CON, DEF CON China, GRRCon, DerbyCon and at several other \'CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.
\n\nHe loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once all others he was supposed to)!
\n\nJayson is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far but if they are please note he was proud to be chosen as one of Time\'s persons of the year for 2006.
\n\n\n\'',NULL,614419),('2_Friday','16','15:30','16:15','Y','DC','LVCC West/Floor 3/W322-W327','\'Social Engineering Like you’re Picard\'','\'Jayson E. Street\'','DC_796f96d7d123efa1e6f92e18ceff5cb8','\'\'',NULL,614420),('2_Friday','15','15:30','16:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Taming the Beast: Inside the Llama 3 Red Team Process\'','\'Aaron \"dyn\" Grattafiori,Ivan Evtimov,Joanna Bitton,Maya Pavlova\'','DC_9c09dce51f21695b3cd701a8636d5e2f','\'Title: Taming the Beast: Inside the Llama 3 Red Team ProcessIn this presentation, the core AI Red Team at Meta will take you on a journey through the story of Red Teaming the Llama 3 Large Language Model. This talk is perfect for anyone eager to delve into the complexity of advanced model Red Teaming and safety, as well as how to perform their own research to find new attacks should attend this talk. We’ll begin by exploring what AI Red Teaming is truly about, before exploring Meta’s process and approaches on the topic. The team will detail our methodology for discovering new risks within complex AI capabilities, how emergent capabilities may breed emergent risks, what types of attacks we’re looking to perform across different model capabilities and how or why the attacks even work. Moreover, we’ll explore insights into which lessons from decades of security expertise can – and cannot – be applied as we venture into a new era of AI trust and safety.
\n\nThe team will then move on to how we used automation to scale attacks up, our novel approach to multi-turn adversarial AI agents and the systems we built to benchmark safety across a set of different high-risk areas. We also plan to discuss advanced cyber-attacks (both human and automated), Meta’s open benchmark CyberSecEvals and touch on Red Teaming for national security threats presented by state-of-the-art models. For each of these areas we’ll touch on various assessment and measurement challenges, ending on where we see the AI Red Teaming industry gaps, as well as where AI Safety is heading at a rapid pace.
\n\nSpeakers:Aaron \"dyn\" Grattafiori,Ivan Evtimov,Joanna Bitton,Maya PavlovaAaron “dyn” Grattafiori is currently a lead for AI Red Teaming at Meta, leading the fight against the machines. Previously he spent over six years leading the “cyber” Red Team at Meta performing full-scale Operations against a wide array of objectives from insider threats and edge device compromises to simulated supply chain attacks, ransomware, custom rootkits and malware. Before working at Meta, Aaron was a Principal Consultant at NCC Group for many years working on application security assessments for leading software companies across web, mobile, cryptography, virtualization, containers as well as network security assessments. Aaron has spoken on a wide range of topics at security conferences such as BlackHat, DEF CON, Enigma, Toorcon, Source Seattle, Red Team Summit and more. When not hacking the LLM gibson, Aaron can be found on the slopes, the garage working on an old car or hiking the front range in Colorado.
\n\nSpeakerBio: Ivan Evtimov, Red Teaming Research Scientist, Gen AI Trust & Safety at MetaCurrently a red teaming research scientist at Meta Gen AI Trust & Safety. Ivan has been the tech lead for red teaming Llama 3, Code Llama, AudioBox, Seamless and participated as a red teamer in many other model and product releases. Ivan has also carried out AI research on cybersecurity safety, robustness to spurious correlations, and fairness in AI systems. Before Meta, Ivan was a member of the Computer Security and Privacy Lab and the Tech Policy Lab at the University of Washington, carrying out research on adversarial machine learning. He has also been spotted on a bike in the general vicinity of New York City.
\n\nSpeakerBio: Joanna Bitton, Software Engineer, GenAI Trust & Safety at MetaCurrently a software engineer on Meta’s GenAI Trust & Safety, Joanna has been the lead for automation, safety and red teaming across many internal projects at Meta. An original member of the Facebook AI Red Team, she has worked on critical Responsible AI issues for over five years. She is also the author of AugLy, a data augmentation library for audio, image, text, and video to bypass classifiers and perform other attacks with over 5k GitHub stars. Joanna takes red teaming to heart, and can neither confirm nor deny she was raised on a submarine.
\n\nSpeakerBio: Maya Pavlova, Software Engineer, GenAI Trust & Safety at MetaCurrently a software engineer on Meta’s GenAI Trust & Safety, Maya Pavlova’s main work these days has been on understanding how to bridge the gap between manual red teaming processes and automated solutions. Maya originally entered this world from the safety testing lens, previously working on scaling Responsible AI’s fairness evaluation platforms, she has now pivoted to the interesting problem of how to automate AI red teaming attacks to build robust adversarial stress testing platforms.
\n\n\n\'',NULL,614421),('2_Friday','16','15:30','16:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Taming the Beast: Inside the Llama 3 Red Team Process\'','\'Aaron \"dyn\" Grattafiori,Ivan Evtimov,Joanna Bitton,Maya Pavlova\'','DC_9c09dce51f21695b3cd701a8636d5e2f','\'\'',NULL,614422),('2_Friday','16','16:00','16:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Outlook Unleashing RCE Chaos: CVE-2024-30103 & CVE-2024-38021\'','\'Michael Gorelik ,Arnold Osipov\'','DC_0f95ca74b7e43c2c9f62226894ecc611','\'Title: Outlook Unleashing RCE Chaos: CVE-2024-30103 & CVE-2024-38021Did you ever receive an empty email and immediately think it might be a reconnaissance attack? What if opening such an email in your Outlook client could trigger remote code execution through an invisible form? Yes, all forms are COM objects, and CVE-2024-21378 has flung open the gates to Outlook RCE chaos.
\n\nIn our session, \"Outlook Unleashing RCE Chaos: CVE-2024-30103\" we\'ll dive into how this seemingly innocuous vulnerability can lead to mayhem. This vulnerability paved the way for us to discover a series of new remote code execution vulnerabilities in Outlook, including CVE-2024-30103. But we’re not stopping there.
\n\nAdditionally, we\'ll uncover other vulnerabilities that can cause NTLM leaks from your domain-joined devices.
\n\nSo, how did we get here? Join us as we construct an evolution timeline of this attack surface. From the origins of these exploits to their current incarnations, we\'ll cover it all. And because we believe in building a safer digital world, we\'ll conclude with specific, actionable recommendations on how to minimize these threats.
\n\n\n\nSpeakers:Michael Gorelik ,Arnold OsipovMichael has amassed over twenty years of experience in the cybersecurity industry, with a decade at Morphisec where he pioneered Moving Target Defense within Endpoint Security. Prior to founding Morphisec, he collaborated on numerous security projects with Deutsche Telekom and Ben-Gurion University laboratories. His expertise spans roles as a reverser, malware researcher, penetration tester, and vulnerability researcher. Michael holds more than seven patents and a Master of Science degree in Computer Science from Ben-Gurion University, Israel. He has worked with the FBI on several significant cybersecurity cases and identified critical privilege escalation exploits in various endpoint security vendors. Michael is a seasoned speaker at industry conferences and led his team to uncover one of the largest supply chain attacks, the CCleaner incident.
\n\nSpeakerBio: Arnold Osipov, Distinguished Malware Researcher at MorphisecArnold is a distinguished malware researcher at Morphisec, renowned for discovering new categories of malware, including the Jupyter and Chaos info stealers among others. His groundbreaking work has significantly advanced understanding and mitigation of emerging malware threats. Arnold has presented his findings at various BSides events throughout Europe, establishing himself as a knowledgeable and engaging speaker. His research continues to push the boundaries of cybersecurity, enhancing both Morphisec’s capabilities and the broader security landscape.
\n\n\n\'',NULL,614423),('3_Saturday','14','14:00','14:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'SQL Injection Isn\'t Dead: Smuggling Queries at the Protocol Level\'','\'Paul Gerste\'','DC_5d538b952643182f6efd4b42f5b85e5d','\'Title: SQL Injection Isn\'t Dead: Smuggling Queries at the Protocol LevelSQL injections seem to be a solved problem; databases even have built-in support for prepared statements, leaving no room for injections. In this session, we will go a level deeper: instead of attacking the query syntax, we will explore smuggling attacks against database wire protocols, through which remote, unauthenticated attackers can inject entire (No)SQL statements into an application\'s database connection.
\n\nUsing vulnerable database driver libraries as case studies, we will bring the concept of HTTP request smuggling to binary protocols. By corrupting the boundaries between protocol messages, we desynchronize an application and its database, allowing the insertion of malicious messages that lead to authentication bypasses, data leakage, and remote code execution.
\n\nTo put our findings into context, we will explore the real-world applicability of this new concept by comparing how robust various languages and frameworks are against these attacks. We will also discuss how smuggling attacks are not specific to database wire protocols but affect all kinds of binary protocols, from databases over message queues to caching. We will end the session with inspirations for future research to explore the topic further.
\n\n\n\nSpeakerBio: Paul Gerste, Vulnerability Researcher, R&D team at SonarPaul Gerste is a vulnerability researcher on Sonar\'s R&D team. He has a proven talent for finding security issues, demonstrated by his two successful Pwn2Own participations and discoveries in popular applications like Proton Mail, Visual Studio Code, and Rocket.Chat. When Paul is not at work, he enjoys playing CTFs with team FluxFingers and organizing Hack.lu CTF.
\n\n\n\'',NULL,614424),('2_Friday','11','11:30','11:59','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Atomic Honeypot: A MySQL Honeypot That Drops Shells\'','\'Alexander Rubin,Martin Rakhmanov\'','DC_087cfefb8dfa26b5895c20b709c753f8','\'Title: Atomic Honeypot: A MySQL Honeypot That Drops ShellsMeet an attacking MySQL honepot which can “Attack the attackers”. In 2023 we have found a CVE (CVE-2023-21980) in MySQL that allows a rogue MySQL “server” to attack a client connecting to it; attack meaning RCE on the client side. Since then we were thinking on how to use it for good. One obvious application is to create a honeypot which will attack the attackers. In 2024 we have found another RCE in mysqldump utility (CVE-2024-21096), so we have created a rogue MySQL server and weaponized it with a chain of 3 vulnerabilities: 1/ arbitrary file read 2/ RCE from 2023 (CVE-2023- 21980) 3/ the new RCE (CVE-2024-21096). With this atomic honeypot we were able to discover 2 new attacks against MySQL server. Using arbitrary file read vulnerability in MySQL we were able to download and analyze the attackers\' code and then execute an “attack against attackers” using a chain of exploits.
\n\nCVE-2023-21980\nCVE-2024-21096
\n\nSpeakers:Alexander Rubin,Martin RakhmanovAlexander is a Principal Security Engineer at Amazon Web Services (AWS), leading RDS Red Team. Alexander was working as MySQL principal consultant/architect for over 15 years, started with MySQL AB in 2006 (company behind MySQL database), Sun Microsystems, Oracle and then Percona. His security pentest/red teaming interest started with playing CTFs and performing opensource security research. Alexander is managing RDS (relational database as a service) Red Team at Amazon Web Services.
\n\nSpeakerBio: Martin Rakhmanov, Senior Security Engineer, RDS Red Team at Amazon Web Services (AWS)Martin is a Senior Security Engineer at Amazon Web Services (AWS) RDS Red Team. Prior to that, Martin spent 17 years doing security research of databases and other targets, including servers, desktop applications and hardware. Martin found more than 30 CVEs across various databases and other products.
\n\n\n\'',NULL,614425),('2_Friday','16','16:30','17:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Leveraging private APNs for mobile network traffic analysis\'','\'Aapo Oksman\'','DC_b8433127572b2369b9230a3bdeb2cc40','\'Title: Leveraging private APNs for mobile network traffic analysisKnowing where and how your mobile and IoT devices communicate on the Internet is essential for ensuring privacy and security.
\n\nIn the past, it has been easy to follow their communication through a WIFI connection that you control. However, your devices are becoming more locked down and utilize mobile networks such as 4G and 5G for communication. As the devices communicate directly through mobile network base stations operated by Internet Service Providers (ISPs), tampering with or even monitoring their communication is outside your reach.
\n\nWhile it is possible to set up a private base station, it requires expensive components and is hard to operate. However, many ISPs have begun offering private Access Point Names (APNs) to allow you to have a private network inside the ISP infrastructure.
\n\nThis talk will show how you can affordably leverage ISP-operated mobile networks and their private APN services to control your mobile devices\' network traffic. This technique lets you inspect, filter, and tamper with your mobile devices\' IP traffic for offensive and defensive cyber security needs, such as penetration testing IoT devices or monitoring mobile device endpoints for malicious traffic.
\n\nAapo Oksman is an entrepreneur and the Founder of Juurin Oy, a boutique company focusing on technical IoT cybersecurity. His background is in electrical engineering, embedded devices, and test automation. Combining his background with a hacking hobby led to a cybersecurity career focusing on industrial IoT.
\n\nBug Bounties and security research keep Aapo motivated and learning. His work in PKI and TLS has resulted in multiple CVEs from vendors like Microsoft, Google, Apple, and Samsung. At DEF CON 31, Aapo released a TLS hacking tool, certmitm, that has proven its worth in finding insecure TLS implementations with new vulnerabilities found constantly.
\n\nOutside work and research, Aapo\'s passion is in the community. He organizes local security meetups and coaches the Finnish national youth CTF team in the yearly European Cybersecurity Challenge competition.
\n\n\n\'',NULL,614426),('2_Friday','17','16:30','17:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Leveraging private APNs for mobile network traffic analysis\'','\'Aapo Oksman\'','DC_b8433127572b2369b9230a3bdeb2cc40','\'\'',NULL,614427),('2_Friday','16','16:30','17:15','N','DC','LVCC West/Floor 3/W322-W327','\'Why are you still, using my server for your internet access.\'','\'Thomas Boejstrup Johansen\'','DC_1fab03faf299e3a4bb2016578549d6a1','\'Title: Why are you still, using my server for your internet access.Pawning countries at top level domain by just buying one specific domain name ‘wpad.tld’, come hear about this more the 25+ years old issue and the research from running eight different wpad.tld domains for more than one year that turn into more the 1+ billion DNS request and more then 600+GB of Apache log data with leaked information from the clients.
\n\nThis is the story about how easy it is to just buying one domain and then many hundreds of thousands of Internet clients will get auto pwned without knowing it and start sending traffic to this man-in-the-middle setup there is bypassing encryption and can change content with the ability to get the clients to download harmful content and execute it.
\n\nThe talk will explain the technical behind this issue and showcase why and how clients will be trick into this Man-in-the-middle trap.
\n\nThomas Boejstrup Johansen aka Tooms has been in professional IT for more than 25+ years, where the first 11+ years were as a system administrator for a large Danish company and the last 14+ years as a security specialist with the work in the field of Reverse Engineering Malware, Incident Response and Forensics but also physical redteam engagements and pentesting for customers.
\n\nThe last many years have been mainly as lead senior forensics investigator and incident response on many incidents including some more well known major incidents like the incident in 2021 there got known around the world as Microsoft Exchange Hafnium vulnerability.
\n\n\n\'',NULL,614428),('2_Friday','17','16:30','17:15','Y','DC','LVCC West/Floor 3/W322-W327','\'Why are you still, using my server for your internet access.\'','\'Thomas Boejstrup Johansen\'','DC_1fab03faf299e3a4bb2016578549d6a1','\'\'',NULL,614429),('2_Friday','17','17:00','17:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Breaking Secure Web Gateways (SWG) for Fun and Profit\'','\'Vivek Ramachandran,Jeswin Mathai\'','DC_e01ff20e028eec9da52df9c21e986fc6','\'Title: Breaking Secure Web Gateways (SWG) for Fun and ProfitSecure Web Gateways (SWGs) are cloud-based SSL-intercepting proxies and an important component of enterprise Secure Access Service Edge (SASE) or Security Service Edge (SSE) solutions. SWGs ensure secure web access for enterprise users by doing malware protection, threat prevention, URL filtering, and content inspection of sensitive data, among other critical security measures.
\n\nOur research indicates that in today\'s world of complex web applications and protocols, SWGs often fail to deliver on their promise. We will demonstrate a new class of attacks: “Last Mile Reassembly Attacks,” which, as of this writing, can bypass every SWG in the Gartner Magic Quadrant for SASE and SSE - this includes the largest public market cybersecurity companies in the world. Additionally, we will release an open-source attack toolkit for researchers and red teams to test these attacks on their security solutions and better understand their security exposure.
\n\nWe aim for our talk to compel SWG vendors to rethink cloud-based client-side web attack detection models, and for enterprises to rethink how they look at securing their users against web threats.
\n\nSecure Web Gateway Basics: link\nSSL Interception and Attacks: link
\n\nSpeakers:Vivek Ramachandran,Jeswin MathaiVivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. Before that, Vivek’s company built an 802.11ac monitoring product sold exclusively to defense agencies. Vivek discovered the Caffe Latte attack, broke WEP Cloaking, conceptualized enterprise Wi-Fi Backdoors, and created Chellam (Wi-Fi Firewall), WiMonitor Enterprise (802.11ac monitoring), Chigula (Wi-Fi traffic analysis via SQL), Deceptacon (IoT Honeypots), among others. He is the author of multiple five-star-rated books in offensive cybersecurity, which have sold thousands of copies worldwide and have been translated into multiple languages. He has been a speaker/trainer at top security conferences such as Blackhat USA, Europe and Abu Dhabi, DEFCON, Nullcon, Brucon, HITB, Hacktivity, and others. Vivek’s work in cybersecurity has been covered in Forbes, TechCrunch, and other popular media outlets. In a past life, he was one of the programmers of the 802.1x protocol and Port Security in Cisco’s 6500 Catalyst series of switches. He was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He has also published multiple research papers in the field of DDoS, ARP Spoofing Detection, and Anomaly-based Intrusion Detection Systems. In 2021, he was awarded an honorary title of Regional Director of Cybersecurity by Microsoft for a period of three years, and in 2024 he joined the BlackHat Arsenal Review Board.
\n\nSpeakerBio: Jeswin Mathai, Chief Architect at SquareXJeswin Mathai serves as the Chief Architect at SquareX, where he leads the design and implementation of the company\'s infrastructure. Before joining SquareX, he was part of Pentester Academy (acquired by INE) where he was responsible for managing the whole lab platform that was used by thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. A seasoned speaker and researcher, Jeswin has showcased his work at prestigious international stages such as DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs at DEFCON. He has also imparted his knowledge globally, training in-classroom sessions at Black Hat US, Asia, HITB, RootCon, and OWASP NZ Day. Jeswin is also the creator of popular open-source projects such as AWSGoat, AzureGoat, and PAToolkit. He holds a Bachelor\'s degree from IIIT Bhubaneswar, where he led the InfoSec Society. In association with CDAC and ISEA, he spearheaded security audits of government portals and orchestrated cybersecurity workshops for government officials. Jeswin\'s professional interests are focused on advancing the fields of Cloud Security, Container Security, and Browser Security.
\n\n\n\'',NULL,614430),('2_Friday','17','17:00','17:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Bricked & Abandoned: How To Keep The IoT From Becoming An Internet of Trash\'','\'Paul Roberts,Chris Wysopal,Cory Doctorow,Tarah Wheeler,Dennis Giese\'','DC_5a95cf9ea6b8b74c94f7be327e653c78','\'Title: Bricked & Abandoned: How To Keep The IoT From Becoming An Internet of TrashIn a world where technology and software are intertwined with our daily lives more than ever, a silent threat grows in the shadows.
\n\nEnd-of-life devices—abandoned by manufacturers - power our homes, hospitals, businesses and critical infrastructure. From the depths of the cyber underground, malicious software from cybercriminal and nation-state actors is seizing these forgotten devices and conscripting them into botnets and other malicious infrastructure.
\n\nFor example, Black Lotus Labs revealed a chilling trend: 40,000 small office home office (SOHO) routers compromised and enrolled in the sinister \'Faceless\' botnet - now powered by devices you own and thought were safe.
\n\nAnd it\'s not just routers. Critical medical devices, essential security hardware—smart home appliances. No gadget is safe. And, with the Internet of Things set to double in the next decade, billions of vulnerable devices marketed and sold to connect us risk robbing, dividing and defeating us in the years to come: a process one expert has termed “enshittification.”
\n\nAfter years of warnings from the cybersecurity community, alarms are finally sounding in the halls of power. But more is needed: a clarion call to reset, to redefine ownership and security in an age of smart, connected devices before it\'s too late.
\n\nIn this panel you’ll be enlisted to join the fight. You’ll hear from experts working at the forefront of a fight to challenge the status quo and seek solutions to safeguard our digital futures.Are you ready to stand up for your right to a secure, connected world? The battle for control, for transparency- for a sustainable and resilient digital future begins now!
\n\nSpeakers:Paul Roberts,Chris Wysopal,Cory Doctorow,Tarah Wheeler,Dennis GiesePaul Roberts is the publisher and Editor in Chief of The Security Ledger and the founder of Secure Repairs (securepairs.org) a coalition of cybersecurity and IT pros who support the right to repair.
\n\nSpeakerBio: Chris Wysopal, CTO at VeracodeChris Wysopal is the CTO of Veracode, a provider of application security testing technology. Chris began his career as a vulnerability researcher at the renowned hacker think tank, L0pht. In 1998, Chris and 6 of his L0pht colleagues testified before the U.S. Senate on matters of U.S. government cybersecurity.
\n\nSpeakerBio: Cory Doctorow, AuthorCory Doctorow is a science fiction author, activist and journalist. He is the author of many books, most recently THE BEZZLE and THE LOST CAUSE. In 2020, he was inducted into the Canadian Science Fiction and Fantasy Hall of Fame.
\n\nSpeakerBio: Tarah Wheeler, Senior Fellow in Global Cyber Policy at Council on Foreign RelationsTarah Wheeler is the founder and CEO of Red Queen Dynamics; a Senior Fellow in Global Cyber Policy at the Council on Foreign Relations; and a well-known speaker and writer on topics that include cyberwarfare, security best practices, future trends and more.
\n\nSpeakerBio: Dennis GieseDennis Giese is a researcher with the focus on the security and privacy of IoT devices. While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices. His most known projects are the documentation and hacking of various vacuum robots. He calls himself a \"robot collector\" and his current vacuum robot army consists of over 60 different models from various vendors. He talked about his research at the Chaos Communication Congress, REcon BRX, NULLCON, and DEFCON.
\n\n\n\'',NULL,614431),('2_Friday','17','17:00','17:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'One for all and all for WHAD: wireless shenanigans made easy !\'','\'Damien Cauquil,Romain Cayre\'','DC_5509c98b4c2ddc51da2db01fffed5844','\'Title: One for all and all for WHAD: wireless shenanigans made easy !A lot of security research have recently focused on various wireless communication protocols, targeting smartphones, wireless mice and keyboards and even cars. In order to demonstrate these attacks, researchers developed dedicated tools that for most of them include some specialized firmware of their own but also rely on various unique custom host/device communication protocols. These tools work great but are strongly tied to some specific hardware that at some point will not be available anymore, or require hackers to buy more hardware to carry on to have fun with. Why not making these tools compatible with more hardware ? And why researchers always have to create their own host/device protocol when it comes to using a dedicated hardware ? Why not having one flexible protocol and related tools to rule them all ?
\n\nWe will present in this talk WHAD, a framework that provides an extensible host/device communication protocol, dedicated protocol stacks and way more for hackers who love having fun with wireless protocols. WHAD makes interoperability possible between tools by allowing different hardware devices to be used if they provide the required capabilities, giving the opportunity to create advanced tools without having to care about the hardware and its firmware in most of the cases!
\n\nDamien Cauquil is security engineer at Quarkslab, France. He loves electronics, embedded devices, wireless protocols and to hack all of these not especially in that order. He authored several Bluetooth Low Energy tools like Btlejuice and Btlejack, discovered a way to hack into an existing Bluetooth Low Energy connection that has later been improved by his co-speaker Romain Cayre, and other tools on a lot of different topics that tickle his mind but not always related to security or wireless protocols.
\n\nSpeakerBio: Romain Cayre, Assistant Professor, Software and System Security (S3) Group at EURECOMRomain Cayre is assistant professor in Software and System Security (S3) group at EURECOM, France. He works on topics related to wireless security, IoT security and embedded systems security. He loves hacking embedded wireless stacks and playing with wireless protocols. In the past, he worked on several research projects related to wireless hacking, like WazaBee (a cross-protocol pivoting attack allowing to receive and transmit arbitrary 802.15.4 packets from a diverted BLE transceiver), InjectaBLE (an attack allowing to inject arbitrary packets into an ongoing Bluetooth Low Energy connection by leveraging a race condition in the Link Layer clock drift compensation mechanism), and OASIS (a defensive framework allowing to generate an embedded detection software and inject it into Bluetooth Low Energy controllers).
\n\nHe is also the main developer of Mirage, an offensive framework for wireless communication protocols (and a draft to the new framework WHAD !)
\n\n\n\'',NULL,614432),('2_Friday','17','17:30','18:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Exploiting Bluetooth - from your car to the bank account$$\'','\'Vladyslav Zubkov,Martin Strohmeier\'','DC_0ef5510d21e93dbd1a8f6930b5c0533d','\'Title: Exploiting Bluetooth - from your car to the bank account$$Over the past decade, infotainment systems have experienced a growth in functionality, broader adoption, and central incorporation into vehicle architecture. Due to the ever-growing role of wireless protocols such as Bluetooth and a known lack of patches alongside the difficulty of patch installation, this poses a new attack surface and a genuine threat to the users. Meanwhile, the tools and methodologies required for testing are scattered across the Internet, absent and need a rigorous setup.
\n\nIn this talk, we share a comprehensive framework BlueToolkit to test and replay Bluetooth Classic vulnerabilities. Additionally, we release new exploits and a privilege escalation attack vector.
\n\nWe show how we used the toolkit to find 64 new vulnerabilities in 22 modern cars and the Garmin Flight Stream flight management system used in several aircraft types. Our work equips hackers with insights and necessary information on novel vulnerabilities that could be used to steal information from target cars, establish MitM position or escalate privileges to hijack victims’ accounts and MFA codes stealthily.
\n\nOverall, we show vulnerabilities in cars, aircraft and smartphones. We believe our research will be beneficial in finding new vulnerabilities and making Bluetooth research more accessible and reproducible.
\n\nReferences:
\n\nVladyslav Zubkov (aka yso and schwytz) is a bug bounty hunter. He is consistently among the top hackers at live hacking events organized by Meta, Intel, Louis Vuitton, Intigriti and YesWeHack. His interests include vulnerability research, application security, red teaming, bug bounty hunting, developing tools and proactively securing systems.
\n\nSpeakerBio: Martin Strohmeier, Senior Scientist at Cyber Defence CampusMartin Strohmeier is a Senior Scientist at the Swiss Cyber Defence Campus, where he is responsible for vulnerability research programmes into aircraft, satellites and cars. His work was published in all major systems security conferences, totalling more than 100 publications to date. He has also spoken previously at the DEFCON Aerospace Village and co-organized CTFs there.
\n\n\n\'',NULL,614433),('2_Friday','18','17:30','18:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Exploiting Bluetooth - from your car to the bank account$$\'','\'Vladyslav Zubkov,Martin Strohmeier\'','DC_0ef5510d21e93dbd1a8f6930b5c0533d','\'\'',NULL,614434),('2_Friday','17','17:30','17:50','N','DC','LVCC West/Floor 3/W322-W327','\'Stranger in a Changed Land\'','\'Tony Sager\'','DC_48c7049cd0502c1e40c713e3995d920b','\'Title: Stranger in a Changed LandWhat\'s it like to spend a career as a cyberdefender for the DoD and the nation, but homed inside of an intelligence agency? In this talk, I\'ll offer a historical and personal perspective based on 35 years at the National Security Agency as a vulnerability analyst for the defense, from junior analyst to executive manager. The common element across my career was the search for vulnerabilities in the name of defense - finding them, making sense of them, leading organizations to find them, and then translating that knowledge into action to prevent or manage them. I\'ll share lessons learned as cyberdefense evolved from a focus on mathematics and cryptography to systems and software; and from government security to a global internet. And we\'ll focus on the mission, technical, and cultural interplay of cyberdefense and offense/intelligence as it played out at NSA. War stories, culture clashes, bureaucratic mazes? Of course! But in the end, better security for all.
\n\nCommunications Security, Computer Security, Information Security, Information Assurance, Defensive Information Operations, and several more - I\'m very lucky to have ridden the World-Wide Wave we now call cybersecurity.
\n\nAnd I am very proud to have spent 35 years in Federal Service at the National Security Agency as part of the Information Assurance mission. The common element across my career was the search for vulnerabilities in the name of defense - finding vulnerabilities, making sense of them, leading organizations to find them, and then translating that knowledge into action to prevent or manage them.
\n\nThat final challenge consumed the last third of my government career. How can we translate what we learn through product testing, Red Teams, Blue Teams, systems analysis, etc. into operational guidance, best practices, requirements, training, and security improvements? How can we bridge the gap between telling people what they are doing wrong, and helping them do what\'s right? This led to projects like the release of NSA Security Guides to the public (www.nsa.gov), involvement in open standards for security automation and information sharing, and an activity now known as the Critical Security Controls.
\n\nSince retirement in 2012, I have been able to continue to serve the cause of cyber defense through our work at the non-profit Center for Internet Security, and the Council on CyberSecurity before that. And I am very active in more volunteer cybersecurity causes than I can recall.
\n\nSpeakerBio: Tony Sager, Senior VP & Chief Evangelist at Center for Internet Security (CIS)Tony is currently Senior VP & Chief Evangelist for the Center for Internet Security (CIS), leading a wide variety of strategic, partnership, and outreach activities. He led the work which later became known as the CIS Critical Security Controls – an independent, volunteer-developed, cyber defense best practices program which is used throughout the industry. Tony has led numerous other activities to develop, share, scale, and sustain effective defensive cyber practices for worldwide adoption.
\n\nIn addition to his duties at CIS, Tony is a volunteer in numerous cyber community service activities: inaugural member of the DHS/CISA Cyber Safety Review Board; Advisor to the Minnesota Cyber Security Summit; Advisory Boards for several local schools and colleges; formerly a member of the National Academy of Sciences Cyber Resilience Forum; and service on numerous national-level study groups and advisory panels.
\n\nTony retired from the National Security Agency in 2012 after 34 years as a mathematician, computer scientist, and executive manager. As one of the Agency’s first Software Vulnerability Analysts, he helped create and led two premier NSA cyber defense organizations (the System and Network Attack Center, and the Vulnerability Analysis and Operations Group). In 2001, he led the release of NSA security guidance to the public and expanded NSA’s role in the development of open standards for security.
\n\nIn 2023, Tony was inducted into the Cybersecurity Hall of Fame.
\n\n\n\'',NULL,614435),('3_Saturday','10','10:00','11:45','N','DC','LVCC West/Floor 3/W322-W327','\'CULT OF THE DEAD COW & Friends Present: Prime Cuts from Hacker History - 40 Years of 31337\'','\'Deth Veggie,Walter J. Scheirer,Patrick “Lord Digital” Kroupa,John Threat,Emmanuel Goldstein,X,TommydCat\'','DC_4bd005c0ca2591f70351601a08ab6437','\'Title: CULT OF THE DEAD COW & Friends Present: Prime Cuts from Hacker History - 40 Years of 31337The year is 1984… Ronald Reagan is President, it is a “New Mourning in America.” In Texas, a small cabal of malcontents meet in an abandoned slaughterhouse, decorated with heavy metal band posters, satanic iconography, and, most ominously, the skull of a DEAD COW… As pirated copies of speedmetal and punk music play in the background, these erstwhile revolutionaries speak of their disillusion with The Way Things Are, and their obsession with their new computers. All over America, teens were waking to not just the typical dissatisfaction of adolescence, but the awareness that via these new modes of communication and interaction, they could meet like-minded others, have some illicit fun, and maybe, just maybe, change the goddamn world.
\n\n1984 wasn’t the beginning of hacking, but brought perhaps the first real blossoming of the culture. The spread of the personal computer, and the modem, brought the birth of not just cDc, but the Legion of Doom, and 2600 Magazine. 1985 would bring Phrack Magazine, and a true explosion in the written culture, with t-files becoming the currency of the Truly Elite. In this session, members of cDc, 2600, LoD, MoD, and r00t will talk about what made them hackers and phreaks, swap stories, and answer questions posed by Prof. Walter Scheirer of the University of Notre Dame and audience Q&A.
\n\nSpeakers:Deth Veggie,Walter J. Scheirer,Patrick “Lord Digital” Kroupa,John Threat,Emmanuel Goldstein,X,TommydCatcDc Minister of Propaganda, Archaeologist, Gadabout. Cultee since 1990, r00t since 1995, K-rad since birth.
\n\nSpeakerBio: Walter J. ScheirerDennis O. Doughty Collegiate Professor of Engineering at the University of Notre Dame. Author of A History of Fake Things on the Internet (Stanford University Press, 2023)
\n\nSpeakerBio: Patrick “Lord Digital” KroupaMember Legion of Doom (LoD) & cDc, Co-founder Mindvox
\n\nSpeakerBio: John Threatworld renowned hacker, futurist, security advisor, artist, professor, and writer/director. Wired Magazine Cover, 60 Minutes, MoD, 8lgm, & r00t
\n\nSpeakerBio: Emmanuel GoldsteinEditor & Publisher 2600 Magazine, HOPE Conference coordinator, host of WBAI\'s \"Off The Hook”
\n\nSpeakerBio: XHacker/Vulnerability Archivist, r00t, creator of one of the earliest and longest running vulnerability databases in the World.
\n\nSpeakerBio: TommydCatTechnology Generalist and Oldskool Denizen of the Computer Underground, from the 80s onward, TdC’s ridden the wave from the days of dumping G-PHilez on AEs to dumping DBs in S3s.
\n\n\n\'',NULL,614436),('3_Saturday','11','10:00','11:45','Y','DC','LVCC West/Floor 3/W322-W327','\'CULT OF THE DEAD COW & Friends Present: Prime Cuts from Hacker History - 40 Years of 31337\'','\'Deth Veggie,Walter J. Scheirer,Patrick “Lord Digital” Kroupa,John Threat,Emmanuel Goldstein,X,TommydCat\'','DC_4bd005c0ca2591f70351601a08ab6437','\'\'',NULL,614437),('3_Saturday','10','10:00','10:20','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Laundering Money\'','\'Michael Orlitzky\'','DC_d725c80a6d0aa01f8aeba5518af095c6','\'Title: Laundering MoneyCSC ServiceWorks is a large vendor of pay-to-play laundry machines in apartments and condomiums. Most are Speed Queens, but newer CSC-branded machines use an app for payment and have custom circuitry inside. Many however accept quarters as well. We show that, when all else fails, you can always physically bypass the coin slot to run the machines for free.
\n\nMichael is a programmer, linux developer, network administrator, security consultant, lockpicker, bike messenger, and mathematician from Baltimore. The only thing he hates more than computers is computers inside of other things.
\n\n\n\'',NULL,614438),('3_Saturday','10','10:00','10:20','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Mutual authentication is optional\'','\'Xavier Zhang\'','DC_7d7c566167827cbd22cbec52e70d8c54','\'Title: Mutual authentication is optionalPhysical access control systems are often exploited in a number of ways. It could be weaknesses found within the credential itself, the antiquated communication protocol, the hardware itself, or the firmware it is running. But more often than not, it is a combination of factors that allow a variety of attacks from multiple dimensions. Some are extremely trivial and require little to no skill to perform, whereas some attacks require a bit more setup and knowledge of how the underlying technology works. We will go into detail on how these systems work, why verifying mutual authentication is important for physical access control systems and the exploits that can be accomplished, as well as ways to mitigate these exploits to make your facility more secure. This talk will include interactive demos involving official HID readers and hardware, proxmark3, and the flipper zero.
\n\n\n\nSpeakerBio: Xavier ZhangXavier Zhang is a physical security consultant and security researcher working with RFID enabled technologies and physical access control systems. He is the author of numerous pieces of documentation in Iceman’s proxmark3 repo such as the HID credential downgrade guide and an avid bug hunter in the proxmark3 community.\n \n Aside of physical security consulting, Xavier loves everything to do with DRM and reverse engineering how various forms of DRM are implemented in RFID tags. Currently Xavier is working on decoding the DRM used in a license violating closed source app based on the proxmark3 source, and all of the RFID tags it uses to help keep open source, open source.
\n\n\n\'',NULL,614439),('3_Saturday','10','10:00','10:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Reverse Engineering MicroPython Frozen Modules: Data Structures, Reconstruction, and Reading Bytecode\'','\'Wesley McGrew\'','DC_32d1a177d248fcc17da8d66facecbb2f','\'Title: Reverse Engineering MicroPython Frozen Modules: Data Structures, Reconstruction, and Reading BytecodeMicroPython is a firmware environment for quickly developing and deploying software onto microcontroller systems. It is used in a variety of industrial and scientific applications, as well as (most importantly) in some DEF CON #badgelife projects. It\'s easy to learn and use for rapid prototyping.
\n\nFor hackers interested in reverse engineering compiled or obfuscated MicroPython code, there are some obstacles. MicroPython is an implementation of CPython, not a port, so it has its own compiled bytecode language that existing reverse engineering tools aren\'t designed to parse. Also, modules can be \"frozen\", compiled directly into the microcontroller firmware, and may be difficult to locate and parse when microcontroller firmware is extracted and analyzed.
\n\nIn this talk, Wesley will walk the audience through the process of identifying \"frozen\"/compiled modules in a firmware image without debug symbols using the Ghidra disassembler. The relevant module, string, object, and raw code data structures will be detailed, so that everything required to rebuild a non-frozen module can recovered. Once a compiled module is reconstructed, Wesley will present a detailed example of reading and understanding MicroPython compiled bytecode, for the purpose of reverse engineering the purpose and implementation of the module.
\n\nDr. Wesley McGrew directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and malware analysis at DEF CON and Black Hat USA and taught a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.
\n\n\n\'',NULL,614440),('3_Saturday','10','10:00','10:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'The Pwnie Awards\'','\'\'','DC_863f4a0495de1b9541de83c415e38d6b','\'Title: The Pwnie AwardsThe Pwnies are an annual awards ceremony celebrating and making fun of the achievements and failures of security researchers and the wider security community. Every year, members of the infosec community nominate the best research and exploits they’ve seen. The Pwnie Award nominations are judged by a panel of respected security researchers and former pwnie award recipients – the closest to a jury of peers a hacker is likely to ever get. At this event DEF CON attendees will get a first person look at some of the most groundbreaking research and hacks in the cyber security community of the past year, and the winners get some well deserved recognition from the broader community for the great work they’ve done.
\n\n\'',NULL,614441),('3_Saturday','10','10:30','11:15','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Gotta Cache ‘em all: bending the rules of web cache exploitation\'','\'Martin Doyhenard\'','DC_7ed89f6c55612d3cdc34a2fe88dcdc0e','\'Title: Gotta Cache ‘em all: bending the rules of web cache exploitationIn recent years, web cache attacks have become a popular way to steal sensitive data, deface websites, and deliver exploits. We\'ve also seen parser inconsistencies causing critical vulnerabilities like HTTP Request Smuggling. This raises the question: what happens if we attack web caches\' URL-parsers?
\n\nIn this session, I\'ll introduce two powerful new techniques that exploit RFC ambiguities to bypass the limitations of web cache deception and poisoning attacks.
\n\nFirst, I\'ll introduce Static Path Deception, a novel technique to completely compromise the confidentiality of an application. I’ll illustrate this with a case study showing how such a breach can be replicated in environments like Nginx behind Cloudflare.
\n\nNext, I\'ll present Cache Key Confusion, and show how to exploit URL parsing inconsistencies in major platforms, including Microsoft Azure Cloud. I’ll then show how to achieve arbitrary cache poisoning and full denial of service.
\n\nFinally, I\'ll reveal how to supercharge these vulnerabilities with a live demo that blends Cache Key Confusion with a “non-exploitable” open redirect to execute arbitrary JS code for complete site takeover.
\n\nAttendees will depart armed with a set of innovative techniques, along with a definitive methodology to find and exploit these and other URL or HTTP discrepancies.
\n\nWeb Cache Deception Attack - Omer Gil\nlink
\n\nThis is the first time Web Cache Deception attacks were introduced and worked as a starting point for my research.
\n\nWeb Cache Entanglement: Novel Pathways to Poisoning - James Kettle\nlink
\n\nThis research worked as an inspiration to develop the cache poisoning techniques. I also used this paper to outline the state of the art in web cache exploitation and create a different approach using parser discrepancies.
\n\nCached and confused: Web cache deception in the wild - Seyed Ali Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda and William Robertson.\nlink
\n\nThe web cache deception techniques using delimiters for path confusion were inspired by the 2020 USENIX presentation “Cached and confused: Web cache deception in the wild”. In that presentation, they briefly describe some variations of path confusion using four encoded characters. Although the objective of their paper was to show a large-scale study of web cache deception vulnerabilities in the wild, it also introduced the use of delimiters for path confusion. In my presentation I\'ll expand on this concept, providing a methodology to find all the delimiters used by a URL parser and explaining how to use them in new exploitation techniques.
\n\nChatGPT Account Takeover - Wildcard Web Cache Deception - Harel Security Research\nlink
\n\nAlso, during the time this research was being conducted, a vulnerability using a single variation of one of the techniques (Static Path Confusion) was published as a write up.
\n\nSpeakerBio: Martin Doyhenard, Security Researcher at PortswiggerMartin Doyhenard is a Security Researcher at Portswigger, known for exploiting HTTP servers and web applications. Over the past few years he has presented his findings in multiple top security conferences including BlackHat, DEFCON, RSA, EkoParty, Hack in The Box and Troopers.
\n\nHis latest work includes discovering HTTP Response Smuggling techniques and exploiting SAP’s Inter-Process Communication service - compromising more than 200 thousand companies in the world.He’s also passionate about low level reverse engineering and testing his skills in online CTFs.
\n\n\n\'',NULL,614442),('3_Saturday','11','10:30','11:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Gotta Cache ‘em all: bending the rules of web cache exploitation\'','\'Martin Doyhenard\'','DC_7ed89f6c55612d3cdc34a2fe88dcdc0e','\'\'',NULL,614443),('3_Saturday','10','10:30','11:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Smishing Smackdown: Unraveling the Threads of USPS Smishing and Fighting Back\'','\'S1nn3r\'','DC_244b9c91f7125251601e4f40cd04745d','\'Title: Smishing Smackdown: Unraveling the Threads of USPS Smishing and Fighting BackIt\'s the holiday season and all through the air,
\n\nMessages arrive, not with joy, but despair.
\n\nA sinister plot unfolds, a digital dance,
\n\nSmishing scammers striking, a threat to enhance.
\n\nThis past holiday season saw a dramatic rise in SMS phishing (smishing) messages, specifically targeting people pretending to be the USPS. Almost everyone in the United States received one of these messages using a kit sold by the ‘Smishing Triad’. While many of us knew these were scams many more did not, including someone close to me.
\n\nI knew I had to do something about it once I started receiving these texts myself. With my focus in web application testing, I immediately took interest in these smishing kits and how I could exploit them. After a thorough review, some collaboration with other researchers, and a little reverse engineering I was able to find two vulnerabilities in the scammer’s kits allowing me to login to the admin panels.
\n\nUsing this I have been able to recover over 390k distinct credit cards that the scammers had gathered using over 40 admin panels and well over 900 unique domains. Along with this was info on the scammers themselves like login IPs, usernames, and some cracked passwords they use.
\n\nThis talk will cover the technical details of how I reverse engineered this kit, found these vulnerabilities, and collected the victim and admin data for each of these sites.
\n\nMy Blog:
\n\n\n\nSpeakerBio: S1nn3rS1nn3r is a recent college graduate. He holds the OSCP, GCIH, eCPPT, Sec+, and some more alphabet soup. He has interned with multiple DoD agencies and now will work in the private sector doing red teaming. During his internships he has worked in exploit development, red teaming, and threat analysis. During his time at school, he has been elected president of the Cybersecurity Club, led multiple CTF teams, organized CTFs, discovered a CVE, and has been awarded over $10k from bug bounty programs.
\n\n\n\'',NULL,614444),('3_Saturday','11','10:30','11:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Smishing Smackdown: Unraveling the Threads of USPS Smishing and Fighting Back\'','\'S1nn3r\'','DC_244b9c91f7125251601e4f40cd04745d','\'\'',NULL,614445),('3_Saturday','11','11:00','11:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'SHIM me what you got - Manipulating Shim and Office for Code Injection\'','\'Ron Ben-Yizhak,David Shandalov\'','DC_21906409011b2e7c7b87c931b99ad4fb','\'Title: SHIM me what you got - Manipulating Shim and Office for Code InjectionThis talk brings back from the dead an attack surface that security vendors believed they had addressed a long time ago.
\n\nWe will introduce a novel and stealthy technique to apply malicious shims on a process that does not require registry modification or SDB files and leaves no traces on the disk.
\n\nThe reverse engineering of the shim infrastructure will be shown while focusing on undocumented API and the kernel driver of the infrastructure.
\n\nThe various operations offered by the infrastructure will be analyzed from an offensive point of view, and the course we took to achieve this unique technique will be presented.
\n\nIn addition, we will unveil an attack surface research that resulted in a noteworthy attack that manipulates 2 different OS components into performing DLL injection and privilege escalation.
\n\nResearching the undocumented RPC interfaces of the service OfficeClickToRun.exe uncovered a method that can inject a DLL into another process running as “NT AUTHORITY\\SYSTEM”, which achieves privilege escalation. For this to work, specific conditions had to be met.
\n\nThe conditions we tailored will be displayed as we abuse the Opportunistic Lock and App Compatibility (shim) mechanisms.
\n\n\n\nSpeakers:Ron Ben-Yizhak,David ShandalovRon Ben-Yizhak is a security researcher at Deep Instinct.
\n\nHe is responsible for research of malware campaigns, attack surfaces and vectors and evasion techniques.
\n\nHis findings are used for developing new analysis, detection, and mitigation capabilities.
\n\nRon joined Deep Instinct in 2019 after serving as a security researcher and forensics specialist in one of the IDF\'s elite cyber units.
\n\nSpeakerBio: David Shandalov, Security Researcher at Deep InstinctDavid Shandalov works as a security researcher at Deep Instinct.
\n\nHis role involves researching and identifying new cyber threats and vulnerabilities, and developing tools for threat detection and analysis.
\n\nDavid began his journey in cybersecurity as a Malware Researcher at Checkpoint and, prior to that, served in the IDF\'s intelligence corps.
\n\nOutside of research, David enjoys flying and is currently working on obtaining his Private Pilot License.
\n\n\n\'',NULL,614446),('3_Saturday','11','11:00','11:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'The Rise and Fall of Binary Exploitation\'','\'Stephen Sims\'','DC_1329e4c1881c8c23d4e4c449ac112c90','\'Title: The Rise and Fall of Binary ExploitationFor the past 20+ years binary exploitation has been seen as the ultimate challenge and prize, when exploiting large applications and operating systems. During this period, the question of \"How much longer will we be able to do this?\" has been asked countless times, and with good reason. Memory safety and corruption issues with low-level languages have been an enormous challenge for OS and application developers. There are certainly efforts to move to \"safer\" languages such as Rust, but those languages need to mature a bit longer before they\'re able to stand up to the capabilities of a language like C++.
\n\nThanks to exploit mitigations and memory protections, a large number of these vulnerabilities are not exploitable. There are the mature mitigations, such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR), and then newer ones such as Control-flow Enforcement Technology (CET) and Virtualization Based Security (VBS). A large number of these mitigations are not enabled by default on the Windows OS, due to the fact that many need to be tested to ensure they do not break production applications. In this presentation, we will take a technical dive into the state of binary exploitation and the effectiveness of the many available mitigations, by looking at the way they\'re enforced.
\n\nSpeakerBio: Stephen Sims, Fellow Instructor at SANS InstituteStephen Sims is an experienced vulnerability researcher and exploit developer, having discovered and privately disclosed many vulnerabilities affecting well-known browsers and OS kernels. He is co-author of the popular Gray Hat Hacking book series through McGraw-Hill, now in its 6th edition. He is a Fellow Instructor with the SANS Institute and author of some of their most advanced content covering exploit development and other offensive operations and security related topics. Stephen also runs the Off By One Security channel on YouTube, where he teaches offensive-related material, bringing on a wide variety of experts on to provide free training to the community.
\n\n\n\'',NULL,614447),('3_Saturday','11','11:30','12:15','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'QuickShell: Sharing is caring about an RCE attack chain on Quick Share\'','\'Or Yair,Shmuel Cohen\'','DC_a74826f34bf9727bfc2aeafa7d589184','\'Title: QuickShell: Sharing is caring about an RCE attack chain on Quick ShareQuick Share (formerly Nearby Share) has enabled file sharing on Android for 4 years and expanded to Windows a year ago.
\n\nGoogle\'s promotion of Quick Share for preinstallation on Windows, alongside the limited recent research, ignited our curiosity about its safety, leading to an investigation that uncovered more than we had imagined.
\n\nWe studied its Protobuf-based protocol using hooks, built tools to communicate with Quick Share devices, and a fuzzer that found non-exploitable crashes in the Windows app. We then diverted to search for logical vulnerabilities, and boy oh boy, we regretted we hadn’t done it sooner.
\n\nWe found 10 vulnerabilities both in Windows & Android allowing us to remotely write files into devices without approval, force the Windows app to crash in additional ways, redirect its traffic to our WiFi AP, traverse paths to the user’s folder, and more. However, we desired the holy grail, an RCE. Thus, we returned to the drawing board, where we realized that the RCE is already in our possession in a form of a complex chain.
\n\nIn this talk, we’ll introduce QuickShell - An RCE attack chain on Windows combining 5 out of 10 vulnerabilities in Quick Share. We’ll provide an overview about Quick Share’s protocol, present our fuzzer, the found vulnerabilities, a new HTTPS MITM technique, and finally the RCE chain.
\n\n\n\nSpeakers:Or Yair,Shmuel CohenOr Yair is a security research professional with six years of experience, currently serving as the Security Research Team Lead at SafeBreach. His primary focus lies in vulnerabilities in the Windows operating system’s components, though his past work also included research of Linux kernel components and some Android components. Or has already presented his vulnerability and security research discoveries internationally at conferences he spoke at such as Black Hat USA 2023, Black Hat Asia 2024, Black Hat Europe 2022, SecTor 2023, RSAC 2023, Security Fest 2023, CONFidence 2023 & 2024 and more
\n\nSpeakerBio: Shmuel Cohen, Senior Security Researcher at SafeBreachShmuel Cohen is a cybersecurity professional, who has a diverse background. After he pursued a Bachelor of Science degree in Computer Science, he had the privilege of working at CheckPoint, where he spent 1.5 years developing software and another 1.5 years working as a malware security researcher. As his interest grew in vulnerability research, he decided to join SafeBreach, where he has been able to focus his energies on exploring and addressing vulnerabilities in cybersecurity. Shmuel has previously spoken at BlackHat USA 2023, twice at Black Hat Asia 2024, and twice at CONFidence 2024.
\n\n\n\'',NULL,614448),('3_Saturday','12','11:30','12:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 2','\'QuickShell: Sharing is caring about an RCE attack chain on Quick Share\'','\'Or Yair,Shmuel Cohen\'','DC_a74826f34bf9727bfc2aeafa7d589184','\'\'',NULL,614449),('3_Saturday','11','11:30','12:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Sudos and Sudon’ts - Peering inside Sudo for Windows\'','\'Michael \"mtu\" Torres\'','DC_b498e51c046b15de98f9b3c2e6953749','\'Title: Sudos and Sudon’ts - Peering inside Sudo for WindowsIn February 2024, Microsoft announced the release of Sudo for Windows for Windows 11 Insider Preview[1]. Like the Unix sudo utility, it provides a method for users to run commands with elevated permissions. This talk will share the results of an analysis of Sudo for Windows, starting with a summary of the information provided by Microsoft. From there, we will explore the architecture used to coordinate the elevation of the specified process, the ALPC service used to communicate between elevated and non-elevated processes, how Rust interoperates with Windows APIs, and the path resolution process for files and relative paths. As part of that journey, we will discuss a few discovered security issues.
\n\nThis presentation will be valuable to anyone with an interest in Windows reverse engineering or Rust memory safety. A conceptual understanding of Windows Inter-Process Communication (IPC) and heap allocation may make parts of the talk more approachable, but the main ideas will be accessible to anyone with a high-level understanding of process memory layout (stack vs heap).
\n\n\n\nSpeakerBio: Michael \"mtu\" Torres, Senior Security Engineer, Network Infrastructure Security at Googlemtu, otherwise known as Michael Torres, is a Senior Security Engineer in the Network Infrastructure Security team at Google, where his primary focus is on Operational Technology systems. Michael is also a Staff Sergeant in the United States Marine Corps Reserve, where he has been responsible for planning and conducting both offensive and defensive cyber operations. He is passionate about sharing knowledge to benefit others, and is an active volunteer for VetSec (veteransec.org), a charity focused on helping military veterans have successful careers in cybersecurity.
\n\n\n\'',NULL,614450),('3_Saturday','12','11:30','12:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Sudos and Sudon’ts - Peering inside Sudo for Windows\'','\'Michael \"mtu\" Torres\'','DC_b498e51c046b15de98f9b3c2e6953749','\'\'',NULL,614451),('4_Sunday','11','11:00','11:45','N','DC','LVCC West/Floor 3/W322-W327','\'Deception & Counter Deception – Defending Yourself in a World Full of Lies\'','\'Tom \"Decius\" Cross,Greg Conti\'','DC_f7843c4d83aaa7f1a44b1bdc77d1fbe3','\'Title: Deception & Counter Deception – Defending Yourself in a World Full of LiesThe Internet was supposed to give us access to the world\'s information, so that people, everywhere, would be able to know the truth. But that’s not how things worked out. Instead, we have a digital deception engine of global proportions. Nothing that comes through the screen can be trusted, and even the things that are technically true have been selected, massaged, and amplified in support of someone’s messaging strategy.
\n\nDeception isn’t just about narratives - we see deception at every layer of the network stack, from spoofed electromagnetic signatures, to false flags in malware, to phony personas used to access networks and spread influence. They hide in our blindspots, exploit our biases, and fill our egos while manipulating our perceptions.
\n\nHow do we decide what is real? This talk examines time-tested maxims that teach the craft of effective deception, and then inverts those offensive principles to provide defensive strategies. We’ll explore ways to counter biases, triangulate information sources, detect narratives, and how hackers can build tools that can change the game.
\n\nAt their best, hackers lift their heads up above the masses to see how the world actually works, not how it purports to work, and then take action to make the world a better place. You’ll leave this talk with practical skills to do just that.
\n\nSpeakers:Tom \"Decius\" Cross,Greg ContiTom Cross (aka Decius) is a security researcher known for delivering late night rants at hacker cons. In the early 1990’s, he ran BBSs and listservs for the hacker community in the southeast US. He attended the first Defcon in 1993. He is a Principal at Kopidion, and creator of FeedSeer, a news reader for Mastodon. Past security industry roles include cofounder and CTO of Drawbridge Networks, Research Director at Lancope, and Manager of IBM X-Force Advanced Research. He has spoken at numerous conferences, including Black Hat, DEF CON, Phreaknic, HOPE, and B-Sides. He has a BSCMPE from Georgia Tech.
\n\nSpeakerBio: Greg Conti, Principal at KopidionGreg Conti is a hacker, maker, and computer scientist. He is Principal at Kopidion, a cyber security training and professional services firm. Greg is a long-time Black Hat trainer where he co-created the Information Operations course. He will also be teaching a new course on Adversarial Thinking at DEF CON Training this year. Formerly he served on the West Point faculty for 16 years and has published approximately 100 articles and papers covering hacking, online privacy, usable security, cyber conflict, and security visualization. Greg is a graduate of West Point, Johns Hopkins, and Georgia Tech
\n\n\n\'',NULL,614452),('3_Saturday','12','12:00','12:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Disenshittify or die! How hackers can seize the means of computation and build a new, good internet that is hardened against our asshole bosses\' insatiable horniness for enshittification.\'','\'Cory Doctorow\'','DC_76263bdd5b1edfa52a9d9a7b704a6f18','\'Title: Disenshittify or die! How hackers can seize the means of computation and build a new, good internet that is hardened against our asshole bosses\' insatiable horniness for enshittification.The enshittification of the internet wasn\'t inevitable. The old, good internet gave way to the enshitternet because we let our bosses enshittify it. We took away the constraints of competition, regulation, interop and tech worker power, and so when our bosses yanked on the big enshittification lever in the c-suite, it started to budge further and further, toward total enshittification. A new, good internet is possible - and necessary - and it needs you.
\n\nSpeakerBio: Cory Doctorow, AuthorCory Doctorow is a science fiction author, activist and journalist. He is the author of many books, most recently THE BEZZLE and THE LOST CAUSE. In 2020, he was inducted into the Canadian Science Fiction and Fantasy Hall of Fame.
\n\n\n\'',NULL,614453),('3_Saturday','12','12:00','12:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Grand Theft Actions: Abusing Self-Hosted GitHub Runners at Scale\'','\'Adnan Khan,John Stawinski\'','DC_dc75470554598040b690857e6e71d44c','\'Title: Grand Theft Actions: Abusing Self-Hosted GitHub Runners at ScaleGitHub Actions is quickly becoming the de facto CI/CD provider for open-source projects, startups, and enterprises. At the same time, GitHub’s security model is full of insecure defaults. This makes it easy for their customers to expose themselves to critical attacks from the public internet. The end result? A systemic vulnerability class that won’t go away.
\n\nDuring our research, we identified GitHub Actions misconfigurations at scale that would allow threat actors to backdoor major open-source projects. An example of this is our attack on PyTorch, a prominent ML framework used by companies and researchers around the world.
\n\nThrough this attack, we could contribute code directly to the main branch of the PyTorch repository, upload malicious releases, backdoor other PyTorch projects, and more. These attacks began by compromising self-hosted runners, which are machines that execute jobs in a GitHub Actions workflow. From there, we leveraged misconfigurations and GitHub “features” to elevate our privileges within GitHub Actions workflows.
\n\nOur research campaign included dozens of reports, over $250,000 in bug bounties, and endless war stories. Tune in for a deep dive into the TTPs that allow turning a trivial runner compromise into a full supply chain attack.
\n\n\n\nSpeakers:Adnan Khan,John StawinskiAdnan is a Red Team Security Engineer and researcher who has recently been focusing on supply chain and CI/CD attacks. He has identified, demonstrated, and reported vulnerabilities impacting GitHub repositories belonging to organizations like Microsoft, Nvidia, GitHub, Google, and more. Additionally, he has spoken at conferences such as ShmooCon 2023 and BSides SF 2023 on the topic of GitHub Actions security.
\n\nSpeakerBio: John StawinskiJohn is an offensive security engineer, vulnerability researcher, and writer, specializing in Red Team operations and CICD security. John established himself as a member of the broader security community in 2023 through a series of CI/CD attacks on prominent open-source repositories. Embracing a nomadic lifestyle, John thrives on adventure sports and welcomes new experiences.
\n\n\n\'',NULL,614454),('3_Saturday','12','12:30','13:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'AMD Sinkclose: Universal Ring -2 Privilege Escalation\'','\'Enrique Nissim,Krzysztof Okupski\'','DC_34679954dfd1116f61631f7292f3406b','\'Title: AMD Sinkclose: Universal Ring -2 Privilege EscalationSystem Management Mode (SMM) is one of the most powerful execution modes in the x86 architecture and code at this level is invisible to the Hypervisor and OS-level protections, including anti-cheat engines and anti-virus systems. While the BIOS ecosystem\'s complexity has led to a multitude of vulnerabilities in firmware over time, vendors are now making strides in delivering patches with greater speed and efficiency. Unfortunately, these efforts are not enough in the presence of a CPU vulnerability.
\n\nWhen researching the AMD processor, our team noticed a flaw in one of the critical components required for securing SMM. This silicon-level issue appears to have remained undetected for nearly two decades.
\n\nThis presentation starts by providing an introduction to SMM and the security mechanisms that the AMD processor provides to support it. Subsequently, it delves into the CPU design flaw and the complete methodology and engineering used to create a universal ring -2 privilege escalation exploit.
\n\nSpeakers:Enrique Nissim,Krzysztof OkupskiEnrique Nissim is a security engineer with over a decade of professional experience working on vulnerability research. As a Principal Security Consultant at IOActive, he is mainly involved in projects requiring a deep understanding of operating systems, CPU architectures, embedded firmware and software development. Over his career, Enrique has delivered multiple presentations at several leading events including Black Hat USA, CansecWest, Ekoparty, ZeroNights and Hardwear.io.
\n\nSpeakerBio: Krzysztof Okupski, Associate Principal Security Consultant at IOActiveKrzysztof Okupski is an Associate Principal Security Consultant with IOActive where he specialises in embedded security. While he enjoys hacking various targets, he is particularly interested in the nitty-gritty details of platform security where small misconfigurations can lead to critical issues.
\n\n\n\'',NULL,614455),('3_Saturday','13','12:30','13:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'AMD Sinkclose: Universal Ring -2 Privilege Escalation\'','\'Enrique Nissim,Krzysztof Okupski\'','DC_34679954dfd1116f61631f7292f3406b','\'\'',NULL,614456),('3_Saturday','12','12:30','13:15','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'The Secret Life of a Rogue Device - Lost IT Assets on the Public Marketplace\'','\'Matthew \"mandatory\" Bryant\'','DC_894bc17bc472a8229052dd12f78194fb','\'Title: The Secret Life of a Rogue Device - Lost IT Assets on the Public MarketplaceAn ex-employee\'s work laptop, a secret hardware prototype, the company backup server, and classified government computers. What do these things have in common? They should never end up on the public market. Ask any IT department and they\'ll tell you that \"it happens\", but how serious is the problem and what\'s really at stake? This talk explores the interesting journey of a research project to learn the surprising answers to these questions.
\n\nAlong the way we\'ll scrape over 150 million images from online listings in Western and Eastern second hand markets, hack together an OCR cluster out of old iPhones, reverse engineer well-obfuscated Chinese apps, and converse with secretive underground groups of collectors.
\n\nSpeakerBio: Matthew \"mandatory\" Bryant, Red Team Lead at Snapchatmandatory (Mathew Bryant) is a passionate hacker currently leading the red team effort at Snapchat. In his personal time he’s published a variety of tools such as XSS Hunter, CursedChrome, and tarnish. His security research has been recognized in publications such as Forbes, The Washington Post, CBS News, Techcrunch, and The Huffington Post. He has previously presented at DEF CON, Blackhat, RSA, Kiwicon, Derbycon, and Grrcon. Previous gigs include Google, Uber, and Bishop Fox.
\n\n\n\'',NULL,614457),('3_Saturday','13','12:30','13:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 2','\'The Secret Life of a Rogue Device - Lost IT Assets on the Public Marketplace\'','\'Matthew \"mandatory\" Bryant\'','DC_894bc17bc472a8229052dd12f78194fb','\'\'',NULL,614458),('3_Saturday','13','13:00','13:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Fireside Chat with Jay Healey and National Cyber Director Harry Coker, Jr.\'','\'Harry Coker Jr.,Jay Healey\'','DC_cef259a7d2d3a2280b768f9c05c10318','\'Title: Fireside Chat with Jay Healey and National Cyber Director Harry Coker, Jr.The world increasingly appreciates how much we rely on space systems for our personal, economic, and national security needs. However, the nation-state cyber threat to government and commercial systems continues to grow at a time when the current landscape of cybersecurity policies and frameworks aren’t readily applicable for space systems.
\n\nIn this fireside chat, ONCD will have the opportunity to introduce our 2nd National Cyber Director to the research community and discuss some of his priorities, such as space cybersecurity. We will discuss how the White House has been working to tackle hard problems and challenges. In the instance of space cybersecurity, ONCD has been collaborating with federal space operators and the space industry to develop policy solutions, including by answering a tasking from the Vice President to develop minimum cybersecurity requirements for U.S. space systems.
\n\nSpeakers:Harry Coker Jr.,Jay HealeyHarry Coker, Jr. was confirmed by the Senate on December 12, 2023 as the second National Cyber Director in the White House Office of the National Cyber Director. Director Coker is a retired Central Intelligence Agency (CIA) senior executive and career Naval Officer, is a graduate of the US Naval Academy, the Naval Postgraduate School, and Georgetown University Law Center.
\n\nPreviously, Coker served as Executive Director of the National Security Agency (NSACoker’s service to the Nation and NSA was recognized with the awarding of the National Intelligence Distinguished Service Medal, the NSA Director’s Distinguished Service Medal, and the IC EEOD Outstanding Leadership Award.
\n\nDuring the first seventeen years of his service with the CIA, Coker was assigned to leadership positions in the Directorate of Digital Innovation; the Directorate of Science & Technology; and the Director’s Area. Key assignments included service as Director of the Open Source Enterprise, which is responsible for leveraging publicly available information; and as Deputy Director of CIA’s Office of Public Affairs. Coker’s leadership and contributions earned him the Presidential Rank Award and CIA’s prestigious Don Cryer Award for Diversity & Inclusion.
\n\nSpeakerBio: Jay HealeyIn 2018, a secure communications app called Anom started to gain popularity among organized criminals. Soon, top tier drug traffickers were using it all over the world. Because they thought their messages were secure, smugglers and hitmen coordinated high stakes crimes across the platform. But Anom had a secret: it was secretly run by the FBI.
\n\nFor years Joseph Cox has investigated the inside story of Anom, speaking to people who coded the app, those who sold it, criminals who chatted across it, and the FBI agents who surreptitiously managed it. This new talk, building on details from his recent book DARK WIRE, will include never-before-published technical details on how the Anom network functioned, how the backdoor itself worked, and how Anom grew to such a size that the FBI started to lose control of its own creation.
\n\nIt will also reflect on how police have entered a new phase of compromising entire encrypted phone networks, with little to no debate from the public, and provide critical insight on what really happens when authorities introduce a backdoor into a telecommunications product.
\n\nDARK WIRE: The Incredible True Story of the Largest Sting Operation Ever, June 4th, 2024: link
\n\nSpeakerBio: Joseph Cox, Co-Founder at 404 MediaJoseph Cox is an investigative journalist and author of DARK WIRE, the inside story of how the FBI secretly ran its own encrypted phone company called Anom to wiretap the world. He produced a series of exclusive articles on Anom for VICE’s Motherboard, and is now a co-founder of 404 Media.
\n\n\n\'',NULL,614460),('3_Saturday','13','13:00','13:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'OH-MY-DC: Abusing OIDC all the way to your cloud\'','\'Aviad Hahami\'','DC_1c3933da1c6e1214e2ba9a46dd172dd0','\'Title: OH-MY-DC: Abusing OIDC all the way to your cloudAs DevOps and developers are slowly shifting away from storing long-lived static credentials to the more secure, still kinda-new, OIDC alternative - the underlying logic, mechanisms and implementations tend to feel like complicated magic and are mostly overlooked.
\n\nIn this talk, we\'ll begin by recapping what OIDC is, who are the interacting entities when OIDC is used, and how OIDC is taking place to securely access one\'s cloud using CI/CD flows.
\n\nOnce covered, we will be able to alternate our point-of-view between the entities in play and demonstrate potential vulnerabilities in various setups.
\n\nStarting with the user PoV, we will show what \"under-configurations\" look like, and continue by demonstrating how new OIDC configuration options can actually be misconfigurations that can result with a compromise.
\n\nWe will then see another attack vector where leaking an OIDC token from a single repository in an organization can allow an attacker to abuse under-configurations and access private clouds.
\n\nAfter that, we will shift our PoV to be of the Identity Provider (IdP) so that we can look into what happens if an IdP is misconfigured, and disclose a real-world security vulnerability found in one of the most popular CI vendors that allowed us to access any of their customers\' cloud environments.
\n\nI\'ll refer to this talk by the Tinder Security team link where they show how they could \"claim\" in the name of other identities due to under-configured WIFs.
\n\nSpeakerBio: Aviad Hahami, Palo Alto NetworksSecurity researcher and experienced software engineer with a great passion for algorithms (graph-theory specifically), security research (vulnerability research, bug bounties), chaos engineering (YES!), frontends, backends, web services, systems architecture, infras, clouds(making them rain), and more :)
\n\nToday, researching at Palo Alto Networks.
\n\nOh yea I also DJ
\n\n\n\'',NULL,614461),('3_Saturday','13','13:30','14:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Behind Enemy Lines: Engaging and Disrupting Ransomware Web Panels\'','\'Vangelis Stykas\'','DC_3afd6453b6c90ac9ac7665d453f8019a','\'Title: Behind Enemy Lines: Engaging and Disrupting Ransomware Web PanelsRansomware groups have become notably proficient at wreaking havoc across various sectors , but we can turn the tables. However, a less explored avenue in the fight against these digital adversaries lies in the proactive offense against their web panels. In this presentation, I will delve into the strategies and methodologies for infiltrating and commandeering the web panels used by ransomware groups to manage their malicious operations or the APIs used during their initial exfiltration of data.
\n\nI will demonstrate how to leverage these vulnerabilities to gain unauthorized access to the ransomware groups\' web panels. This access not only disrupts their operations but also opens a window to gather intelligence and potentially identify the operators behind those APTs. Let’s explore the frontiers of cyber offense, targeting the very command and control (C2) centers ransomware groups rely on, turning the tables in our ongoing battle against cyber threats,it’s our turn to wreak havoc.
\n\n\n\nSpeakerBio: Vangelis Stykas, Chief Technology Officer at AtroposVangelis began as a developer from Greece. Six years ago he realized that only his dog didn’t have an API, so he decided to steer his focus towards security.
\n\nThat led him to pursue a PhD in Web Application Security with an extra focus on machine learning. He’s still actively pursuing it.
\n\nHe currently applies his skills as a Chief Technology Officer at Atropos, and during his free time, Vangelis is helping start-ups secure themselves on the internet and get a leg up in security terms.
\n\nHis love of a simplistic approach to hacking by exploiting vulnerable APIs led him to publish research regarding API controlling ships, smart locks, IP cameras, car alarms, EV chargers, and many other IoT devices. Since our lives are nowadays extremely cyber-dependent, his goal is to convince all companies to never neglect their API security as rush-to-market mentality is almost certain to lead to catastrophic security failure.
\n\n\n\'',NULL,614462),('3_Saturday','14','13:30','14:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Behind Enemy Lines: Engaging and Disrupting Ransomware Web Panels\'','\'Vangelis Stykas\'','DC_3afd6453b6c90ac9ac7665d453f8019a','\'\'',NULL,614463),('3_Saturday','13','13:30','14:15','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'NTLM - The Last Ride\'','\'Jim Rush,Tomais Williamson\'','DC_bb889a2d33a9ae1f70c2816f1341d362','\'Title: NTLM - The Last RideMicrosoft is planning to kill off NTLM (New Technology Lan Manager) authentication in Windows 11 and above. Let\'s speedrun coercing hashes out of a few more things before it fades into obscurity over the next twenty five years or so.
\n\nThere will be a deep dive on several new bugs we disclosed to Microsoft (including bypassing a fix to an existing CVE), some interesting and useful techniques, combining techniques from multiple bug classes resulting in some unexpected discoveries and some absolutely cooked bugs. We’ll also uncover some defaults that simply shouldn\'t exist in sensible libraries or applications as well as some glaring gaps in some of the Microsoft NTLM related security controls.
\n\nI\'m a former software developer who has somehow ended up hacking things for a living, which is infinitely more fun as most of you know. I\'m an active security researcher with several CVEs, including Blackboard, Moodle, Nuget, MS-Office and Kramer products.
\n\nSpeakerBio: Tomais WilliamsonI\'m an enthusiastic hacker who enjoys CTFs and have competed at an international level in the ICC CTF as well as being part of the CursedCTF 2024 winning team. I\'m also an active security researcher with a bunch of CVEs and countless other bugs for a bunch of \'solved problems\' in security.
\n\n\n\'',NULL,614464),('3_Saturday','14','13:30','14:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 2','\'NTLM - The Last Ride\'','\'Jim Rush,Tomais Williamson\'','DC_bb889a2d33a9ae1f70c2816f1341d362','\'\'',NULL,614465),('3_Saturday','14','14:00','14:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Discovering and exploiting local attacks against the 1Password MacOS desktop application\'','\'Jeffrey Hofmann,Colby Morgan\'','DC_037c1a8e30f8f19790a753879e2ef8fc','\'Title: Discovering and exploiting local attacks against the 1Password MacOS desktop applicationPassword managers are routinely granted a massive level of trust from users, by nature of managing some of their most sensitive credentials. For any noteworthy password manager, the encryption standards for user data are well understood and highly scrutinized. What is less understood is the attack surface of the software itself. This presentation explores the local security of the 1Password MacOS desktop application and answers the question of “how safe are my passwords if my computer is infected or otherwise compromised?”.
\n\nThis talk will cover the outcome of our research into 1Password, presenting several different attacks to dump local 1Password vaults. This includes describing multiple application vulnerabilities and security weaknesses we identified in the 1Password MacOS desktop application, as well as discussing the inherent limitations in its usage of IPC mechanisms and open source software. Additionally, we will discuss novel vulnerabilities found in Google Chrome that aided our exploitation of the 1Password browser extension.
\n\nDarthNull’s work around decrypting 1Password vaults: link
\n\nSpeakers:Jeffrey Hofmann,Colby MorganJeffrey Hofmann is a Senior Offensive Security Engineer with a history of vulnerability research and exploit development. He recreated NSO’s 0 click iOS exploit FORCEDENTRY and discovered pre-auth RCEs in the MDM KACE SMA.
\n\nSpeakerBio: Colby Morgan, Leads, Pentest Team at RobinhoodColby Morgan is a Staff Offensive Security Engineer with extensive application and infrastructure security experience. Colby currently leads the pentest team at Robinhood.
\n\n\n\'',NULL,614466),('2_Friday','16','16:00','16:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Eradicating Hepatitis C With BioTerrorism\'','\'Mixæl Swan Laufer\'','DC_a72dc63cd909f96cfb7967bb65b9ddd0','\'Title: Eradicating Hepatitis C With BioTerrorismA quarter of a million people die from Hepatitis C every year. Fifty million people are currently infected, and a million more are infected each year. But for the first time in history there is a cure (not just a treatment) for a virus, and it is for Hepatitis C. Take one 400mg pill of Sofosbuvir every day for twelve weeks, and you will be free of the virus. The catch? Those pills are one thousand US dollars apiece because the molecule is the \"Intellectual Property\" of Gilead Pharmaceuticals, and they refuse to share. So if you have $84,000 USD, Hep C is not your problem. But for everyone else, The Four Thieves Vinegar Collective has developed a way to make the entire course of treatment for $300 USD. This methodology also applies to other diseases. Like any science, the method of manufacture of drugs can be replicated, and we are going to give you all the necessary tools and show you the process top-to-bottom. Watch it happen live, participate, and learn to do it yourself: Use our digital research assistant to help you navigate the scientific literature, feed your medicine of choice into ChemHacktica to get a chemical synthesis pathway, put that procedure into the Recipe Press to generate code for the new version of the MicroLab to run, and watch the medicine form in the reaction chamber. Finally come on stage, press some tablets, and make your own thousand-dollar pill for four dollars in materials. The feds say saving a life this way is bioterrorism. We say: So Be It.
\n\nSpeakerBio: Mixæl Swan Laufer, Chief Spokesperson at Four Thieves Vinegar CollectiveMixæl Swan Laufer worked in mathematics and high energy physics until he decided to use his background in science to tackle problems of global health and human rights. He now is the chief spokesperson for the Four Thieves Vinegar Collective which works to make it possible for people to manufacture their own medications and medical devices at home by creating public access to tools, ideas, and information.
\n\n\n\'',NULL,614467),('3_Saturday','14','14:00','14:45','N','DC','LVCC West/Floor 3/W322-W327','\'Hacking Millions of Modems (and Investigating Who Hacked My Modem)\'','\'Sam Curry\'','DC_7d87419500443120cc41986cd1df8584','\'Title: Hacking Millions of Modems (and Investigating Who Hacked My Modem)On December 25th, 2021, I discovered that my modem had been hacked after a strange IP address replayed my traffic. I began researching who they were, how it happened, and eventually discovered a vulnerability which allowed me to passively monitor, change configurations, and execute commands on millions of devices. This talk details 3 years of intermittent web research on ISP security and how broadband equipment is becoming scarily centralized.
\n\nSam Curry is a web security researcher, bug bounty hunter, and the founder of Palisade, a security consultancy.
\n\n\n\'',NULL,614468),('3_Saturday','14','14:30','15:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'ACE up the Sleeve: From getting JTAG on the iPhone 15 to hacking into Apple\'s new USB-C Controller\'','\'Thomas \"stacksmashing\" Roth\'','DC_76b8d1f937998f4e0091af63e0b59412','\'Title: ACE up the Sleeve: From getting JTAG on the iPhone 15 to hacking into Apple\'s new USB-C ControllerWith the iPhone 15 & iPhone 15 Pro Apple switched their iPhone to USB-C - and introduced a new proprietary USB-C controller: The ACE3.
\n\nBut the ACE3 does more than just handle USB power delivery: It\'s a full microcontroller running a full USB stack connected to some of the internal busses of the device, and we even managed to access JTAG on the iPhone 15 through it. It also provides access to UART, the internal SPMI bus, etc. Previous variants of the ACE, namely the ACE2 found in MacBooks, could easily be dumped and analyzed using SWD - and even be persistently backdoored through a software vulnerability we found.
\n\nOn the ACE3 however, Apple upped their game: Firmware updates are personalized, debug interfaces seem to be disabled, and the external flash is validated and does not contain all the firmware. However using a combination of reverse-engineering, RF side-channel analysis and electro-magnetic fault-injection it was possible to gain code-execution on the ACE3 - allowing dumping of the ROM, and analysis of the functionality.
\n\nThis talk will show how to use a combination of hardware, firmware, reverse-engineering, side-channel analysis and fault-injection to gain code-execution on a completely custom chip, enabling further security research on an under-explored but security relevant part of Apple devices.
\n\nThomas Roth aka stacksmashing is a security researcher mostly focused on hardware and firmware. His work includes hardware attacks on processors, microcontrollers and cryptocurrency wallets, building cheap JTAG tooling for the iPhone, and attacking a wide variety of embedded devices. He also runs a YouTube channel called stacksmashing about security, reverse engineering and hardware hacking.
\n\n\n\'',NULL,614469),('3_Saturday','15','14:30','15:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'ACE up the Sleeve: From getting JTAG on the iPhone 15 to hacking into Apple\'s new USB-C Controller\'','\'Thomas \"stacksmashing\" Roth\'','DC_76b8d1f937998f4e0091af63e0b59412','\'\'',NULL,614470),('3_Saturday','14','14:30','15:15','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Troll Trapping Through TAS Tools - Exposing Speedrunning Cheaters\'','\'Allan \"dwangoAC\" Cecil\'','DC_5bc82e4fb885f4bd7e2a737bf2e07d53','\'Title: Troll Trapping Through TAS Tools - Exposing Speedrunning CheatersTrolls cheating in video games by passing Tool-Assisted Speedruns off as human effort break leaderboards and stifle speedrunners. Why do they do it when they could make a cool game hack or TAS to show off their work, and how do you trap these trolls? The answer is to use their own tools against them, often with popcorn bucket worthy results like taking down Guinness World Records. From a TASVideos member taking on 1980\'s Dragster cheat Todd Rogers, a passing mention of Billy Mitchell, and the TASBot team investigating Super Mario Maker shenanigans, this talk covers several notable cheating incidents and concludes with a systematic takedown of a troll that chilled the Diablo speedrunning community for more than a decade.
\n\nThis talk includes several investigations I have been a part of in some capacity and will ultimately include additional references in the coming months; I\'ve broken the references out by game, presented in Markdown format like the rest of this document:
\n\ndwangoAC (Allan Cecil) is the founder and leader of the TASBot online community and Senior Ambassador on staff of TASVideos.org. He is a published journal author, patent holder, and unflappable presenter with talks at DEF CON, GeekPwn, Thotcon, May Contain Hackers, and other hacker conferences. dwangoAC uses his combined hacking interests for good at charity events like Games Done Quick to entertain viewers with never-before-seen glitches in games, with event content he\'s led raising more than $1.5m for various charities.
\n\n\n\'',NULL,614471),('3_Saturday','15','14:30','15:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Troll Trapping Through TAS Tools - Exposing Speedrunning Cheaters\'','\'Allan \"dwangoAC\" Cecil\'','DC_5bc82e4fb885f4bd7e2a737bf2e07d53','\'\'',NULL,614472),('3_Saturday','15','15:00','15:45','N','DC','LVCC West/Floor 3/W322-W327','\'A Shadow Librarian in Broad Daylight: Fighting back against ever encroaching capitalism\'','\'Daniel Messer\'','DC_c46b131bf3c7247bc9635a367a154d7e','\'Title: A Shadow Librarian in Broad Daylight: Fighting back against ever encroaching capitalismThe public library is under attack. Calls for book banning are at an all time high. Some states have passed laws that hold librarians legally accountable for offering \"unacceptable\" materials to minors. But before this fire started, another one was already burning. In an era of digital content, from eBooks to streaming movies, public libraries have been forced to accept draconian terms of service at the expense of their patrons and to the benefit of corporations. Grossly inflated eBook prices and licensing, unobtainable materials that went out of print due to artificial scarcity, exorbitant fees for access to academic research; these are just a few of the myriad of ways that libraries have been forced to bow before capitalism, all because of a desire to serve the public. But we can fight back...
\n\nAnd no one says we need to fight fairly.
\n\nI’d like to tell you some real life stories of a public librarian with a quasi-legal, dark grey skillset. And I’d love to share some ideas about what you can do to help others. If I can do this, you can. And anyone can be a shadow librarian.
\n\nDan is a systems librarian and SQL hacker living in Alvaton and Louisville, Kentucky. After almost 30 years of library work, he’s cultivated a broad background in public library circulation methodology, library technology and automation, training and instruction, and library databases. A shadow librarian for ten years, he’s provided cataloguing and scanning for various shadow libraries and online digital collections. And he’s called upon his work in shadow libraries to help patrons as a traditional public librarian.
\n\nBeyond the library, he’s an author, podcaster, musician, and coder.
\n\n\n\'',NULL,614473),('3_Saturday','15','15:00','15:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Exploiting the Unexploitable: Insights from the Kibana Bug Bounty\'','\'Mikhail Shcherbakov\'','DC_f52c77323d7268fe8d9a70716f150f14','\'Title: Exploiting the Unexploitable: Insights from the Kibana Bug BountyaWe explore case studies of exploiting vulnerabilities in modern JavaScript and TypeScript applications, drawing on experiences from participating in the Kibana Bug Bounty Program. It\'s not uncommon to encounter a vulnerability that appears unexploitable at first glance, or to be told by a triage team that the behavior is \"by design.\" So, what options does a security researcher have in such situations? And what primitives can be utilized to construct an exploitation chain with significant impact?
\n\nOur study involves breaking out of properly isolated containers in scenarios where there is RCE-by-design. We will examine several Prototype Pollutions that crash an application in less than one second after exploitation and explore how these vulnerabilities can ultimately lead to critical RCEs. Furthermore, we introduce new primitives and gadgets that enable the achievement of RCE from Prototype Pollutions previously deemed unexploitable beyond DoS attacks.
\n\nBy highlighting these methods, the talk aims to equip attendees with advanced techniques for exploiting complex vulnerability chains in JavaScript applications, as well as recommendations for proper defense and mitigations against them.
\n\nMikhail Shcherbakov came to security from enterprise app development. The tendency is to push it as far as you can… He is now doing a Ph.D. in Language-Based Security after 10+ years of experience in the industry. He participated in Microsoft, GitHub, and open-source bug bounty programs, found vulnerabilities in popular products, and helped to fix them. Before starting a Ph.D. program, he focused on .NET and web security, gave talks at conferences, organized IT meetups, and got the Microsoft MVP Award in 2016 – 2018. Mikhail is an author of commercial static analysis tools and continues research in program analysis.
\n\n\n\'',NULL,614474),('3_Saturday','15','15:00','15:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Measuring the Tor Network\'','\'Silvia Puglisi,Roger Dingledine\'','DC_c71eb7ba684f8cd868dc3f4ed05d80d3','\'Title: Measuring the Tor NetworkMillions of people around the world use Tor every day to protect themselves from surveillance and censorship. While the Tor Browser and its protocol are widely known, the backbone of the Tor ecosystem, its extensive network of volunteer relays, is often subject to speculation and misinformation. The Tor Project is dedicated to supporting this network and fostering a vibrant, diverse community of relay operators.
\n\nThis talk will focus on our efforts to maintain a healthy network and community, and detect and mitigate attacks -- all with the help of metrics and analysis of usage patterns. By illustrating how we collect safe-enough metrics for an anonymity network, we will offer insights into how we identify unusual activity and other noteworthy events on the network. We will also discuss our ongoing strategies for addressing current and future network health challenges.
\n\nIf you are interested in understanding the inner workings of the Tor network and its relay community and how we keep this vital ecosystem running, this talk is for you.
\n\nSilvia Puglisi is a Systems Engineer and Privacy Researcher based in Barcelona, EU. She currently leads the network health team at the Tor Project, focusing on maintaining the stability, performance, and security of the Tor network. Silvia is also an O\'Reilly author and previously worked at Google for several years. She was part of the Information Security Group at the Department of Telematics Engineering, Universitat Politècnica de Catalunya (UPC), where she earned her Ph.D. Additionally, she has served as an adjunct professor at the Universitat Oberta de Catalunya (UOC).
\n\nSpeakerBio: Roger Dingledine, Co-Founder and Original Developer at Tor ProjectRoger Dingledine is co-founder and original developer of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online. Roger works with journalists and activists on many continents to help them understand and defend against the threats they face, and he is a lead researcher in the online anonymity field. EFF picked him for a Pioneer Award, and Foreign Policy magazine chose him as one of its top 100 global thinkers.
\n\n\n\'',NULL,614475),('3_Saturday','15','15:30','16:15','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'HookChain: A new perspective for Bypassing EDR Solutions\'','\'Helvio Carvalho Junior\'','DC_fe0d71799111c7780ee8869f1bb0b854','\'Title: HookChain: A new perspective for Bypassing EDR SolutionsIn the current digital security ecosystem, where threats evolve rapidly and with complexity, companies developing Endpoint Detection and Response (EDR) solutions are in constant search for innovations that not only keep up but also anticipate emerging attack vectors. In this context, this article introduces the HookChain, a look from another perspective at widely known techniques, which when combined, provide an additional layer of sophisticated evasion against traditional EDR systems.
\n\nThrough a precise combination of IAT Hooking techniques, dynamic SSN resolution, and indirect system calls, HookChain redirects the execution flow of Windows subsystems in a way that remains invisible to the vigilant eyes of EDRs that only act on Ntdll.dll, without requiring changes to the source code of the applications and malwares involved.
\n\nThis work not only challenges current conventions in cybersecurity but also sheds light on a promising path for future protection strategies, leveraging the understanding that continuous evolution is key to the effectiveness of digital security.
\n\nBy developing and exploring the HookChain technique, this study significantly contributes to the body of knowledge in endpoint security, stimulating the development of more robust and adaptive solutions that can effectively address the ever-changing dynamics of digital threats. This work aspires to inspire deep reflection and advancement in the research and development of security technologies that are always several steps ahead of adversaries.
\n\nSpeakerBio: Helvio Carvalho Junior, CEO at Sec4USHelvio is the CEO of Sec4US, a leading company in Cyber Security, and stands out as a renowned researcher in the field. He made history by being the first in Latin America to achieve the prestigious OSCE3 certification, a milestone that reflects his deep knowledge and technical skill. With over 23 years of experience across various segments of Information Technology, Helvio currently focuses on research in bypass techniques for Endpoint Detection and Antivirus solutions, as well as specializing in offensive information security (RedTeam). His passion for creating exploits and malware is well-known and significantly contributes to the advancement of cybersecurity.
\n\n\n\'',NULL,614476),('3_Saturday','16','15:30','16:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 2','\'HookChain: A new perspective for Bypassing EDR Solutions\'','\'Helvio Carvalho Junior\'','DC_fe0d71799111c7780ee8869f1bb0b854','\'\'',NULL,614477),('3_Saturday','15','15:30','16:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Unsaflok: Hacking millions of hotel locks\'','\'Lennert Wouters,Ian Carroll\'','DC_9c1837b5d92c176bcc16d5db9b3ed0d2','\'Title: Unsaflok: Hacking millions of hotel locksElectronic hotel locks have been in use for over three decades, and have become an integral part of the hospitality sector. Las Vegas has over 150.000 hotel rooms, many of which use an RFID based electronic lock for access control. Most hotel guests rely on these locks to safeguard personal belongings and to protect their personal safety. However, some of these long-deployed locks have never been publicly scrutinized by the research community.
\n\nThis presentation covers the discovery of vulnerabilities affecting three million dormakaba Saflok locks. The Saflok system relied on a proprietary key derivation function for its MIFARE Classic cards and a proprietary encryption algorithm for the card contents. Reverse engineering the Saflok system allowed us to forge valid keycards. After reading a single, low privilege, guest card we are able to create a pair of forged key cards that allow us to deactivate the deadbolt and open any room at the property.
\n\nWe reported these vulnerabilities to dormakaba in September of 2022, as part of this presentation we will discuss the responsible disclosure and mitigation processes. Additionally, we will demonstrate how you can determine if your own hotel room has been patched to help ensure your personal safety.
\n\nLennert Wouters is a security researcher at the Computer Security and Industrial Cryptography (COSIC) research group at the KU Leuven University in Belgium. Lennert\'s main research interests cover hardware security for embedded systems and physical attacks.
\n\nSpeakerBio: Ian Carroll, Independent Security ResearcherIan Carroll is an independent security research and founder of Seats.aero. Ian\'s main research interests involve application security, especially in the travel industry.
\n\n\n\'',NULL,614478),('3_Saturday','16','15:30','16:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Unsaflok: Hacking millions of hotel locks\'','\'Lennert Wouters,Ian Carroll\'','DC_9c1837b5d92c176bcc16d5db9b3ed0d2','\'\'',NULL,614479),('3_Saturday','16','16:00','16:20','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Compromising an Electronic Logging Device and Creating a Truck2Truck Worm\'','\'Jake Jepson,Rik Chatterjee\'','DC_88939364b8c8014b362cebf2717f79f6','\'Title: Compromising an Electronic Logging Device and Creating a Truck2Truck WormPresented by Jake Jepson and Rik Chatterjee, two Systems Engineering Master\'s students at Colorado State University, this talk delves into the critical security implications within the trucking industry, particularly focusing on Electronic Logging Devices (ELDs). These devices, integral to compliance with Hours of Service regulations, present unique cyber-physical threats due to their networked nature and lack of standardized security protocols.
\n\nThe presentation will walk through examining potential remote exploits via wireless ELD compromise, leading to cyber physical control payloads and even wormable scenarios. Key vulnerabilities identified include insecure defaults and poor security practices shown on a commercially available ELD. These vulnerabilities not only expose truck networks to potential unauthorized control but also highlight systemic issues in device certification and security oversight.
\n\nThe talk will cover their journey from acquiring and reverse engineering ELDs, discovering their common architectures and weaknesses, to demonstrating proof of concept attacks that underline the urgent need for industry-wide security reforms. Notably, Jepson will discuss his first CVE, detailing the coordinated disclosure process and subsequent manufacturer response.
\n\nThis session is semi-technical, ideal for cybersecurity professionals and amateurs alike, interested in vehicle network protocols, and embedded systems security. Prior knowledge of network protocols such as CAN and J1939, along with an understanding of firmware reverse engineering, will enhance the learning experience, but is not required. Tools and techniques used include network scanners, reverse engineering platforms like Ghidra, and various wireless communication methods.
\n\nBy attending this presentation, participants will not only understand the specific security flaws affecting heavy vehicles but also appreciate the broader implications for embedded systems security in transportation. This talk is a call to action for improving security practices and regulatory standards in an increasingly interconnected world.
\n\nCurrently, Jake serves as a graduate research assistant in the Department of Systems Engineering, working under the guidance of Dr. Jeremy Daily. His role involves collaborating with a team of skilled professionals to conduct research on cybersecurity and digital forensics within the heavy vehicle industry. Jake\'s academic journey has emphasized the significance of pursuing a career he is passionate about, and this position has further solidified his love for collaborative problem-solving.
\n\nSpeakerBio: Rik Chatterjee, Graduate Research Assistant, Department of Systems Engineering at Colorado State UniversityCurrently, Rik serves as a graduate research assistant in the Department of Systems Engineering at Colorado State University, working under Dr. Jeremy Daily. His role involves research on security of protocol implementations and cybersecurity in the domain of commercial heavy and medium duty vehicles. Driven by a passion for securing embedded systems, Rik\'s work emphasizes the importance of robust security measures in protecting critical transportation infrastructure against emerging cyber threats.
\n\n\n\'',NULL,614480),('3_Saturday','16','16:00','16:45','N','DC','LVCC West/Floor 3/W322-W327','\'Encrypted newspaper ads in the 19th century - The world\'s first worldwide secure communication system\'','\'Elonka Dunin,Klaus Schmeh\'','DC_2494f6b5f8bbe27052940781bddc3e9f','\'Title: Encrypted newspaper ads in the 19th century - The world\'s first worldwide secure communication systemBetween 1850 and 1855, the London-based newspaper The Times published over 50 encrypted advertisements apparently intended for the same recipient. As we know today, the ads in that series were meant for the sea captain Richard Collinson, who at the time was on a mission in the Canadian Arctic trying to solve a captivating mystery: What happened to the lost John Franklin expedition? While Collinson never reached his goal, he established a secure worldwide communication system, which was unique for its time.
\n\nBefore his departure, Collinson\'s family was taught how to encrypt brief reports about what was going on at home and to publish these messages as mysterious ads in “The Times” once a month. The cipher used was a modified version of a system based on a signal-book of the Royal Navy. As the circulation of The Times stretched far beyond the UK, Collinson would have the chance to get his hands on a copy even at the remotest of ports.
\n\nOver a century later, the Collinson ads were finally broken in the 1990s. Over the last two years, the lecturers of this talk continued this work, with a goal of decrypting all of the ads and placing them in their appropriate geographic and cultural context.
\n\nArticle in “Mental Floss” (this was written based on one of our earlier talks)
\n\n1992 Research paper in Cryptologia:
\n\nBook about encrypted newspaper advertisements:
\n\nNaval codebooks:
\n\nCollinson’s logbooks (by his brother):
\n\nArticle from the 1940s:
\n\nElonka Dunin is a crypto expert and co-leader of a group that is working to crack the final cipher on the Kryptos sculpture at CIA Headquarters. She maintains a website of the World’s most famous unsolved codes, and bestselling author Dan Brown named his character “Nola Kaye”, a scrambled form of “Elonka”, in his novel The Lost Symbol, after her.
\n\nElonka was a member of the Board of Directors for the National Cryptologic Museum Foundation, and General Manager and Executive Producer at Simutronics, making award-winning online and mobile games.
\n\nIn 2006, Elonka published The Mammoth Book of Secret Codes and Cryptograms, and with Klaus she co-wrote the book Codebreaking: A Practical Guide, with editions in 2020 and 2023.
\n\nSpeakerBio: Klaus Schmeh, Crypto Expert at EvidenKlaus Schmeh has written 15 books (mostly in German) about cryptography, as well as over 250 articles, 25 scientific papers, and 1500 blog posts. Klaus’s main fields of interest are codebreaking and the history of encryption.
\n\nKlaus is a popular speaker, known for his entertaining presentation style involving self-drawn cartoons, self-composed songs, and Lego models. He has lectured at hundreds of conferences, including the NSA Crypto History Symposium, DEF CON, and the RSA Conference.
\n\nIn his day job, Klaus works as a crypto expert for the global IT security company Eviden.
\n\n\n\'',NULL,614481),('3_Saturday','16','16:00','16:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Secrets and Shadows: Leveraging Big Data for Vulnerability Discovery at Scale\'','\'Bill Demirkapi\'','DC_e67a6719b9aa15b12d8002835bd97ec1','\'Title: Secrets and Shadows: Leveraging Big Data for Vulnerability Discovery at ScaleWhen we consider the conventional approaches to vulnerability discovery, be it in software or websites, we tend to confine ourselves to a specific target or platform. In the case of software, we might reverse engineer an application\'s attack surfaces for untrusted input, aiming to trigger edge cases. For websites, we might enumerate a domain for related assets and seek out unpatched, less defended, or occasionally abandoned resources.
\n\nThis presentation explores the untapped potential of scaling security research by leveraging unconventional data sources. We\'ll walk through design flaws that enable two examples: forgotten cloud assets and leaked secrets. Instead of starting with a target and finding vulnerabilities, we\'ll find vulnerabilities and relate them to our targets. We won\'t just stop at discovery. We\'ll also discuss the incentives that create them and how to solve the ecosystem issues as an industry.
\n\nWhile you can\'t easily scale every issue, this project has led to tens of thousands of highly significant yet seemingly trivial weaknesses in some of the world\'s largest organizations. Prepare to shift your perspective on vulnerability discovery, learn scalable approaches to address commonly overlooked bugs, and understand how even the simplest misconfiguration can have a devastating impact.
\n\nBill is an independent security researcher with a passion for finding bugs at scale. His interests include reverse engineering and vulnerability research, ranging from low-level memory corruption to systemic flaws with catastrophic consequences. He started his journey in high school and has since published his work at internationally-recognized conferences like DEF CON and Black Hat USA. In his pursuit to make the world a better place, Bill constantly looks for the next significant vulnerability, following the motto \"break anything and everything\".
\n\n\n\'',NULL,614482),('3_Saturday','16','16:30','17:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Breaking the Beam: Exploiting VSAT Satellite Modems from the Earth\'s Surface\'','\'Vincent Lenders,Johannes Willbold,Robin Bisping\'','DC_e2476e5951cdc5a3f477e62d0efcd2c2','\'Title: Breaking the Beam: Exploiting VSAT Satellite Modems from the Earth\'s SurfaceVSAT satellite communication systems are widely used to provide two-way data and voice communications to remote areas, including maritime environments, crisis regions, and other locations where terrestrial communication infrastructure is limited or unavailable. In this presentation, we report on our security findings from our reverse-engineering efforts to exploit VSAT satellite modems from the Earth. We will focus on the Newtec MDM2200 from iDirect as an example. First, we explain how we reverse-engineered the software stack running on the modem device to find 0-day vulnerabilities. Then, we show how we reverse-engineered the network stack to devise attacks that can be launched by injecting wireless signals through the antenna dish of a VSAT terminal. Finally, we demonstrate our software-defined radio end-to-end attacks to inject bogus firmware updates and to gain a remote root shell access on the modem. To the best of knowledge, this represents the first successful demonstration of signal injection attacks on VSAT modems using software-defined radios from the Earth, while previous attacks on VSAT systems such as the ViaSat hack in 2022 were based on exploiting the operator’s network through Internet VPN connections. Our work therefore enlarges significantly the attack surface of VSAT systems.
\n\nOur presentation at DEF CON is part of a project that has three parts.
\n\nIn the first part, we focus on the inherent security issues in current VSAT system practices. This work will be appear in May at ACM WiSec 2024.
\n\nVSAsTer: Uncovering Inherent Security Issues in Current VSAT System Practices, Johannes Willbold, Moritz Schloegel, Robin Bisping, Martin Strohmeier, Thorsten Holz, Vincent Lenders, 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Seoul, Korea, May 2024.
\n\nThe second part deals with the systematic evaluation of wireless signal injection attacks using a software-defined radio. This work will appear in August at Usenix Security 2024:
\n\nWireless Signal Injection Attacks on VSAT Satellite Modems, Robin Bisping, Johannes Willbold, Martin Strohmeier, and Vincent Lenders, 33rd USENIX Security Symposium (USENIX Security), Philadelphia PA, USA, August 2024.
\n\nThe third part of the project deals with reverse-engineering of the software and network stack of satellite modems and the development of exploits that can be injected over the air through the antenna dish of a VSAT terminal from the ground. This part shall be presented at DEF CON this year.
\n\nSpeakers:Vincent Lenders,Johannes Willbold,Robin BispingVincent Lenders is a cybersecurity researcher from Switzerland where he acts as the Head of the Cyber-Defence Campus. He has a Master and PhD degree from ETH Zurich in electrical engineering. He has over 15 years of practical experience in cybersecurity with a strong focus on the security of wireless networks. He is the co-founder of the OpenSky Network and has published over 150 scientific papers and two books, and presents regularly at cybersecurity conferences including Usenix Secuirty, DEFCON, IEEE S&P, NDSS, ACM CCS.
\n\nSpeakerBio: Johannes Willbold, PhD Student at Ruhr University BochumJohannes Willbold is a PhD student at the Ruhr University Bochum and researches the software security of space and satellite systems. In 2023, he published at the IEEE S&P, and presented on venues, including Black Hat US, REcon and TyphoonCon. He organizes the yearly SpaceSec workshop (co-located with NDSS) and participated in the Hack-a-Sat 2 & 4 finals.
\n\nSpeakerBio: Robin Bisping, Security Engineer at Cyber-Defence CampusRobin Bisping is a security engineer and former student of ETH Zurich and the Cyber-Defence Campus, where his research focused on the security of wireless networks and satellite communication systems.
\n\n\n\'',NULL,614483),('3_Saturday','17','16:30','17:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Breaking the Beam: Exploiting VSAT Satellite Modems from the Earth\'s Surface\'','\'Vincent Lenders,Johannes Willbold,Robin Bisping\'','DC_e2476e5951cdc5a3f477e62d0efcd2c2','\'\'',NULL,614484),('3_Saturday','16','16:30','17:15','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'DEF CON Academy: Cultivating M4D SK1LLZ In the DEF CON Community\'','\'Yan \"Zardus\" Shoshitaishvili,Perri Adams\'','DC_eb45234d3e4c78db7412254b9eea6fa8','\'Title: DEF CON Academy: Cultivating M4D SK1LLZ In the DEF CON CommunityDEF CON is a siren song for the hacker mind. Clever people around the world hear it and are pulled, every year, to Las Vegas. They mass by the tens of thousands, streaming through the halls of DEF CON to watch talks given by absolute legends about incredible escapades, to gaze in wonder as true wizards bend bytes to their will in the CTF room, and to dream about one day reaching to those heights themselves.
\n\nSome have the critical combination of grit, perseverance, raw talent, and (let\'s face it) privilege to push through to those dreams of greatness. But among even the clever and the motivated, it is rare for n00bs to rise to l33tness without support. Some find this support in inspiring classes in college. Others, among friends or mentors. But many don\'t find it at all, and remain in the hallways, dreaming.
\n\nDo you want to leave the hallways and hack the planet? We are hackers, educators, and learners who are creating DEF CON Academy, a concerted effort to maximize hacker potential by providing open, clear, approachable, and inclusive practical resources for budding hackers to transcend and rule cyberspace. Through extensive DEF CON event presence and year-round hacking resources, we will pro up the noobs of the world and bring the community, at scale, to the next level of skill.
\n\nCome, listen, and learn how we can help!
\n\nZardus (Yan Shoshitaishvili) is an Associate Professor at Arizona State University, where he pursues passions of cybersecurity research (focusing on binary analysis and exploitation) and education. Zardus has competed in CTFs for over 15 years, hosted DEF CON CTF, and led Shellphish’s participation in the DARPA Cyber Grand Challengge.
\n\nIn order to inspire students to pursue cybersecurity (and, ultimately, compete at DEF CON!), Yan created pwn.college, an open practice-makes-perfect learning platform that is revolutionizing cybersecurity education for aspiring hackers around the world.
\n\nSpeakerBio: Perri Adams, Special Assistant to the Director at Defense Advanced Research Projects Agency (DARPA)Ms. Perri Adams is a special assistant to the director at DARPA, where she advises stakeholders at the agency and across the U.S. government on the next generation of AI and cybersecurity technology.
\n\nPrior to this role, Adams was a program manager within DARPA’s Information Innovation Office (I2O), where, among other programs, she created the AI Cyber Challenge (AIxCC).
\n\nAdams has been an avid participant in cybersecurity CTF competitions and was one of the organizers of the DEF CON CTF. She holds a bachelor’s degree in computer science from Rensselaer Polytechnic Institute and is a proud alumna of the computer security club, RPISEC.
\n\n\n\'',NULL,614485),('3_Saturday','17','16:30','17:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 2','\'DEF CON Academy: Cultivating M4D SK1LLZ In the DEF CON Community\'','\'Yan \"Zardus\" Shoshitaishvili,Perri Adams\'','DC_eb45234d3e4c78db7412254b9eea6fa8','\'\'',NULL,614486),('3_Saturday','16','16:30','17:15','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Watchers being watched: Exploiting the Surveillance System and its supply chain\'','\'Chanin Kim,Myeonghun Pak,Myeongjin Shin\'','DC_e45178f86758e50a0e06a294095b9fdd','\'Title: Watchers being watched: Exploiting the Surveillance System and its supply chainWith the development of artificial intelligence and image processing technology, the video industry such as CCTV is developing greatly. However, CCTV video may infringe on an individual\'s privacy, and personal information may be leaked due to hacking or illegal video collection. As such, Surveillance System\'s Security issues are also increasing, the importance of the video surveillance industry is becoming more prominent.
\n\nIn order to prevent hacking or illegal video collection, research on camera security is being conducted. However, there is a lack of awareness of NVR (Network Video Recorder), a device that actually watches videos recorded by cameras, and research on this is also insufficient.
\n\nWe selected Hikvision and Dahua, which have a high NVR market share, as target vendors, and also selected Synology\'s NVR-related package, Surveillance Station, as targets. Before proceeding with vulnerability analysis, several problems occurred during the file system extraction process, but U-Boot mitigation was successfully bypassed through various methods. Afterwards, various types of vulnerabilities were discovered through analysis, and OEM verification was also conducted to increase impact. We present exploit scenarios for surveillance devices through vulnerability linkage and present supply chain security issues in the Surveillance System.
\n\n\n\nSpeakers:Chanin Kim,Myeonghun Pak,Myeongjin ShinChanin Kim has previously conducted offensive research and has experience discovering vulnerabilities in various places, including Windows, Rust, and OpenVPN. Chan In-Kim is also currently working as an Offensive Researcher at S2W Inc in Korea and is conducting various offensive research.
\n\nSpeakerBio: Myeonghun Pak, Researcher at KITRIMyeonghun Pak is currently a university student and is working on offensive research. He enjoys analyzing embedded vulnerabilities.
\n\nSpeakerBio: Myeongjin Shin, Student at Chonnam National UniversityMyeongjin Shin is currently a student at Chonnam National University and belong to SRC lab. He is interested in vulnerability analysis and research.
\n\n\n\'',NULL,614487),('3_Saturday','17','16:30','17:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Watchers being watched: Exploiting the Surveillance System and its supply chain\'','\'Chanin Kim,Myeonghun Pak,Myeongjin Shin\'','DC_e45178f86758e50a0e06a294095b9fdd','\'\'',NULL,614488),('3_Saturday','17','17:00','17:45','N','DC','LVCC West/Floor 3/W322-W327','\'A Treasure Trove of Failures: What History’s Greatest Heist Can Teach Us About Defense In Depth\'','\'Pete Stegemeyer\'','DC_350d465156c77a3714aeaf0817caf7c9','\'Title: A Treasure Trove of Failures: What History’s Greatest Heist Can Teach Us About Defense In DepthWhat’s the real life equivalent of hacking a Gibson? Probably stealing hundreds of millions of dollars in diamonds, gold, and cash from one of the world\'s most formidable vaults. In 2003, a team of thieves did just that. Armed with hairspray, double sided tape, and nerves of steel, these thieves defeated layer after layer of security to pull off the haul of a lifetime.
\n\nHowever, as much as this is a story of skilled criminals, it is every bit as much a story of security failures and the parallels between protecting diamonds and data. In this presentation we’ll dive deep into what went right, what went wrong, and how to properly apply defense in depth to make your security program look like a hundred million bucks.
\n\nPete Stegemeyer is both a Senior Security Engineer and one of the world’s leading heist experts. Pete has served as a consultant for Vice, National Geographic, and was a featured expert on the History Channel’s series “History’s Greatest Heists.” He is the author of the best selling book Heist: An Inside Look at the World’s 100 Greatest Heists, Cons and Capers and hosts of the popular podcast “I Can Steal That!”
\n\n\n\'',NULL,614489),('3_Saturday','17','17:00','17:20','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Techniques for Creating Process Injection Attacks with Advanced Return-Oriented Programming\'','\'Bramwell Brizendine,Shiva Shashank Kusuma\'','DC_5499ee625513b48fae0e1d3744ff2d05','\'Title: Techniques for Creating Process Injection Attacks with Advanced Return-Oriented ProgrammingThis talk showcases techniques for process injection using advanced return-oriented programming (ROP). Process injection via ROP introduces significant hurdles, requiring many WinAPIs to be chained together, each with complex parameters and return values. We give practical details on how to best manage this. One seemingly insurmountable challenge is in identifying the target binary, as string comparison can be extremely difficult in ROP, as needed ROP gadgets may be lacking. We unveil a unique, universal solution, giving a reliable means of string comparison via ROP, which works all the time, allowing a specific process to be pinpointed and injected into via ROP.
\n\nWe created numerous patterns for different WinAPIs, allowing for as many as a dozen ways of preparing a specific WinAPI via ROP, if using an approach centered around the PUSHAD instruction. With some WinAPIs, there are zero patterns for PUSHAD, forcing us to rely upon the much lauded “sniper” approach. We document all such variations of patterns for the WinAPIs in our demonstrated process injection. This research is not intended to demo a one-off example of process injection via ROP, but to provide a methodology that can be used time and time again, providing unique templates for others to use the same WinAPIs when attempting process injection via ROP.
\n\nDr. Bramwell Brizendine completed his Ph.D. in Cyber Operations. A security researcher, currently Bramwell is an Assistant Professor at the University of Alabama in Huntsville, and he is the founding Director of the Vulnerability and Exploitation Research for Offensive and Novel Attacks (VERONA Lab). A cybersecurity expert, Bramwell has taught numerous undergraduate, graduate, and doctoral level courses in reverse engineering, software exploitation, advanced software exploitation, malware analysis, and offensive security. Additionally, Bramwell has authored several important cybersecurity tools, including JOP ROCKET, SHAREM, ShellWasp, and ROP ROCKET, which are open source and freely available. Bramwell was a PI on a $300,000 NSA research grant to develop a shellcode analysis framework, SHAREM. Bramwell has been a speaker at many top security conferences across the globe, including different regional variations of Black Hat, DEFCON, Hack in the Box, and more.
\n\nSpeakerBio: Shiva Shashank Kusuma, Computer Science Master\'s Student at University of Alabama in HuntsvilleShiva Shashank Kusuma, a Computer Science Master\'s student at the University of Alabama in Huntsville, has a deep interest in software engineering and cybersecurity. When not at work, Shiva enjoys reading about Blockchain, Web3, and AI.
\n\n\n\'',NULL,614490),('3_Saturday','17','17:30','18:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Iconv, set the charset to RCE: exploiting the glibc to hack the PHP engine\'','\'Charles \"cfreal\" Fol\'','DC_9658da9a122f30827c5f5d3c05c6f250','\'Title: Iconv, set the charset to RCE: exploiting the glibc to hack the PHP engineUpon its discovery, CVE-2024-2961, a very old buffer overflow in the glibc, seemed like a terrible bug. Within the prism of the PHP engine, however, the vulnerability shone, and provided both a new remote code execution vector and a few 0-days.
\n\nThis talk will first walk you through the discovery of the bug and its limitations, before describing the conception of remote binary PHP exploits using this bug, and through them offer unique insight in the internal of the engine of the web language, and the difficulties one faces when exploiting it.
\n\nAfter this, it will reveal the impact on PHP\'s ecosystem, from well-known functions to unsuspected sinks, by showcasing the vulnerability on several popular libraries and applications.
\n\nSpeakerBio: Charles \"cfreal\" Fol, Security Researcher at LEXFO / AMBIONICSCharles Fol, also known as cfreal, is a security researcher at LEXFO / AMBIONICS. He has discovered remote code execution vulnerabilities targeting renowned CMS and frameworks such as Drupal, Magento, Symfony or Laravel, but also enjoys binary exploitation, to escalate privileges (Apache, PHP-FPM) or compromise security solutions (DataDog’s Sqreen, Fortinet SSL VPN, Watchguard). He is the creator for PHPGGC, the go-to tool to exploit PHP deserialization, and an expert in PHP internals.
\n\n\n\'',NULL,614491),('3_Saturday','18','17:30','18:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Iconv, set the charset to RCE: exploiting the glibc to hack the PHP engine\'','\'Charles \"cfreal\" Fol\'','DC_9658da9a122f30827c5f5d3c05c6f250','\'\'',NULL,614492),('3_Saturday','17','17:30','18:15','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Nano-Enigma: Uncovering the Secrets Within eFuse Memories\'','\'Michal Grygarek,Martin Petran,Hayyan Ali\'','DC_2d3647e71613cca228e93db7b6580018','\'Title: Nano-Enigma: Uncovering the Secrets Within eFuse MemoriesFor years, eFuse-based memories were used to store sensitive information such as encryption keys, passwords, and other potentially confidential pieces of information. This practice was encouraged by several vendors who leverage such memory types for protecting the debugging interfaces using a password or for official way to store encryption keys for external flash memories.
\n\nHowever, with the advances in technology and threat actors’ creativity, eFuse-based memories may take a hard hit on their confidentiality assurance as their physical properties could allow for a relatively easy extraction of the stored information.
\n\nIn this talk we will walk you through the journey of revealing one such data storage from decapsulating the chip itself, delayering it using common household items all the way to using advanced tools such as Scanning Electron Microscope (SEM) to read value of an encryption key and thus break the confidentiality of the encrypted flash memory.
\n\nMichal has 20+ years of experience in the development of electronic systems and radio engineering. He specializes in cyber security of embedded systems, especially with relation to nanometer scale attack. His key expertise includes the methodology of decapsulation, delayering of silicon chips and their subsequent analysis using optical and electron microscopy.
\n\nSpeakerBio: Martin Petran, Embedded Systems Security Engineer at AccentureMartin is an embedded systems security engineer with 9+ years of professional experience working at Accenture in Prague, Czech Republic. His main areas of focus are reverse engineering, fuzzing and exploit development. Throughout his career, he has created/contributed to several open-source projects and presented at security focused conferences.
\n\nSpeakerBio: Hayyan Ali, Security Delivery Senior Analyst at AccentureHayyan Ali brings over a decade of expertise in mobile communication, radio planning, and optimization to the forefront of cutting-edge technological advancements. Currently pursuing a Ph.D. at the Czech Technical University in Prague, Hayyan\'s research focuses on the integration of Machine Learning within mobile networks\' radio interfaces. In addition to his academic pursuits, Hayyan serves as a Security Delivery Senior Analyst at Accenture, where he spearheads initiatives to fortify mobile communication infrastructures. Leveraging his extensive knowledge, he specializes in detecting vulnerabilities within radio interface protocols, conducting penetration testing on wireless interfaces in IoT devices, and deploying Machine Learning algorithms to automate pen testing processes.
\n\n\n\'',NULL,614493),('3_Saturday','18','17:30','18:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Nano-Enigma: Uncovering the Secrets Within eFuse Memories\'','\'Michal Grygarek,Martin Petran,Hayyan Ali\'','DC_2d3647e71613cca228e93db7b6580018','\'\'',NULL,614494),('3_Saturday','20','20:00','21:59','N','CON','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'Hacker Jeopardy\'','\'\'','CON_0e78bac0722bf6d710c64d77a1c86662','\'Title: Hacker JeopardyJoin us as we unravel another story of public resources from AWS, digging in 3.1 million AMIs for secrets. Beyond the findings, we\'ll delve into the ominous connection between exfiltrated AWS access credentials from these AMIs and the heightened risk of AWS account takeover. This talk will highlight key methodologies, tools, and lessons learned, emphasizing the critical need for robust security measures in the cloud to prevent both data exposure and potential account compromise.
\n\nWe started and developed this research without references of existing work. However, here are two links that can be viewed as related/previous work:
\n\nThis article shows a research on a subset of public AMIs from a single region in AWS\nlink
\n\nThis research shows a similar issue where public EBS are scanned. However, this technique does not work for most public AMIs\nlink
\n\nSpeakers:Eduard Agavriloae,Matei JosephsEduard focuses on cloud and offensive security. He’s an experienced penetration tester and in the last years he started doing novel research, writing articles, developing tools like EC2StepShell and presenting at security conferences.
\n\nSpeakerBio: Matei Josephs, Senior Penetration TesterMatei is a Senior Penetration Tester who loves exploring the internet for vulnerabilities. Matei has discovered several CVEs and has the OSCP, CRTO, eWPT and a few other certifications alongside a Master\'s degree in Cybercrime and Intelligence. Although his daily job requires him to conduct thorough tests across a limited scope, after work, Matei enjoys doing simple tests across the whole internet.
\n\n\n\'',NULL,614499),('4_Sunday','10','10:00','10:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Splitting the email atom: exploiting parsers to bypass access controls\'','\'Gareth Heyes\'','DC_998ba3e98fa20ce6054e5aef6d6cda17','\'Title: Splitting the email atom: exploiting parsers to bypass access controlsWebsites often parse users\' email addresses to identify their organisation. Unfortunately, parsing emails is far from straightforward thanks to a collection of ancient RFCs that everyone knows are crazy. You can probably see where this is going…
\n\nIn this session, I\'ll introduce techniques for crafting RFC-compliant email addresses that bypass virtually all defences leading to broken assumptions, parser discrepancies and emails being routed to wildly unexpected destinations. I\'ll show you how to exploit multiple applications and libraries to spoof email domains, access internal systems protected by \'Zero Trust\', and bypass employee-only registration barriers.
\n\nThen I\'ll introduce another class of attack - harmless-looking input transformed into malicious payloads by unwitting libraries, leading to yet more misrouted emails, and blind CSS injection on a well-known target.
\n\nI\'ll leave you with a full methodology and toolkit to identify and exploit your own targets, plus a CTF to develop your new skillset.
\n\nEmail parsing:
\n\nCSS Exfiltration:
\n\nUnicode:
\n\nPortSwigger researcher Gareth Heyes is probably best known for smashing the AngularJS sandbox to pieces and creating super-elegant XSS vectors. He is the author of JavaScript for hackers. In his daily life at PortSwigger, Gareth can often be found creating new XSS vectors, and researching new techniques to attack web applications. He has a keen interest in hacking CSS to do wonderful, unexpected things and can often be seen experimenting with 3D pure CSS rooms, games and taking markup languages to the limit on his website. He\'s also the author of PortSwigger\'s XSS Cheat Sheet. In his spare time, he loves writing new BApp extensions such as Hackvertor.
\n\n\n\'',NULL,614500),('4_Sunday','10','10:00','10:45','N','DC','LVCC West/Floor 3/W322-W327','\'The not-so-silent type: Breaking network crypto in almost every popular Chinese keyboard app\'','\'Jeffrey Knockel,Mona Wang\'','DC_2116869cee3938780e58032d6d8b524b','\'Title: The not-so-silent type: Breaking network crypto in almost every popular Chinese keyboard appPeople who don’t type Chinese might be surprised to learn that popular Chinese Input Method Editor (IME) keyboards can act as keyloggers; they transmit your keystrokes over the Internet to enable “cloud-based” support features to improve character prediction when typing.
\n\nEveryone might be surprised to learn that these keyloggers, which were already collecting everything you type into your device, were doing it insecurely.
\n\nIn this talk, we will describe how we systematically exploited every single popular Chinese IME keyboard vendor’s home-rolled network encryption protocol. Namely, we show how any network eavesdropper can read the keystrokes of what users of these vendors’ keyboards are typing. The affected keyboards include the three most popular Chinese IME keyboards, Sogou IME, Baidu IME, and iFlytek IME, collectively used by almost 800 million users, as well as default and pre-installed keyboards on basically every popular Android mobile device except for Huawei’s. We also discuss how we got here, re-affirm the age-old adage, “Don’t roll your own crypto!”, and call on hackers around the world to help us move towards HTTPS everywhere in understudied app ecosystems.
\n\n\n\n\n\nSpeakers:Jeffrey Knockel,Mona WangJeffrey Knockel is a Senior Research Associate at the Citizen Lab. In his research, he seeks to bring transparency to censorship, surveillance, and other harmful software behavior.
\n\nSpeakerBio: Mona Wang, PhD candidate in Computer Science at Princeton UniversityMona Wang is a PhD candidate in Computer Science at Princeton University specializing in network security and privacy. As an Open Technology Fellow at the Citizen Lab, she studied various proprietary encryption protocols used by popular Chinese mobile applications.
\n\n\n\'',NULL,614501),('4_Sunday','10','10:00','10:20','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Unlocking the Gates: Hacking a secure Industrial Remote Access Solution\'','\'Moritz Abrell\'','DC_239cd9d7942eae3010f7d1e92a084c37','\'Title: Unlocking the Gates: Hacking a secure Industrial Remote Access SolutionIndustrial VPN gateways play a crucial role in operational technology by enabling secure remote access to systems within industrial networks. However, their importance goes hand in hand with increased security risks, as their architecture makes them lucrative targets for threat actors. Over the years, we have seen such devices being used in various industrial environments, which underlines their widespread use in critical infrastructures.
\n\nThis talk is about a security analysis of a widely used industrial remote access solution. We will dive deep into and expose various vulnerabilities. This includes rooting the device, bypassing hardware-based security mechanisms such as the use of a hardware security module, and reverse engineering software and firmware. Ultimately, we will show how various identified vulnerabilities allowed us to hijack remote access sessions, creating significant security risks.
\n\nSpeakerBio: Moritz Abrell, Senior IT Security Consultant and Penetration Tester at SySS GmbHMoritz Abrell is an experienced IT security expert who has been passionate about the field since his early days.
\n\nAs a Senior IT Security Consultant and Penetration Tester for the Germany-based pentest company SySS GmbH, he specializes in the practical exploitation of vulnerabilities and advises clients on how to remediate them.
\n\nIn addition, he regularly conducts security research and has a keen interest in delving deep into soft-, hard- and firmware. His research has been presented at various national and international IT security conferences such as DEFCON, BlackHat USA, HackCon, NoHat, Hacktivity, etc.
\n\n\n\'',NULL,614502),('4_Sunday','10','10:00','10:45','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Windows Downdate: Downgrade Attacks Using Windows Updates\'','\'Alon Leviev\'','DC_08349de125e6df2e700bd4c313d9554c','\'Title: Windows Downdate: Downgrade Attacks Using Windows UpdatesDowngrade attacks force software to revert to an older, vulnerable version. In 2023, BlackLotus emerged, downgrading the boot manager to bypass Secure Boot. Microsoft addressed the threat, but was Secure Boot the only component vulnerable to downgrades?
\n\nBy examining Windows Updates, we found a flaw enabling us to take full control over it and craft downgrading updates, bypassing all verification steps.
\n\nWe then managed to downgrade DLLs, drivers, and even the kernel. Afterwards, the OS reported it’s fully updated, unable to install future updates, with recovery tools unable to detect issues.
\n\nWe aimed higher and found that the virtualization stack is at risk too. We successfully downgraded Hyper-V’s hypervisor, Secure Kernel, and Credential Guard to expose privilege escalations.
\n\nWe also discovered several ways to disable VBS, including its Credential Guard and HVCI features, despite its enforced UEFI locks. This is the first known bypass of VBS\'s UEFI locks.
\n\nLastly, we found another vulnerability in a Windows Update restoration scenario, making the findings accessible to unprivileged attackers!
\n\nIn this talk, we’ll introduce \"Windows Downdate\", a tool that takes over Windows Updates to craft downgrades and expose dozens of vulnerabilities. It makes the term “fully patched” meaningless across any Windows machine worldwide.
\n\nSpeakerBio: Alon LevievAlon Leviev (@_0xDeku) is self-taught security researcher with a diverse background. Alon started his professional career as a blue team operator, where he focused on the defensive side of cyber security. As his passion grew towards research, Alon joined SafeBreach as a security researcher. His main focus include operating system internals, reverse engineering, and vulnerability research. Alon spoke at various security conferences such as Black Hat EU 2023, CanSecWest 2024 and CONFidence 2024. Before joining the cyber security field, Alon was a professional Brazilian jiu-jitsu athlete, where he won several world and european titles.
\n\n\n\'',NULL,614503),('4_Sunday','10','10:30','11:15','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Changing Global Threat Landscape with Rob Joyce and Dark Tangent\'','\'Rob Joyce,Jeff \"The Dark Tangent\" Moss\'','DC_554d72680e6d79887541bdf4a8b8877e','\'Title: Changing Global Threat Landscape with Rob Joyce and Dark TangentRob Joyce, former NSA and White House cyber official, will engage with Dark Tangent to analyze the evolving state of global cyber threats. Their discussion will explore the impact and potential of artificial intelligence, assessing how AI is reshaping the cybersecurity landscape and what it means for the future of global security.
\n\nSpeakers:Rob Joyce,Jeff \"The Dark Tangent\" MossRob served over 34 years at the NSA, where he held roles including the head of Tailored Access Operations (TAO), the NSA hackers running operations to produce foreign intelligence. He spent his final years as the head of the Agency’s cybersecurity directorate. He also served on the White House National Security Council as a Special Assistant to the President and Cybersecurity Coordinator, as well as Acting Homeland Security Advisor. Throughout his career, he led operations pursuing the most sophisticated hackers and innovated technologies to protect vital national assets — including the the US classified networks and nuclear authorization codes. He remains dedicated to upholding our national security in the cyber realm.
\n\nSpeakerBio: Jeff \"The Dark Tangent\" Moss, DEF CON CommunicationsLDAP is no stranger to the security spotlight. While LDAP is a protocol (Lightweight Directory Access Protocol) and Active Directory is the most popular directory services system that supports a subset of LDAP, the terms “LDAP” and “AD” are tightly coupled when discussing the execution, detection and prevention of attacks targeting directory services data.
\n\nIn the last decade the widespread offensive value of querying AD data via LDAP was cemented with the release of open-source tools such as BloodHound and PingCastle. However, proper visibility of LDAP queries mostly remains a privileged asset for those organizations with deep pockets, and the commercial security tools providing this visibility are often woefully fixated on simple signature-based detections.
\n\nMaLDAPtive is the 2,000-hour (and counting) quest of offensive and defensive LDAP exploration and tool-building. This research includes mind-bending depths of obfuscation across all elements of LDAP queries (many undocumented and most never seen in the wild), all baked into an obfuscation/de-obfuscation/detection framework built upon our ground-up custom LDAP search filter tokenizer and syntax tree parser.
\n\nCome witness the release of our MaLDAPtive research and open-source framework: transforming LDAP from “lightweight” to “heavyweight.”
\n\nGeneral LDAP information:
\n\nLDAP-Related RFCs:
\n\nOfficial Documentation for Active Directory LDAP Attributes: link
Blogs Highlighting Offensive LDAP Usage:
\n\nOpen-Source Tooling Using LDAP:
\n\nDaniel Bohannon is a Principal Threat Researcher on Permiso Security\'s P0 Labs team with over 14 years of information security experience, including incident response consulting at MANDIANT, security research at FireEye and threat hunting at Microsoft.
\n\nHe is the author of the Invoke-Obfuscation, Invoke-CradleCrafter and Invoke-DOSfuscation open-source obfuscation frameworks and co-author of Revoke-Obfuscation and Cloud Console Cartographer.
\n\nMr. Bohannon received a Master of Science in Information Security from the Georgia Institute of Technology (2013) and a Bachelor of Science in Computer Science from The University of Georgia (2010).
\n\nSpeakerBio: Sabajete Elezaj, Senior Cyber Security Engineer at Solaris SESabajete Elezaj is a Senior Cyber Security Engineer at Solaris SE with a background in cybersecurity extending over 6 years. Her expertise spans incident response, threat hunting and blue team operations. Her work focuses on enhancing cyber defense strategies.
\n\nMrs. Elezaj holds a Master of Science in Information Security from the University of Tirana. She has also shared her expertise at cybersecurity conferences, including BSides Tirana.
\n\n\n\'',NULL,614506),('4_Sunday','11','11:00','11:45','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Dragon SlayingGuide: Bug Hunting In VMware Device Virtualization\'','\'JiaQing Huang,Hao Zheng,Yue Liu\'','DC_c07d364f064ed2bddda7e67846b0e70c','\'Title: Dragon SlayingGuide: Bug Hunting In VMware Device VirtualizationIn this presentation, we will unveil a new attack surface: Device Virtualization in VMKernel. This isan unknown territory that has not been explored by security researchers to date. During the reverse engineering of the VMware Hypervisor, we discovered 8 vulnerabilities related to device virtualization, 3 of them have been assigned CVE number (some vulnerabilities have even been successfully exploited in Tianfu Cup), and the remaining 5 of our vulnerabilities have been officially confirmed by VMware.
\n\nFirstly we will delve into the loading process of vmm, the implementation of data sharing between vmm and vmx, and VMware\'s UserRPC, which facilitates communication between the Hypervisor and the Host. These mechanisms are crucial in virtual device emulation.
\n\nThen We will explain security issues in various parts of the USB system, including the host controller, VUsb middleware, and VUsb backend devices, based on the vulnerabilities we have unearthed.
\n\nIn the end, We will primarily discuss the similarities and differences in SCSI-related device emulation in the virtual disk system between VMware Workstation and ESXi Additionally, we will cover design flaws related to disk device emulation that we discovered in VMKernel.
\n\nJiaQing Huang is a security researcher at TianGong Team of Legendsec at QI-ANXIN Group. He is currently focused on IoT and Virtualization security, having submitted multiple security vulnerabilities to VMware. In 2023, he and his teammate successfully escaped the Parallels Desktop at GeekCon2023.
\n\nSpeakerBio: Hao Zheng, Security Researcher, TianGong Team of Legendsec at QI-ANXIN GroupHao Zheng is a security researcher at TianGong Team of Legendsec at QI-ANXIN Group. His focus is on Virtualization Security, having submitted multiple security vulnerabilities to VMware. In 2023, he and his teammate successfully escaped the Parallels Desktop at GeekCon2023.
\n\nSpeakerBio: Yue Liu, Security Researcher at QI-ANXIN GroupYue Liu is a Security Researcher at QI-ANXIN Group, and the team leader of QI-ANXIN TianGong Team. He and his team has found lots of bugs in Windows/Android/ChromeOS/IoT Devices and cracked multiple targets in Tianfu Cup 2019/2020, GeekPwn 2020/2021/2022, GeekCon 2023. He has published his work in various conferences, including Usenix 2021, ACM CCS 2022, EuroS&P 2022, HITBSecConf2022, BlackHat Asia 2024.
\n\n\n\'',NULL,614507),('4_Sunday','11','11:00','11:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'The hack, the crash and two smoking barrels. (And all the times I (almost) killed an engineer.)\'','\'Thomas \"Cr0wTom\" Sermpinis\'','DC_a8376b7c67abfe5d03288f4924f556ab','\'Title: The hack, the crash and two smoking barrels. (And all the times I (almost) killed an engineer.)This is not a talk in which I will demonstrate exploit chains obtained from the underworld after signing with blood. It’s about sharing meaningful stories from said underworld. The automotive underworld of huge corporations, short deadlines and lukewarm engineers. The one where companies fight for packing more and more functionality inside your computer on wheels, without paying attention to one of the things that our life actually depends on right now, cybersecurity.
\n\nWhile others talk about extremely significant remote vulnerabilities, I will focus on a high-level view of architecture and design of vehicles and where security fits in these processes. I will go through a journey of exploitation, from discovering 0days, to persuading engineers for the significance of a finding, by putting him in the driving seat and engaging the breaks mid-journey.
\n\nI will conclude, trying to understand why this is happening, why this behavior towards security still exists in the automotive industry, and how a small manufacturer managed to create one of the most secure embedded systems I faced in my career. All this, with a series of demos in real targets, and a real ECU on stage.
\n\nOur ultimate goal is to help people understand the state of the industry, spark the interest which can come out of hacking a computer on wheels, and try to raise awareness with a bit of hack, a bit of crash and two smoking barrels.
\n\nThomas Sermpinis (a.k.a. Cr0wTom) is the Technical Director of Auxilium Pentest Labs and independent security researcher with main topics of interest in the automotive, industrial control, embedded device, and cryptography sectors. During his research, he published several academic papers, 0days and tools with the ultimate goal of making the world a safer place, but also helped almost 200 OEMs and Tier 1 automotive suppliers to achieve better security and develop more secure products.
\n\nAdditionally, he spoke in several highly technical security conferences, presenting his research and trying to create safer streets for drivers, passengers, pedestrians, and everyone in the street, including Zer0Con, TyphoonCon, TROOPERS, DeepSec and others.
\n\n\n\'',NULL,614508),('3_Saturday','12','12:00','12:45','N','DC','LVCC West/Floor 3/W322-W327','\'automobiles, alcohol, blood, sweat, and creative reversing of an obfuscated Car-Modding tool\'','\'atlas\'','DC_4cd89110a7fc92361cc14127a902b65a','\'Title: automobiles, alcohol, blood, sweat, and creative reversing of an obfuscated Car-Modding toolreversing can feel uber powerful... like you hold God\'s honest truth within your hands... most humans don\'t understand what you can see and comprehend.
\n\nuntil someone tries to hide the truth from you... limit your knowledge... keep you from your glorious purpose!
\n\nobfuscated code can be a real downer.
\n\nthis talk focuses on the story of how i took on an interesting obfuscated target (an automotive modder\'s tool with ability to flash firmware and tweak engines), in fun and exciting ways.
\n\nwe\'ll discuss several problems with obfuscated code, an approach i took (and tooling), playing in the guts of machine code, and customizations to binary analysis tools that came out of the journey...
\n\nthere will be much hex, disassembly, green on black, total carnage.
\n\nyou will walk away with powerful ideas and new tools to help you in your pursuit of truth. you will be entertained, enriched, educated, and hopefully inspired. instead of thinking that \"atlas is smart\" my goal is you feeling, and being, more powerful.
\n\ncome with Vivisect installed to follow along!
\n\n\n\nSpeakerBio: atlasatlas is a doer of things. with nearly 20 years of experience binary reverse-engineering, exploiting, and bringing friends along, he\'s as likely to talk about RF signals as to discuss converting machine language bits into assembly instructions, intermediate languages, and decompilers. driven by the \"truth\", and desire to write tools to make finding truth easier, his talks always engage, embrace, and baffle.
\n\n\n\'',NULL,614509),('4_Sunday','12','12:00','12:45','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'DriverJack: Turning NTFS and Emulated Read-only Filesystems in an Infection and Persistence Vector\'','\'Alessandro Magnosi\'','DC_992e07929d988780e11ce7c3d65946fb','\'Title: DriverJack: Turning NTFS and Emulated Read-only Filesystems in an Infection and Persistence VectorThis article reassesses complex cyberattack tactics, focusing specifically on existing security measures and emerging weaknesses. We begin our investigation by examining initial methods of deployment in contemporary attacks, including those that focus on simulated read-only filesystems and NTFS vulnerabilities. Since the improvements made to the Windows security architecture in 2011, which include the enforcement of Driver Signature Enforcement (DSE) and Hypervisor-protected Code Integrity (HVCI), the nature of cyber threats has changed, requiring new ways to carry out attacks.
\n\nOur research presents a new method that takes advantage of previously uncovered weaknesses in emulated filesystems, allowing attackers to covertly install and maintain harmful programs. In addition, we uncover new NTFS vulnerabilities that enable attackers to conceal their presence and sustain persistence within victim systems. The study also investigates alternate methods for delivering and executing malware in usermode. In addition, we discuss several Indicators of Compromise (IOCs) to identify and detect these tactics.
\n\n\n\nSpeakerBio: Alessandro Magnosi, Managing Consultant and R&D Lead at BSII am a Managing Consultant with more than 10 years of experience in the IT field. Currently, I am part of the Security Testing Team at BSI, which is the UK national standards body, and a Global certification, training and cybersecurity firm. On top of my normal work, I work as an independent researcher for Synack RT and Cobalt, and an independent OSS developer in my spare time.
\n\n\n\'',NULL,614510),('4_Sunday','12','12:00','12:20','N','DC','LVCC West/Floor 3/W322-W327','\'Solving the \"Lover, Stalker, Killer\" Murder with strings, grep, and Perl\'','\'Anthony Kava\'','DC_f78beafe6e557c3fa2a09a532b155ac0','\'Title: Solving the \"Lover, Stalker, Killer\" Murder with strings, grep, and PerlCari Farver did not disappear off the face of the Earth. She was murdered in cold blood, and her killer went on to impersonate her online, for over three years. The suspect hid their tracks with VPNs, proxies, and anonymizing apps. This talk will go behind the scenes of Netflix\'s \"Lover, Stalker, Killer\" to detail the open source software and bespoke methods used to prove a no-body homicide case based almost entirely on digital evidence.
\n\nDateline NBC, S26E1 \"Scorned\" (2017)\nRule, Leslie. \"A Tangled Web: A Cyberstalker, a Deadly Obsession, and the Twisting Path to Justice\". Citadel Press, 2020.\nNetflix, \"Lover, Stalker, Killer\" (2024)
\n\nSpeakerBio: Anthony KavaAnthony Kava is a hacker and carries a badge. Got his start breaking Apple IIs then moved, somehow, to breaking baddies. Works as a cyber crime investigator and digital forensics examiner with a penchant for infosec. Kava is a recognized Soylent drinker, scourge to software vendors, and has been portrayed by a Canadian in a Lifetime movie. Dreams in Perl. Enjoys long walks on the dark web.
\n\n\n\'',NULL,614511),('4_Sunday','12','12:30','13:15','N','DC','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'AIxCC Closing Ceremonies\'','\'Andrew Carney,Perri Adams\'','DC_34da79fb828273c261cec2eb45b98442','\'Title: AIxCC Closing CeremoniesDARPA and ARPA-H joined forces for the AI Cyber Challenge (AIxCC), a two-year competition aimed at revolutionizing cybersecurity through AI-driven solutions. AIxCC asks the nation’s top talent in AI and cybersecurity to develop Cyber Reasoning Systems capable of automatically finding and fixing software vulnerabilities to secure critical software. In this talk, we are excited to announce the results of the Semifinals event. We will conduct a brief examination of the AI systems developed by the top teams by analyzing their strategies, discuss key innovations and methodologies employed, and discuss the overall impact of the competition on the cybersecurity landscape. The top-ranking teams will be eligible to win one of the $2 million in semifinal prizes, as well as a spot in the Finals competition at DEF CON 33.
\n\nSpeakers:Andrew Carney,Perri AdamsAndrew Carney joined ARPA-H in July 2023 from HSBC’s Cybersecurity Science and Analytics group, where he worked as a principal researcher. He has over 15 years of experience in software and hardware vulnerability research, technical education and training, and management of research and development teams.
\n\nIn addition to his role as program manager with ARPA-H, Carney holds a joint program manager appointment with the Defense Advanced Research Projects Agency (DARPA) for the AI Cyber Challenge (AIxCC), a competition focused on securing software in critical infrastructure. Before HSBC, Carney was a technical advisor and contractor for the Defense Advanced Research Projects Agency (DARPA). At DARPA, he supported research efforts focused on reverse engineering, program analysis, human-machine teaming, and automated program repair. Throughout his career, Carney has been involved in competitive hacking (called Capture the Flag, or CTF) as both a player and a competition organizer. He holds a master’s degree in computer science from The Johns Hopkins University.
\n\nSpeakerBio: Perri Adams, Special Assistant to the Director at Defense Advanced Research Projects Agency (DARPA)Ms. Perri Adams is a special assistant to the director at DARPA, where she advises stakeholders at the agency and across the U.S. government on the next generation of AI and cybersecurity technology.
\n\nPrior to this role, Adams was a program manager within DARPA’s Information Innovation Office (I2O), where, among other programs, she created the AI Cyber Challenge (AIxCC).
\n\nAdams has been an avid participant in cybersecurity CTF competitions and was one of the organizers of the DEF CON CTF. She holds a bachelor’s degree in computer science from Rensselaer Polytechnic Institute and is a proud alumna of the computer security club, RPISEC.
\n\n\n\'',NULL,614512),('4_Sunday','13','12:30','13:15','Y','DC','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'AIxCC Closing Ceremonies\'','\'Andrew Carney,Perri Adams\'','DC_34da79fb828273c261cec2eb45b98442','\'\'',NULL,614513),('4_Sunday','12','12:30','13:15','N','DC','LVCC West/Floor 3/W322-W327','\'Clash, Burn, and Exploit: Manipulate Filters to Pwn kernelCTF\'','\'Kuan-Ting \"HexRabbit\" Chen\'','DC_15cda7bc3b88895074ffdf2873f8d28c','\'Title: Clash, Burn, and Exploit: Manipulate Filters to Pwn kernelCTFAs the successor to the iptables, nftables stands as a crucial network component within the Linux kernel, managing packet filtering and other network-related functionalities. With continuous development and changes, features designed to increase its efficiency, such as batch commit, anonymous chains/sets, and asynchronous garbage collection, have been implemented, which in turn has significantly increased its complexity and made it an attractive target for attackers in recent years.
\n\nSince the announcement of the kernelCTF bug bounty, multiple nftables 0-day vulnerabilities have been reported and patched to enhance its security. However, if not careful enough, the security patch may not only mitigate the bug but also introduce new security issues unintentionally. By researching the structural changes in the nftables codebase, we successfully uncover new vulnerabilities despite the intense competition in kernelCTF. Also, we managed to speedrun the exploitation just before Google removed nftables from LTS instance, becoming the last LTS nftables exploitation.
\n\nIn this presentation, we will share three nftables vulnerabilities we discovered in a storytelling fashion. We start with a brief introduction on how nftables works under the hood to familiarize attendees with the basics. After that, we dive into nftables internals and dissect three vulnerabilities discovered during our journey, two of which involved utilizing hard-to-exploit race conditions to pwn the flag. Alongside details of the exploitation, we will also share the roller-coaster story of kernelCTF experiences, filled with dramatic highs and lows, making it a tense and exhilarating journey.
\n\nKuan-Ting Chen, also recognized as HexRabbit, is a Security Researcher at DEVCORE and a member of the Balsn CTF team. Specializing in low-level exploitation, he is curious about how things work and enjoys the challenge of unraveling the complexities of modern computing systems.
\n\nCurrently, he focused on the topic of Linux kernel exploitation, his work includes discovering multiple 0-day vulnerabilities in key Linux components like io_uring, ksmbd (an in-kernel SMB server), and the nftables submodule.
\n\n\n\'',NULL,614514),('4_Sunday','13','12:30','13:15','Y','DC','LVCC West/Floor 3/W322-W327','\'Clash, Burn, and Exploit: Manipulate Filters to Pwn kernelCTF\'','\'Kuan-Ting \"HexRabbit\" Chen\'','DC_15cda7bc3b88895074ffdf2873f8d28c','\'\'',NULL,614515),('4_Sunday','12','12:30','13:15','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Redefining V2G - How to use your vehicle as a game controller\'','\'Timm Lauser,Jannis Hamborg\'','DC_ce82ccd704d4b48ed6812aaf3ab5e775','\'Title: Redefining V2G - How to use your vehicle as a game controllerModern cars are a complex networks of computers put on four wheels. For security research, it is important to understand the car\'s internal network and exposed interfaces. But what else could you use this knowledge for? You probably guessed it from the title 🙂. So we developed a tool to turn our research car into a game controller.
\n\nIn this talk, we present Vehicle-to-Game (V2G), a Python-based project that enables the usage of cars as game controllers. V2G can run either directly on a laptop or turn a Raspberry Pi Zero WH into a Bluetooth gamepad. In addition, V2G can either be used over the OBD2-diagnostic port or by directly accessing the internal CAN-busses of the car.
\n\nOur project can be a great starting point if you always wanted to tinker around with your car or want to learn about the CAN bus or diagnostic communication (UDS). To make V2G work with your car, some reverse engineering of CAN messages or diagnostic communication will be required (as well as additional hardware to connect to the CAN bus). Otherwise, if you can get this running, you can be sure that you own a more expensive game controller than your neighbors.
\n\nTools and hardware:\n1. General introduction into the CAN-bus and UDS: link\n2. Tool for designing PCBs: link\n3. Tool for making CAN messages readable: link\n4. Hardware for accessing CAN-bus and OBD: link\n5. CAN utils: link\n6. CAN hat for Raspberry Pi: link
\n\nUsed libraries:\n1. link Many thanks for providing this great library and documentation for utilizing the Raspberry Pi as a Bluetooth device!\n2. link\n3. link
\n\nMisc:\n1. Tesla DBC files: link\n2. ACSD website: link\n3. V2G Repository on GitHub (private until start of DEF CON): link
\n\nSpeakers:Timm Lauser,Jannis HamborgTimm Lauser received his masters degree in computers science from Karlsruhe Institute of Technology, Germany in 2020. Since then, he is a PhD student at Darmstadt University of Applied Sciences, Germany. There, he is researching in the field of automotive cyber security with a focus on communication protocols and their formal verification in the symbolic model.
\n\nSpeakerBio: Jannis Hamborg, PhD Student at Darmstadt University of Applied SciencesJannis Hamborg received his masters degree in computer science with focus on IT-security from Technical University Darmstadt, Germany in 2023. For his master thesis he researched about resilient and self-recovering reputation based networks. During the time of master he worked as assistant researcher at Darmstadt University of Applied Sciences, Germany on different topics of automotive security research. Since end of 2023, he started his PhD on the design and integration of resilient risk-driven networks with focus on internal automotive networks.
\n\n\n\'',NULL,614516),('4_Sunday','13','12:30','13:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Redefining V2G - How to use your vehicle as a game controller\'','\'Timm Lauser,Jannis Hamborg\'','DC_ce82ccd704d4b48ed6812aaf3ab5e775','\'\'',NULL,614517),('4_Sunday','13','13:00','13:45','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Your AI Assistant has a Big Mouth: A New Side-Channel Attack\'','\'Yisroel Mirsky,Roy Weiss,Daniel Ayzenshteyn,Guy Amit\'','DC_16ee5e8ade12b55c27aa742347b70808','\'Title: Your AI Assistant has a Big Mouth: A New Side-Channel AttackAI assistants like ChatGPT are changing how we interact with technology. But what if someone could read your confidential chats? Imagine awkwardly asking your AI about a strange rash, or to edit an email, only to have that conversation exposed to someone on the net. In this talk we\'ll unveil a novel side-channel vulnerability in popular AI assistants and demonstrate how it can be used to read encrypted messages sent from AI Assistants.
\n\nBefore our disclosure, major players like OpenAI, Microsoft, Cloudflare, Quora, and Notion were at risk. We\'ll reveal the technical details of this exploit and show real-world examples of intercepted conversations. This talk isn\'t just about the problem – learn how to identify this vulnerability in other AI assistants as well! We\'ll dissect network traffic, discuss attack models, and explore the far-reaching consequences of this discovery.
\n\nReferences:\n1. Samuel Addington. Chatgpt: Cyber security threats and countermeasures. Available at SSRN 4425678, 2023.\n2. Benjamin Harsha, Robert Morton, Jeremiah Blocki, John Springer, and Melissa Dark. Bicycle attacks con- sidered harmful: Quantifying the damage of widespread password length leakage. Computers & Security, 100:102068, 2021.\n3. John V Monaco. What are you searching for? a remote keylogging attack on search engine autocomplete. In 28th USENIX Security Symposium (USENIX Security 19), pages 959–976, 2019.
\n\nSpeakers:Yisroel Mirsky,Roy Weiss,Daniel Ayzenshteyn,Guy AmitDr. Yisroel Mirsky is a tenure-track lecturer and Zuckerman Faculty Scholar in the Department of Software and Information Systems Engineering at Ben-Gurion University and the head of the Offensive AI Research Lab there. His main research interests include deepfakes, adversarial machine learning, anomaly detection, and intrusion detection. Dr. Mirsky has published his work in some of the best security venues: USENIX, CCS, NDSS, Euro S&P, Black Hat, DEFCON AI Village, RSA, CSF, AISec, etc. His research has also been featured in many well-known media outlets: Popular Science, Scientific American, Wired, The Wall Street Journal, Forbes, and BBC. Some of his works include the exposure of vulnerabilities in the US 911 emergency services and research into the threat of deepfakes in medical scans, both featured in The Washington Post.
\n\nSpeakerBio: Roy Weiss, Researcher and Master\'s Degree Student, Department of Software and Information Systems Engineering at Ben-Gurion University of the NegevRoy Weiss is a researcher and a master\'s degree student in the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev. His research interests include Cyber Security, Network Security and Deep Learning.
\n\nSpeakerBio: Daniel Ayzenshteyn, Researcher and Master\'s Degree Student, Department of Software and Information Systems Engineering at Ben-Gurion University of the NegevDaniel Ayzenshteyn is a researcher and master\'s degree student in the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev. His research interests span Network Security, Cyber Security and Network Modeling.
\n\nSpeakerBio: Guy Amit, PhD Candidate Student, Department of Software and Information Systems Engineering at Ben-Gurion University of the NegevGuy Amit works at IBM Research and is a PhD candidate student in the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev. His research interests include machine learning, adversarial learning, and IoT cyber security.
\n\n\n\'',NULL,614518),('4_Sunday','13','13:30','14:15','N','DC','LVCC West/Floor 3/W322-W327','\'Bringing Down North Korea\'','\'Alejandro Caceres\'','DC_1c34ec115e6dedcd7774e96be7e1af70','\'Title: Bringing Down North KoreaIn January 2021, I discovered that North Korean state-backed agents were targeting security researchers. A few people got hit, including me. They didn\'t get anything, but I was very frustrated by the inaction of law enforcement, intelligence agencies, and DoD. I decided I was going to see what I could do. Armed with my computer and a bunch of Takis I got to work mapping out NK\'s infrastructure. This talk will detail the methods and tools I used to bring down North Korea\'s internet for 9 days along with the architectural and other vulnerabilities I found that allowed for the attack. This presentation will cover the technical aspects of the attack, criticisms of the DoD and Intel Community, praise from the DoD and Intel Community and the implications of a small team of hackers, or just one dude, causing real-world impact. Attendees will gain insights into create methodologies for network exploitation and the ethical, practical, and resistance from the government to cyber guerrilla warfare, demonstrating the need for agile and responsive cyber capabilities in the modern world.
\n\nAlex is the dude that took down North Korea\'s Internet routing for 9 days. He owns Hyperion Gray and creates a bunch of open source software.
\n\n\n\'',NULL,614519),('4_Sunday','14','13:30','14:15','Y','DC','LVCC West/Floor 3/W322-W327','\'Bringing Down North Korea\'','\'Alejandro Caceres\'','DC_1c34ec115e6dedcd7774e96be7e1af70','\'\'',NULL,614520),('4_Sunday','13','13:30','14:45','N','DC','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'Contest Closing Ceremonies and Awards\'','\'\'','DC_f5e98510d411fcd3f389f6490893e795','\'Title: Contest Closing Ceremonies and AwardsMachine learning (ML) pipelines are vulnerable to model backdoors that compromise the integrity of the underlying system. Although many backdoor attacks limit the attack surface to the model, ML models are not standalone objects. Instead, they are artifacts built using a wide range of tools and embedded into pipelines with many interacting components.
\n\nIn this talk, we introduce incubated ML exploits in which attackers inject model backdoors into ML pipelines using input-handling bugs in ML tools. Using a language-theoretic security (LangSec) framework, we systematically exploited ML model serialization bugs in popular tools to construct backdoors. In the process, we developed malicious artifacts such as polyglot and ambiguous files using ML model files. We also contributed to Fickling, a pickle security tool tailored for ML use cases. Finally, we formulated a set of guidelines for security researchers and ML practitioners. By chaining system security issues and model vulnerabilities, incubated ML exploits emerge as a new class of exploits that highlight the importance of a holistic approach to ML security.
\n\n\n\nSpeakerBio: Suha Sabi Hussain, Security Engineer, Machine Learning Assurance Team at Trail of BitsSuha Sabi Hussain is a security engineer on the machine learning assurance team at Trail of Bits. She has worked on projects such as the Hugging Face Safetensors security audit and Fickling. She received her BS in Computer Science from Georgia Tech where she also conducted research at the Institute for Information Security and Privacy. She previously worked at the NYU Center for Cybersecurity and Vengo Labs. She’s also a member of the Hack Manhattan makerspace, a practitioner of Brazilian Jiu-Jitsu, and an appreciator of NYC restaurants.
\n\n\n\'',NULL,614523),('4_Sunday','14','13:30','14:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs\'','\'Suha Sabi Hussain\'','DC_10103d74d4668b2d03b3bf83dbb379aa','\'\'',NULL,614524),('4_Sunday','14','14:00','14:45','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Abusing legacy railroad signaling systems\'','\'David Meléndez,Gabriela (Gabs) Garcia\'','DC_2658f8982f4de1104b1f4022e386a0a2','\'Title: Abusing legacy railroad signaling systemsIn this study, we delve into the darker aspects of railway technology, revealing how easily accessible domestic hardware tools can compromise the seemingly infallible robustness of signaling systems. We demonstrate how these accessible technologies can be utilized to devise strategies that potentially threaten train circulation in Spain. Our research presents a critical analysis of the vulnerabilities present in the railway signaling systems, highlighting the ease with which these systems can be tampered with, using tools that are readily available to the general public. Through a combination of theoretical insights and practical demonstrations, we offer a comprehensive overview of the risks associated with such vulnerabilities.
\n\nOur findings aim to raise awareness among stakeholders in the railway industry, prompting a reevaluation of current security measures and encouraging the adoption of more stringent protections against such threats. This paper contributes to the ongoing discussion in the cybersecurity community, offering valuable insights into the potential risks facing modern transportation infrastructures and suggesting avenues for future research and development in railway system security.
\n\nWe consider this work to be innovative on a type of system that has been present for over half a century in railway infrastructures. Therefore, the references provided are primarily about the operation of the systems and relevant news concerning them.
\n\n\n\nSpeakers:David Meléndez,Gabriela (Gabs) GarciaDavid Melendez is an R&D Enginner and Red Team member at Innotec Security Part of Accenture, with over twelve years of experience in cybersecurity and hardware hacking. He has a proven track record of presenting his groundbreaking investigations at prestigious conferences around the world, including DEF CON, BLACKHAT, and ROOTEDCON.
\n\nDavid is also a drone creator and author of the book \"Hacking with Drones,\" which showcases his innovative use of drones in cybersecurity research. With his passion for pushing the boundaries of technology, David is constantly seeking new ways to improve the security and functionality of embedded systems.
\n\nSpeakerBio: Gabriela (Gabs) GarciaGabriela (Gabs) García is a university professor and mentor, Secure Software Developer and coding and cybersecurity instructor for organizations such as LinkedIn, Cyber Hunter Academy and Kschool. She teaches, whether that\'s in a lecture hall or over the internet, about software development, with a keen eye for secure practices. She is a speakers in several hacking CONs like DEF CON USA, ROOTEDCON etc.
\n\nGabriela is also an active member in hacker communities such as HackMadrid%27 and Hack%27, both at home in Spain and across the world. And as an independent professional, she gets to work with a wide variety of clients, crafting custom cybersecurity solutions to fit their specific needs.
\n\n\n\'',NULL,614525),('4_Sunday','15','15:00','17:45','N','DC','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'DEF CON Closing Ceremonies & Awards\'','\'Jeff \"The Dark Tangent\" Moss\'','DC_06175f75642c563d56c1236c3306af13','\'Title: DEF CON Closing Ceremonies & AwardsIf someone had told us this silly contest would be in its 8th year there\'s no way we would have believed it. Even when we thought \"hey, the gag is getting old, maybe it\'s time to hang it up\" that turned out to be the year we\'d gotten the most accolades from con goers during and after the contest. That was enough to recharge us and decide we\'ll do this until DC no longer exists. Proud isn\'t a grand enough word to describe how we feel to still be here and still making people laugh/feel better about themselves not being as stupid as us.
\n\nBut to answer Why Us? WSIIA has always been about community. Whether you killed your deck or went down in a spectacular blaze of flames, this game is nothing without the people who play it and the audience who watches it. And if we\'re not doing it for the community, why the fuck are we even here? We\'ll remain here as long as you\'ll have us, riding on a wing, a prayer, and airplane bottles of Malort all the way to Year 10. Now on to the boilerplate pitch:
\n\nWe\'re an unholy union of improv comedy, hacking and slide deck sado-masochism.
\n\nOur team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.
\n\nWhether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, it’s a night of schadenfreude for the whole family.
\n\n\'',NULL,614529),('2_Friday','19','18:30','19:30','Y','CON','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'Whose Slide Is It Anyway?\'','\'\'','CON_0e46c86f0a2151ae8cb3646446bc98f7','\'\'',NULL,614530),('2_Friday','10','10:00','10:59','N','CPV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Differential privacy beyond algorithms: Challenges for successful deployment\'','\'Rachel Cummings\'','CPV_db28f200de5daaebd1e1bcf1659abbb3','\'Title: Differential privacy beyond algorithms: Challenges for successful deploymentDifferential privacy (DP) has been hailed as the gold standard of privacy-preserving data analysis, by providing strong privacy guarantees while still enabling use of potentially sensitive data. Formally, DP gives a mathematically rigorous worst-case bound on the maximum amount of information that can be learned about an individual\'s data from the output of a computation. In the past two decades, the privacy community has developed DP algorithms that satisfy this privacy guarantee and allow for accurate data analysis for a wide variety of computational problems and application domains. We have also begun to see a number of high-profile deployments of DP systems in practice, both at large technology companies and government entities. Despite the promise and success of DP thus far, there are a number of critical challenges left to be addressed before DP can be easily deployed in practice, including: mapping the mathematical privacy guarantees onto protection against real-world threats, developing explanations of its guarantees and tradeoffs for non-technical users, integration with other privacy & security tools, preventing misuse, and more.
\n\nSpeakerBio: Rachel Cummings, Associate Professor of Industrial Engineering and Operations Research at Columbia UniversityDr. Rachel Cummings is an Associate Professor of Industrial Engineering and Operations Research and (by courtesy) Computer Science at Columbia University, where she is also a member of the Data Science Institute and co-chairs the Cybersecurity Research Center. She is also a Fellow at the Center for Democracy & Technology. Before joining Columbia, she was an Assistant Professor of Industrial and Systems Engineering and (by courtesy) Computer Science at the Georgia Institute of Technology, and she previously received her Ph.D. in Computing and Mathematical Sciences at the California Institute of Technology. Her research interests lie primarily in data privacy, with connections to machine learning, algorithmic economics, optimization, statistics, and public policy. Dr. Cummings is the recipient of numerous awards including an NSF CAREER award, a DARPA Young Faculty Award, a DARPA Director\'s Fellowship, an Early Career Impact Award, multiple industry research awards, a Provost’s Teaching Award, two doctoral dissertation awards, and Best Paper Awards at DISC 2014, CCS 2021, and SaTML 2023. Dr. Cummings also serves on the ACM U.S. Technology Policy Committee, the IEEE Standards Association, and the Future of Privacy Forum\'s Advisory Board.
\n\n\n\'',NULL,614531),('2_Friday','10','10:00','10:30','N','ICSV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Does the World Need Another Threat Model, the Road to EMB3D\'','\'Niyo Little Thunder Pearson,Jack Cyprus,Wyatt Ford\'','ICSV_2f49c993a3c8f757be128ed4ab441acc','\'Title: Does the World Need Another Threat Model, the Road to EMB3DWith all the various threat model frameworks available, STRIDE, Trike, PASTA, VAST, etc., does the world need another one?
\n\nThat was the question that shaped the creation of EMB3D, a threat model framework built around embedded systems (specifically in critical infrastructure) that addresses all phases of a threat to them: from the theorical/academic, proof of concept and exploit, to observed adversarial behavior.
\n\nBut the goal was greater than just the threat framework, it was to bring a common language to the global community to discuss weaknesses and threats while striving to bring transparency to what are considered “black box” electronic systems.
\n\nIn this presentation, we take you on the journey of how we went from venting about needing more transparency and accountability in the OT/ICS space to developing a new global threat model for embedded systems.
\n\nSpeakers:Niyo Little Thunder Pearson,Jack Cyprus,Wyatt FordWyatt Ford (@whyitfor) is a senior software engineer and engineering manager at Red Balloon Security and a core maintainer of OFRAK.
\n\n\n\'',NULL,614532),('2_Friday','10','10:00','10:59','N','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'Practical Exploitation of DoS in Bug Bounty\'','\'Roni \"Lupin\" Carta\'','BBV_382ab3e824b2c8f39fdf2ed1321bce51','\'Title: Practical Exploitation of DoS in Bug BountyThe talk \"Practical Exploitation of DoS in Bug Bounty\" explains methods for identifying and exploiting Denial of Service (DoS) vulnerabilities in bug bounty programs. Starting with an overview of DoS attacks and their impact, we will highlight how these attacks disrupt services by overwhelming resources or exploiting flaws. The talk covers various DoS attack types, including N+1 errors, in-depth GraphQL crashing, and Cache Poisoning, with real-world examples demonstrating their effects.
\n\nWe will then detail practical techniques for discovering DoS vulnerabilities. This includes automated scanning tools, manual testing methods, and understanding the target system\'s architecture.
\n\nN+1 errors occur when an application makes redundant database queries, significantly impacting performance. Attackers can exploit this by triggering numerous unnecessary queries, causing severe slowdowns or crashes. GraphQL, a query language for APIs, can be vulnerable to complex queries that consume excessive resources, leading to server crashes. We will show how to craft such queries and the resulting impact. Cache Poisoning involves manipulating cached data to serve malicious or incorrect content, which can disrupt services or degrade performance. We will explore techniques to poison caches and demonstrate the potential consequences.
\n\nAdditionally, the talk emphasizes the importance of responsibly reporting discovered vulnerabilities to bug bounty programs. Best practices are shared for effectively communicating findings and ensuring timely mitigation. Of course, there are some fails during this path, and those are going to be covered too.
\n\nThe session wraps up by stressing the need for continuous learning and staying updated on the latest trends in DoS attack vectors and mitigation strategies
\n\nSpeakerBio: Roni \"Lupin\" Carta, Co-Founder at Lupin & HolmesRoni Carta, a.k.a @Lupin, is a 22 years old ethical hacker. He left school and his virtual classes to devote himself full-time to hacking. He credits Maurice Leblanc\'s book \"Arsène Lupin\" with immersing him into the culture and mindset of ethical hacking.
\n\nRoni co-founded with his brother Lupin & Holmes, an offensive security Research & Development company
\n\n\n\'',NULL,614533),('2_Friday','10','10:00','10:59','N','XRV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Pwning through the Metaverse - Quest Headset Vulnerability Research\'','\'Luke McLaren\'','XRV_1514e5d0dc44dcb41084cb81a0982af2','\'Title: Pwning through the Metaverse - Quest Headset Vulnerability ResearchThis talk covers how to approach vulnerability research against Meta Quest headsets and VR applications.
\n\nWe explore how to approach discovering bugs in the Meta Quest through the third-party app attack surface. This emulates what potentially malicious apps could achieve once installed and the unique attacks available in comparison to general mobile malware. This research culminates in a demonstration of triggering a novel vulnerability discovered in the OpenXR client implementation of the Quest.
\n\nBeyond this, we cover the unique remote attack surface exposed via the Horizons and first-party social app of the Quest - in particular we focus on attacking the rendering of user avatars. These bugs are possible to be triggered whenever within the same virtual space as a malicious user and represent a new attack surface not previously available. This research culminates in triggering a novel vulnerability in libovravatar2p.so which allows remote memory corruption and represents the building blocks for RCE across the metaverse.
\n\nSpeakerBio: Luke McLaren, Founder at Signal 11 Research LtdLuke McLaren is the founder of Signal 11 Research Ltd., a cybersecurity company specializing in mobile security research and training. With an impressive track record, Luke has claimed bug bounties from tech giants like Amazon, Meta, and Match.com. His expertise extends to virtual reality security, particularly with the Quest device series which he has worked with Meta to secure.
\n\n\n\'',NULL,614534),('2_Friday','10','10:30','10:59','N','ICSV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Attack and Defence in OT - Simulating attacks against hydroelectric power plants leveraging ICS Firing Ranges\'','\'Julia Dewitz-Würzelberger,Bernhard Sedlmayer,Sarah Mader\'','ICSV_817d010d61bdcaf4e8916e87557e1963','\'Title: Attack and Defence in OT - Simulating attacks against hydroelectric power plants leveraging ICS Firing RangesIn this talk we will present the ICS firing range we built and hacked to simulate an actual attack against a hydroelectric power plant and create a DFIR training from the evidence left behind. The talk aims to emphasize the importance of attack simulation in the context of critical infrastructure and the potential benefit that firing ranges can provide to such assessments.
\n\nFirst we will examine the motivation behind the construction and usage of a firing range, covering various aspects including:\n- the threats operators of critical infrastructure face,\n- how security assessments are conducted in an OT context and\n- how an ICS firing range can be utilized to support them.
\n\nNext we will discuss the intended use cases of the firing range and the scenario it was made to display, the flooding of a hydroelectric power plant. As a result, the relevant components and production processes of the plant will be outlined.\nThen we will present and go into detail about the design & architecture of the firing range:\n- individual physical and virtual networks and components,\n- separate Active Directory environments,\n- implemented security measures\n- specific vulnerabilities intentionally left behind.
\n\nPicking up this last bullet-point, we continue with how we hacked the firing range and performed a Red Team assessment against it, simulating an actual attack. Starting with the C2 infrastructure we set up for the attack, we will guide the audience through the kill chain in chronological order and highlight the most important and relevant steps of the attack.
\n\nOnce the offensive part of the talk concludes, a shift of perspective takes place and the attack is evaluated from the defence\'s point-of-view: we\'ll show how we identified, secured and analyzed indicators of compromise left behind by the attack. This includes the analysis of network captures, Windows event logs, memory dumps and more.
\n\nThis talk will be presented by not only people from NVISO as the IT security service provider who built the firing range and performed to attack against it, but also by people from VERBUND\'s IT security team who actively use the firing range for training. This way we can involve both the attacker\'s and the defence\'s point-of-view.
\n\nSpeakers:Julia Dewitz-Würzelberger,Bernhard Sedlmayer,Sarah MaderJulia Dewitz-Würzelberger is a project manager in the area of OT cyber security at VERBUND, Austria\'s largest energy supplier. Since 2023, she has been Head of the OT Cyber Security Lab, where she designs and implements concepts for innovative OT projects.
\n\nHer projects cover a broad spectrum, ranging from creating deception technology systems and the emulation of OT components to the operation of a quantum cryptography test setup.
\n\nAs she can be interested in almost anything, she also completed a degree in anthropology and educational science before moving into IT/OT security.
\n\nSpeakerBio: Bernhard SedlmayerBernhard Sedlmayer is a Security Engineer and Lego enthusiast. He is responsible for the OT security of the ICS/SCADA Systems at Austria\'s largest electricity provider with around 130 hydropower plants. He has 20 years of experience in the energy supply industry and supports many innovative and fundamental projects in operational technology as an OT security specialist. Red Teaming and pentesting on Windows and Linux Systems is also one part of his daily to-do\'s.
\n\nSpeakerBio: Sarah Mader, Senior Consultant at NVISOSarah is a Senior Consultant at NVISO, with a focus on Red Team Assessments. Complementing her cybersecurity experience, she has developed proficiency in Operational Technology (OT) assessments and continues to specialize further in this area.
\n\nShe possesses a Master\'s degree in Applied IT Security, which has been enriched by her diverse experiences in cybersecurity roles across various companies.
\n\nIn addition to her professional work, Sarah is dedicated to contributing to the community by leading workshops and delivering presentations at industry conferences.
\n\n\n\'',NULL,614535),('2_Friday','11','11:00','11:30','N','XRV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'National Labs Use of XR\'','\'Martin Pratt\'','XRV_aa220d696e9e5591b40594ed7fbaae27','\'Title: National Labs Use of XRThe DOE National Lab mission space includes exploring the use of disruptive technology to enable increasing efficiency and abilities of operations critical to national security, infrastructure, communication, and many other fields. The XR field has become a new area of active research and implementation at many national labs across the US, integrating with cutting edge hardware and software to enable users with increased capabilities. At the Pacific Northwest National Lab (PNNL), we have been using immersive XR platforms to enable a variety of government and external sponsors with novel approaches to their field. These include creating new 3D virtual twins to enable remote engagements as if remote users had access to one-of-a-kind lab equipment, creating simulation environments of hazardous environments or dangerous situations that can’t be recreated in the real world, and outreach and communication projects to engage both sponsors and the public with critical information about current security threats. During this presentation I will touch on a few case studies of projects taken on at PNNL to make the best use of XR platforms, and where we see future development with this capability.
\n\nSpeakerBio: Martin Pratt, Lead, Immersive Computing Development Team at Pacific Northwest National LabMartin Pratt (AR/VR, software development, mobile & web app development, data visualization, subsurface geophysics): Software engineer. At the Pacific Northwest National Lab, Pratt leads the Immersive Computing development team, supporting efforts across a range of government agency mission spaces. He has worked on a number AR/VR projects including training simulations, data visualization, and educational games. He has developed software and subsurface 3D data visualizations that run on multiple platforms that include several public-facing applications.
\n\n\n\'',NULL,614536),('2_Friday','11','11:00','11:59','N','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'From Easy Wins to Epic Challenges: Bounty Hunter Edition\'','\'Daniel \"Blaklis\" Le Gall\'','BBV_92e15c04932ed6a7b6ae20b2920071f2','\'Title: From Easy Wins to Epic Challenges: Bounty Hunter EditionStep into the mind of a bug bounty hunter as I take you on a journey through my own adventures in vulnerability hunting. In this presentation, I’ll share some of the most intriguing bugs I\'ve discovered, from the shockingly/stupidly simple to the mind-bendingly complex.
\n\nWe\'ll start with the surprising simplicity of some bugs, but as the hunt isn’t always so simple, I’ll also reveal some complex bug chains that required advanced knowledge, lot of work and probably some hacker\'s intuition to know it was worth pushing further.
\n\nIf you want to know how a coffee break gave me the opportunity to get infinite money, or how a vulnerable CAPTCHA helped me to break the encryption of a sensitive application - you\'re in the right place!
\n\nSpeakerBio: Daniel \"Blaklis\" Le GallBlaklis is a bug bounty hunter that started seven years ago, as a hobby. He co-founded a company that was doing, as one of the main activities, bug bounty hunting, and decided to get back to freelance again two years ago, to be free again.
\n\n\n\'',NULL,614537),('2_Friday','11','11:00','11:30','N','CPV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Travel Better: Expedient Digital Defense\'','\'Grey Fox\'','CPV_18a7496d4a7e29e0dacb43f15213ad28','\'Title: Travel Better: Expedient Digital DefenseExpedient Digital Defense focuses on using free and readily available applications, or recommending paid-for commercial apps and tools that have proven records of credibility, to make our devices and online presence less harmful to us. We will follow a typical traveler in the United States, with some experiences drawn from overseas travel.
\n\nThe talk stresses the value of Operational Security (OPSEC), and the mindset of seeing every piece of communication through the eyes of your adversary. The intent is to make people think twice before revealing anything considered sensitive, even if using the latest and greatest encryption. The surveillance economy and ever-present data collection in our modern world demand better awareness of how our digital world works. We’ll discuss examples like invasive social media collection, foreign influence on public perception, data insecurity putting users in danger, and advertising models based on location and click tracking.
\n\nFinally, the take-away is knowing the tools and tech available, and being able to select those which fit your needs, if at all. Most of the time, one mitigation isn\'t enough, and several need to be emplaced to achieve proper defense in depth, in case one solution fails. Even if no technical solutions are put in place, the user will have that \"red team\" mindset and awareness that calibrates better judgment over technical solutions, and promotes OPSEC and rational thinking for security rather than blindly depending on apps and gadgets.
\n\nSpeakerBio: Grey FoxGrey Fox, the callsign assigned to him by a DHS colleague, recently retired from the U.S. military after 20 years of service as an intelligence analyst, language analyst, digital network intelligence targeter, cyberspace mission leader, and digital defense education program leader. Having deployed eight times supporting front line combat teams, his experience ranges from offensive cyberspace operations planning and execution to military information support operations. Along the way, Grey Fox acquired multiple creds, including GCTI, GASF, GAWN, and CWNA. He currently instructs Digital OPSEC at the U.S. Army Security Cooperation Officer course and the U.S. Air Force Research Lab, as well as SDR foundations and Wi-Fi hacking at the U.S. Army Signal School.
\n\n\n\'',NULL,614538),('2_Friday','11','11:30','12:30','N','DC','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Custom, cheap, easy, and safe badges - without starting from scratch\'','\'Joe \"securelyfitz\" FitzPatrick\'','DC_552a67ef0cada7746b16d496fd2419a3','\'Title: Custom, cheap, easy, and safe badges - without starting from scratchElectronic conference badges are cool and everything, but they\'re A LOT of time, money, and effort including but not limited to hardware, software and art design, testing, manufacturing, testing, provisioning, and repairing.
\n\nI\'ll share OpenTaxus, a relatively simple, cheap, mass-producible, and open-source badge design. We\'ll start out by looking at and understanding the design and implementation, highlighting the areas worth customizing (and which to leave as-s). I\'ll do a walkthrough of a few changes to customize the design - in KiCAD for hardware changes, and in CircuitPython for software changes.
\n\nWe\'ll wrap up with some discussion of how to handle cost reduction to fit in a certain budget, manage badge logistics for events of different sizes, and warn about some of the many pitfalls that electronic badges suffer. You should walk away with the ability to customize a badge to be mass produced for your own event.
\n\nSpeakerBio: Joe \"securelyfitz\" FitzPatrick, Instructor and Researcher at SecuringHardware.comJoe FitzPatrick (@securelyfitz) is an Instructor and Researcher at SecuringHardware.com. Joe started his career working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He founded SecuringHardware.com and has spent decades developing and leading hardware security-related training, instructing hundreds of security researchers, pen-testers, hardware validators worldwide. When not teaching classes on applied physical attacks, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.
\n\n\n\'',NULL,614539),('2_Friday','12','11:30','12:30','Y','DC','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Custom, cheap, easy, and safe badges - without starting from scratch\'','\'Joe \"securelyfitz\" FitzPatrick\'','DC_552a67ef0cada7746b16d496fd2419a3','\'\'',NULL,614540),('3_Saturday','10','10:00','10:30','N','ADV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Sneaky Extensions: The MV3 Escape Artists\'','\'Vivek Ramachandran,Shourya Pratap Singh\'','ADV_bf09128f2f11e1c8c907077525d72c54','\'Title: Sneaky Extensions: The MV3 Escape ArtistsEver since the pandemic and the rising popularity of work-from-home and hybrid models, there has been an increase in the usage of browsers, particularly video conferencing and collaboration applications. While some extensions enhance the user experience, some can gravely affect users\' privacy and security.
\n\nOver the past few years, extensions have gained recognition for nefarious activities, from simple color picker extensions to productivity-first AI extensions. And now more than ever, attackers are leveraging malicious extensions to steal user data, promote ads, affiliate marketing, and more. Realizing the abuse, Google pivoted from the MV2 model to the latest MV3, providing better security and locking down the extension from running rampant. While some security measures have been introduced in MV3, it is far from safe. In this talk, we will be demonstrating a suite of attacks, while requiring the least amount of permissions, which 95% of extensions on the Chrome store have. We will showcase stealth stealing of webcam feed, audio streams, clipboard data, and stealing credentials from other extensions like password managers.
\n\nMV3 also introduced security measures to block the usage of functions like eval and new Function that allowed arbitrary code execution. We’ll showcase how an extension can still do arbitrary code execution effectively bypassing the MV3 restrictions.
\n\nIn this talk, we will also propose changes to the extension security model to prevent the lurking loopholes. We will also be demonstrating how malicious extensions can interfere with other extensions and steal sensitive information such as Credit card, passwords, OTP, etc, from other extensions.
\n\nSpeakers:Vivek Ramachandran,Shourya Pratap SinghVivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. Before that, Vivek’s company built an 802.11ac monitoring product sold exclusively to defense agencies. Vivek discovered the Caffe Latte attack, broke WEP Cloaking, conceptualized enterprise Wi-Fi Backdoors, and created Chellam (Wi-Fi Firewall), WiMonitor Enterprise (802.11ac monitoring), Chigula (Wi-Fi traffic analysis via SQL), Deceptacon (IoT Honeypots), among others. He is the author of multiple five-star-rated books in offensive cybersecurity, which have sold thousands of copies worldwide and have been translated into multiple languages. He has been a speaker/trainer at top security conferences such as Blackhat USA, Europe and Abu Dhabi, DEFCON, Nullcon, Brucon, HITB, Hacktivity, and others. Vivek’s work in cybersecurity has been covered in Forbes, TechCrunch, and other popular media outlets. In a past life, he was one of the programmers of the 802.1x protocol and Port Security in Cisco’s 6500 Catalyst series of switches. He was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He has also published multiple research papers in the field of DDoS, ARP Spoofing Detection, and Anomaly-based Intrusion Detection Systems. In 2021, he was awarded an honorary title of Regional Director of Cybersecurity by Microsoft for a period of three years, and in 2024 he joined the BlackHat Arsenal Review Board.
\n\nSpeakerBio: Shourya Pratap Singh, Principal Software Engineer at SquareXShourya Pratap Singh is a Principal Software Engineer at SquareX. He is responsible for building SquareX\'s security-focused extension and works on researching methods to counteract web security risks. He has conducted a workshop at the Texas Cyber Summit and published work at Blackhat Arsenal EU. He has a bachelor\'s degree from IIIT Bhubaneswar and holds a patent. His area of interest includes browser extensions and web application security.
\n\n\n\'',NULL,614541),('2_Friday','12','12:00','12:59','N','LPV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Safecracking for Everyone\'','\'Jared Dygert\'','LPV_dce03f977e8c93aef31d4294e81d49f3','\'Title: Safecracking for EveryoneLearn the inner workings and vulnerabilities of mechanical combination safe locks! Safe manipulation is an underrated aspect of locksport and this talk will guide you through the ins and outs of how to do it.
\n\nSpeakerBio: Jared DygertJared is a long time lock sport enthusiast and an instructor at a locksmithing school on safe manipulation and lockpicking. He has been opening locks and breaking security for roughly 15 years. His other hobbies include rock climbing and 3D printing.
\n\n\n\'',NULL,614542),('3_Saturday','10','10:30','10:59','N','ADV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Tough Adversary? Don’t Blame Sun Tzu\'','\'Gregory Carpenter\'','ADV_cd9444ff332d3e4cf7f4cf28c3ac3103','\'Title: Tough Adversary? Don’t Blame Sun TzuYears ago, when I started working at the NSA, I said to myself, now I can see what’s really happening and what needs to be done to address our adversaries and put an end to cybercrime. Well, I was sure wrong. I worked in a few different offices and participated in hundreds of operations, only to find frustration time and time again. What happened? What was it that we just couldn’t put our finger on? Yes, we were successful in addressing criminal activity. Yes, we could successfully negotiate the contested cyberspace domain. But adversarial activity kept popping up on our radar. It was Whack-A-Mole 2.0.
\n\nWas it the technologies we used? No, we had state-of-the-art capabilities. Was there a lack of technical training amongst operators? No, again, taxpayers coughed up plenty, and they got their money’s worth. I concluded that it was strategy; it was philosophy. Sure, we had all the technical capabilities in the world, but we were using everything wrong.
\n\nI was in the Information Warfare Support Center. We were supposed to know what to do and how to do it! So, I started studying not only traditional but contemporary philosophy as well. I gained access to curricula in China, Russia, and the USA. This presentation informs the attendees of the adversarial philosophy taught in the military academies in China and Russia, which is taken from their curricula and papers published in various journals and practice today.
\n\nSpeakerBio: Gregory Carpenter, CSO at KnowledgeBridge InternationalGregory Carpenter is the CSO of KnowledgeBridge International, a Fellow of the Royal Society for the Arts, and the National Security Agency’s Operations Officer of the Year. He serves on the Board of Directors for ATNA Systems, is a Senior Advisor for ARIC, Inc., and is a Special Operations Medical Association and Military Cyber Professionals Association member. He is a former member of the Board of Advisors for EC-Council University and the International Board of Advisors for the Mackenzie Institute.
\n\nHe has held various senior military and civilian positions, including COO, VP for Cyber Operations, Chief of Security Testing, Counterintelligence Division Chief, Chief of Special Space Operations, and Functional Team Lead for Electronic Warfare. He has been an epidemiological primary investigator.
\n\nGregory is a retired army officer of 27 years, he holds a Doctorate in Public Health. He is a Certified Information Security Manager, Lean Six-Sigma Black Belt, and ISO-9000 lead auditor.
\n\n\n\'',NULL,614543),('4_Sunday','12','12:00','12:59','N','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'Winning the Game of Active Directory\'','\'Brandon Colley\'','PHV_79073ce56a51c486105eb46a60a57328','\'Title: Winning the Game of Active DirectoryThe Game Of Active Directory (GOAD) is a prebuilt vulnerable Active Directory (AD) environment primarily created for pentesters. Touting over 30 methods of attack, GOAD offers multiple paths to full AD takeover. But is that really how you win the game? Regardless of color, as security professions our goal should be to better secure environments. This talk walks through AD attack strategies, exploiting misconfigurations that ultimately pwn AD. Mitigations for these attacks are discussed and implemented, showcasing how they stop common attacks. Implementing these protections in your environment is truly how you win the Game Of Active Directory.
\n\nSpeakerBio: Brandon Colley, Senior Security Consultant at TrimarcBrandon Colley has over fifteen years of experience administering and securing Active Directory (AD) and Windows environments. Brandon is a Senior Security Consultant for Trimarc specializing in providing reality-based AD and Entra ID security assessments. He served as a systems administrator for multiple organizations before shifting career focus to information security. He has published multiple articles through Quest, Practical 365 and Trimarc Hub. Brandon enjoys speaking engagements and has previously presented at BsidesKC, Hackers Teaching Hackers, and PancakesCon. He co-hosts a weekly podcast, interviewing infosec professionals and has appeared on multiple broadcasts, including the Phillip Wylie Show. Brandon delivers material in a humorous, yet effective manner with a focus on content built for a Blue Team through a Red lens.
\n\n\n\'',NULL,614544),('2_Friday','12','12:30','12:59','N','ADV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'MFT: Malicious Fungible Tokens\'','\'Cybelle Oliveira ,Mauro Eldritch\'','ADV_2696eb541e57fe97dea738e95ced4580','\'Title: MFT: Malicious Fungible TokensIn this technical talk, we will uncover a new aspect of NFTs: using them as attack vectors to relay C2 commands. Fingerprinting a system? Exfiltrating information? Encrypting and wiping data? Executing arbitrary commands? Of course! But with a dark twist: deployed NFTs are blockchain-backed assets immune to takedowns. Imagine having your own “immortal” C2 Server for less than $10 dollars in $ETH.
\n\nFor this, we will introduce “mFT” an open-source tool that automates the creation of malicious payloads and provide sample harmless NFTs, allowing attendees to explore this novel attack vector on their own machines safely. This talk is the spiritual successor of \"Everything is a C2 if you\'re brave enough\".
\n\nSpeakers:Cybelle Oliveira ,Mauro EldritchCybelle Oliveira is a Cybersecurity Consultant, postgraduate in Cyber Threat Intelligence and Master\'s student in Cyber intelligence at the International Cybersecurity Campus of the University of Murcia, Spain. She has been involved in privacy and security activism for over 10 years and has presented talks at events around the world, including BSides LV, BSides SP, Girls Hack Village (DefCon), 8.8 Chile, Internet Freedom Festival, Radical Networks, Mozilla Festival, Roadsec, Cryptorave, among others. Cybelle is part of the Mozilla community and is the director of the Casa Hacker organization.
\n\nCybelle Oliveira es Consultora de Ciberseguridad, postgraduada en Cyber Threat Intelligence y estudiante de Máster en Ciberinteligencia en el Campus Internacional de Ciberseguridad de la Universidad de Murcia, España. Ha estado involucrada en activismo de privacidad y seguridad durante más de 10 años y ha presentado charlas en eventos por todo el mundo, como BSides LV, BSides SP, Girls Hack Village (DefCon), 8.8 Chile, Internet Freedom Festival, Radical Networks, Mozilla Festival, Roadsec, Cryptorave, entre otros. Cybelle forma parte de la comunidad Mozilla y es directora de la organización Casa Hacker.
\n\nSpeakerBio: Mauro Eldritch, Founder at Birmingham Cyber Arms LTDMauro Eldritch is an Argentine hacker, founder of Birmingham Cyber Arms LTD and DC5411 (Argentina / Uruguay). He has spoken at various events, including DEF CON (10 times). He is passionate about Threat Intelligence and Biohacking.
\n\nMauro Eldritch es un hacker argentino, fundador de Birmingham Cyber Arms LTD y DC5411 (Argentina / Uruguay). Habló en diferentes eventos incluyendo DEF CON (10 veces). Le apasiona la Inteligencia de Amenazas y el Biohacking.
\n\n\n\'',NULL,614545),('2_Friday','12','12:30','12:59','N','PSV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'RFID 101\'','\'Andrew M,Ege Feyzioglu\'','PSV_ffd7983f3fa1d3cc0a854194d5d3d2fb','\'Title: RFID 101You know the sound of beep... Click when using a badge to enter a door to a building, but how does this work and how can you hack it? This talk will explain the basics of what’s inside the readers and the badges, and how they communicate wirelessly. You will learn about the common tools available (Proxmark, Flipper, Keysy), how to get one and how to use it. We’ll talk about techniques to clone badges, and brute force systems to get access you never had in the first place.
\n\nSpeakers:Andrew M,Ege FeyziogluAndrew M. is a security researcher with a background in the telecommunications industry. His career began at the Blackberry RF test lab, where he honed his expertise in RF testing and wireless protocols. Andrew has continued to expand his skills at a major Satellite Telecom company while moonlighting as a security researcher with an interest in RFID technology and wireless security, consistently expanding his knowledge and skills. He actively contributes to the cybersecurity field through the Physical Security Village educating the public on RFID security best practices and hands-on experimentation, leveraging his extensive experience to drive advancements in wireless security.
\n\nSpeakerBio: Ege Feyzioglu, Physical Security Analyst at GGR SecurityEge is a security researcher specialising in access control systems and electronics. She is currently pursuing a degree in Electrical Engineering and works part-time for GGR Security as a Physical Security Analyst
\n\n\n\'',NULL,614546),('2_Friday','13','13:00','13:59','N','PSV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Bypass 101\'','\'Karen Ng,Sam Mayers\'','PSV_e4b85b0fe1b04365104bb51687b728af','\'Title: Bypass 101There are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn how to do these attacks in this talk!
\n\nSpeakers:Karen Ng,Sam MayersKaren is a Risk Analyst at GGR Security, and is one of GGR\'s entry team for physical penetration tests. She has a strong interest in physical security, delivering trainings on physical security vulnerabilities to a wide range of audiences. Karen comes from a background in engineering and has extensive experience in major event logistics. She is one of the Village Leads at the Physical Security Village, and works with the rest of the PSV team to teach how to recognize and fix security exploits to the community. Graphic design is her passion.
\n\nSpeakerBio: Sam Mayers, Security Researcher at Beazley SecuritySam is a Security Researcher at Beazley Security with a focus on threat intelligence and cybercrime. She is a board member for non-profits such as Physical Security Village and clearsear.ch. Within Physical Security Village she focuses on discovering and teaching new physical security issues to members and attendees during village events.
\n\n\n\'',NULL,614547),('2_Friday','13','13:00','13:30','N','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'MoWireless MoProblems: Modular Wireless Survey Systems and the Data Analytics That Love Them\'','\'Geoff Horvath,Winson Tam\'','PHV_00b2ab12dcfa441294668549425dd9eb','\'Title: MoWireless MoProblems: Modular Wireless Survey Systems and the Data Analytics That Love ThemOften there are times to collect #allTheWireless, but with that comes some planning, we\'ve created a modular survey system and developed an Elastic-based analytic platform named PacketGlass to visualize and explore the terabytes of information collected over multiple surveys. Our system collects all data types supported by Kismet plus raw PCAP data, ingests the data, and displays tens of millions of devices in an easy to query and display manner. Using different parsing techniques, We plan to show how to build one of these survey platforms and discuss the methodology used to transform Elastic into a robust analytical platform.
\n\nSpeakers:Geoff Horvath,Winson TamGeoff Horvath is the founder of Alsatian Consulting, LLC. He has 13 years experience in the US Army as an intelligence officer specializing in signals intelligence. After leaving the military in 2021, he began researching and providing digital security assessments and recommendations. He currently advises private individuals, companies, and others in matters of privacy, security, and technology. He also once got kicked out of NSA Headquarters while looking for the gift shop.
\n\nSpeakerBio: Winson TamWinson Tam is a cybersecurity expert with over eight years of experience across government and private sectors. His work encompasses attacking, defending, and designing secure systems, notably for the US government, and a significant consulting career within the financial and industrial spaces. Tam\'s contributions in these areas have consistently resulted in tangible value and high customer satisfaction.
\n\n\n\'',NULL,614548),('2_Friday','13','13:00','13:30','N','IOTV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Preparing for the Future: A Discussion of our Rapidly Evolving Threat Landscape\'','\'Jamie Hardy,Rachael Tubbs,Steve McGregory ,Ted Harrington\'','IOTV_62717aff283342c524b65e66e76e1cda','\'Title: Preparing for the Future: A Discussion of our Rapidly Evolving Threat LandscapeAll of these changes have played a major role in reshaping the security landscape. From adversaries with political motivations to another just trying to provide for his/her family. Security is no longer just your job, but you could actually be held personally liable. Oh and don’t forget that an adversary now has the ability to rewrite vulnerabilities with the click of a button, or can create deep fakes so real that a zoom call with multiple “people” was undetectable by a real person.
\n\nSpeakers:Jamie Hardy,Rachael Tubbs,Steve McGregory ,Ted HarringtonJamie Hardy is a Principal Product Manager at Intuit responsible for Adversary Management. He\'s spent 14 years in the industry with a background as a software and cyber security engineer. He\'s worked in fintech, government, and semiconductor spaces making the transition from engineering to Product Management when taking on IoT security at Qualcomm. He likes to break things, build things, and is passionate about bringing new products to reality, which makes him a swiss army knife for cybersecurity product management. You may catch him on the slopes, at the links, or leading security conferences. He enjoys family time with his wife, young baby son, two vizslas, all while rocking Hawaiian shirts.
\n\nSpeakerBio: Rachael TubbsRachael Tubbs is the village lead of IoT Village. She is currently working on her PhD in Forensic Psychology where she is studying the world of ethical hacking and the mindset of hackers. She has presented at Hack the Capitol and RSA Conference.
\n\nSpeakerBio: Steve McGregory , Senior Director of the Cybersecurity Center of Excellence (COE) at Keysight TechnologiesSteve McGregory is Senior Director of the Cybersecurity Center of Excellence(COE) at Keysight Technologies. The Cybersecurity COE researches cyber threats and gathers actionable intelligence. Steve has over three decades of experience working in computer and network security. Steve\'s work experience has covered all aspects of cybersecurity, from operational security practices such as defending an Internet Service Provider business, building security controls at TippingPoint(now Trend Micro), and, most recently, building cybersecurity test solutions at Keysight Technologies. Steve is passionate about cybersecurity and focuses his professional work on educating people about and protecting them from cyber-attacks.
\n\nSpeakerBio: Ted Harrington, Executive Partner at Independent Security EvaluatorsTed Harrington is the Executive Partner at Independent Security Evaluators and the number one bestselling author of Hackable. He’s helped hundreds of companies fix tens of thousands of security vulnerabilities, including Google, Amazon, and Netflix. Ted has been featured in more than 100 media outlets, including The Wall Street Journal, Financial Times, and Forbes.
\n\n\n\'',NULL,614549),('2_Friday','13','13:00','13:30','N','CHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'V2GEvil: Ghost in the wires\'','\'Pavel Khunt,Thomas \"Cr0wTom\" Sermpinis\'','CHV_b921a6ca45728fb31d2e7013358ac0f6','\'Title: V2GEvil: Ghost in the wiresThis research aims to enhance electric vehicle cybersecurity by uncovering vulnerabilities in the Electric Vehicle Communication Controller (EVCC), crucial for charging communication. We\'ve developed a specialized security tool after examining electric vehicle charging ports and On-Board Charging (OBC) protocols, with a focus on ISO 15118 standards.
\n\nSpeakers:Pavel Khunt,Thomas \"Cr0wTom\" SermpinisPavel Khunt is an Automotive Security Researcher and Penetration Tester at Auxilium Pentest Labs. With a background in engineering, Pavel graduated from FIT CTU, where his master’s thesis focused on V2G (Vehicle-to-Grid) communication during the charging of Electric Vehicles (EVs). Passionate about ensuring the safety and security of automotive technologies.
\n\nSpeakerBio: Thomas \"Cr0wTom\" Sermpinis, Technical Director at Auxilium Pentest LabsThomas Sermpinis (a.k.a. Cr0wTom) is the Technical Director of Auxilium Pentest Labs and independent security researcher with main topics of interest in the automotive, industrial control, embedded device, and cryptography sectors. During his research, he published several academic papers, 0days and tools with the ultimate goal of making the world a safer place, but also helped almost 200 OEMs and Tier 1 automotive suppliers to achieve better security and develop more secure products.
\n\nAdditionally, he spoke in several highly technical security conferences, presenting his research and trying to create safer streets for drivers, passengers, pedestrians, and everyone in the street, including Zer0Con, TyphoonCon, TROOPERS, DeepSec and others.
\n\n\n\'',NULL,614550),('2_Friday','13','13:30','13:59','N','CHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Building a secure and resilient nationwide EV charging network: the role of hackers in the clean energy revolution \'','\'Harry Krejsa,Sarah Hipel\'','CHV_a91d6a0c348a69b0044a1c8f4bb4bdfb','\'Title: Building a secure and resilient nationwide EV charging network: the role of hackers in the clean energy revolutionUnprecedented investments in vehicle electrification are creating new pathways for hackers to exploit EVs and EV chargers. Many of these risks are theoretical and have not been demonstrated in the wild…yet. Policymakers are racing to better understand systemic cyber risks present in this new EV ecosystem—particularly those which might impact the electric grid—so we can devise effective mitigations now. This talk offers a White House policymaker’s perspective on the changing EV landscape, new policy measures under consideration to identify and reduce the impact of vulnerabilities, and the critical role that hackers can play in focusing our work.
\n\nSpeakers:Harry Krejsa,Sarah HipelHarry Krejsa is the Assistant National Cyber Director for Strategy. He leads the office’s development of cyber and technology strategy for domestic and international policy, including co-directing the drafting, interagency approval, and rollout of President Joe Biden’s National Cybersecurity Strategy. Prior to joining the Office of the National Cyber Director, Harry oversaw strategy and U.S.-China competition for the Department of Defense’s cyber policy office. He drafted the 2018 DoD Cyber Strategy and inaugural Cyber Posture Review, which provided guidance for using new offensive military authorities to deter and disrupt adversary cyber campaigns, and negotiated numerous “Hunt Forward” joint operations with foreign militaries to root out adversary malware on strategic systems. Upon leaving DoD he was awarded the Office of the Secretary of Defense Medal for Exceptional Public Service. From 2019-2020 Harry was detailed to serve as Director of the Integration Cell at the U.S. Cyberspace Solarium Commission, where he led research on emerging technology trends and their implications for U.S. government policy. He oversaw the Commission’s strategy and policy development on norms and values in technology design, artificial intelligence, election cybersecurity, and China’s influence over strategic technologies. Before joining government, Harry was a Fellow at the Center for a New American Security where he researched U.S.-China economic and technology competition, broader Indo-Pacific security strategy, and the intersection of foreign and domestic policy in the United States. Harry also worked as a professional staff member for the Congressional Joint Economic Committee, served as a researcher at the Center for the Study of Chinese Military Affairs at National Defense University, led field analysis on political transition in Myanmar, piloted anti-terror training programs in South Asia, and completed a Fulbright Fellowship in Taiwan. Harry’s policy writings have appeared in Foreign Affairs, Politico, War on the Rocks, Fortune, and a number of regional American newspapers. His analysis has been featured in outlets like CBS News and Bloomberg, and he has given televised Chinese-language commentary to Voice of America. He is a Lecturer of International Affairs at George Washington University on defense and technology policy.
\n\nSpeakerBio: Sarah Hipel, Standards and Reliability Program Manager at ONCDThis is an entry level talk about the practical parts of Physical Security Assessment, and how to talk to clients.
\n\nSpeakerBio: Dylan \"The Magician\" Baklor, Web Application Pentester and Network Security Pentester at Macy\'sDylan Baklor, known by the handle \"The Magician,\" is a seasoned security professional with extensive experience in both physical and network security. With 1.5 years dedicated to Physical Penetration Testing at Goldsky Security, Dylan developed and implemented comprehensive Physical Security testing Policies and Procedures, conducted rigorous testing, and provided actionable remediation recommendations. Notable, albeit unconventional, achievements include discovering network racks in restrooms and breaching a satellite manufacturing facility with compressed air. Holding certifications such as Pentest+, Security+, Network+, and CISSP, Dylan is continuously expanding their expertise. Currently, Dylan works at Macy\'s as a Web Application Pentester and Network Security Pentester, with a particular passion for wireless technologies including RFID, Bluetooth, and WiFi. Known for teaching clients how to identify and rectify their own security vulnerabilities, Dylan emphasizes practical knowledge and hands-on interaction. An engaging speaker on the fundamentals of physical security, Dylan is also a Cyborg, please ask him about it!
\n\n\n\'',NULL,614552),('2_Friday','13','13:30','14:30','N','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'Signature-Based Detection Using Network Timing\'','\'Josh Pyorre\'','PHV_b7d2da46769c3ff2923611472d963b1b','\'Title: Signature-Based Detection Using Network TimingMalware traffic is commonly identified using signatures based off its code, strings, and associated network infrastructure. However, it\'s also possible to build signatures from the timing between network transactions. This presentation will explore using network captures of known malicious network activity to find similar behavior in random traffic. The talk is technical as it involves processing packets with Python and a some data science, but will be presented in a way that anyone should be able to understand and enjoy.
\n\nSpeakerBio: Josh Pyorre, Security Researcher at Cisco TalosJosh Pyorre is a Security Researcher with Cisco Talos. He\'s been in security since 2000 with NASA, Mandiant, and other organizations. Josh has presented at many conferences, such as DEFCON, B-Sides, Derbycon, DeepSec, Qubit, and others. His professional interests involve network, computer and data security with a goal of maintaining and improving the security of as many systems and networks as possible. He\'s writes dark electronic music under the name Die Vortex.
\n\n\n\'',NULL,614553),('2_Friday','14','13:30','14:30','Y','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'Signature-Based Detection Using Network Timing\'','\'Josh Pyorre\'','PHV_b7d2da46769c3ff2923611472d963b1b','\'\'',NULL,614554),('2_Friday','14','14:00','14:30','N','PSV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Physical Security Assessment Basics for Internal Employees\'','\'Billy Graydon\'','PSV_29c9da63e72f273dfd0e212fe7d06d74','\'Title: Physical Security Assessment Basics for Internal EmployeesIf you have an interest in physical security and want to help your employer secure their buildings, this talk is for you! We\'ll cover common flaws in locks, alarms, surveillance systems and employee training, and how to test for them and suggest remediations to company leadership. Learn methods of lock bypass, alarm bypass, forcible entry, social engineering and other common vulnerabilities!
\n\nThis talk is aimed at employees whose primary job function does not involve physical security - that often includes cybersecurity teams though, so we\'ll make lots of analogies to infosec concepts, but the talk is accessible to everyone.
\n\nSpeakerBio: Billy Graydon, Principal at GGR SecurityBill Graydon is a principal at GGR Security, where he hacks everything from locks and alarms to critical infrastructure; this has given him some very fine-tuned skills for breaking stuff. He’s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running the Physical Security Village at various cons. He’s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in physical and cyber security, anti-money laundering, and infectious disease detection.
\n\n\n\'',NULL,614555),('2_Friday','14','14:00','14:30','N','ICSV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'The Risk and Reward of Distributed Industrial Control\'','\'Joe Slowik\'','ICSV_21cd4b6b7eef14d2359b38daccfda4f2','\'Title: The Risk and Reward of Distributed Industrial ControlEconomic efficiency and increasing automation mean that many industrial assets are remotely monitored and controlled. While some assets, such as oil production platforms, remain manned in isolated conditions, the ecosystem of renewable energy and distributed energy resources (DERs), pipelines, and other assets are increasingly unmanned with control extending over common information links. While this has been a boon for cost, it has also resulted in a radical extension of attack surface for cyber operations.
\n\nIn this discussion, we will explore the nature of distributed industrial asset operation and the opportunities this presents for adversaries to infiltrate and potentially disrupt critical infrastructure operations. To make this point, we will review examples of adversary activity, from the 2022 ViaSat incident through historical pipeline intrusions (NOT Colonial!), showing how adversaries intentionally or inadvertently prey on brittle communication links for industrial disruption. We will conclude with a discussion of how these risks can be mitigated in a way that is sensible and economical, because wind farm operators won\'t lay their own dedicated fiber anytime soon.
\n\nSpeakerBio: Joe SlowikJoe Slowik has over 15 years of experience across multiple cyber domains and problem sets. Currently Joe leads CTI functions for the MITRE ATT&CK project while also conducting critical infrastructure threat research and analysis. Previously Joe has worked in multiple roles spanning CTI, detection engineering, and threat hunting at organizations such as Dragos, Huntress, DomainTools, and Gigamon. Joe started his infosec journey with the US Navy and at Los Alamos National Laboratory.
\n\n\n\'',NULL,614556),('2_Friday','14','14:00','14:30','N','CHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'UDSonCAN Attacks: Discovering Safety-Critical Risks by Fuzzing\'','\'Jonghyuk Song,Seunghee Han,Soohwan Oh\'','CHV_1586d9087a88ea7a6aa016d348a52fcc','\'Title: UDSonCAN Attacks: Discovering Safety-Critical Risks by FuzzingSome diagnostic services in UDSonCAN that could affect driving should be disabled while driving and protected by authentication mechanisms such as SecurityAccess. However, without these security measures, attackers can cause a serious safety risk to the driver using only diagnostic messages. In this talk, we introduce UDSonCAN attacks discovered through fuzzing and describe their countermeasures. These attacks can cause a moving car to suddenly stop or a stationary car to suddenly acceleration with just simple diagnostic messages. We discovered these vulnerabilities in the latest electric vehicle model and have prepared a demo.
\n\nSpeakers:Jonghyuk Song,Seunghee Han,Soohwan OhSeunghee Han is an automotive engineer and security tester at Autocrypt Engineering team. She is mainly working on fuzzing test and issue analysis on the in-vehicle networks, such as CAN/CAN-FD, UDSonCAN, and Automotive Ethernet. Also, she has designed the requirements of automotive security test solutions.
\n\nSpeakerBio: Soohwan OhAs cellular technologies continue to become more integrated into IoT devices, there has been a noticeable lag in comprehending potential security implications associated with cellular hardware technologies. Furthermore, the development of effective hardware testing methodologies has also fallen behind. Given the highly regulated nature of cellular communication and the prevalent use of encryption, it is imperative for security researchers to deepen their understanding of circuit design and the integration of cellular modems into IoT devices. In this presentation, I will introduce a wide-ranging testing and analysis methodology aimed at enhancing our understanding and evaluation of the security of IoT devices that currently rely on cellular communications. This methodology will encompass an examination of various cellular modem modules in use, their integration into circuit design, and hardware hacking techniques for interacting with communication circuits to control cellular modules, all for the purpose of security testing and analysis.
\n\nSpeakers:Carlota Bindner,Deral HeilandCarlota Bindner is a security professional with over six years of experience and has worked in penetration testing, incident response, and advisory services. In her current role as Lead Product Security Researcher at Thermo Fisher Scientific, she performs penetration tests against IoT and embedded devices, mobile apps, web applications, and thick clients, with a specialized focus on healthcare and scientific technologies. She has previously presented at RSAC and created hands-on IoT hacking labs for conferences, including RSAC and the DEF CON. Outside of work, she enjoys investigating the security of IoT and embedded systems and has recently become a member of the RF Village staff.
\n\nSpeakerBio: Deral Heiland, Principal Security Researcher (IoT) at Rapid7Deral Heiland CISSP, serves as a Principal Security Researcher (IoT) for Rapid7. Deral has over 25 years of experience in the Information Technology field and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst. Over the last 15+ years Deral’s career has focused on security research, security assessments, penetration testing, and consulting for corporations and government agencies. Deral also has conducted security research on numerous technical subjects, releasing white papers, Blogs, security advisories, and has presented the information at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, RSAC, Hack in Paris. Deral has been interviewed by and quoted by multiple media outlets and publications including ABC World News Tonight, Cheddar TV, BBC, Consumer Reports, MIT Technical Review, SC Magazine, Dark Reading, Threat Post and Infosecurity Magazine.
\n\n\n\'',NULL,614558),('2_Friday','15','14:30','15:30','Y','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Exploration of Cellular Based IoT Technology\'','\'Carlota Bindner,Deral Heiland\'','IOTV_9113b38a82e6397306d407b5463b360c','\'\'',NULL,614559),('2_Friday','14','14:30','15:15','N','PLV','LVCC West/Floor 2/W222-Creator Stage 4','\'Human Dignity in AI and Tech Policy\'','\'Jan Trzaskowski\'','PLV_b13559477d173ed4fcbf5dfe96b3d123','\'Title: Human Dignity in AI and Tech PolicySocial media have been a decade-long dress rehearsal in online manipulation. AI can create information, make predictions and take decisions that will affect human behaviour, including our behaviours as citizens, workers and consumers. Safeguards are needed, since generative AI will only exacerbate the personal, social and societal harms already caused by data-driven business models.
\n\nWe examine the centrality of human dignity in tech law and policy and how our mindsets and legal frameworks must be informed by psychological, technological and societal perspectives. Based on insights from market dynamics, marketing techniques, design strategies, and human frailties we demonstrate how information asymmetries have reduced individual agency and the ability to create transparency.
\n\nHuman dignity is a core value in liberal democracies that must also be reflected in tech policy. Protections are required when businesses interfere with our rights to freedom, property, privacy and non-discrimination. With the digitalisation of the human experience, users have become programmable objects. We cannot rely on regulation alone and need to discuss how we can act to reclaim our dignity.
\n\nSpeakerBio: Jan Trzaskowski, Law Professor at Aalborg University and Copenhagen Business SchoolJan Trzaskowski, PhD, is Law Professor at Aalborg University and Copenhagen Business School and author of the important and successful book Your Privacy Is Important to Us! – Restoring Human Dignity in Data-Driven Marketing [as well as many other books, chapters and articles]. Since the mid-1990s, he has dealt with legal and regulatory aspects of information technology, and his research focuses on the protection of consumers and fundamental rights, including privacy. He has a keen interest in human decision-making (psychology and marketing) and the role of persuasive technology. Currently, he focuses on the regulation of AI and data-driven business models, including the role of human dignity and fundamental rights impact assessments. He was Head of the Danish delegation negotiating the 2000 E-Commerce Directive, and as a kid he wrote Commodore 64 assembly language routines that were published in Danish computer magazine IC RUN.
\n\n\n\'',NULL,614560),('2_Friday','15','14:30','15:15','Y','PLV','LVCC West/Floor 2/W222-Creator Stage 4','\'Human Dignity in AI and Tech Policy\'','\'Jan Trzaskowski\'','PLV_b13559477d173ed4fcbf5dfe96b3d123','\'\'',NULL,614561),('2_Friday','14','14:30','14:59','N','ICSV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Mapping the Landscape: Top 10 Cybersecurity Trends in Critical Infrastructure for 2024\'','\'Mars Cheng\'','ICSV_a563ef5178bcd75c7bf225f3d72b830b','\'Title: Mapping the Landscape: Top 10 Cybersecurity Trends in Critical Infrastructure for 2024In recent years, we have witnessed a surge in attacks aimed at critical infrastructure, varying widely in scope and impact depending on the region. While the definition of critical infrastructure differs by country, it typically encompasses essential sectors such as oil, natural gas, water, power, and manufacturing. The ramifications of these attacks are complex and often unpredictable.
\n\nTo gain a clearer understanding of the state of critical infrastructure globally, starting in 2023, we will annually survey 300 CISOs or security directors across different countries in this sector. We will share the data-driven insights to offer a detailed examination of the current conditions and challenges faced by these crucial systems. By comparing trends across different years, countries, and industries, our goal is to enhance the security and resilience of critical infrastructures worldwide.
\n\nSpeakerBio: Mars Cheng, Threat Research Manager, PSIRT and Threat Research at TXOne Networks IncMars Cheng (@marscheng_) leads TXOne Networks\' PSIRT and Threat Research Team as Threat Research Manager, coordinating product security initiatives and threat research efforts. He is also the Executive Director for the Association of Hackers in Taiwan (HIT/HITCON) and General Coordinator of HITCON CISO Summit 2024, facilitating collaboration between enterprises and the government to bolster the cybersecurity landscape. Mars is a frequent speaker and trainer at numerous prestigious international cybersecurity conferences and has presented over 50 times, including Black Hat USA/Europe/MEA, RSA Conference, DEF CON, CODE BLUE, FIRST, HITB, HITCON, Troopers, NOHAT, SecTor, SINCON, ROOTCON, ICS Cyber Security Conference Asia and USA, CYBERSEC, CLOUDSEC, VXCON, and many others. His expertise spans ICS/SCADA systems, malware analysis, threat intelligence and hunting, and enterprise security. Mars has made significant contributions to the cybersecurity community, including authoring more than ten CVE-IDs and publishing in three SCI journals on applied cryptography. Mars has successfully organized several past HITCON events, including HITCON CISO Summit 2023, HITCON PEACE 2022, HITCON 2021, and HITCON 2020.
\n\n\n\'',NULL,614562),('4_Sunday','10','10:00','10:59','N','RTV','LVCC West/Floor 2/W222-Creator Stage 4','\'The Village Peoples\' Panel - What Really Goes On in a Village?\'','\'Justin,Matt Mayes,muteki,Nina Alli,Savannah \"lazzslayer\" Lazzara,Tom VanNorman,Jeff \"The Dark Tangent\" Moss\'','RTV_c51a0bfb2fabe41619040918c9eb2740','\'Title: The Village Peoples\' Panel - What Really Goes On in a Village?The Villages are a key part of the DEFCON experience - join this panel of staff members of the DEFCON Villages to get an inside scoop on all the intricacies of organizing a village. Topics from finding sponsors to setting up equipment to making sure everyone gets to take a break during the event - there\'s a whole lot that goes on behind the scenes at DEFCON villages!
\n\nSpeakers:Justin,Matt Mayes,muteki,Nina Alli,Savannah \"lazzslayer\" Lazzara,Tom VanNorman,Jeff \"The Dark Tangent\" MossMany medical devices are “not connected to a network”, so let’s bring our own! This talk will teach you how to create a BadUSB device that can wirelessly execute payloads on “airgapped” systems like medical devices that aren’t connected to the internet. WIth only $10 of off-the-shelf hardware and some basic arduino code you too can start popping shells in the device lab.
\n\nSpeakerBio: Daniel BeardDaniel is a software engineer and entrepreneur specializing in medical device cybersecurity. He founded MedISAO and Cyberprotek, both acquired by MedCrypt in 2020. His expertise includes vulnerability management, and designing secure devices in a regulated environment.
\n\n\n\'',NULL,614564),('2_Friday','15','15:15','15:59','N','PLV','LVCC West/Floor 2/W222-Creator Stage 4','\'Open Source Hacker Vs. Government Lawyer: Clashing Views on Fixing Tech in the DoD\r\n\'','\'Eddie Zaneski,Rebecca Lively\'','PLV_c1d5c0d104c1108174c9f5a915f62dde','\'Title: Open Source Hacker Vs. Government Lawyer: Clashing Views on Fixing Tech in the DoD\r\n“What do you mean I can’t bring my car keys into this building?”
\n\n“No internet?? But how do I download things from GitHub?”
\n\nJoin a recovering government attorney and an open-source hacker for a fiery debate that dives into the world of DoD cybersecurity inefficiencies. Rebecca, a former DoD lawyer, pairs her intricate understanding of perplexing government policies with Eddie’s fresh, critical (and dare we say naive?) insights from the private sector. This session will explore the frustrating “how” behind the government’s “why,” from slow booting government laptops to the realities of “military-grade technology.” Together, they will challenge the status quo, proposing innovative, open-source inspired solutions to streamline and secure DoD operations. Expect a dynamic exchange filled with real-world frustrations, enlightening explanations, and a hacker’s touch on how to fix what’s broken.
\n\nSpeakers:Eddie Zaneski,Rebecca LivelyEddie Zaneski lives in Denver, CO with his wife and dog. He loves open source and helps lead the Kubernetes project. His day job is building OSS for the US Government. When not hacking on random things you\'ll most likely find him climbing rocks somewhere.
\n\nSpeakerBio: Rebecca Lively, Polymath at Defense UnicornsRebecca K. Lively began her career as an attorney focusing on legal and policy issues relating to software development, acquisition, intellectual property, and cyberspace operations. In 2020 she went all-in on software development, co-founding Shadow’s Edge Software, Air Force Cyber’s Software Factory. As a product strategist at Defense Unicorns, Rebecca leverages her diverse background to build solutions to streamline software delivery and cybersecurity in highly regulated environments. Rebecca lives in Texas with her spouse and a handful of children. She does not consider herself responsible enough for pet ownership.
\n\n\n\'',NULL,614565),('2_Friday','15','15:30','15:59','N','BHV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Dysfunctional Unity: The Road to Nowhere\'','\'Michael \"v3ga\" Aguilar\'','BHV_2541277a78a0bb5be025ec64285c3004','\'Title: Dysfunctional Unity: The Road to NowhereYears progress, time passes, and medical devices are still vulnerable, with Hospital computer and network security being a hot topic on the minds of citizens and CISA/FDA/etc. If we do not get better now, things will get much worse in the future. My talk will cover some general mistakes observed within the Medical device topography, misnomers about SBOM and what it is and what it accomplishes, ideas for roadmaps for more secure devices and environments and discussions around CVEs relating to the medical device topography.
\n\nSpeakerBio: Michael \"v3ga\" Aguilar, Principle Consultant at Secureworks Adversary GroupMichael Aguilar (v3ga) is a Principle Consultant for Secureworks Adversary Group. He runs Adversary Simulation operations, Physical Security and Network/Web based assessments as well as Adversarial Medical Device Tests. When not doing computer things, he reads a lot and likes to run to de-stress. He is also an avid fan of playing guitar really fast and screaming at people.
\n\n\n\'',NULL,614566),('2_Friday','15','15:30','15:59','N','ASV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Ground Control to Major Threat - Hacking the Space Link Extension Protocol\'','\'Andrzej Olchawa\'','ASV_dc70b9fe81c407783d8224ee40d250d5','\'Title: Ground Control to Major Threat - Hacking the Space Link Extension ProtocolSpace missions have increasingly been the subject in the context of security breaches and satellite hacks. The majority of discussions revolve around direct communication and access to spacecraft through means such as Software Defined Radio. However, the reality is that this approach isn\'t practical for most adversaries, as it requires substantial resources and is easily detectable due to the power and radio frequencies required to command a spacecraft. Instead, adversaries might shift their focus away from the Space Segment and opt for a more practical approach, such as accessing and exploiting the Ground Segment vulnerabilities and flaws in order to gain control over spacecraft. Every space mission comprises custom-made hardware and software components, which interact with each other utilizing dedicated protocols and standards designed and developed for this sole purpose. Numerous potential failure points can adversely impact a space mission, many of which persist on the ground. Considering the essential services they facilitate and the extent to which contemporary society relies on space technology, each component utilized in space missions should be regarded as integral to critical infrastructure and treated as such, particularly from a security standpoint. This study centers on the Space Link Extension (SLE) protocol, which is employed as a standard for communication between mission data systems and ground stations by various space agencies and organizations, including NASA and ESA. We will address the security concerns inherent in the SLE protocol. At the same time, we demonstrate methods and techniques malicious actors can employ to conduct a Denial of Service (DoS) or tap into the ground station communications, gaining control over an actual spacecraft. We will conclude this publication by presenting the reader with a possible mitigation strategy that we believe should be employed at the SLE protocol level. Additionally, we will outline a forecast for future work, detailing both planned endeavors and those already in progress, to further expand on this research.
\n\nSpeakerBio: Andrzej OlchawaAndy Olchawa is an experienced Information Security Professional with over 15 years in the space industry, working as a Software Engineer and Technical Project Manager. For the past few years, he has focused on offensive security, specializing in vulnerability research, exploit development, and red team operations. He holds OSCP, OSWA, and OSWP certifications, and has been credited with several CVEs.
\n\n\n\'',NULL,614567),('2_Friday','15','15:50','16:30','N','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Where’s the Money: Defeating ATM Disk Encryption\'','\'Matt Burch\'','IOTV_49897db11d7b1eb6350c2d05e2f7275f','\'Title: Where’s the Money: Defeating ATM Disk EncryptionHolding upwards of $400,000, ATMs continue to be a target of opportunity and have seen over a 600% increase in crime in just the last few years. During this time, I led security research with another colleague into the enterprise ATM industry resulting in the discovery of 6 zero-day vulnerabilities affecting Diebold Nixdorf’s Vynamic Security Suite (VSS), the most prolific ATM security solution in the market. 10 minutes or less is all that a malicious actor would need to gain full control of any system running VSS via offline code injection and decryption of the primary Windows OS. Diebold Nixdorf is one of three major North American enterprise class ATM manufacturers with a global presence in the financial, casino/gaming, and point-of-sale markets. Similar attack surfaces are currently being used in the wild and impact millions of systems across the globe. Furthermore, VSS is known to be present throughout the US gaming industry, including most of the ATM/cash-out systems across Vegas.
\n\nIn this session, I will walk through my research, review the discovery process, and dive into the technical intricacies of each vulnerability. The Full Disk Encryption module of VSS conducts a complex integrity validation process to ensure a trusted system state, performed as a layered approach during system initialization. Examination of this workflow will highlight various deficiencies that I will demonstrate through PoC exploitation.
\n\nEach vulnerability presented in this session has been observed to have a recursive impact across all major versions of VSS and represents a systemic ongoing risk. We will explore the root-cause, vendor remediation steps, and short-comings thereof – perpetuating the attack narrative. In conclusion, proper mitigation techniques and procedures will be covered, providing valuable insights into defending against potential compromise.
\n\nSpeakerBio: Matt Burch, Independent Vulnerability ResearcherMatt Burch is an independent vulnerability researcher with 20 years of experience in the information security industry and 15 years of focus in adversarial testing and simulation. He specializes in ATM, IoT, mobile application, and IP based vulnerability research. With this diverse background, he has successfully identified unique deficiencies in high-security products – awarding him numerous CVE accreditations.
\n\n\n\'',NULL,614568),('2_Friday','16','15:50','16:30','Y','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Where’s the Money: Defeating ATM Disk Encryption\'','\'Matt Burch\'','IOTV_49897db11d7b1eb6350c2d05e2f7275f','\'\'',NULL,614569),('2_Friday','16','16:00','16:30','N','ASV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Analyzing the Security of Satellite-Based Air Traffic Control\'','\'Martin Strohmeier\'','ASV_767cbf152daeec6c14308e499fa3971c','\'Title: Analyzing the Security of Satellite-Based Air Traffic ControlAutomatic Dependent Surveillance – Contract (ADS-C) is a satellite-based aviation datalink application used to monitor aircraft in remote regions. It is a crucial method for air traffic control to track aircraft where other protocols such as ADS-B lack connectivity. Even though it has been conceived more than 30 years ago, and other legacy communication protocols in aviation have shown to be vulnerable, ADS-C’s security has not been investigated so far in the literature. We conduct a first investigation to close this gap. First, we compile a comprehensive overview of the history, impact, and technical details of ADS-C and its lower layers. Second, we build two software-defined radio receivers in order to analyze over 120’000 real-world ADS-C messages. We further illustrate ADS-C’s lack of authentication by implementing an ADS-C transmitter, which is capable of generating and sending arbitrary ADS-C messages. Finally, we use the channel control offered through a software-defined ADS-C receiver and transmitter as a basis for an in-depth analysis of the protocol weaknesses of the ADS-C system. The found vulnerabilities range from passively tracking aircraft to actively altering the position of actual aircraft through attacks on the downlink and the uplink. We assess the difficulty and impact of these attacks and discuss potential countermeasures.
\n\nWe will further look at satellite-based ADS-B receivers and discuss their security and how they relate to ADS-C.
\n\nSpeakerBio: Martin Strohmeier, Senior Scientist at Cyber Defence CampusMartin Strohmeier is a Senior Scientist at the Swiss Cyber Defence Campus, where he is responsible for vulnerability research programmes into aircraft, satellites and cars. His work was published in all major systems security conferences, totalling more than 100 publications to date. He has also spoken previously at the DEFCON Aerospace Village and co-organized CTFs there.
\n\n\n\'',NULL,614570),('2_Friday','16','16:00','16:30','N','PLV','LVCC West/Floor 2/W222-Creator Stage 4','\'Cybersecurity Schoolhouse Rock\'','\'Avi McGrady\'','PLV_b69bc80938db0b15907bd49d2d5af963','\'Title: Cybersecurity Schoolhouse RockAlmost since the internet was made widely available to the general public, average technology users have fallen prey to threats from malicious spam, malware, phishing, smishing, scams, fraud, and ransomware. In most of the US, primary and secondary education (in the US, comprising kindergarten through 12th grade) now incorporate computing technology as an integral part of the classroom, and some families introduce computing platforms to children in their toddler and preschool years. Despite our society\'s growing dependence on computing technology in the world of education, there remain no national standards or curricula for the teaching of data privacy or information security principles. This disconnect sets future generations up for failure, and a continuation of a cycle of ignorance that perpetuates cybercrime victimization. This presentation makes the case that schools must adopt and incorporate concepts of data privacy, information security, defense against fraud and phishing, and internet safety, in age-appropriate ways, into lesson plans at all grade levels. Further, school districts and independent schools must take steps to protect themselves from the threat of ransomware, data breaches, and other forms of criminal activity.
\n\nSpeakerBio: Avi McGradyAvi McGrady is a recently graduated student of New Vista High School in Boulder, Colorado. He prepared the research and work for this presentation as a part of a culminating project in his senior year, and presented a report to the Boulder Valley School District board as part of this work toward his graduation requirements. Avi is an enthusiastic student of computer science and information security and hopes to work in the field after he graduates. He will attend Rensselaer Polytechnic Institute as an undergraduate freshman in the fall of 2024. His passion has led him to attend and volunteer for two infosec conferences, RMISC and Bsides in Boulder, and he will be leaning further into his outreach as he begins college and starting his career.
\n\n\n\'',NULL,614571),('2_Friday','16','16:00','16:59','N','CPV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Data On Demand: The challenges of building a privacy focused AI Device\'','\'Matt Domko\'','CPV_b6b4078b1aac9bc0d247c084cdb0c69c','\'Title: Data On Demand: The challenges of building a privacy focused AI DeviceBuilding an AI product for the everyday person is challenging - doing it in a privacy focused way is nearly impossible without support from the right people. I\'ll walk through the techniques we\'re using at Rabbit to secure customer data and provide people a choice as to where their data goes.
\n\nWe\'ll cover the pipelines that\n- Collect and Manage customer identity after they login to a site\n- Log, Anonymize, and Process customer voice interactions\n- Provide \"just in time\" access to customer data for personalized RAG-like models
\n\nAs a community, I think we\'re well within our rights to demand control over the data we provide to companies. This talk aims to provide engineers with a list of ideas on \"what right could look like\", and general attendees a list of things that are possible, so they know its ok to ask for them.
\n\nSpeakerBio: Matt Domko, Head of Security at (in)famous AI Walkie Talkie ManufacturerMatt Domko is the Head of Security at a (in)famous AI Walkie Talkie Manufacturer. Ex-This, Ex-That, he spends most of his free time tinkering with his lasercutter or 3d printers.
\n\n\n\'',NULL,614572),('2_Friday','16','16:30','16:59','N','ICSV','LVCC West/Floor 2/W222-Creator Stage 4','\'ICS 101\'','\'Bryson Bort ,Tom VanNorman\'','ICSV_12624d6c0ac65aa29f091fac8c2652dd','\'Title: ICS 101Storytelling of a highly complex Red Team with multiple initial accesses only with Social Engineering. could anyone do it? Yes.
\n\nUnder the format of Storytelling this presentation aims to take attendees first person through a RedTeam service with multiple initial accesses with 100% Social Engineering. How to present critical vulnerabilities in a public way without exposing the target company? This live comic will show us how, through one of its protagonists and with practical examples made with the attendees themselves. How does a professional Social Engineering unit work? What are the roles and tasks? How to emulate the reach of a cybercriminal gang in less than three weeks? This dojo aims to show the methodologies and techniques applied in the field to obtain relevant findings, even reaching critical infrastructure without raising alerts and in an extremely limited time. From the first meeting with the client, information gathering, vector selection, exploitation, pretexting to the physical intrusion, even reaching the datacenter. We will demonstrate how luck is no longer an element to consider when your work is SE from Monday to Friday and you have to perform this type of service every month.
\n\nSpeakerBio: Daniel Isler, Team Leader, Fr1endly RATs at Dreamlab Technologies ChileDaniel has a bachelor’s in arts of Representation. With certifications in Social Engineering, Red Team and OSINT. Team Leader of Fr1endly RATs, the Social Engineering unit at Dreamlab Technologies Chile. Specializing and developing techniques and methodologies for simulations of Phishing attacks, Vishing, Pretexting, Physical Intrusions and Red Team.
\n\n\n\'',NULL,614574),('2_Friday','16','16:30','17:30','N','MISC','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'So you wanna know how to make badges\'','\'c0ldbru\'','MISC_d4f6f15c41db7524c6206e368e263d44','\'Title: So you wanna know how to make badgesTaking attendees through the full badge making process from ideation to ordering and producing at scale
\n\nSpeakerBio: c0ldbruUsing AI to pre-generate gamifie CTFs so hard even the admins won\'t know the answers. Exploring the visionary concept of using gamified, AI-generated barrier mazes for futuristic authentication and encryption inspired by manga. But in the great words of your Mom and mine, if we aren\'t breaking into something, then what is David Maynor even doing there?
\n\nSpeakerBio: David \"Icer\" Maynor, Secret Keeper at ThreatHunter.aiDavid “Icer” Maynor, Secret Keeper at ThreatHunter.ai, has over 20 years of experience in information security with deep technical expertise in threat intelligence, reverse engineering, exploit development, and offensive security testing. Results-driven research, analysis, and solutions leveraging partnerships and cross-disciplinary teams, to strengthen customer and business security posture and capabilities. Served as founder, executive, and advisor within the information security startup space. Author of and contributor to several popular open-source tools, presenter and instructor, and subject matter expert contributor for print, television, and online media.
\n\n\n\'',NULL,614577),('2_Friday','17','17:00','17:30','N','IOTV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Beyond Sunset: Exposing the Occultations Lurking in Large-Scale Off-Grid Solar Systems\'','\'Alexandru Lazar,Dan Berte\'','IOTV_4ad364f14cf46a2bb6bc96d775773db3','\'Title: Beyond Sunset: Exposing the Occultations Lurking in Large-Scale Off-Grid Solar SystemsThis talk reveals stunning vulnerability findings in leading solar manufacturers that, when exploited, the stake is the grid. We\'ll explore three massive vulns in the management platform and discuss how they can be weaponized to become chilling nation security risks.
\n\nSpeakers:Alexandru Lazar,Dan BerteAlexandru Lazar is a Security Researcher at Bitdefender. He has red team and penetration testing experience and specializes in IoT and embedded systems with a focus on reverse engineering vulnerability assessment and exploitation. He has disclosed vulnerabilities to vendors such as Amazon Bosch LG with his research being covered by several media publications.
\n\nSpeakerBio: Dan Berte, Manager, IoT Vulnerability Research Program at BitdefenderDan manages the Bitdefender IoT vulnerability research program. He previously lead the design and product experience at Bitdefender. His team designed and built Bitdefender BOX, a revolutionary device that protects connected devices in smart homes.
\n\n\n\'',NULL,614578),('2_Friday','17','17:00','17:59','N','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'Reflections on a Decade in Bug Bounties: Experiences and Major Takeaways\'','\'Charles Waterhouse,Nikhil \"niks\" Shrivastava\'','BBV_04cb942f640f97d76b752b524307cb81','\'Title: Reflections on a Decade in Bug Bounties: Experiences and Major TakeawaysIn this talk, I will share my journey from a novice to a seasoned hunter. I will explore how I used to report low-impact, informative bugs when I first started, and how I progressively improved by learning from the community, embracing failures/duplicates, and incorporating feedback from triage teams and clients. This journey of continuous learning and adaptation led me from reporting low vulnerabilities to effectively chaining and converting them into critical impacts.
\n\nThis session is designed for both aspiring and experienced bug bounty hunters. By reflecting on a decade of lessons learned, I will aim to provide valuable takeaways that can help others navigate their own paths in bug bounty hunting and enhance their skills.
\n\nAdditionally, one Synack triage team member will join me on this talk to help differentiate triage thinking from bug bounty hunters\' thinking, providing valuable insights into the collaborative process of vulnerability reporting to acceptance.
\n\nSpeakers:Charles Waterhouse,Nikhil \"niks\" ShrivastavaAfter spending over 2 decades in the airline industry, I changed careers into cybersecurity. I have helped manage over 2400 engagements with teams of over 1000 researchers across all verticals in commercialand government. I regularly consult with executives in many Global 500 organizations and government to developsecurity and testing plans.
\n\nI have helped develop products around OWASP, NIST, OSINT, API and AI testing. I speak regularly at conferences and help train developers and blue teams to help defend some of the most critical networks worldwide.
\n\nSpeakerBio: Nikhil \"niks\" ShrivastavaMy Name is Nikhil Shrivastava AKA niksthehacker. I am an ethical hacker and bug bounty hunter. I have helped over 300 companies to uncover 1500+ Security Vulnerabilities such as Google, Microsoft, Tesla, Mozilla, Salesforce, eBay, Federal Agencies, and many more. I am the #1 hacker in India at Synack Red Team. I was awarded \"Synack Legend Hacker\" Status in 2021. I have also been interviewed by Defcon Red Team Village, Synack, and Indian media such as the Times of India, Economic Times, Indian Express, etc. I was also MSRC (Microsoft Security Response Center) Top 100 Hackers in 2016. I am the founder of Security BSides Ahmedabad, an international hacking conference hosted each year in Ahmedabad, India.
\n\n\n\'',NULL,614579),('2_Friday','17','17:30','17:59','N','CPV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Fool us Once, fool us twice... Hacking Norwegian Banks\'','\'Cecilie Wian,Per Thorsheim\'','CPV_f2e91d90b5867674128f9e7fc9a25093','\'Title: Fool us Once, fool us twice... Hacking Norwegian BanksIn 2021 we could get access to all personal bank accounts at the largest bank in Norway by using a single page paper form sent by snailmail. In addition to stealing all their money, we could also see all account transactions for the last 10 years, with details. In 2024 we have done the same thing to another bank. Why didn\'t the banks learn the first time? In this talk we\'ll explain what we did, lessons learned and why paper ID still is relevant and important to us all.
\n\nSpeakers:Cecilie Wian,Per ThorsheimCecilie works as a consultant within security, privacy & AI technologies. She is a recognized expert in software testing with a specialization in abusability testing. With over 10 years of experience in the IT industry, Cecilie has developed into an authority in identifying and evaluating potential abuse scenarios and security vulnerabilities in various software products.
\n\nSpeakerBio: Per Thorsheim, Founder & Organizer at PasswordsConPer is the founder & organizer of PasswordsCon. He revealed the Linkedin breach in 2012 & got heavily involved in the Ashley Madison breach in 2015. He is featured alongside Brian Krebs & Troy Hunt in the 3-part documentary \"The Ashley Madison Affair\" on Hulu.
\n\n\n\'',NULL,614580),('2_Friday','17','17:30','17:59','N','IOTV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Inside Dash Cam: Custom Protocols and Discovered 0-days\'','\'Hyo Jin Lee,Hanryeol Park\'','IOTV_8af9cf2d6d102634c1dec91e08468ad9','\'Title: Inside Dash Cam: Custom Protocols and Discovered 0-daysIn recent years, the use of dash cams has surged, making them an essential component of modern vehicles. To enhance user convenience, many dash cams are now equipped with network connectivity. This growth in the dash cam market has heightened the importance of vehicle and personal data security. However, network-connected dash cams pose potential security risks to their availability and key functionalities. In this presentation, we will comprehensively analyze dash cams from various countries, including South Korea, the USA, Germany, and China, as well as built-in dash cams. During our analysis, we discovered numerous zero-day vulnerabilities (such as OS Command Injection, Logical Bugs, and insufficient authentication) that pose significant security threats. Vulnerabilities were primarily found during the dash cam boot process, configuration changes, and communications via custom protocols.
\n\nWe will detail the dash cam analysis process in the following sequence:\n- [Analysis Process]\n - Acquiring firmware through official websites or apps\n - Extracting the file system to analyze the initial boot logic\n - Analyzing the boot logic to identify vulnerabilities or debugging ports to gain shell access\n - Utilizing the obtained shell for remote debugging of the main system
\n\nInterestingly, our analysis of 10 different dash cams revealed that 4 devices used the same OEM board from a common manufacturer. These 4 devices shared similar vulnerabilities, and exploiting a vulnerability found in one device allowed us to successfully exploit all of them. Our research uncovered common security vulnerabilities across multiple dash cams, and we will discuss measures to prevent these vulnerabilities. We will particularly focus on analyzing the custom protocols used by dash cams and the security risks associated with them. This presentation aims to raise awareness of potential security threats in dash cams and encourage manufacturers to produce more secure products. We hope to drive industry standards and best practices to ensure the safety and security of these increasingly critical devices. By sharing our findings, we aim to highlight the importance of dash cam security and provide insights that can lead to more secure designs and implementations.
\n\nSpeakers:Hyo Jin Lee,Hanryeol ParkSenior Researcher HYOJIN LEE, R&D Team, IoT Security Company ZIEN
\n\nIn the vast expanse of space, holographic teleportation—a futuristic blend of holography and teleportation—has revolutionized astronaut communication. Imagine beaming a lifelike 3D image of yourself across light-years. Now, consider its potential in medicine: remote surgeries, expert consultations, and training—where distance dissolves, and expertise transcends borders. Buckle up; holoconnect is our cosmic ticket to healing!
\n\nSpeakerBio: Fernando De La Peña Llaca, Aexa AerospaceFor 28 years, Fernando De La Peña Llaca has steered Aexa Aerospace with unwavering leadership. His passion for space exploration, combined with Aexa\'s cutting-edge expertise, has propelled the company to remarkable heights. Here\'s how his visionary leadership transformed Aexa into a Federal Contractor for prestigious entities:
\n\nNASA Collaboration:
\n\nDefense and Industry Giants:
\n\nInfluential Roles:
\n\nCommunity Engagement:
\n\nDefense Industrial Base Leadership:
\n\nAwards and Recognition:
\n\nFernando De La Peña Llaca\'s legacy is etched in the stars—a testament to visionary leadership and unwavering dedication to space exploration.
\n\n\n\'',NULL,614582),('2_Friday','11','11:30','12:30','N','ADV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Formidable Adversaries: Responding to Breaches, Ransomware, and State-Sponsored Threat Actors\'','\'Abhijith “Abx” B R,Adam \"_whatshisface\" Pennington,Ken Kato,Nikhil Mittal,Stryker\'','ADV_c7225c747f5e7a86488b21f84d4bc0d2','\'Title: Formidable Adversaries: Responding to Breaches, Ransomware, and State-Sponsored Threat ActorsFor the past few years, we have had multiple instances of sophisticated cyber attacks ranging from ransomware attacks to attacks propagated by state sponsored threat actors; targeting elections, organizations, critical infrastructure etc. Organizations have had to step up and compensate with additional security controls and resources. We are living in a phase where even the most secure organizations are not immune to targeted cyber threats, the landscape of cyber security is in the state of constant evolution, with everybody playing to catch up.
\n\nThis panel has been structured to delve into the complex and evolving nature of cyber adversaries. Beginning with an overview of recent cyber-attacks, breaches, and targeted ransomware incidents. We will also examine the rising wave of state sponsored threat actors, while focusing on their sophisticated adversary tactics, techniques and procedures.
\n\nThis panel will focus on why organizations with even the most advanced cyber defense tooling and more than capable resources are still affected by breaches and threat actors. Our panel of experts will discuss the reasons behind these incidents and provide Insights into effective response and contentment strategies. Conversation will explore the critical components of how efficiently respond to threats, contain, and remediate them.
\n\nAdditionally, the panel will also touch upon how threat intel assisted adversarial attack simulation, offensive cyber security operations could be used as proactive measures in enhancing an organization’s defense posture, offering valuable insights into the mindset and methodologies of potential attackers.
\n\nSpeakers:Abhijith “Abx” B R,Adam \"_whatshisface\" Pennington,Ken Kato,Nikhil Mittal,StrykerAbhijith B R, also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry. Currently he is involved with multiple organizations as a consulting specialist, to help them build offensive security operations programs, improve their current security posture, assess cyber defense systems, and bridge the gap between business leadership and cyber security professionals. Abhijith’s professional exposure is stretched across multiple industries and various other sectors.
\n\nAs the founder of Adversary Village, Abhijith spearheads a community driven initiative exclusively focused on adversary simulation, adversary tactics, purple teaming, threat-actor/ransomware research-emulation, and offensive security-adversary tradecraft.
\n\nSpeakerBio: Adam \"_whatshisface\" Pennington, Lead, ATT&CK at The MITRE CorporationAdam Pennington leads ATT&CK® at The MITRE Corporation and collected much of the intelligence leveraged in creating ATT&CK\'s initial techniques.
\n\nAdam is a member of the core ATT&CK® team and the editor in chief for the ATT&CK® Blog. He has spent over a decade with MITRE studying and preaching the use of deception for intelligence gathering. Adam has presented and published several venues, including FIRST CTI, USENIX Security, and ACM Transactions on Information and System Security.
\n\nBefore joining MITRE, Adam was a researcher at Carnegie Mellon\'s Parallel Data Lab and earned his B.S. and M.S degrees in computer science and electrical and computer engineering and the 2017 Alumni Service Award from Carnegie Mellon University.
\n\nSpeakerBio: Ken Kato, VP at Omni FederalBreaking up bureaucracy since 2008, Ken Kato is a leader in large-scale digital transformation for highly regulated industries. It’s his belief that success comes from changing how teams work with each other toward a common goal. Whether it’s an austere data center with bare-metal servers, global-scale cloud deployments, or terrestrial networking in the far reaches of space, it always comes back to the people.
\n\nKen’s recent accomplishments include: being a founding member of USAF Kessel Run, the first federal software factory; building Black Pearl, the Navy’s premiere DevSecOeps platform; and working with the White House to secure and scale critical cyber-infrastructure. \nBut technology alone can’t solve complex problems. With this in mind, Ken balances his years of experience with industry data to develop sustainable strategies for organizational growth and predict how decisions made today will be survivable in the years ahead.
\n\nSpeakerBio: Nikhil Mittal, Founder and Director at Altered SecurityNikhil Mittal is a hacker, infosec researcher, speaker and enthusiast.
\n\nHis area of interest includes red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 13+ years of experience in red teaming. He specializes in assessing security risks at secure environments that require novel attack vectors and \"out of the box\" approach. He has worked extensively on Azure, Active Directory attacks, defense and bypassing detection mechanisms. Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world\'s top information security conferences. He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more. He is the founder of Altered Security a company focusing on hands-on enterprise security learning.
\n\nSpeakerBio: Stryker, Head of Security Communications and Planning at Adversary Pursuit Group (APG)Stryker is the Head of Security Communications and Planning for the Adversary Pursuit Group (APG), where she translates technical research and qualitative intelligence into the \"so what?\" and \"what now?\" solutions that keep more people safe and secure. Stryker\'s 2023 original cybersecurity research series \"Press Reset\" won multiple industry awards, including best use of original research and best data insights. You can find her on LinkedIn, Mastodon, or in the Lonely Hackers Club (LHC) Telegram chat, where she once (in)famously ranted about how commercial gun safes do not make for secure off-site data storage options. Stryker lives in the Baltimore-DC area, renovating a townhouse with her ancient beagle-hound mix and growing parsley for swallowtail butterfly caterpillars.
\n\n\n\'',NULL,614583),('2_Friday','12','11:30','12:30','Y','ADV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Formidable Adversaries: Responding to Breaches, Ransomware, and State-Sponsored Threat Actors\'','\'Abhijith “Abx” B R,Adam \"_whatshisface\" Pennington,Ken Kato,Nikhil Mittal,Stryker\'','ADV_c7225c747f5e7a86488b21f84d4bc0d2','\'\'',NULL,614584),('3_Saturday','10','10:00','10:30','N','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'SBOMs the Hard Way: Hacking Bob the Minion\'','\'Larry Pesce\'','IOTV_6818391c8fa4fd9186b69dcb06f8ef78','\'Title: SBOMs the Hard Way: Hacking Bob the MinionThis presentation delves into the intricate process of generating a Software Bill of Materials (SBOM) for the Bob the Minions WiFi router by Davolink—a device whose firmware isn\'t publicly available. Traditional SBOM creation methods rely on readily accessible firmware, but Davolink\'s restricted release policies necessitated an unconventional approach. This talk covers the step-by-step journey of hardware disassembly, firmware extraction via SPI flash and JTAG/SWD interfaces, and the tools and techniques employed. Finally, we\'ll demonstrate how the recovered firmware is used to generate a comprehensive SBOM, highlighting any security vulnerabilities discovered and reported to the vendor. This session aims to provide attendees with practical insights into overcoming SBOM generation challenges in the IoT domain through hands-on hardware hacking, and leveraging the firmware and SBOMs for vulnerability discovery, as well as security improvement.
\n\nSpeakerBio: Larry Pesce, Co-Founder and Co-Host at \"Paul\'s Security Weekly\" podcastA self-professed, lifelong \"tinkerer and explorer,\" Larry always wanted to know how things work. \"I found myself getting to engage in deep dives of technology from an early age: My dad built the family television from a kit, and I helped. It caught fire. Twice. I helped fix it both times.” The help and advice received from the infosec community throughout his career inspired him to share what he had learned to help others secure their networks and improve their craft. Part of that ongoing sharing has been as the co-founder and co-host of the international award winning Paul\'s Security Weekly podcast for more than 17 years. Larry has spent the last 15 years as a penetration tester, spending lots of time focused on Healthcare, ICS/OT, Wireless, and IoT/IIoT/Embedded Devices, but now focuses his efforts on securing the software supply chain at Finite State.
\n\n\n\'',NULL,614585),('3_Saturday','10','10:00','10:59','N','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'Using AI Computer Vision in Your OSINT Data Analysis\'','\'Mike Raggo\'','PHV_feaac96f62ab8ce7be7d364f6a10d591','\'Title: Using AI Computer Vision in Your OSINT Data AnalysisOSINT is a great mechanism for the collection of data, but what do you do with all of it once it’s collected? It can take significant time with the human eye to analyze each image or video. Furthermore, you may miss important artifacts in the foreground or background. Computer vision can churn through the plethora of data to pull out the relevant evidence at lightning speed. For the last 5 years we’ve been exploring the use of Azure and AWS for computer vision to rapidly process large sets of image and video data acquisitions for forensic evidence.Through the use of AI we have analyzed thousands of images and videos to perform object detection, facial recognition, OCR, voice to text analysis, and more. In this session we’ll explore the use of cloud platforms to exponentially increase your analysis of uncovering key artifacts to your case using demos and real world examples. We then apply chronolocation analysis to allow an investigator to paint a true-life narrative, for example an individual with a weapon at a location at a particular time. We’ll provide live demos of common scenarios to reveal benefits to processing your data collections in a rapid, efficient, comprehensive, and accurate manner. We’ll then wrap-up the presentation with additional AI computer vision recommendations and resources.
\n\nSpeakerBio: Mike RaggoMichael T. Raggo has over 30 years of security research experience. During this time, he has uncovered and ethically disclosed vulnerabilities in products including Samsung, Checkpoint, and Netgear. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” for Syngress Book. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, SANS. He was also awarded the Pentagon’s Certificate of Appreciation.
\n\n\n\'',NULL,614586),('3_Saturday','10','10:30','11:15','N','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Psychic Paper: Making eink access badges accessible for anyone\'','\'Joshua Herman\'','IOTV_74cbfca63f1dd233b87178aae7082ec0','\'Title: Psychic Paper: Making eink access badges accessible for anyoneTo make RFID access badges vendors in China have created eink badges where instead of printing a badge out you instead program the eink portion of the badge with an smartphone app and then program the RFID portion. At this time the ones that are sold are either black and white or black and white and red. There is no security implemented so all you need to do is download the app to reprogram the front of the badge. This makes anyone able to reprogram both the front and back of the badge.
\n\nSpeakerBio: Joshua HermanMy day job is that I am a release engineer specializing in compliance of various vendors at a large bank. Hacking, LLMs, and open source development are hobbies that I have. I have many given many talks such as at Defcon 31 about a natural language security scanner, Thotcon about of large scale social engineering, pyOhio about making chatbots using Blenderbot from Facebook, and at the Chicago Python User group about Cellular Automata I found in college (Snowlife). I have eleven years of software engineering experence with experience with message queues and trade compression debuggering by making a desktop app using Python and React I have a decade of professional experience in various industries such as insurance, CRM, Trade Show registration, recommender systems and cryptocurrency. I also have contributions to open source projects such as CPython documentation, triaging of issues and porting of features from Facebook’s fork of Python.
\n\n\n\'',NULL,614587),('3_Saturday','11','10:30','11:15','Y','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Psychic Paper: Making eink access badges accessible for anyone\'','\'Joshua Herman\'','IOTV_74cbfca63f1dd233b87178aae7082ec0','\'\'',NULL,614588),('3_Saturday','11','11:00','11:59','N','BHV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Eradicating Hepatitis C With BioTerrorism\'','\'Mixæl Swan Laufer\'','BHV_ab561664a2382b92717f7904c2dd4848','\'Title: Eradicating Hepatitis C With BioTerrorismA quarter million people die from Hepatitis C yearly, and it\'s getting worse. But for the first time in history there is a cure (not just a treatment) for a virus, and it is for Hepatitis C. Take one 400mg pill of Sofosbuvir every day for twelve weeks, and you will be free of the virus. The catch? Those pills are $1,000 USD apiece because the molecule is the so-called \"Intellectual Property\" of Gilead Pharmaceuticals, and they refuse to share. If you have $84,000 USD, Hep C is not your problem. We have developed a way to make the entire course of treatment for $300 USD. This methodology also applies to other diseases. Like any science, the method of manufacture of drugs can be replicated, and we are going to give you all the necessary tools and show you the process top-to-bottom. Watch it happen live, participate, and learn to do it yourself: Use our digital research assistant to help you navigate the scientific literature, get a chemical synthesis pathway, generate code for the the MicroLab to run, and watch the medicine form in the reaction chamber. Finally, press some tablets. The feds say saving a life this way is BioTerrorism. We say: So Be It.
\n\nSpeakerBio: Mixæl Swan Laufer, Chief Spokesperson at Four Thieves Vinegar CollectiveMixæl Swan Laufer worked in mathematics and high energy physics until he decided to use his background in science to tackle problems of global health and human rights. He now is the chief spokesperson for the Four Thieves Vinegar Collective which works to make it possible for people to manufacture their own medications and medical devices at home by creating public access to tools, ideas, and information.
\n\n\n\'',NULL,614589),('3_Saturday','11','11:00','11:30','N','ADV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Evading Modern Defenses When Phishing with Pixels\'','\'Melvin Langvik\'','ADV_85212c23e21175c8d4c943ccc8abce20','\'Title: Evading Modern Defenses When Phishing with PixelsDive into the art of phishing with QR codes! We\'ll cover the fundamentals of QR code phishing, revealing how these innocuous-looking images are used to deceive users into a false sense of legitimacy. After touching upon the basics, we\'ll explore creative tactics for obfuscating and hiding QR codes to ensure they reach their intended targets. As a sidetrack, we\'ll delve into how emails are rendered within the Outlook Mail Application and showcase some neat tricks that exploit its limitations for hiding QR codes from modern defensive solutions. Overall, the talk is intended to help testers up their QR code phishing game!
\n\nSpeakerBio: Melvin Langvik, Offensive Security Team Lead at Kovert ASMelvin Langvik is an accomplished professional with a diverse background in technology. He started his career as a developer and integration consultant, where he gained practical experience in developing and distributing critical backend infrastructure for an international customer base.
\n\nMelvin\'s passion for cybersecurity later led him to transition into offensive security. He previously worked for TrustedSec, an internationally recognized security company. Melvin was a part of TrustedSec\'s targeted operations team, tasked with performing targeted cyber attacks against some of the most mature and often largest companies in the world. Today, Melvin is the Offensive Security Team Lead at Kovert AS.
\n\n\n\'',NULL,614590),('3_Saturday','11','11:00','11:30','N','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'Introduction to IPv6\'','\'Denis Smajlović\'','PHV_eb14ff685ffc70b4eb9de4be9f896f16','\'Title: Introduction to IPv6With a background in security consulting, having worked for some of the largest financial institutions in Scandinavia, and biggest tech companies in the Bay Area, Denis started Nova to provide web application, network penetration testing, and bug bounty triage services at a scale that enables a greater focus on the specific needs of each individual client.
\n\n\n\'',NULL,614591),('3_Saturday','11','11:15','11:59','N','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'What To Expect When You’re Exploiting: Attacking and Discovering Zero-Days in Baby Monitors and Wi-Fi Cameras\'','\'Eric Forte,Mark Mager\'','IOTV_323cd1b2660554706854b69cc144ce32','\'Title: What To Expect When You’re Exploiting: Attacking and Discovering Zero-Days in Baby Monitors and Wi-Fi CamerasHome surveillance technology is a modern convenience that has been made accessible to the masses through the rise of IoT devices, namely cloud-connected Wi-Fi cameras. From parents monitoring their infants to homeowners watching their entryways, these cameras provide users with access to instant, high definition video from the convenience of a mobile phone, tablet, or PC. However, the affordability of these devices and relative ease of cloud access generally correlates to flawed security, putting users at risk. We set out to explore the attack surface of various Wi-Fi camera models to gain a deeper understanding of how these devices are being exploited. In the end, we devised methods to gain local root access, uncovered user privacy issues, discovered a zero-day vulnerability within a prominent IoT device management platform that allows attackers to gain remote control of millions of cameras worldwide and access sensitive user data, and revealed how these devices may be vulnerable to remote code execution attacks through completely unauthenticated means thanks to an inherently flawed implementation of their underlying peer to peer networking protocol. Along with demonstrating our exploits against live cameras, we will highlight the methods used to obtain our most significant findings and provide guidance on remediating the issues we encountered so these devices can be used safely in your household. We will also invite audience members to probe and attack a camera during our talk and earn a prize in the process!
\n\nSpeakers:Eric Forte,Mark MagerEric Forte is a Security Research Engineer at Elastic with a background in embedded systems and streaming data analysis. He has worked in technical leadership roles in engineering Low Size Weight and Power (SWaP) capabilities and network security solutions. As part of this work, he managed an IoT research and reverse engineering lab to help in the development of these different capabilities for various organizations across the United States.
\n\nSpeakerBio: Mark Mager, Lead, Endpoint Protections Team at ElasticMark Mager leads the Endpoint Protections Team at Elastic. He has served in prominent technical leadership roles in the research and development of advanced computer network operations tools and has provided malware analysis and reverse engineering subject matter expertise to government and commercial clients in the Washington, D.C. metropolitan area.
\n\n\n\'',NULL,614592),('3_Saturday','11','11:30','12:30','N','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'Hunters and Gatherers: A Deep Dive into the World of Bug Bounties\'','\'Johnathan Kuskos,Katie Trimble-Noble,Sam (erbbysam) Erb,Jeff Guerra,Logan MacLaren\'','BBV_dea491da620f47241f009063cf16f5d6','\'Title: Hunters and Gatherers: A Deep Dive into the World of Bug BountiesJoin us for an insightful panel discussion where we bring together seasoned Bug Bounty Program Managers and adept bug bounty hunters. This panel aims to address pressing questions and share diverse perspectives on the evolving landscape of bug bounties. We will dive into the challenges faced by both hunters and managers, discuss strategies to enhance the impact of submissions, and explore the future of bug bounties in the face of emerging technologies, evolving trends, and threats. We will also highlight the importance of bug bounties in the current cybersecurity landscape and share the top elements that contribute to a successful bug bounty program. Lastly, we will provide recommendations for organizations looking to mature their bug bounty programs but are hesitant about expanding. This panel promises to be a valuable opportunity for learning, sharing, and networking for anyone involved or interested in the world of bug bounties.
\n\nSpeakers:Johnathan Kuskos,Katie Trimble-Noble,Sam (erbbysam) Erb,Jeff Guerra,Logan MacLarenThere\'s no place Kuskos would rather be than somewhere with a cool breeze, lightning-fast bandwidth, a decent brew, and a list of servers to target . He discovered his passion for offensive security nearly 13 years ago and quickly became obsessed with the art of finding overlooked vulnerabilities, understanding why they\'re missed, and enhancing tools and methodologies for comprehensive coverage. Kuskos is the founder of Chaotic Good Information Security, a labor of love boutique penetration testing firm.
\n\nSpeakerBio: Katie Trimble-Noble, Director PSIRT & BountyDirector, PSIRT and Bug Bounty at a Fortune 50 tech Company. Katie serves as a CVE Program Board, Bug Bounty Community of Interest Board, and Hacking Policy Council member. She is a passionate defensive cybersecurity community activist, she is regularly involved is community driven projects and is most happy when she is able to effect positive progress in cyber defense. Prior to joining private sector, Katie spent over 15 years in the US Government. Most recently as the Section Chief of Vulnerability Management and Coordination at the Department of Homeland Security, Cyber and Infrastructure Security Agency (CISA).
\n\nSpeakerBio: Sam (erbbysam) Erb, Security Engineer at GoogleSam is a security engineer at Google who helps run the Google and Alphabet Vulnerability Reward Program. He holds two DEFCON black badges and numerous bug bounty live hacking event awards. He has presented previously on the DEFCON main stage and in the Packet Hacking Village. Outside of hacking, you will likely find Sam in a climbing gym or on the side of a mountain.
\n\nSpeakerBio: Jeff Guerra, Sr. Product Security Engineer at GitHubJeff Guerra is a Sr. Product Security Engineer at GitHub who enjoys bounties, application security, and much more. He is an avid advocate for vulnerability disclosure/bug bounty programs and the effectiveness and community engagement that comes with it. He\'s a curious and passionate security professional who loves to talk all things security. He loves watching and playing soccer and has recently began his journey into time-attack track events. He\'s a huge car enthusiast and recently began learning to modify cars for the track and daily use.
\n\nSpeakerBio: Logan MacLaren, Senior Product Security Engineer at GitHubLogan is a Senior Product Security Engineer at GitHub where he focuses on the success of their Bug Bounty program. When not hacking on GitHub itself, Logan can be found doing security research focused on open source projects, or learning and refining new skills with CTF challenges!
\n\n\n\'',NULL,614593),('3_Saturday','12','11:30','12:30','Y','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'Hunters and Gatherers: A Deep Dive into the World of Bug Bounties\'','\'Johnathan Kuskos,Katie Trimble-Noble,Sam (erbbysam) Erb,Jeff Guerra,Logan MacLaren\'','BBV_dea491da620f47241f009063cf16f5d6','\'\'',NULL,614594),('3_Saturday','11','11:30','11:59','N','XRV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Student Engagement Doesn\'t Have to Suck\'','\'Dr. Muhsinah Morris\'','XRV_b08b69600426a2a9e28ebf17bb8ca663','\'Title: Student Engagement Doesn\'t Have to SuckHacking Education for better outcomes / teaching in the metaverse
\n\nSpeakerBio: Dr. Muhsinah Morris, Founder at Metaverse United, LLCMeet the first ever Metaversity Director, Dr. Muhsinah Lateefah Morris. A BS graduate of the HBCU CAU. She obtained an MS & PhD from the Harvard of the South, Emory University in Biomolecular Chemistry. Dr. Morris has been part of and leading Morehouse’s Metaversity project since the Spring of 2021. She’s won awards for Teaching Excellence, Best Emerging Technology and Innovation, and First Place Unconventional Innovation in Industry. She resides in McDonough GA with her husband and five sons. One of her sons has autism and she advocates for the entire autism community. She’s a VR pioneer in education and is transforming learning globally. She is affectionately known as Dr. M.O.M. (Molder of Minds) by all her students. She continues to mold the minds of educators and students globally in the Metaverse. Her future is authentic transformation of the educational system for our future leaders using immersive technologies in the Metaverse. More recently, she founded Metaverse United, LLC where she helps people find where they belong in the embodiment of the internet called the Metaverse. Learn more at UnitetheMetaverse.
\n\n\n\'',NULL,614595),('3_Saturday','12','12:00','12:30','N','ICSV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'I am still the Captain now!\'','\'Paul Brownridge\'','ICSV_716ccb8d66dc47a30887cd912cf707cd','\'Title: I am still the Captain now!Fresh from his DEFCON 31 marsec village talk, \'I am the Captain now\', Paul has another year\'s experience at sea from which to share stories of taking control of vessels.
\n\nAs it\'s timely, he will look at why the MV Dali incident wasn\'t a hack, dispelling ill-informed opinions from the wave of armchair experts that suddenly emerged, but more interestingly, ways that it so easily could have been a cyber event.
\n\nFinally, maritime cyber regulation is starting to catch up, but so many operators and technology providers are likely to be caught out by IACS UR E26 & 27
\n\nSpeakerBio: Paul BrownridgeThis presentation will be a combination of history lesson, technical introduction, and some demonstration. The target audience are those who may never had a chance to experience early microcomputers but want to get an introduction to the world of “retro computing.
\n\nToday everyone\'s laptop or smartphone either run an Intel, AMD, or ARM processor. And most probably can\'t tell you exactly what they have or know any details of them. It’s all a black box to most. But back in the 70s and 80s, computer hobbyists & hackers knew they had a Z80, 6502, 6809, 68000 or other processor, and often knew the details and could and did program them in assembly. But while the industry has moved past the Apple II, Atari 400/800/XL/XE, Commodore 64 et al, there are still many who continue to use and enjoy these computers. Even to build and create new and exciting items for them as well as brand new systems using this old tech.
\n\nIn this presentation, we will delve into microprocessor history of the 8-bit and early 16-bit systems, with a particular focus on the MOS 6502, one of the most popular microprocessors. We will touch a little on the systems that used the 6502, and take a quick look into how to program the 6502, even showing a couple of 6502-based systems. Importantly for many, we will delve into some of the resources available for those wishing to enter this world also.
\n\nSpeakerBio: Michael Brown, Security and Compliance Director at FRG SystemsMichael Brown is an information security professional and leader with years of experience in IT and information security/cybersecurity. While a security consultant advisor, he worked with clients in the healthcare, financial, manufacturing, and other sectors to assess their security programs and work with them to improve and mature their security posture. He is now Security and Compliance Director for FRG Systems, ensuring their HITRUST and SOC compliance. He is experienced with a variety of security regulations, frameworks, and standards. A seasoned speaker and presenter, he has presented at SFISSA, BSides Tampa, St Pete, and Orlando, HackMiamiCon, and ISSA International. He is an ISSA Fellow and Secretary and past president of the South Florida Chapter of ISSA and is a member of ISACA, ISC2, Infragard, and IAPP.
\n\nMy first video game system was the Atari 2600, my first computer was an Atari 800XL, and second was an Atari 1040STfm. Which I still have.
\n\n\n\'',NULL,614597),('3_Saturday','12','12:00','12:30','N','XRV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'XR for All: Accessibility and Privacy for Disabled Users\'','\'Dylan Fox\'','XRV_7c495ce4b0c970148f1502a7db8c74b9','\'Title: XR for All: Accessibility and Privacy for Disabled UsersExtended Reality (XR) technologies offer tremendous new possibilities for socializing, entertainment, training, and more. Unfortunately, many disabled users find themselves excluded from XR entirely or exposed to severe privacy risks for using it. In this talk, Dylan Fox, Director of Operations for the XR Access Initiative at Cornell Tech, will discuss the core challenges disabled people face in using XR, the tensions between privacy and assistive capabilities, and the open-source efforts happening now to ensure XR is accessible to everyone.
\n\nSpeakerBio: Dylan Fox, Director of Operations, XR Access Initiative at Cornell TechI\'m a designer, manager, and researcher specializing in accessibility for emerging technologies, particularly VR and AR. I aim to bring together user needs, technological capabilities, and stakeholder requirements to create accessible products.
\n\n\n\'',NULL,614598),('3_Saturday','12','12:30','12:59','N','ASV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'GPS spoofing: it\'s about time, not just position\'','\'Ken Munro\'','ASV_da0b444d3dff75d27eeb1f0967e394a1','\'Title: GPS spoofing: it\'s about time, not just positionTalking to pilots and operators, an important aspect of GPS spoofing and jamming is being missed from the narrative in the media. We know about position spoofing, that\'s a given. What doesn\'t appear to be getting much attention is the effect of time spoofing.
\n\nThe most significant of these is an incident where time was spoofed a significant period into the future. This caused all digital certificates on board an aircraft to become invalid and caused all electronic communications to fail. As GPS clocks have protection against time being rolled backwards, but not forward, the aircraft was grounded for several weeks for systems to be reflashed and the clocks to be reset,
\n\nCoarse time spoofing could therefore ground entire fleets. We\'ll discuss this and potential mitigations. If time allows, we could touch on conventional RF navaids and their exposure to similar attacks.
\n\nSpeakerBio: Ken Munro, Partner and Founder at Pen Test PartnersKen Munro is Partner and Founder of Pen Test Partners, a firm of ethical hackers. He and colleagues hold private pilot’s licenses and have been interested in aviation security for many years. They also publish and blog about their research into aviation cyber security, covering topics from airborne connectivity, the potential risks of publicly available avionics component information, and even the entire attack surface of the modern airport. Ken and Pen Test Partners have also been invited to speak at various aviation industry events, and on aviation at specialist security events such as DEF CON’s Aerospace Village, the Global Connected Aircraft Summit, and the Aviation ISAC Summit among others.
\n\n\n\'',NULL,614599),('3_Saturday','12','12:30','12:59','N','ICSV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Manufacturing- Lessons Learned, Lessons Taught\'','\'Tim Chase\'','ICSV_92d225615e36bf45a9704beee5bc63a9','\'Title: Manufacturing- Lessons Learned, Lessons TaughtManufacturing continues to be a top targeted sector by cyber threat actors, especially by ransomware. Dragos 2023 Year In Review showed that 70% of all ransomware victims were manufacturers. The Global Resilience Federation Ransomware Report shows very similar figures. There are some specific elements that make manufacturing a particularly attractive target for ransomware such as the lack of network security and segmentation, IT compromise that often leads to operational disruption (even if there is not OT network intrusion), manufacturing having tight margins, a lack of a compliance regime, and organizational size all contributing. Manufacturing continues to be a top targeted sector by cyber threat actors, especially by ransomware. Dragos 2023 Year In Review showed that 70% of all ransomware victims were manufacturers. The Global Resilience Federation Ransomware Report shows very similar figures. There are some specific elements that make manufacturing a particularly attractive target for ransomware such as the lack of network security and segmentation, IT compromise that often leads to operational disruption (even if there is not OT network intrusion), manufacturing having tight margins, a lack of a compliance regime, and organizational size all contributing.
\n\nWhile manufacturing as a whole lags many other critical infrastructure sectors in aspects of cyber security there is a category that manufacturing has consistently led other industry verticals in, automation and device connectivity in the operational technology domain. Manufacturer’s OT network environments increasingly are set up as a network or hyper connected IIoT devices, where all data goes to the cloud and often comes back from the cloud to offer changes, and all participants have access into the OT network domain allowing manufacturing to push the boundaries of what products are technically possible, what production efficiencies are possible, and how OT environments can scale as never before.
\n\nThis has obviously come with downside risks that manufacturers are only now beginning to grapple with and to make meaningful changes to better protect their networks and the gains they have made. Their growing pains can serve as roadmap of what to do and what not to do as many other OT intensive industry verticals are moving very quickly into similar use cases.
\n\nSpeakerBio: Tim Chase, Program Director at Global Resilience Federation (GRF)Tim Chase is a Program Director with the Global Resilience Federation (GRF), he brings nearly a decade of collective defense and intelligence analysis experience to the communities he leads. He has worked across various critical infrastructure sectors in several information sharing communities. He leads the Manufacturing Information Sharing and Analysis Center (MFG-ISAC) where he engages members to facilitate cyber security success for manufacturers and their support ecosystem. The MFG-ISAC facilitates the exchange of cyber threat intelligence, vulnerabilities, and mitigation strategies while fostering member collaboration with other key sectors and government agencies to respond and prevent critical threats and incidents.
\n\n\n\'',NULL,614600),('3_Saturday','12','12:30','13:15','N','PLV','LVCC West/Floor 2/W222-Creator Stage 4','\'Pick Your Poison: Navigating a secure clean energy transition\'','\'Emma Stewart\'','PLV_cc974c418dd7ff35b8ec5ebc4c49dac1','\'Title: Pick Your Poison: Navigating a secure clean energy transitionClean Energy technology, while essential for the energy transition, often utilizes components sourced from adversarial countries, potentially increasing cyber vulnerabilities, especially in systems managed by smaller utilities with limited cybersecurity expertise. The previous approaches of \'rip and replace\' to eliminate foreign components have proved inadequate and if applied to clean energy, may be economically and technically destabilizing.
\n\nThis policy session will also delve into the broader implications of a digitalized supply chain, where simplistic views of cybersecurity do not suffice. Instead, a nuanced understanding of the operational and physical realities of energy systems is essential. By discussing how to balance immediate economic pressures against long-term sustainability and security, the session aims to foster a more informed and effective policy discourse.
\n\nIn summary, as the energy sector evolves to include diverse infrastructure systems—ranging from hospitals to military installations—the need for a robust, informed, and agile policy approach to cybersecurity becomes increasingly critical. This session will provide a platform for critical discourse to ensure that the transition to renewable energy is both secure and sustainable, aligning climate goals with national security imperatives
\n\nSpeakerBio: Emma Stewart, Chief Power Grid Scientist at Idaho National LabsEmma M. Stewart, Ph.D., is a respected power systems security specialist with expertise in power distribution and operational cybersecurity. Emma is currently the Chief Power Grid Scientist at Idaho National Labs and the Director of the Center for Securing the Digital Energy Transition.
\n\nFrom 2021 to 2023, Dr. Stewart served as the Chief Scientist at the National Rural Electric Cooperative Association (NRECA), where she led NRECA Research and the Co-Op Cyber Program. Her responsibilities included providing electric cooperatives with education, training, information sharing, incident support, technology integration, and R&D services.\nAt Lawrence Livermore National Laboratory, she served as the Associate Program Leader for Cyber and Infrastructure Resilience, managing research on prevention and response to high consequence grid events such as wildfire and cyber attack. At Lawrence Berkeley National Laboratory, she was the Deputy Group Leader in the Grid Integration Group and played a major role in developing the first micro-synchrophasor network in the US enabling the data to be used to prevent wildfire and equipment failure.
\n\nBefore joining national laboratories, Dr. Stewart worked as a Senior Engineer at BEW Engineering, where she led distribution planning, modeling, and analysis consulting for large utility customers in Hawaii and California. Dr. Stewart has made significant contributions to the field of security of power systems, receiving patents for innovations in power distribution systems and data analytics, and is one of the few who truly works at the center of the clean energy, energy security and cybersecurity venn diagram.
\n\n\n\'',NULL,614601),('3_Saturday','13','12:30','13:15','Y','PLV','LVCC West/Floor 2/W222-Creator Stage 4','\'Pick Your Poison: Navigating a secure clean energy transition\'','\'Emma Stewart\'','PLV_cc974c418dd7ff35b8ec5ebc4c49dac1','\'\'',NULL,614602),('3_Saturday','13','13:00','13:59','N','DC','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'All Your Keyboards Are Belong to US!\'','\'Federico Lucifredi\'','DC_4b2c155065bd83f0ae1abbe320781960','\'Title: All Your Keyboards Are Belong to US!This is a live tutorial of hacking against keyboards of all forms. Attacking the keyboard is the ultimate strategy to hijack a session before it is encrypted, capturing plaintext at the source and (often) in much simpler ways than those required to attack network protocols.
\n\nIn this session we explore available attack vectors against traditional keyboards, starting with plain old keyloggers. We then advance to \"Van Eck Phreaking\" style attacks against individual keystroke emanations as well as RF wireless connections, and we finally graduate to the new hotness: acoustic attacks by eavesdropping on the sound of you typing!
\n\nUse your newfound knowledge for good, with great power comes great responsibility!
\n\nA subset of signal leak attacks focusing on keyboards. This talk is compiled with open sources, no classified material will be discussed.
\n\nSpeakerBio: Federico Lucifredi, Product Management Director, Ceph Storage at IBM and Red HatFederico Lucifredi is the Product Management Director for Ceph Storage at IBM and Red Hat and a co-author of O\'Reilly\'s \"Peccary Book\" on AWS System Administration. Previously, he was the Ubuntu Server product manager at Canonical, where he oversaw a broad portfolio and the rise of Ubuntu Server to the rank of most popular OS on Amazon AWS. A software engineer-turned-manager at the Novell corporation, he was part of the SUSE Linux team, overseeing the update lifecycle and delivery stack of a $150 million maintenance business. A CIO and a network software architect at advanced technology and embedded Linux startups, Federico was also a lecturer for over 200 students in Boston University\'s graduate and undergraduate programs, and simultaneously a consultant for MIT implementing fluid-dynamics simulations in Java.
\n\n\n\'',NULL,614603),('3_Saturday','13','13:00','13:30','N','ASV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Fly Catcher - How I Developed a Low-Cost Raspberry Pi Based Device for ADS-B Spoof\'','\'Angelina Tsuboi\'','ASV_d5b3d0da7acedef3a13155b39148902f','\'Title: Fly Catcher - How I Developed a Low-Cost Raspberry Pi Based Device for ADS-B SpoofAs a pilot and cybersecurity researcher, I am very interested of the nexus between aviation and security. To explore this interest, I developed a device called Fly Catcher - a device that detects for aircraft spoofing by monitoring for malicious ADS-B signals in the 1090MHz frequency. The device consists of a 1090 MHz antenna, a Flight Aware RTL SDR, a custom 3D printed case, a portable battery charger, and a MicroUSB cable.
\n\nThe device receives ADS-B information from the antenna and the software-defined radio, which is then passed into a Convolutional Neural Network written with Python to detect whether or not the aircraft is spoofed. I trained the neural network on a dataset of valid ADS-B signals as well as a generated spoofed set of aircraft signals, to teach Fly Catcher how to detect and flag any suspicious ADS-B signals. It does this by checking for discrepancies in the signal\'s characteristics, such as its location, velocity, and identification.
\n\nThe result outputted by the neural network is then displayed onto a radar screen allowing users to detect spoofed aircraft near them. To test the device, I brought it with me for an hour-long flight to scan for a wide variety of aircraft enroute. After the flight, the data was fed into the Neural Network to analyze any spoofed aircraft I might have encountered.
\n\nSpeakerBio: Angelina TsuboiAngelina Tsuboi is a pilot and an aerospace cybersecurity instructor with over a decade of development experience. In addition to being a scientific researcher for NASA, she has been involved in various CubeSat initiatives and enjoys tinkering with microcontrollers.
\n\n\n\'',NULL,614604),('3_Saturday','13','13:00','13:30','N','LPV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Locksport Competitions: Compete in the Olympics of Locks \'','\'Matt Burrough\'','LPV_782fd0b855860c36294908367f446eef','\'Title: Locksport Competitions: Compete in the Olympics of LocksPicking locks is fun, but what if you want more? Ever considered competing against other lock enthusiasts? In this talk we\'ll discuss the exciting lock-related competitions that take place around the world, how to find them, and what it takes to compete and win.
\n\nSpeakerBio: Matt BurroughMatt Burrough is a devoted locksport hobbyist who has competed in a variety of international lockpicking tournaments. He also co-leads the Seattle Locksport group. During the day, Matt manages a professional red team. He is the author of Pentesting Azure Applications (No Starch Press, 2018) and co-author of Locksport (No Starch Press, 2024).
\n\n\n\'',NULL,614605),('3_Saturday','13','13:15','13:59','N','PLV','LVCC West/Floor 2/W222-Creator Stage 4','\'Hacker vs AI: perspectives from an ex-spy\'','\'Harriet Farlow\'','PLV_ec29f8ca1803501f7aef8d531bdea9bf','\'Title: Hacker vs AI: perspectives from an ex-spyThe convergence of Artificial Intelligence (AI) and national security not only fuels international discourse but also inspires narratives within popular culture. Harriet is no stranger to these myths, as an ex-intelligence professional who specialized in applying machine learning to cyber security. In fact, she likes to lean into them. This makes her previous bosses nervous, so she uses pop culture as the lens through which to communicate her insights - and in this talk she utilizes the worlds of Ghost in the Shell, Neuromancer and Mission Impossible.
\n\nThrough these stories, as well as her own decade of experience working at the intersection of artificial intelligence and cyber security, Harriet discusses the extent to which fears surrounding AI systems are applicable to real life national security settings. From cyber warfare to AI-driven surveillance, she unravels the interplay between hackers, AI, and government agencies. This session is interactive, with demos of how these AI systems actually work under the hood, as well as discussion time. Blur the lines between human and machine, and understand how you can contribute your skills to prevent our own modern day Puppet Master.
\n\nSpeakerBio: Harriet Farlow, CEO at Mileva Security LabsHarriet Farlow is the CEO of AI Security company Mileva Security Labs, a PhD Candidate in Machine Learning Security, and creative mind behind the YouTube channel HarrietHacks. She missed the boat on computer hacking so now she hacks AI and Machine Learning models instead. Her career has spanned consulting, academia, a start-up and Government, but don’t judge her for that one. She also has a Bachelor in Physics and a Master in Cyber Security. She calls Australia home but has lived in the UK and the US. Her ultimate hack was in founding her own AI Security company but if Skynet takes over she will deny everything and pretend the AI stood for Artificial Insemination, like her Mum thinks it does. (Sorry Mum but I’m not really a Medical Doctor).
\n\n\n\'',NULL,614606),('3_Saturday','13','13:30','14:15','N','MISC','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'How we built our REDACTED THING this year, 5n4ck3y, && AMA Panel on Making Badges\'','\'AND!XOR \'','MISC_cb1c448bd9405f53c7d68d1e539b2bcb','\'Title: How we built our REDACTED THING this year, 5n4ck3y, && AMA Panel on Making BadgesSee talk title, kids these days dont read more than a sentence anyway. Seriously though, we get asked a lot of random custom electronics, hardware hacking, and badge questions, here\'s your chance to throw them at us while we drink a beer and pretend to know the right answer
\n\nSpeakerBio: AND!XORAND!XOR is a hacker group of engineers who make electronic badges, retrofit snack machines, shenanigans, and other useful tech such as the wireless microwave oven sensor.
\n\n\n\'',NULL,614607),('3_Saturday','14','13:30','14:15','Y','MISC','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'How we built our REDACTED THING this year, 5n4ck3y, && AMA Panel on Making Badges\'','\'AND!XOR \'','MISC_cb1c448bd9405f53c7d68d1e539b2bcb','\'\'',NULL,614608),('3_Saturday','13','13:30','13:59','N','ASV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Small Satellite Modeling and Defender Software\'','\'Kyle Murbach\'','ASV_57b339313a250bb826bb384d10724f13','\'Title: Small Satellite Modeling and Defender SoftwareThe proliferation of ride-share rocket launches and decrease in the overall cost of sending payloads to space due to recent successes in the private space industry has made small satellite systems a cost effective and time-efficient method to put research vehicles in space.
\n\nThe University of Alabama in Huntsville’s Center for Cybersecurity Research and Education (CCRE) has been funded by the U.S. Army Space and Missile Defense Command (SMDC) over the last several years to investigate the overall cybersecurity posture of small satellite systems. Numerous iterations of student teams led by CCRE and SMDC staff members have managed to accomplish notable research milestones.
\n\nThis talk is meant to inform the next generation in aerospace cybersecurity by discussing our major research milestones, relevant findings, lessons learned, and areas of concern relating to the overall cybersecurity posture of small satellite systems.
\n\nRelevant items to be covered in this talk include what it took to build a working small satellite system model as close to real-world as possible (Raspberry Pis vs PyCubed boards vs other contenders), implementation of small satellite functions (payload camera, radio communications, positioning/sensor array, orbital simulation, battery/solar charging, etc.), performing vulnerability analysis against the implemented model, creating different attack scenarios (MitM, DoS, spoofing, hardware attacks), implementing defensive mitigations (hardening scripts, command validation, health checks), and the development of a lightweight software solution named “Small Satellite Defender” (SSD) designed to protect satellites from potential threat vectors.
\n\nSpeakerBio: Kyle Murbach, Principal Research Engineer, Center for Cybersecurity Research and Education (UAH/CCRE) at University of Alabama in HuntsvilleDr. Kyle Murbach is a Principal Research Engineer at the University of Alabama in Huntsville’s Center for Cybersecurity Research and Education (UAH/CCRE). With over 9 years of experience as a cybersecurity researcher and software reverse engineer with industry and government, he is responsible for leading numerous cybersecurity related projects as PI, Co-PI, and Subject Matter Expert in various topic areas related to malware analysis, tool development, reverse engineering, vulnerability analysis, and computer network operations.
\n\nAt UAH/CCRE, Dr. Murbach is the technical director for the Space Testing and Resiliency Simulation (STARS) Team where he has led numerous students in the design and development of a small satellite testbed and vulnerability analysis of small satellite systems over the last four years. Dr. Murbach has also led technical development efforts to create an automated malware analysis platform which integrates open-source tools to create high confidence summary information of potential malicious activity in binary files. He also played a key role in the development of a testbed for analysis of malware on non-x86 architectures using emulation and integrated open-source tools to collect comprehensive system data during execution and create visualizations that display potential indicators of compromise to the user. He has worked with private industry partners to assess, reverse engineer, and identify any potential vulnerabilities in a custom cryptographic software.
\n\nDr. Murbach is CISSP certified, he holds his PhD in Cyber Operations from Dakota State University (2019) and BS/MS degrees in Computing Security from Rochester Institute of Technology (2016) as a CyberCorps Scholarship for Service graduate. He has also taught software reverse engineering as an adjunct lecturer for the University of Colorado at Boulder for the last three years.
\n\n\n\'',NULL,614609),('3_Saturday','14','14:00','14:59','N','MISC','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Color Blasted Badge Making: How Hard Could It Be ?\'','\'Abhinav Panda,Bradán Lane,Hamster\'','MISC_7a471b952ba5382a683976276f2140d8','\'Title: Color Blasted Badge Making: How Hard Could It Be ?Without plan or intent, three Makers took three paths to achieve colorful badges and none were smart enough to turn back. Join our panel discussion to learn our different approaches, the strengths and weaknesses of each, and ask your probing questions. Perhaps you too will be foolish enough to venture into the technicolor labyrinth.
\n\nSpeakers:Abhinav Panda,Bradán Lane,HamsterAbhinav\'s artistry comes from the times he used to sneakily paint drawings made by his sister. His hacking career began as a toddler, disassembling his toys but never put them back together. His entrepreneurial roots come from selling snacks at a school fair and making a loss of $10. Having learned how not to make money, he launched Hackerware.io and the rest, as they say, is history.
\n\nSpeakerBio: Bradán LaneBradán graduated third grade with a degree in crayon. This, combined with his unwavering belief in \"how difficult could it be\", makes him eminently qualified to speak on the nuances of color theory in electronics design.
\n\nSpeakerBio: HamsterHamster is an engineer who watched too much MacGyver as a kid and is now doomed to invent more and more complicated ways to make the Angry Pixies dance.
\n\n\n\'',NULL,614610),('3_Saturday','14','14:00','14:30','N','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'Efficient Bug Bounty Automation Techniques\'','\'Gunnar Andrews\'','BBV_2825d9808c9403b71da79306fcfe5a2f','\'Title: Efficient Bug Bounty Automation TechniquesIf you\'re a bug bounty hunter, time can literally mean money. For this reason, automation can be a vital part of how you hunt. But automation has limits. Whether this is hardware limits, target rate limits, WAFs & bot detection, and the list goes on. Successful automation techniques should EFFICIENTLY enhance your hunting. Whether it is being first to a fresh target, or finding targets other hunters haven\'t. We will go over some techniques and tools to get ahead of the pack, without wasting all your time and money.
\n\nSpeakerBio: Gunnar AndrewsI am a hacker, engineer, gamer, and creator from the Midwest. I enjoy being involved in the bug bounty community, meeting new hunters, learning techniques, and building cool software! I have a passion for writing security tools and building systems, as well as creating the best and biggest community of friends I can! I love to talk automation, hacking, software/systems, and just about anything else tech.
\n\n\n\'',NULL,614611),('3_Saturday','14','14:00','14:30','N','BHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'You got a lighter? I need to do some Electroporation.\'','\'James Utley,Joshua HIll,Phil Rhodes\'','BHV_5f46b0b51bc01f6a87c77d04e56a0874','\'Title: You got a lighter? I need to do some Electroporation.Biological warfare is a phenomenon that spans human history, tracing its roots to ancient times rather than being a recent invention. To gain insights into bioweapons\' current and future landscape, it is imperative to look into historical examples of conventional biological warfare and understand how methods were devised and implemented. Our future hinges significantly on our ability to foster transparency and creativity within the global community. This optimism is intertwined with our comprehension of technological advancements, the rapid pace of innovation, the interconnectedness of various domains, and the imperative task of constructing practical defenses against emerging threats. As a poignant reminder, our vulnerability lies in technological shortcomings and our collective failure of imagination. This discourse extends to establishing social norms and mores that are pivotal in shaping attitudes toward biological warfare and encompasses an exploration of prospective research endeavors and emerging initiatives leveraging artificial intelligence (AI) in the realm of bioweaponry. As we confront the intricate interplay between technological advancements and human agency, it is imperative to remain vigilant and resolute in our pursuit of a future safeguarded against the malevolent exploitation of biological agents.
\n\nSpeakers:James Utley,Joshua HIll,Phil RhodesMeet Dr. James Utley, PhD, a distinguished Immunohematology expert and cellular therapy pioneer. A Johns Hopkins alum, he transformed cellular transfusion at the Department of Defense. A true Biohacker, James pushes the boundaries of CRISPR and genetic engineering through self-experimentation. As the former Technical Director at a large healthcare organization, he oversaw 150K successful cellular transfusions, merging technical expertise with innovative practices. His avant-garde publications and FDA-approved breakthroughs underscore his impact. Now, as the Chief Scientific Officer at Auragens, James is a trailblazer in the stem cell revolution. Dubbed the “pirate” of the cellular world, he continues to reshape and advance the field, making a significant difference every day.
\n\nSpeakerBio: Joshua HIllAviation\'s Traffic Collision Avoidance System (TCAS) II has been touted as a foolproof safety net since its introduction in the 1980s. But what if we told you that this supposedly impenetrable system can be compromised? For years, attacks on TCAS have been mere theoretical exercises, foiled by an (accidental) built in security feature. That is, until now. In this presentation, we\'ll reveal the first working RF attacks on TCAS II, demonstrating how to hijack collision avoidance displays and create fake Traffic Advisories (TAs) and Resolution Advisories (RAs). We\'ll walk you through the technical challenges of building the necessary tooling using commercial off-the-shelf hardware.
\n\nBut that\'s not all. Our research has also uncovered a second attack capable of remotely disabling an aircraft\'s TCAS capabilities, rendering it vulnerable to mid-air collisions. The implications are clear: if our findings can be exploited in real-world scenarios, the safety of millions of passengers hangs in the balance. Join us as we lift the lid on this shocking vulnerability and explore the dark side of aviation security.
\n\nSpeakers:Giacomo Longo,Vincent LendersGiacomo Longo is a Ph.D. student by day, and a master of mayhem by night. When he\'s not burrowing through the depths of transportation system security, specifically primary and secondary radar systems, you can find him conjuring chaos as an engineer with a passion for solving what he thinks are the world\'s most intriguing problems. By harnessing his love for disorder into scientific research, Giacomo is on a mission to uncover the secrets of transportation systems - or at least, that\'s what he tells his thesis committee. Until the world takes notice, he\'ll continue to stir up trouble in the name of scientific progress.
\n\nSpeakerBio: Vincent Lenders, Cybersecurity Researcher and Head at Cyber-Defence CampusVincent Lenders is a cybersecurity researcher from Switzerland where he acts as the Head of the Cyber-Defence Campus. He has a Master and PhD degree from ETH Zurich in electrical engineering. He has over 15 years of practical experience in cybersecurity with a strong focus on the security of wireless networks. He is the co-founder of the OpenSky Network and has published over 150 scientific papers and two books, and presents regularly at cybersecurity conferences including Usenix Secuirty, DEFCON, IEEE S&P, NDSS, ACM CCS.
\n\n\n\'',NULL,614613),('3_Saturday','14','14:30','15:15','N','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'Leveraging AI for Smarter Bug Bounties\'','\'Diego Jurado,Joel \"Niemand_Sec\" Noguera\'','BBV_329bea5cdb6c89174c77c1975011bdc3','\'Title: Leveraging AI for Smarter Bug BountiesAs security researchers, we constantly attempt to stay ahead of the curve, seeking innovative solutions to enhance our offensive security strategies. In recent years, the advent of artificial intelligence (AI) has introduced a new dimension to our efforts, particularly in the realm of bug bounties and pentesting. While significant attention has been given to understanding and mitigating attacks against AI systems, the potential of AI to assist in the offensive security field remains largely unclear.
\n\nThis talk pretends to dig into the research and development process undertaken to create an AI agent designed to augment the bug bounty and pentesting workflow. Our AI agent is not merely a theoretical concept but a practical tool aimed at enhancing the efficiency and effectiveness of security researchers.
\n\nWe have conducted extensive research to understand how AI can mimic and enhance human intuition and creativity in identifying vulnerabilities. While this may sound trivial, there is little evidence of this being tested before on generative AI agents. Our work breaks new ground by pushing the boundaries of what AI can achieve in offensive security.
\n\nWill AI become an indispensable tool in our arsenal, capable of autonomously identifying and exploiting vulnerabilities? Join us as we explore the possibilities and implications of AI as an offensive assistant in this new era of offensive security.
\n\nSpeakers:Diego Jurado,Joel \"Niemand_Sec\" NogueraDiego Jurado is a security researcher at XBOW, a company dedicated to developing innovative AI for offensive security. Diego is an offensive security professional with an extensive background in bug bounty, penetration testing and red team. Prior to this role, Diego has held positions at companies such as Microsoft Xbox, Activision Blizzard King and Telefónica. Additionally, Diego participates in bug bounty programs and has managed to establish himself in the top 38 all time leaderboard of HackerOne. Diego is part of Team Spain, champion of the Ambassadors World Cup 2023 a bug bounty competition organized by HackerOne.
\n\nSpeakerBio: Joel \"Niemand_Sec\" Noguera, Security Researcher at XBOWJoel Noguera is a security researcher at XBOW, a company dedicated to developing innovative AI for offensive security. Joel is a security professional and bug hunter with more than eight years of expertise in exploit development, reverse engineering, security research and consulting. He has actively participated in Bug Bounty programs since 2016, reaching the all-time top 60 on the HackerOne leaderboard. Before joining XBOW, he was part of Immunity Inc., where he worked as a security researcher for three years. Joel has presented at Recon, BlackHat Europe, EkoParty and BSides Keynote Berlin, among others.
\n\n\n\'',NULL,614614),('3_Saturday','15','14:30','15:15','Y','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'Leveraging AI for Smarter Bug Bounties\'','\'Diego Jurado,Joel \"Niemand_Sec\" Noguera\'','BBV_329bea5cdb6c89174c77c1975011bdc3','\'\'',NULL,614615),('3_Saturday','14','14:30','15:15','N','BHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'The Past, Present, and Future of Bioweapons\'','\'Lucas Potter,Meow-Ludo Disco Gamma Meow-Meow ,Xavier Palmer\'','BHV_1a61d7e31f0a1db65ecc2bd2094bc34f','\'Title: The Past, Present, and Future of BioweaponsBiological warfare is a phenomenon that spans human history, tracing its roots to ancient times rather than being a recent invention. To gain insights into bioweapons\' current and future landscape, it is imperative to delve into historical examples of conventional biological warfare and understand how methods were devised and implemented.
\n\nHowever, amidst the exploration of historical precedents, it becomes evident that our optimism for the future hinges significantly on our ability to foster transparency and creativity within the global community. This optimism is intertwined with our comprehension of technological advancements, the rapid pace of innovation, the interconnectedness of various domains, and the imperative task of constructing practical defenses against emerging threats. It is crucial to acknowledge that despite the sophistication of technology, its efficacy remains intricately linked to human ingenuity. As a poignant reminder, our vulnerability lies in technological shortcomings and our collective failure of imagination. Creativity, a distinctly human attribute, stands as the cornerstone in the perpetual endeavor to safeguard against unforeseen adversities.
\n\nFurthermore, the discourse extends to establishing social norms and mores that are pivotal in shaping attitudes toward biological warfare. Addressing the proliferation of disinformation and its potential to fuel the proliferation and utilization of bioweapons becomes imperative. This discussion encompasses an exploration of prospective research endeavors and emerging initiatives leveraging artificial intelligence (AI) in the realm of bioweaponry. Notably, the utility of Generative AI in affecting societal shifts toward the normalization of bioweapon deployment warrants scrutiny. Additionally, the current societal landscape, particularly the desensitization of internet denizens to overt hostile actions, poses profound implications for the future trajectory of biological warfare.
\n\nIn essence, a comprehensive understanding of historical precedents, coupled with a proactive approach towards fostering transparency, creativity, and the cultivation of robust societal norms, is indispensable in navigating the complexities of bioweapon proliferation. As we confront the intricate interplay between technological advancements and human agency, it is imperative to remain vigilant and resolute in our pursuit of a future safeguarded against the malevolent exploitation of biological agents.
\n\nSpeakers:Lucas Potter,Meow-Ludo Disco Gamma Meow-Meow ,Xavier PalmerLucas has been an engineer with BiosView, specifically focusing on BioCyberSecurity, for the past five years. Previous efforts have resulted in 14 academic journal articles and 22 conference articles.
\n\nSpeakerBio: Meow-Ludo Disco Gamma Meow-MeowMeow-Ludo is an Australian biohacker, serial political candidate, and general provocateur. He is interested in transdisciplinary technological systems and how they can be used and abused. He is perhaps most well known for taking the government to court over his right to use an implanted travel-pass, and through doing so opened up a conversation around the rights that individuals have over the technology they use that extended around the world. He is currently working on life extension gene therapy design and assisting with psilocybin therapies for depression.
\n\nSpeakerBio: Xavier PalmerXavier comes from multiple disciplines and is also part of the virtual lab, BiosView. He is fond of promoting positive and creative projects with non-traditional students that foster curiosity and conversation around technologies that interface with all aspects of biology.
\n\n\n\'',NULL,614616),('3_Saturday','15','14:30','15:15','Y','BHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'The Past, Present, and Future of Bioweapons\'','\'Lucas Potter,Meow-Ludo Disco Gamma Meow-Meow ,Xavier Palmer\'','BHV_1a61d7e31f0a1db65ecc2bd2094bc34f','\'\'',NULL,614617),('3_Saturday','15','15:00','15:30','N','PSV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Bypass 102\'','\'Karen Ng,Terry Luan\'','PSV_fccae76523b1f02c6d1af49ef29a6098','\'Title: Bypass 102Now that you’re familiar with the techniques used to bypass locks in some door installation, come and learn the remediations for these common bypasses. In this talk, you will learn how to protect against or harden against attacks such as the Under the Door attack, latch slipping, and more.
\n\nSpeakers:Karen Ng,Terry LuanKaren is a Risk Analyst at GGR Security, and is one of GGR\'s entry team for physical penetration tests. She has a strong interest in physical security, delivering trainings on physical security vulnerabilities to a wide range of audiences. Karen comes from a background in engineering and has extensive experience in major event logistics. She is one of the Village Leads at the Physical Security Village, and works with the rest of the PSV team to teach how to recognize and fix security exploits to the community. Graphic design is her passion.
\n\nSpeakerBio: Terry LuanTerry is a recent Computer Engineering graduate. As one of the Village Leads for the Physical Security Village, he helps with much of the Village logistics, as well as volunteer and external management. His main areas of interest are in security (both physical and virtual) and lockpicking, and he loves teaching people about various security exploits.
\n\n\n\'',NULL,614618),('3_Saturday','15','15:00','15:30','N','ICSV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'War Games: Red Team for OT (Based on Real World Case Studies)\'','\'Shishir Gupta\'','ICSV_becf1ddd7d3d6b5d6462d9fbb4063373','\'Title: War Games: Red Team for OT (Based on Real World Case Studies)In this talk, Shishir will share some critical insights from performing a decade worth of Red Team (attack simulation) exercises for large-scale industrial operations across the globe.
\n\nThe presentation will also cover real-world examples of attack vectors leveraged by Google\'s Mandiant Red Team while performing offensive security exercises for operational technology and control system environments.
\n\nThis talk will cover:
\n\nShishir specialises in offensive security for critical infrastructure and operational technology, and has led penetration testing and attack simulation (red team) exercises for 50+ industrial operations across the globe. He has a unique experience of conducting technical assessments across a wide variety of critical infrastructure and cyber physical sectors (including power and utilities, road transportation, rail transportation, air traffic control, industrial manufacturing, resource mining, oil and gas, telecommunications and building management systems). In his current role, Shishir serves as Technical Manager and Function Lead for ICS-OT Red Team at Mandiant (a Google company).
\n\n\n\'',NULL,614619),('3_Saturday','15','15:15','15:59','N','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'I\'ve got 99 problems but a prompt injection ain\'t pineapple\'','\'Chloé Messdaghi,Kasimir Schulz\'','BBV_7ecc47fe3206727caabfd190ff9228e5','\'Title: I\'ve got 99 problems but a prompt injection ain\'t pineappleThe ethical and secure disclosure of vulnerabilities in AI has emerged as a pivotal challenge, compounded by the need to address biases and misinformation that often cloud the true nature of these vulnerabilities. This talk delves into the intricate dynamics of vulnerability disclosure within AI, balancing transparency with security. We\'ll dissect the unique challenges AI presents, such as data bias exploitation and model manipulation, which can amplify the impact of vulnerabilities. Through a lens of real-world examples and recent disclosures, we\'ll navigate the complexities of responsible vulnerability management in AI. Our discussion will not only aim to shed light on these critical issues but also inspire a unified approach to refining disclosure processes. This concerted effort is vital for enhancing the integrity of AI systems and bolstering public trust in their use.
\n\nSpeakers:Chloé Messdaghi,Kasimir SchulzChloé Messdaghi is the Head of Threat Intelligence at HiddenLayer, leading efforts to secure AI measures and promote industry-wide security practices. A sought-after public speaker and trusted authority for journalists, her expertise has been widely featured in the media. Recognized as a Power Player by Business Insider and SC Media, Chloé has made significant contributions to cybersecurity. Outside of work, she is dedicated to philanthropy, advancing industry progress, and promoting societal and environmental well-being.
\n\nChloé Messdaghi serves as the Head of Threat Intelligence at HiddenLayer, where she spearheads efforts to fortify security for AI measures and fosters collaborative initiatives to enhance industry-wide security practices for AI. A highly sought-after public speaker and trusted authority for national and sector-specific journalists, Chloé\'s expertise has been prominently featured across various media platforms. Her impactful contributions to cybersecurity have earned her recognition as a Power Player by esteemed publications such as Business Insider and SC Media.Beyond her professional endeavors, Chloé remains passionately committed to philanthropy aimed at advancing industry progress and fostering societal and environmental well-being.
\n\nSpeakerBio: Kasimir Schulz, Principal Security Researcher at HiddenLayerKasimir Schulz, Principal Security Researcher at HiddenLayer, is a leading expert in uncovering zero-day exploits and supply chain vulnerabilities in AI. His work has been featured in BleepingComputer and Dark Reading, and he has spoken at conferences such as FS-ISAC and Black Hat. Kasimir leads the development of advanced tools for automating vulnerability detection and implementing large-scale patches, fortifying systems against supply chain attacks. His dedication to proactive defense measures sets a new standard in cybersecurity resilience.
\n\n\n\'',NULL,614620),('3_Saturday','15','15:15','15:59','N','ESV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Reverse engineering and hacking Ecovacs robots\'','\'Dennis Giese,Braelynn\'','ESV_7fcf3dfd0ccec03ca990a07845e1ccb3','\'Title: Reverse engineering and hacking Ecovacs robotsWere you ever wondering why a vacuum robot or a smart air purifier needs multiple cameras and microphones? How secure are these devices? Can the devices be used to potentially spy on you?
\n\nFor the past 5 years we have been presenting ways to hack and root vacuum robots at various events like the c3 or the DEFCON. In all these cases it covered vacuum robots by Roborock, Dreame, Xiaomi and some smaller companies. However, did we ever take a look at other vendors and maybe some new interesting device classes? In this talk we do exactly that, and will take a deep dive into Ecovacs robots! Ecovacs is the current market leader for smart home robots and recently expanded in other areas of home robotics.
\n\nYou will be surprised how many worrisome things we found: broken crypto, missing TLS certificate verification, honor-system based ACLs, lots of RCEs, broken factory resets and unauthorized live camera access.
\n\nWe will discuss our and other researchers experience with reporting bugs to the company and why one cannot trust third party certification agencies. In regard to trust, we will also address why you need to be careful with the choice of your spouse or flatmates.
\n\nCome with us on a journey of having fun hacking interesting devices while exploring bad oversights, real problems and the ignorance of the manufacturer. Learn what ways there are to root these devices and to use them in a privacy-preserving way.
\n\nSpeakers:Dennis Giese,BraelynnDennis Giese is a researcher with the focus on the security and privacy of IoT devices. While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices. His most known projects are the documentation and hacking of various vacuum robots. He calls himself a \"robot collector\" and his current vacuum robot army consists of over 60 different models from various vendors. He talked about his research at the Chaos Communication Congress, REcon BRX, NULLCON, and DEFCON.
\n\nSpeakerBio: Braelynn, Security Consultant at Leviathan Security GroupBraelynn is a security consultant at Leviathan Security Group where she conducts security assessments of products for startups, Fortune 500 companies, and everything in between. She enjoys partaking in CTFs and researching the security anything that piques her curiosity. She has previously presented this research at conferences such as Chaos Communication Congress.
\n\n\n\'',NULL,614621),('3_Saturday','15','15:30','15:59','N','PSV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Access Control Done Right the First Time\'','\'Tim Clevenger\'','PSV_7707eff4769b045a48cea73e02ac710f','\'Title: Access Control Done Right the First TimeAre you looking to install or upgrade a physical access control system? Having installed, repaired and upgraded dozens of large and small access control system installations, I have found that many vendors install a minimum viable product that can leave your new system unreliable and trivial to bypass.
\n\nThis session will give you the tools and knowledge you need to work with your installer to implement your system using best practices in the following areas:
\n\nAs a low voltage hardware junkie, Tim has had the opportunity to design, expand, upgrade and repair numerous physical access control, alarm and video systems, including a stint at a security vendor where he was certified in Lenel access and video. Tim works today at SailPoint as a Cybersecurity Network Engineer.
\n\n\n\'',NULL,614622),('2_Friday','15','15:00','15:30','N','CHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Bluetooth Blues: Unmasking CVE 2023-52709 - The TI BLE5-Stack Attack\'','\'Kevin Mitchell\'','CHV_c6bdb925e89e1893db51535323976c9d','\'Title: Bluetooth Blues: Unmasking CVE 2023-52709 - The TI BLE5-Stack AttackIn this talk, I will detail my discovery and analysis of CVE 2023-52709, a vulnerability in the TI Bluetooth stack. This flaw allows the stack to fail in generating a resolvable Random Private Address (RPA), which can lead to a Denial of Service (DoS) for already bonded peer devices. The discussion will cover the technical aspects of the vulnerability, the implications for automotive security, and potential mitigation strategies.
\n\nSpeakerBio: Kevin MitchellKevin Mitchell is an innovative architect and cybersecurity expert renowned for uncovering vulnerabilities in embedded systems. With a background in hardware and software security, Kevin identified CVE-2023-52709, a flaw in the TI Bluetooth stack leading to potential DoS attacks. His work underscores his expertise in safeguarding interconnected devices. A regular at DEFCON\'s Car Hacking Village, Kevin is dedicated to enhancing the security of modern automotive systems.
\n\n\n\'',NULL,614623),('2_Friday','14','14:30','15:30','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Your Smartcard is Dumb: A Brief History of Hacking Access Control Systems\'','\'Chad Shortman\'','PSV_d05d63a0ac236a676d623a9287207ca9','\'Title: Your Smartcard is Dumb: A Brief History of Hacking Access Control SystemsHave you ever wondered how those little boxes that you tap your card to open doors work? What are they reading on the card? How do they ultimately unlock the door? And, are they even secure? In this talk, we will answer all of those questions and more. We will walk through how access-control systems, in general, work, and dig into the details of the most popular systems. Fortunately for the entertainment value of this talk, there be dragons in our doors. We will walk through some of the most high-profile attacks in detail and then dive into some more fundamental flaws with how the systems are designed. All of these discussions will be accompanied with live demos and first hand experience. After this talk, you will look at the world, especially doors, differently -- weaknesses everywhere! My hope is that we can all learn from past mistakes and create a more secure and less frustrating tomorrow together
\n\nSpeakerBio: Chad Shortman, CEO at AllthenticateChad is a computer security researcher, entrepreneur, and educator who is passionate about using technology to make people’s lives easier and their digital systems more secure. He is currently the CEO of Allthenticate, a company that provides a single smartphone-based solution for both keyless physical access control and passwordless digital authentication. Chad has over 15 years of research experience and has numerous academic publications in top conferences. Formerly, he was a member of the technical research staff at MIT Lincoln Laboratory, where he worked on offensive cybersecurity research. Chad received his Ph.D. from UCSB and is also a recipient of the prestigious IBM Ph.D. Fellowship. In addition to his academic credentials, Chad is a lifetime hacker. His hacking career started in his teenage years and has taken him to compete in some of the world\'s best capture the flag tournaments around the world as a member of the Shellphish hacking team.
\n\n\n\'',NULL,614624),('2_Friday','15','14:30','15:30','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Your Smartcard is Dumb: A Brief History of Hacking Access Control Systems\'','\'Chad Shortman\'','PSV_d05d63a0ac236a676d623a9287207ca9','\'\'',NULL,614625),('3_Saturday','16','16:30','16:59','N','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'Decoding Galah, an LLM Powered Web Honeypot\'','\'Adel Karimi\'','PHV_29c6b90b58d5fad96a9af2585d509b7b','\'Title: Decoding Galah, an LLM Powered Web HoneypotHoneypots are invaluable tools for monitoring internet-wide scans and understanding attackers\' techniques. Traditional low-interaction web honeypots use manual methods to emulate various applications or vulnerabilities. Introducing Galah, an LLM-powered web honeypot that mimics diverse applications with a single prompt. This honeypot dynamically crafts relevant HTTP responses, including headers and body content, to various HTTP requests, effectively simulating multiple web applications. In this talk, I will share lessons learned from building and deploying Galah and address two key questions: How do different large language models perform in generating HTTP messages? Does delivering authentic-looking HTTP responses increase attackers’ engagement with the honeypot?
\n\nSpeakerBio: Adel Karimi, Senior Security Engineer, Detection at NianticAdel Karimi is a senior security engineer, detection at Niantic. Before joining Niantic, he served as a lead security engineer at Google and Salesforce, specializing in detecting and responding to \"badness.\" Beyond his day job, Adel, a longtime member of the Honeynet Project, dedicates his expertise to developing open-source projects such as Galah, reflecting his keen interests in honeypots, network fingerprinting, and the broader spectrum of threat detection.
\n\n\n\'',NULL,614626),('3_Saturday','16','16:30','16:59','N','ASV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Offensive Security Testing: Safeguarding the Final Frontier\'','\'Andrzej Olchawa\'','ASV_47b377b609cf73771b05d64871ed7f5e','\'Title: Offensive Security Testing: Safeguarding the Final FrontierEvery space mission is underpinned by critical software that spacecraft operators utilize to monitor and command their assets. The Mission Control System serves as the primary interface with a spacecraft, marking it as a crucial component of the ground segment. For decades, these systems were operated exclusively within the confines of mission control rooms, accessible only to a select group of individuals through a limited number of computer workstations. This paradigm has recently shifted, with numerous space organizations enabling their personnel to manage space assets remotely, including from the comfort of their homes. This increased accessibility has rendered space-related systems susceptible to the same security vulnerabilities that affect our daily-use software.
\n\nDespite the adoption of newer technology stacks in many mission control systems—either through upgrades or complete replacements—the consideration of security requirements has often been deferred to the final stages of development or overlooked entirely. This negligence presents a significant risk, exposing the space sector to potential exploitation by malicious entities. Like in other technology domains, merely expanding strategies to incorporate security measures, instituting security policies, and integrating new security requirements are positive but insufficient. Despite being developed and tested by extensive teams and presumably adhering to best practices, we have observed firsthand how contemporary mission control systems remain prone to elementary security flaws.
\n\nThe most effective strategy to equip space systems with a robust defense against malicious actors involves integrating offensive security testing throughout their development lifecycle.
\n\nIn this presentation, we share the results of the security research we have recently conducted on the more established, open-source Mission Control Systems: NASA OpenMCT and YaMCS. We present the details of the vulnerabilities we have discovered in those two systems, and their potential impact on a space mission when they are chained together into one exploit. We conclude by presenting with the audience the lessons learned from those security assessments.
\n\nSpeakerBio: Andrzej OlchawaAndy Olchawa is an experienced Information Security Professional with over 15 years in the space industry, working as a Software Engineer and Technical Project Manager. For the past few years, he has focused on offensive security, specializing in vulnerability research, exploit development, and red team operations. He holds OSCP, OSWA, and OSWP certifications, and has been credited with several CVEs.
\n\n\n\'',NULL,614627),('3_Saturday','16','16:30','16:59','N','CHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Programming a CTS-V Gauge Cluster into an ATS-V, out of pure spite\'','\'Varjitt Jeeva\'','CHV_2d25f38468255fb25f2965134f376106','\'Title: Programming a CTS-V Gauge Cluster into an ATS-V, out of pure spiteSome cars are over-engineered, some are too basic, and some check every box except one. I did that research over months when trying to buy a new car, and landed on a 6MT Cadillac ATS-V while only wanting and dealing with Japanese cars, specifically Lexus/Toyota. The one thing it was missing was a digital gauge cluster, and programmers were asking $350, so I set off to figure it out myself. I then dove deep into GM electronics and programming, found a smart dude who initially cracked it all for free to spite all the money-grabbing gatekeepers, then became a hyprocrite, backtracking asking thousands to reveal his learnings. This presentation will go over how I programmed that cluster, posted everything on Github, out of spite.
\n\nSpeakerBio: Varjitt Jeeva, Software EngineerSoftware Engineer with a love of tuner cars and car electronics
\n\n\n\'',NULL,614628),('3_Saturday','17','17:00','17:30','N','CPV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Attacks on GenAI data and using vector encryption to stop them\'','\'Bob Wall,Patrick Walsh\'','CPV_1cbfecc02b52555187bf4f22c0b68a5f','\'Title: Attacks on GenAI data and using vector encryption to stop themAs the adoption of GenAI tools has soared, security has done little to keep up. New classes of data, and especially vector data, is flooding into new and untested data stores. Vector databases are getting copies of health data, financial data, HR data, emails, and everything else, but they have no intrinsic security. What\'s worse, the vectors themselves can be reversed in embedding inversion attacks that turn those vectors back into faces, sentences, and even pictures. We discuss these new attacks and a new branch of cryptography, vector encryption, which allows for privacy preserving searches to happen over the encrypted vectors. We\'ll discuss the benefits, trade-offs, and current state of the field and the open source software we\'ve built to meet the new need.
\n\nSpeakers:Bob Wall,Patrick WalshPatrick Walsh has more than 20 years of experience building security products and enterprise SaaS solutions. Most recently he ran an Engineering division at Oracle, delivering features and business results to the world’s largest companies. Patrick now leads IronCore Labs, a data privacy platform that helps businesses gain control of their data and meet increasingly stringent data protection needs.
\n\n\n\'',NULL,614629),('3_Saturday','17','17:00','17:59','N','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'Exposing Coordinated Attacks Hiding in the Sheer Noise of False Positives and Lone Incidents: A Data Science Correlation and Contextualization Journey of Logs, Events, and Alerts\'','\'Ezz Tahoun,Lynn Hamida\'','PHV_6a665e527be8880ba703dd915ccc28ba','\'Title: Exposing Coordinated Attacks Hiding in the Sheer Noise of False Positives and Lone Incidents: A Data Science Correlation and Contextualization Journey of Logs, Events, and AlertsIn the complex landscape of modern cybersecurity, identifying coordinated attacks within massive volumes of security data is a formidable challenge. Security professionals often grapple with distinguishing these attacks from numerous false positives and isolated incidents. This talk will illuminate how data science can be harnessed to transform tons of heterogeneous events, logs, and alerts into a bunch of clusters, a few kill chains, and fewer actionable insights, with open-source models, and security knowledge encoding. Join us on a journey to enhance security operations efficacy and efficiency! No data science expertise is required!
\n\nSpeakers:Ezz Tahoun,Lynn HamidaEzz Tahoun, a distinguished cyber-security data scientist, who won AI & innovation awards at Yale, Princeton and Northwestern. He also got innovation awards from Canada’s Communications Security Establishment, Microsoft US, Trustwave US, PIA US, NATO, and more. He ran data science innovation programs and projects for OrangeCyber Defense, Forescout Technologies, Royal bank of Canada, Governments, and Huawei Technologies US. He has published 20 papers, countless articles and 15 open source projects in the domain. When he was 19 years old he started his CS PhD in one of the top 5 labs in the world for cyber & AI, in the prestigious University of Waterloo, where he published numerous papers and became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH. He was an adjunct professor of cyber defense and warfare at Toronto’s school of management.
\n\nSpeakerBio: Lynn HamidaLynn Hamida (CISSP, GCIH) is an expert researcher and consultant in operational risk and big data analytics with deep experience & credentials in the fields of business risk, cyber risk, temporal event knowledge graphs, graph ontologies, risk modeling, operational threat modeling, graph analytics, process digitization, business process mining, business analysis. She finished her post-graduate studies in CyberSecurity at Univ of Toronto and Univ of Ottawa, and worked on multiple research cyberdatascience projects with Univ of Windsor, WASP, Cypienta and others.
\n\n\n\'',NULL,614630),('3_Saturday','17','17:00','17:30','N','ASV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'From Theory to Reality: Demonstrating the Simplicity of SPARTA Techniques\'','\'Randi Tinney\'','ASV_f80015a8a915d2011d2827348af054d1','\'Title: From Theory to Reality: Demonstrating the Simplicity of SPARTA TechniquesDemonstrating the transition from theorized space cyber attacks to practical proof of concepts. The presentation will utilize a simple yet effective attack, a man-in-the-middle attack, on the ground infrastructure to demonstrate how many SPARTA techniques and sub-techniques can be performed against a spacecraft from the ground infrastructure. By illustrating the significant impact of this simplified concept, we aim to emphasize the urgent need for enhanced cybersecurity measures throughout the entire lifecycle of space missions and break the inherit trust between the ground and spacecraft.
\n\nSpeakerBio: Randi Tinney, Engineering Specialist for the Cyber Assessments and Research Department, Cybersecurity and Advanced Platforms Subdivision (CAPS) at The Aerospace CorporationRandi Tinney is an Engineering Specialist for the Cyber Assessments and Research Department, Cybersecurity and Advanced Platforms Subdivision (CAPS), at The Aerospace Corporation. In this role, Randi has focused on performing vulnerability research and exploit development on a number of specialized, ground and spacecraft, systems to support in-the-lab evaluation of customers’ implementations, performing vulnerability assessments and penetration testing activities for multiple customers. Randi is also a member of the development team for the space-focused tactic, technique, and procedures (TTPs) framework called Space Attack Research and Tactic Analysis (SPARTA). She has participated in numerous cyber related war games, including LockedShields, for several years. At DEFCON 31, Randi was a member of the team that won the RedAlert ICS CTF and received a Black Badge.
\n\n\n\'',NULL,614631),('2_Friday','14','14:30','14:59','N','CHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'How I discovered and hacked Learning Codes of the key job of a car assembled in my country\'','\'Danilo Erazo\'','CHV_bf027ed11552e6267e897749ca64c64e','\'Title: How I discovered and hacked Learning Codes of the key job of a car assembled in my countryUsing hardware hacking techniques, it was possible to detect the use of learning codes instead of rolling codes in a key job of a car widely used in my country. For this purpose, the key job was disassembled and the HS2240 integrated circuit was detected and, using a logic analyzer, the emission of learning codes from the integrated circuit to the radio frequency LED emitter was checked.\nWith the use of HackRF SDR, the learning code is duplicated to be able to open the car N times without needing the original key anymore, which proves that the use of learning codes is very vulnerable, just like fixed codes.
\n\nSpeakerBio: Danilo Erazo, Ethical Hacker at Fluid AttacksElectronics and Computer Networks Engineer. He works as an Ethical Hacker at Fluid Attacks where he performs Web Pentesting, Cloud Pentesting, Mobile Pentesting, among others. In his free time he dedicates himself to research in the area of hardware/radio frequency/car hacking. He has had the opportunity to be a speaker at international cybersecurity events such as Ekoparty 2023 Argentina, Flisol Ecuador, Hack4all Chile, Bsides Colombia 2024, Nerdearla Chile 2024, among others.
\n\n\n\'',NULL,614632),('3_Saturday','17','17:30','17:59','N','ASV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'A dive into world of Aircraft PKI\'','\'Matt Gaffney\'','ASV_35481460f90e915a290403aed38db3a6','\'Title: A dive into world of Aircraft PKIFrom protecting Aircraft Software Parts to authenticating aircraft to ground networks, aircraft use PKI in their day-to-day operations. In this talk we will cover the typical use cases, technologies, and regulations in play and touch upon the emerging threat of the Post-Quantum world and what it could mean for the protection of embedded software we find on aircraft.
\n\nSpeakerBio: Matt Gaffney, Principal Engineer, Aircraft Cyber Operations at United AirlinesGaffers is a Principal Engineer for Aircraft Cyber Operations with United Airlines. Since joining their team in 2022 he has been heavily involved in Aircraft PKI projects serving as the SME on the requirements and regulations.
\n\nHe fell into cybersecurity while serving in the British Army. Having had a previous life in software development, Gaffers found his superiors sending anything IT-related his way. When he later rejoined civilian life he spent a few years bouncing around different industries as a cybersecurity contractor before finding a passion in the niche of aviation cyber. In 2022 he moved across the pond with impeccable timing to land a role at a major US airline.
\n\n\n\'',NULL,614633),('3_Saturday','16','16:00','16:30','N','CHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Exploiting Bluetooth - from your car to the bank account$$\'','\'Vladyslav Zubkov,Martin Strohmeier\'','CHV_3cf49294ace268accf38d6b4bc3290c4','\'Title: Exploiting Bluetooth - from your car to the bank account$$Over the past decade, infotainment systems experienced a growth in functionality, broader adoption and central incorporation into the vehicle architecture. Due to the ever-growing role of wireless protocols such as Bluetooth and a known lack of patches alongside the difficulty of patch installation, this poses a new attack surface and a genuine threat to the users. At the same time, the tools and methodologies required for testing are scattered across the Internet, absent and need a rigorous setup.
\n\nIn this talk, we share a comprehensive framework BlueToolkit to test and replay Bluetooth Classic vulnerabilities. We provide practical information and tips. Additionally, we release new exploits and a privilege escalation attack vector.
\n\nWe show how we used the toolkit to find 64 new vulnerabilities in 22 modern cars and the Garmin Flight Stream flight management system used in several aircraft types.
\n\nOur work equips Bluetooth hackers with necessary information on novel implementation-specific vulnerabilities that could be used to steal information from target cars, establish MitM position or escalate privileges to hijack victims’ accounts stealthily.
\n\nWe believe our research will be beneficial in finding new vulnerabilities and making Bluetooth research more accessible and reproducible.
\n\nSpeakers:Vladyslav Zubkov,Martin StrohmeierVladyslav Zubkov (aka yso and schwytz) is a bug bounty hunter. He is consistently among the top hackers at live hacking events organized by Meta, Intel, Louis Vuitton, Intigriti and YesWeHack. His interests include vulnerability research, application security, red teaming, bug bounty hunting, developing tools and proactively securing systems.
\n\nSpeakerBio: Martin Strohmeier, Senior Scientist at Cyber Defence CampusMartin Strohmeier is a Senior Scientist at the Swiss Cyber Defence Campus, where he is responsible for vulnerability research programmes into aircraft, satellites and cars. His work was published in all major systems security conferences, totalling more than 100 publications to date. He has also spoken previously at the DEFCON Aerospace Village and co-organized CTFs there.
\n\n\n\'',NULL,614634),('3_Saturday','17','17:30','17:59','N','CPV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'GUR RIBYHGVBA BS PELCGBTENCUL\'','\'Jeff Man\'','CPV_9a14b025359beb0e8adb64bff0515cf3','\'Title: GUR RIBYHGVBA BS PELCGBTENCULI recently googled the meaning of “encryption” and found this definition on Wikipedia: “In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext.” Um…no, encoding produces code, enciphering produces ciphertext, encryption is more than just encoding, and so on. Given the jumbling together of historically very unique and significant terminology I set out to find the actual, historical definitions and try to find a way to teach and/or demonstrate the differences in the foundational forms of cryptography. But I quickly noticed that some of this terminology is so often mis-applied in our digital age that I wondered if maybe there has been an evolution of the meanings of these terms? I might not like it, but I’m open to that possibility. This very quickly led me to the conclusion that my research on this topic would make for an interesting talk and so here we are. I want to share the classical, historical forms of cryptography, discuss the etymology of the terminology, look at how the words apply today – and help the audience decide if the actual meanings even matter (or it’s just me). One important consideration is the tradeoff between keeping the data secret (security) and protecting the identity of individuals associated with the data (privacy). I hope you’ll join me in this journey to victory (or defeat) in the ongoing battle of preserving the classic goals and objectives of data security.
\n\nSpeakerBio: Jeff ManJeff is a respected Information Security advocate, advisor, hacker, evangelist, mentor, teacher, international keynoter, speaker, former host of Security & Compliance Weekly, co-host on Paul\'s Security Weekly, Tribe of Hackers (TOH) contributor, including