-- MySQL dump 10.13 Distrib 8.0.39, for FreeBSD15.0 (amd64)
--
-- Host: localhost Database: defcon32
-- ------------------------------------------------------
-- Server version 8.0.35
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!50503 SET NAMES utf8mb4 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
SET @MYSQLDUMP_TEMP_LOG_BIN = @@SESSION.SQL_LOG_BIN;
SET @@SESSION.SQL_LOG_BIN= 0;
--
-- GTID state at the beginning of the backup
--
SET @@GLOBAL.GTID_PURGED=/*!80000 '+'*/ 'b4148ec7-37aa-11e6-bdd9-003048850f62:1-897773,
c8b80935-c8ce-11ee-80c0-f48e38c15384:1-573512,
f9f9d5a4-23aa-11e5-b61b-0021856cfce2:1-316626';
--
-- Table structure for table `DCannouncements`
--
DROP TABLE IF EXISTS `DCannouncements`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `DCannouncements` (
`ID` int NOT NULL AUTO_INCREMENT,
`url` varchar(300) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
`descrip` varchar(100) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
`datewhen` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (`ID`)
) ENGINE=InnoDB AUTO_INCREMENT=151 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `DCannouncements`
--
LOCK TABLES `DCannouncements` WRITE;
/*!40000 ALTER TABLE `DCannouncements` DISABLE KEYS */;
INSERT INTO `DCannouncements` VALUES (2,'https://x.com/defcon/status/1759680893944529357?s=20','DEF CON Pre Reg announcement','2024-02-28 07:48:19'),(3,'https://x.com/DC_BHV/status/1759842823908778100?s=20','BHV CTF opens','2024-02-28 07:48:19'),(4,'https://x.com/defcon/status/1761126392245498033?s=20','Last of the DC Call fors open annoucement','2024-02-28 07:48:19'),(5,'https://www.villageb.io/','Road to DEF CON 32 link added to footer','2024-02-28 22:00:40'),(6,'https://x.com/DEFCONPolicy/status/1762753707995775096?s=20','Policy CFP is open\r\n','2024-02-28 23:33:58'),(7,'https://x.com/defcon/status/1762963582000783596?s=20','end of DC call for contests reminder is on Mar 1','2024-02-28 23:36:53'),(8,'https://x.com/ICS_Village/status/1763645305352867862?s=20','ICS Village HackTheCapital announcement','2024-03-01 21:15:31'),(9,'https://x.com/HDA_DEFCON/status/1764482891411833287?s=20','HDA - First walkthrough of the new venue complete! Check it out! ','2024-03-05 00:01:24'),(10,'https://x.com/DC_BHV/status/1765272853870739509?s=20','BHV call for workshop proposals','2024-03-06 23:02:35'),(11,'https://x.com/DC_BHV/status/1765443956450414658?s=20','BHV call for volunteers','2024-03-06 23:05:40'),(12,'https://x.com/DC_BHV/status/1765842915513782475?s=20','BHV call for papers\r\n','2024-03-07 20:59:19'),(13,'https://discord.com/channels/977372746491265024/983633856601149440/1215893471114563685','DCGVR CFP on discord','2024-03-08 20:58:54'),(14,'https://x.com/paymentvillage/status/1766190732996440359?s=20','Payment Village CFV\r\n','2024-03-09 22:34:26'),(15,'https://x.com/DCGVR/status/1766332549239087262?s=20','DCGVR twitter CFP','2024-03-09 22:39:21'),(16,'https://x.com/cloudvillage_dc/status/1766527759809909182?s=20','Cloud Village CFP','2024-03-09 22:41:51'),(17,'https://x.com/HDA_DEFCON/status/1767071341205983301?s=20','HDA forum post on LVCCW and skybridge','2024-03-11 22:24:41'),(18,'https://x.com/DC_BHV/status/1767651582785601538?s=20','BHV call fors\r\n','2024-03-20 16:07:48'),(19,'https://x.com/defcon/status/1767679546281828801?s=20','additions to trainings for DEF CON\r\n','2024-03-20 16:09:55'),(20,'https://x.com/BlackInCyberCo1/status/1770435391272677577?s=20','BICV CFP','2024-03-20 16:43:04'),(21,'https://x.com/RedTeamVillage_/status/1770533314610249917?s=20','RTV Call for everything, sponsors, papers & workshops, and volunteers ','2024-03-20 16:48:33'),(22,'https://x.com/DC_BHV/status/1770535410835325261?s=20','BHV call for devices','2024-03-20 16:51:59'),(23,'https://x.com/defcon/status/1769156931242152021?s=20','DEF CON call for workshops reminder','2024-03-20 18:02:30'),(24,'https://x.com/K4rm4ness/status/1767657322891886960?s=20','twitter #badgelife, badge list, call for submissions','2024-03-20 19:00:15'),(25,'https://x.com/ClubOfRoguery/status/1770860039487553614?s=20','Society of Shenanigans Defcon 32 Badge notification of sales page announcement','2024-03-21 14:28:33'),(26,'https://x.com/defcon/status/1770941479927894064?s=20','DEF CON Fontainebleau Hotel room block announcement','2024-03-21 16:07:27'),(27,'https://x.com/AppSec_Village/status/1771945833933439221?s=20','ASV App Sec Village CFP','2024-03-25 21:10:51'),(28,'https://x.com/ICS_Village/status/1772324817338835407?s=20','ICS Village HackTheCapital CFP ending reminder','2024-03-25 22:56:06'),(29,'https://x.com/Gater_Byte/status/1772066495624880195?s=20','@Gater_Byte\'s YT video, Prepping for DC32','2024-03-25 23:22:48'),(30,'https://x.com/defcon/status/1772744782307082378?s=20','DEF CON reminder call for music is open','2024-03-26 22:40:07'),(31,'https://x.com/K4rm4ness/status/1772778252400259433?s=20','#badgelife badge list for DC32 is up!','2024-03-26 22:41:20'),(32,'https://x.com/aivillage_dc/status/1772980820694733152?s=20','AIV Call for everything: talks, presentations, art, music, and more!','2024-03-27 22:39:13'),(33,'https://defcon.social/@DianaInitiative/112173723464917095','Diana Initiative - Tickets for #TDI2024 are on sale now!','2024-03-28 23:07:34'),(34,'https://x.com/RedTeamVillage_/status/1773742019791192496?s=20','RTV Call for Volunteers','2024-03-29 22:43:52'),(35,'https://x.com/DC_BHV/status/1773773094147989719?s=20','BHV Call For Papers','2024-03-29 22:47:05'),(36,'https://x.com/RedTeamVillage_/status/1774851757937422583?s=20','RTV Call for Sponsors reminder','2024-04-01 23:38:36'),(37,'https://x.com/RedTeamVillage_/status/1775153763231142162?s=20','RTV call for Workshops reminder','2024-04-03 01:39:47'),(38,'https://x.com/sec_defcon/status/1775348243502632967?s=20','Social Engineering Village Call fors','2024-04-03 01:50:07'),(39,'https://x.com/ReconVillage/status/1775415120925241724?s=20','Recon Village Call For Sponsors','2024-04-06 09:18:47'),(40,'https://x.com/sec_defcon/status/1775529767871393902?s=20','SEV Call for Volunteers ','2024-04-06 09:22:51'),(41,'https://x.com/aivillage_dc/status/1772980820694733152?s=20','AIV Call for Papers','2024-04-06 09:25:55'),(43,'https://x.com/BlackInCyberCo1/status/1776024604726743480?s=20','Blacks In Cyber Call for Papers','2024-04-06 09:36:57'),(44,'https://x.com/BlueTeamVillage/status/1776074783458725926?s=20','BTV Call for Content, workshops, panels, and hands-on or otherwise interactive content.','2024-04-06 09:38:22'),(45,'https://x.com/quantum_village/status/1776279511086031145?s=20','Quantum Village Call for Talks/Workshops, Volunteers/Scientists/Creators','2024-04-06 09:47:06'),(46,'https://x.com/ReconVillage/status/1776562005140484374?s=20','Recon Village Call for Papers','2024-04-06 09:55:43'),(47,'https://x.com/defcon_music/status/1775625331258626434?s=20','DEF CON A&E Call For Soundtracks/Music','2024-04-06 10:27:33'),(48,'https://x.com/ErezYalon/status/1775852574823907485?s=20','App Sec Village Call for Papers','2024-04-06 14:17:31'),(49,'https://x.com/defcon/status/1776729301863526485?s=20','DEF CON Resorts World room block announced','2024-04-06 14:40:48'),(50,'https://x.com/sec_defcon/status/1777126607968432226','SE Village Call for Competitors','2024-04-08 18:44:07'),(51,'https://x.com/v3rbaal/status/1778280081460166901','DEF CON call for Demo Labs','2024-04-11 22:11:49'),(52,'https://defcon.org/html/defcon-32/dc-32-press.html','DEF CON Press Registration opens','2024-04-11 23:01:16'),(53,'https://forum.defcon.org/node/248125','DEF CON Forum list of Villages','2024-04-14 02:10:05'),(54,'https://defcon.org/html/defcon-32/dc-32-villages.html','DEF CON 32 Village List page','2024-04-14 02:10:54'),(55,'https://dcddv.org/dc32-vol-call','Data Dup Village Call for Volunteers ','2024-04-14 19:33:50'),(56,'https://x.com/BlackInCyberCo1/status/1779857451514290604','Lituation 2.0 BIC Village Networking Sessions & Dance Party','2024-04-15 21:27:18'),(57,'https://x.com/tzionit411/status/1780091251447964027','App Sec Village Call For Workshops, Panels, Hands-on Activities','2024-04-15 22:05:47'),(58,'https://aivillage.org/','AIV Project Demo Submissions','2024-04-17 23:31:29'),(59,'https://forum.defcon.org/node/248689','Industrial Control Systems Village CFP','2024-04-20 02:01:02'),(60,'https://x.com/DC_BHV/status/1781135658666299567','Blue Team Village CFP','2024-04-20 02:16:19'),(61,'https://x.com/DEFCONPolicy/status/1781291572492968064','Policy @ DEF CON CFP deadline approaching','2024-04-20 02:18:59'),(62,'https://x.com/RedTeamVillage_/status/1781344547722686500','RTV Call For Volunteers','2024-04-20 02:21:16'),(63,'https://x.com/BlackInCyberCo1/status/1781427720670355917','Backs in Cyber Village CFP','2024-04-20 02:29:13'),(64,'https://x.com/DCGVR/status/1781506682042057026','DEF CON Groups VR CFP','2024-04-20 02:35:33'),(65,'https://x.com/DefconParrot/status/1781430904159649880','DEF CON Pre-Reg ending June 5','2024-04-20 03:15:39'),(66,'https://x.com/_sn0ww/status/1781798999546380447','SECV Call for Vishing Competition','2024-04-21 02:43:12'),(70,'https://forms.gle/Y9KrdctPgTBTds9i8','Ham Radio Village Call For Staff','2024-04-23 06:04:54'),(71,'https://forms.gle/7gtaP6HCtpXG5RJq8','Ham Radio Village Call For Papers','2024-04-23 06:05:15'),(72,'https://forms.gle/bEbYESarAcP49Nhb6','Ham Radio Village Call For VEs','2024-04-23 06:05:38'),(73,'https://x.com/defcon/status/1782525437849051531','DEF CON Room Block at the Rio with shuttle','2024-04-23 06:58:13'),(74,'https://x.com/0xTib3rius/status/1782439228808310794','YT video: 10 Tips for DEF CON Newbies','2024-04-23 07:04:58'),(75,'https://forum.defcon.org/node/249014','Toxic BBQ','2024-04-23 20:58:53'),(76,'https://cfp.cryptovillage.org/','Crypto Privacy Village CFP','2024-04-24 00:02:21'),(77,'https://dcddv.org/dc32-cfp-open','Data Duplication Village CFP','2024-04-25 22:36:47'),(78,'https://docs.google.com/forms/d/e/1FAIpQLSd16D5Vc_s_4CfI33I-ToJGgH8fImFA1H3xJ_T7d22NGA-2FQ/viewform','Car Hacking Village CFP','2024-04-25 23:03:18'),(79,'https://x.com/hardhatbrigade/status/1783687986057765031','Hard Hat Brigade','2024-04-26 00:31:42'),(80,'https://forum.defcon.org/node/249033','DEF CON MUD contest','2024-04-26 22:12:51'),(81,'https://forum.defcon.org/node/249042','DEF CON 32 CTF Quals Begin','2024-04-27 23:09:20'),(82,'https://x.com/ICS_Village/status/1785032019652624520','Industrial Control Systems Village CFP','2024-04-29 22:50:03'),(83,'https://x.com/DC_Makers/status/1772353954698952849','Makers Community Call for Presentations, Workshops, Sponsors','2024-04-29 23:01:15'),(84,'https://x.com/SecurityBSides/status/1784919679762354209','BSides Calendar','2024-04-29 23:11:44'),(85,'https://x.com/DC_HHV/status/1785503813916590231','Hardware Hacking Village CFP opens','2024-04-30 20:17:03'),(86,'https://x.com/0xTib3rius/status/1785418324697878982','Feet Feud official @defcon contest','2024-04-30 20:28:06'),(87,'https://x.com/see_ess/status/1785504280666898558','DEF CON Shoot announcement ','2024-04-30 20:47:12'),(88,'https://telecomvillage.com/','Telecom Village CFP','2024-05-01 23:22:35'),(89,'https://x.com/bradanlane/status/1785463018240782636','Announce the 2024 eChallengeCoin!','2024-05-02 01:01:26'),(90,'https://forum.defcon.org/node/249073','DC32 Creative Writing Short Story Contest','2024-05-07 04:20:53'),(91,'https://x.com/DCGVR/status/1786592775913476343','DEF CON Groups VR Call For Papers','2024-05-07 04:54:13'),(92,'https://x.com/BlueTeamVillage/status/1786863119152677010','Blue Team Village Call For Papers','2024-05-07 04:56:30'),(93,'https://x.com/toool/status/1787220457214664961','Lock Pick Village Call For Papers','2024-05-07 05:01:33'),(94,'https://x.com/BlackInCyberCo1/status/1787241013582475323','Blacks In Cyber Call For Papers','2024-05-07 05:10:12'),(95,'https://x.com/IoTvillage/status/1786448131644682298','Internet Of Things Village Call For Papers','2024-05-07 05:34:58'),(96,'https://x.com/DC_BHV/status/1787502434576740454','Bio Hacking Village Call For Papers','2024-05-07 05:47:39'),(97,'https://x.com/ErezYalon/status/1787543860198904016','App Sec Village Call For Papers','2024-05-07 05:49:14'),(98,'https://x.com/AdversaryVillag/status/1787916756134113573','Adversary Village Call for papers and workshops','2024-05-08 04:51:26'),(99,'https://www.indiegogo.com/projects/society-of-shenanigans-defcon-32-badge#/','Society of Shenanigans Defcon 32 Badge','2024-05-08 05:33:30'),(100,'https://x.com/BSidesLV/status/1788258108130623989','BSidesLV Donor Drive','2024-05-09 04:48:41'),(101,'https://x.com/dcskytalks/status/1788211868437238227','SkyTalks will be part of BSides Las Vegas! ','2024-05-09 19:28:15'),(102,'https://www.indiegogo.com/projects/badgelife-wearable-art-by-altbier-for-dc32/coming_soon','Badgelife Wearable Art by altbier for DC32','2024-05-11 05:01:43'),(103,'https://x.com/physsec/status/1789389382304043076','Physical Security Village Call for Volunteers/Talks/Exhibits','2024-05-11 21:21:19'),(104,'https://www.aerospacevillage.org/defcon-32','Aerospace Village Call For Activities/Talks/Volunteers','2024-05-12 00:16:26'),(106,'https://x.com/phishstories/status/1789852573534507089','Phish Stories Part 2 is now up and available','2024-05-12 21:57:45'),(107,'https://forum.defcon.org/node/249073','DC 32 - Creative Writing Short Story Contest','2024-05-13 04:47:21'),(108,'https://x.com/paymentvillage/status/1789976676467638778','Payment Village - first hardware device at DEF CON - Badge?','2024-05-13 04:50:16'),(109,'https://x.com/RedTeamVillage_/status/1790472210936713530','Red Team Village Call for Volunteers','2024-05-15 06:23:01'),(110,'https://x.com/cloudvillage_dc/status/1791143572642898362','Cloud Village Call For Volunteers ','2024-05-17 06:12:44'),(111,'https://x.com/cloudvillage_dc/status/1791494995515703749','Cloud Village Call For Papers','2024-05-19 06:18:20'),(112,'https://x.com/sec_defcon/status/1791516338436886629','Social Engineering Community Village Call For Volunteers','2024-05-19 06:38:35'),(113,'https://x.com/defcon_music/status/1791873372424733175','DEF CON Call For Music/Artists/Soundtrack','2024-05-19 06:58:45'),(114,'https://www.wallofsheep.com/blogs/news/packet-hacking-village-talks-at-def-con-32-call-for-presentations-now-open','Packet Hacking Village Call For Presentations','2024-05-20 07:33:05'),(115,'https://x.com/BugBountyDEFCON/status/1790047051297792228','Bug Bounty Village Call For Papers','2024-05-20 07:47:46'),(116,'https://forum.defcon.org/node/249196','LAS VEGAS LOOP - TUNNEL SYSTEM - LVCC INFO','2024-05-20 20:23:42'),(117,'https://x.com/rfhackers/status/1792711322519670792','Radio Frequency Village Call For Papers','2024-05-21 05:55:34'),(118,'https://x.com/DCFurs/status/1792976431238263086','DC Furs Call For Presentations','2024-05-22 07:57:23'),(119,'https://www.votingvillage.org/cfp','Voting Machine Village CFP','2024-06-12 04:53:37'),(120,'https://docs.google.com/forms/d/e/1FAIpQLSfwKc0QWc1dGsKwDb5nigPbAzgsIiB5-tFBGhf6MmIrqTfQTg/viewform','Hardware Hacking Village Call for Volunteers','2024-06-12 05:38:47'),(121,'https://x.com/aivillage_dc/status/1816223938571030731','AI Villages Dunk-A-Fed pool party','2024-07-25 01:41:03'),(122,'https://x.com/K4rm4ness/status/1816259920242541018','updated #badgelife badge list','2024-07-25 01:41:53'),(123,'https://x.com/AppSec_Village/status/1816158408438952384','AppSec Village schedule is now live!','2024-07-25 01:46:03'),(124,'https://x.com/sec_defcon/status/1816111009813389573','SEV is running a FULL DAY Vishing Competition','2024-07-25 02:12:16'),(125,'https://www.wallofsheep.com/pages/dc32','Packet Hacking Village schedule','2024-07-25 02:14:44'),(126,'https://x.com/blanketfortcon/status/1816276392570675473','Blanket Fort Con and Party','2024-07-25 02:17:38'),(127,'https://x.com/dcgothcon/status/1816204466766377000','Goth Con Party','2024-07-25 02:19:25'),(128,'https://x.com/djjackalope/status/1815928764100141128','Miss Jackalope DJ schedule for #hackersummercamp','2024-07-25 02:22:43'),(129,'https://x.com/Horizon3ai/status/1816216308746203598','Horizon3.AI Meetup','2024-07-25 02:31:53'),(130,'https://x.com/SoberInCyber/status/1816161118538354811','Sober Speakeasy networking event','2024-07-25 02:36:27'),(131,'https://x.com/JackRhysider/status/1810418346409726280','Darknet Diaries Masquerade Party','2024-07-25 02:39:11'),(132,'https://x.com/reInventParties/status/1816175027810615560','Hacker Summer Camp Party list','2024-07-25 02:41:46'),(133,'https://x.com/rekdt/status/1815948488238125548','SusiBurrito Con','2024-07-25 02:43:03'),(134,'https://x.com/A_P_Delchi/status/1815989821594296496','HDA room schedule','2024-07-25 02:47:50'),(135,'https://x.com/monorailcon/status/1816188699232854306','Monorail Con and HighRoller con','2024-07-25 03:20:53'),(136,'https://x.com/Queercon/status/1816865200886411714','Queercon schedule of events','2024-07-27 08:24:19'),(137,'https://queercon.org/badge/','Queercon Badge','2024-07-27 08:26:57'),(138,'https://www.eff.org/deeplinks/2024/06/betting-your-digital-rights-eff-benefit-poker-tournament-def-con-32','EFF DEF CON benefit poker tournament','2024-07-27 09:24:43'),(139,'https://x.com/bradanlane/status/1817160535755903380','DC NextGen','2024-07-27 09:45:07'),(140,'https://x.com/HamRadioVillage/status/1817376902690099252','HRV Ham In A Day Class','2024-07-27 20:02:29'),(141,'https://x.com/HDA_DEFCON/status/1818744198562230405','HDA Heads up! discount Monorail tickets','2024-08-01 08:01:00'),(142,'https://x.com/HDA_DEFCON/status/1818751347610521600','HDA Info Pack','2024-08-01 08:02:40'),(143,'https://x.com/dakacki/status/1818699082807853061','DEF CON 32 Hotline','2024-08-01 08:03:26'),(144,'https://x.com/wallofsheep/status/1819527542849577159','DJ list for the Packet Hacking Village','2024-08-04 00:57:42'),(145,'https://x.com/defcon/status/1819886804931326420','simple considerations to make DC32 go smoother','2024-08-04 01:03:49'),(146,'https://x.com/defcon/status/1819479153667985525','Merch speed tip','2024-08-04 01:05:31'),(147,'https://x.com/tf2shmoo/status/1819542904421150750','Hack Fortress registration','2024-08-04 01:09:27'),(148,'https://x.com/DefconRaffle/status/1819820418909241372','Black Badge Raffle','2024-08-04 01:12:57'),(149,'https://x.com/dcgothcon/status/1818313268814885017','GothCon DJ lineup','2024-08-04 01:15:22'),(150,'https://x.com/5n4ck3y/status/1819099024583975034','Check out the latest @ANDnXOR video','2024-08-04 01:21:41');
/*!40000 ALTER TABLE `DCannouncements` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `articles`
--
DROP TABLE IF EXISTS `articles`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `articles` (
`title` varchar(60) NOT NULL,
`content` text NOT NULL,
`sortorder` tinyint NOT NULL,
`id` int NOT NULL AUTO_INCREMENT,
`hash` varchar(32) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=578 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `articles`
--
LOCK TABLES `articles` WRITE;
/*!40000 ALTER TABLE `articles` DISABLE KEYS */;
INSERT INTO `articles` VALUES ('\'Important Message\'','\'There are a few things that we would like everyone to be aware of, leading up to DEF CON 32.
\n\nSticker Policy
\n\nWe have a beautiful culture of #stickerlife at DEF CON, and we hope that it can continue well into the future. Refer to the conference schedule for \"sticker swaps\". We\'re also putting up multiple sticker walls this year -- it was a hit last year, and we hope that having a couple of them will be even more awesome this year.
\n\nThe LVCVA (Las Vegas Convention and Visitors Authority, owners of the LVCC) has a zero-tolerance policy with regard to adhering anything at all to their property, including stickers. Please DFIU. If you are caught adhering anything to LVCC property, you will likely be trespassed from the property by Las Vegas Police. Beyond stickers, you may also not use tape, sticky putty, tacks, or even non-stick clings.
\n\nAdmission inspections and searches
\n\nThe LVCC will not be searching or scanning people or bags entering the facility.
\n\nMoney
\n\nAs always, human badges (that were not pre-purchased) are exclusively sold using cash (US currency). Merch is the same. No credit cards, debit cards, mobile payments, cryptocurrency, or any means other than USD cash will be accepted at either human registration or DEF CON Merch. We recommend bringing cash with you: there are only two ATMs inside the LVCC.
\n\nFood and beverage operations inside the LVCC, including the food court and bars, only accept cards and mobile payments. You cannot use cash to purchase food or beverage inside the LVCC.
\n\nVendors are permitted to conduct transactions via whatever means they choose. We do not have a list of which vendors are accepting cash vs card.
\n\nWater
\n\nThe LVCC has many modern water-bottle filling stations, so free water will be readily available for those who bring their own reusable water bottles.
\n\nDCTV
\n\nDCTV will exclusively be streaming online this year, and will not be available on any hotel TV channels.
\n\nOutside food and beverage
\n\nLVCC prohibits attendees from bringing outside food and beverage into the convention center, except in cases of medical or dietary necessity.
\n\nPhotography policy
\n\nPublic photography is allowed*. It’s okay to take photos of your friends if they’re cool with it. We’ve setup several “selfie spots” that are amazing art pieces created specifically for the yearly theme where you can take cool photos.
\n\nWe want you to take consenting photos of each other and we want others to see the wide range of attendees we have at DEF CON having a good time. What we don’t want to see are group shots taken without consent/warning, images taken by the press, video of people standing in lines, etc.
\n\nOfficial Press & DEF CON Policy Village rules may differ, please refer to them. At DEF CON you may see our official photography goons capturing the uniqueness that is to be expected at DEF CON; they adhere to our photo policy.
\n\nGroups & individuals participating in public on stage (events, contests, or activities) are allowed* to be photographed.
\n\nPhotography in the CTF room is NOT permitted without consent of the individuals to be photographed.
\n\nCrowd shots are VERY discouraged, if so desired you must alert the crowd to give them time to opt out. For example: \" Hey, I\'m taking a photo, if you don\'t want to be in it hide your face\" .
\n\nTaking photos of people in hallways, lines, hanging out, at random, is not allowed without consent. Respect the rights of the individual not to be photographed. Deletion of photos can be requested by staff.
\n\nWhen taking pictures of your friends please use “portrait mode” because this will blur the picture background, respecting the privacy of those inadvertently captured.
\n\nNOTE: It is permissible to record violations of the DEF CON CoC to share with our safety team (link) to help us investigate and take action.
\n\n\n- We reserve the right to revoke an individual\'s permission to photograph, at any time, on a case by case basis. Failure to comply can result in revocation of admission without refund.
\n
\n\'',0,574,'4fee856c077728fc3f01db13be74ade9'),('\'Registration and Merch to open\'','\'Welcome to DEF CON 32!
\n\nHuman Registration and DEF CON Official Merch are both planning on opening in approximately an hour -- 08:00 local.
\n\nIf you aren\'t already familiar with how Human Registration works, in HackerTracker, please go to readme.nfo -> Registration. If you\'ve pre-registered, please ensure that you have your QR code available. If presenting it on a smartphone, please ensure that the display is set to be as bright as possible. If you\'re buying a badge on-site, please remember that sales are CASH ONLY. Please have exact change whenever possible.
\n\nThe products being sold in DEF CON Official Merch this year are also now available in Hacker Tracker. In Hacker Tracker, please go to Merch. To learn more about how the process works, please go to readme.nfo -> DEF CON Merch.
\n\nPlease note that humans are not required to have a badge prior to visiting merch.
\n\nFinally, we have prepared some infographics to help you with your badge. Please go to readme.nfo -> Badge Usage PSA. Don\'t lose your badge! We cannot replace lost badges.
\n\'',0,575,'8c1ef85a4a57e6b2f3ef967e7a02e151'),('\'Parking at LVCC\'','\'As of Friday at 09: 45, the LVCC Diamond Lot is currently full. You may choose to park in the Bronze lot, which is near the south hall. Parking (regardless of lot) is $15 per day. If you choose to use the Bronze lot, you may wish to use the Vegas Loop local transport. The Vegas Loop South Station is in the Bronze lot, and can take you to the Vegas Loop West Station, which is in the Diamond lot (near the West Hall). Use of the Loop is free for DEF CON staff and attendees.
\n\nMore information about the Loop, including operating hours, can be found in readme.nfo -> Local Transportation.
\n\'',0,576,'c0cd6794322d24fba07ab7f3af65d0af'),('\'Use cellular if possible\'','\'For the most optimal Hacker Tracker experience, we recommend using cellular data rather than DEF CON Wi-Fi -- if your cell data plan permits. The conference network is currently bandwidth-limited, and content updates may be slower than expected.
\n\'',0,577,'7b613be4bb3f23d00fbf8d53bfbdcdac');
/*!40000 ALTER TABLE `articles` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `documents`
--
DROP TABLE IF EXISTS `documents`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `documents` (
`title` varchar(60) NOT NULL,
`content` text NOT NULL,
`sortorder` tinyint NOT NULL,
`id` int NOT NULL AUTO_INCREMENT,
`hash` varchar(32) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2236 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `documents`
--
LOCK TABLES `documents` WRITE;
/*!40000 ALTER TABLE `documents` DISABLE KEYS */;
INSERT INTO `documents` VALUES ('\'Code of Conduct\'','\'DEF CON provides a forum for open discussion between participants, where radical viewpoints are welcome and a high degree of skepticism is expected. However, insulting or harassing other participants is unacceptable. We want DEF CON to be a safe and productive environment for everyone. It’s not about what you look like but what’s in your mind and how you present yourself that counts at DEF CON.
\n\nWe do not condone harassment against any participant, for any reason. Harassment includes deliberate intimidation and targeting individuals in a manner that makes them feel uncomfortable, unwelcome, or afraid.
\n\nParticipants asked to stop any harassing behavior are expected to comply immediately. We reserve the right to respond to harassment in the manner we deem appropriate, including but not limited to expulsion without refund and referral to the relevant authorities.
\n\nThis Code of Conduct applies to everyone participating at DEF CON - from attendees and exhibitors to speakers, press, volunteers, and Goons.
\n\nAnyone can report harassment. If you are being harassed, notice that someone else is being harassed, or have any other concerns, you can contact a Goon, go to the registration desk, or info booth.
\n\nConference staff will be happy to help participants contact hotel security, local law enforcement, or otherwise assist those experiencing harassment to feel safe for the duration of DEF CON.
\n\nRemember: The CON is what you make of it, and as a community we can create a great experience for everyone.
\n\n\n\'',0,2224,'16b552ae6488376b26790dd873ae3a1f'),('\'Decoder Ring (Glossary)\'','\'3-2-1 Rule - Rule for the minimum required daily activities during the span of the DEF CON conference: 3 hours of sleep, 2 meals, 1 shower. The 0 for \"zero stickers applied to venue\" is silent.
\n\n6-3-2 - It\'s like 3-2-1, except more. Recommended by some hackers and nearly all conference organizers.
\n\nA&E - Arts & Entertainment, the DEF CON department in charge of overseeing arts, music, and all other forms of entertainment.
\n\nAEV - Aerospace Village
\n\nAIV - A. I. Village
\n\nAP - The Alexis Park hotel, where DEF CON was held in the early days.
\n\nASV - AppSec Village
\n\nBH - See \"BlackHat\", below.
\n\nBHV - Biohacking Village
\n\nBICV - Blacks In Cybersecurity Village
\n\nBlack Badge - The Black Badge is the highest award DEF CON gives to contest winners of certain events. A Black Badge allows free entrance to DEF CON for life. There has never been a raffle to give away a black badge, and there never will be.
\n\nBlackHat - BlackHat is a conference unrelated to DEF CON, that happens in Las Vegas shortly before DEF CON. The Dark Tangent founded both DEF CON and BlackHat.
\n\nBlue Team - A blue team is a group of defenders who work to improve an organization\'s security by identifying security threats and risks, analyzing the network environment, and responding to incidents when they occur.
\n\nBSides - Unrelated to DEF CON, SecurityBSides conferences are conferences or gatherings of individuals in a local area.
\n\nBSidesLV - BSides Las Vegas is an unrelated conference that happens in Las Vegas shortly before DEF CON.
\n\nBTV - Blue Team Village -- a community built for and by defenders
\n\nC&E - The DEF CON department the oversees contests (and sometimes events).
\n\nChatham House Rule - When a meeting, or part thereof, is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed. Wikipedia
\n\nCHV - Car Hacking Village
\n\nCOC - Code of Conduct. All activities happening within the DEF CON conference boundary are required to strictly follow the DEF CON Code of Conduct. The Code of Conduct is available in HackerTracker, in the printed program, and
[dc-policy.html](https://www.defcon.org/html/links/dc-policy.html)\">here.
\n\nCon - Shortened form of the word \"conference\". Many of the activities that take place refer to themselves as a con. For example, the meetup of the LGBTQIA+ community is referred to as \"Queercon\".
\n\nContest - In HackerTracker, the tag \"Contest\" is applied to contests that were pre-approved by DEF CON, and are also listed in the printed program. These vary in location, type, and format. Villages, communities, and etc., may also run contests that were not pre-approved by DEF CON, but those won\'t carry the \"Contest\" tag.
\n\nCPV - Crypto & Privacy Village
\n\nCTF - Capture The Flag, a subset of \"contest\". The DEF CON Capture the Flag (CTF), the largest open computer security hacking game, is a hacking competition where teams of hackers attempt to attack and defend computers. In addition to the official DEF CON CTF, there are many CTF events run by various organizations and villages. There may also be unofficial CTFs held by general attendees and others.
\n\nDC32 - DEF CON 32. Broadly speaking, \"DC\" followed by a number refers to the number of the that year\'s conference. For example, year 2024 is DEF CON 32.
\n\nDCG - DEF CON Groups. DEF CON Groups are worldwide, local chapters of hackers, thinkers, makers and others. DEF CON Groups are usually identified by the area code of the area where they are located in the US, and by other numbers when outside of the US e.g., DC801, DC201, etc.
\n\nDCIB - DEF CON Information Booth. Now known as an NFO Node.
\n\nDCTV - DEF CON TV. DEF CON broadcasts various conference speaking tracks and events on venue audio/visual networks. Access to these broadcasts varies by venue, but generally can be found on the hotel TV systems. DCTV also broadcasts to online streaming services, when possible.
\n\nDDV - The DEF CON Data Duplication Village. This village is designed to help the information security community by providing replication of the large amount of data DEF CON has collected over the years.
\n\nDEVOPS - The DEF CON department that oversees the DEF CON Discord instance and supporting infrastructure.
\n\nDFIU - \"Don\'t fuck it up\"
\n\nDISP - Dispatch, the DEF CON department that triages and escalates interdepartmental requests.
\n\nDT - \"DT\", or \"The Dark Tangent\", refers to Jeff Moss, the founder of DEF CON.
\n\nEFF - The Electronic Frontier Foundation, a nonprofit organization defending civil liberties in the digital world.
\n\nEV or ESV - Embedded Village, formerly Embedded Systems Village. Not to be confused with Electric Vehicle.
\n\nExhibitor - Exhibitors are professional organizations looking to connect to the unique DEF CON audience; the hacker, the researcher, and the student. Exhibitors were considered vendors until DC31. The difference is largely that you walk out of Vendors carrying physical merchandise, but you walk out of Exhibitors with a dream.
\n\nFed - Employees of the Federal (US) government. Typically used in the context of the DEF CON \"Spot the Fed\" competition, an informal game at DEF CON where the object of the game is to identify who among the attendees is an employee of the federal government.
\n\nGoon - DEF CON staff. They have many roles including safety, speaker coordination, vendor room coordination, network operations, etc.
\n\nHackerTracker - A conference information and scheduling application for iOS and Android. HackerTracker is the official conference app of DEF CON. HackerTracker also powers info.defcon.org.
\n\nHam - \"Ham\" is a common term for amateur radio operator. See also Ham Radio Village.
\n\nHDA - \"Hackers with Disabilities\" -- the DEF CON team that works to ensure that the DEF CON experience is the best it can be for the ADA/accessible community.
\n\nHHV - Hardware Hacking Village, which also operates Soldering Skills Village
\n\nHR - Human Registration
\n\nHRV - Ham Radio Village
\n\nHuman - General attendees of the DEF CON conference.
\n\nICSV - Industrial Control Systems Village -- dedicated to securing ICS/SCADA systems.
\n\nInhuman - All DEF CON goers who are not \"human\". (Goons, village staff, speakers, contractors, etc.)
\n\nIOTV - Internet of Things Village -- The IoT Village advocates for advancing security in the Internet of Things (IoT) industry by bringing researchers and industry together.
\n\nLinecon - Originally referred to the line for [human] badges to enter the con. Has since grown to encompass any line at DEF CON: any long line has the potential to turn into a con.
\n\nLPV - Lock Pick Village -- a dedicated space at DEF CON that\'s arranged around the topic of lock picking, lock bypass, and physical security topics.
\n\nMerch - The DEF CON Merch department sells DEF CON branded apparel and other merchandise. (The most popular items tend to sell-out relatively quickly, and there\'s often a linecon for merch.)
\n\nNFO - The DEF CON department that provides information, assistance, and navigational guidance to DEF CON hackers. May also refer to an old-school text file commonly associated with hacker culture. \"NFO\" is pronounced \"info\".
\n\nNFO Node - Formerly known as an \"infobooth\", these are the locations where NFO goons can most often be found.
\n\nPac-Man Rule - Letting someone (typically unknown to you) join you or your group\'s conversation. Read more about it here.
\n\nPAYV - Payment Village
\n\nPHV - Packet Hacking Village
\n\nPM&E -- The DEF CON department that oversees Parties, Meetups, and Events.
\n\nPOL - Policy@DEFCON Village
\n\nPSV - Physical Security Village
\n\nPurple Team - Purple teaming is a security methodology that brings together offensive security professionals (red teams) and defensive security professionals (blue teams) to enhance cyber capabilities through continuous feedback and knowledge transfer.
\n\nQM - QuarterMaster, the DEF CON department that oversees supplies and physical logistics.
\n\nQV - Quantum Village
\n\nRed Team - A red team is a group of security professionals who act as hackers to test an organization\'s defenses.
\n\nREG - Registration, the DEF CON department that oversees badge issuance.
\n\nREV - Recon Village
\n\nRFV - Radio Frequency Village
\n\nRTV - Red Team Village
\n\nScav / scav hunt - The scavenger hunt -- a long-running event at DEF CON.
\n\nSE - Social Engineering -- a tactic that uses psychological manipulation to trick people into making security mistakes or giving away sensitive information.
\n\nSECV, SEV - SE Community Village is a village dedicated to the techniques and principles of Social Engineering
\n\nSOC - The SOC is the Department of Fun Enforcement. If you have a safety or security concern, please seek out a SOC Goon.
\n\nSPKR - The DEF CON department that ensures Speakers are prepared to be in the right place at the right time to give their talk.
\n\nSSV - Soldering Skills Village, which is a function of Hardware Hacking Village
\n\nSWAG - See Merch.
\n\nTDI - The Diana Initiative, an unrelated conference that happens in Las Vegas shortly before DEF CON.
\n\nTEV - Tamper Evident Village
\n\nTLV - Telecom Village
\n\nUber Badge - See Black Badge
\n\nVendor - An organization selling physical merchandise at DEF CON. All vendors are in the same physical space, and a list of vendors is available in HackerTracker. See also Exhibitor.
\n\nVILL - The DEF CON department that works to ensure Villages are as successful as possible.
\n\nVillage - Villages are autonomous organizations, often non-profit, that gather at DEF CON for a shared hacking experience. Each village has a focus on some distinct aspect of hacking or cybersecurity. Villages create and execute on their own programming, which often includes hands-on activities (like workshops, or physical construction/deconstruction), talks, panel discussions, group conversations, or parties.
\n\nVortex / the Vortex - When one is caught up in hallway conversations on the way from one DEF CON activity to another, it\'s referred to as being caught up in the Vortex.
\n\nVV, VMV, VMHV - Voting Village
\n\nWISP - Women in Security and Privacy
\n\nXRV - XR Village
\n\nXZBT - The DEF CON department that oversees Exhibitors.
\n\'',0,2225,'3bb6aaad880aac0fb10bb270ac4727d1'),('\'Badge Usage PSA\'','\'Welcome to DEF CON 32!
\n\nPlease refer to Badge Assembly PSA for advice about attaching your badge to your lanyard. Don\'t lose your badge! We cannot replace it. Make sure that the clips close completely.
\n\nBadge Power PSA shows you which button powers the badge on, and what to do if that doesn\'t work.
\n\'',0,2226,'fd4440e09c85f94167da896a5db3bf23'),('\'Registration\'','\'Our human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.
\n\nBasics
\n\nWho needs a badge?
\n\nA badge is required for each human age 8 and older.
\n\nHuman?
\n\nYou are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don\'t know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.
\n\nLines? Linecon?
\n\nLinecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
\n\nOnline badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
\n\nPlease help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
\n\nWays to buy a badge
\n\n\n- $480 online purchase until August 1, 2024. Tickets are transferable. Please read the details on the linked page.
\n- $460 cash purchase on-site.
\n- As part of a BlackHat registration.
\n
\n\nOnline Purchase
\n\nYou will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash -- it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site -- they will not be mailed or shipped.
\n\nWe can scan the QR code either from your phone\'s display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.
\n\nIf you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 until July 15, and $84 on and after July 15.
\n\nOnline purchases are provided a receipt via email when the purchase is made.
\n\nOnline purchase -- often referred to as pre-registration -- does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.
\n\nCash Purchase
\n\nBadges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.
\n\nThere are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.
\n\nWe are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge is available here. You are welcome to print your own copy of the receipt on plain paper.
\n\nVia BlackHat
\n\nIf you attend BlackHat, it is possible to purchase a DEF CON badge with your BlackHat registration. If you did so, please get your DEF CON badge from BlackHat before they close.
\n\nBlackHat should send you an email with instructions for how to obtain your DEF CON badge. In case you missed it, you can go to the second floor, at the concierge desk, halfway down Black Hat Blvd.
\n\nMisc
\n\nWant to buy multiple badges? No problem! We\'re happy to sell you however many badges you want to pay for.
\n\nIf you lose your badge, there is unfortunately no way for us to replace it. You\'ll have to buy a replacement at full price. Please don\'t lose your badge. :(
\n\nIf you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
\n\nStill need help?
\n\nIf you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.
\n\'',0,2227,'0f98b7f230f3c91292f0de4c99e263f2'),('\'Photography Policy\'','\'Photos & Recording
\n\nPublic photography is allowed*. It’s okay to take photos of your friends if they’re cool with it. We’ve setup several “selfie spots” that are amazing art pieces created specifically for the yearly theme where you can take cool photos.
\n\nWe want you to take consenting photos of each other and we want others to see the wide range of attendees we have at DEF CON having a good time. What we don’t want to see are group shots taken without consent/warning, images taken by the press, video of people standing in lines, etc.
\n\nOfficial Press & DEF CON Policy Village rules may differ, please refer to them. At DEF CON you may see our official photography goons capturing the uniqueness that is to be expected at DEF CON; they adhere to our photo policy.
\n\nGroups & individuals participating in public on stage (events, contests, or activities) are allowed* to be photographed.
\n\nPhotography in the CTF room is NOT permitted without consent of the individuals to be photographed.
\n\nCrowd shots are VERY discouraged, if so desired you must alert the crowd to give them time to opt out. For example: \" Hey, I\'m taking a photo, if you don\'t want to be in it hide your face\" .
\n\nTaking photos of people in hallways, lines, hanging out, at random, is not allowed without consent. Respect the rights of the individual not to be photographed. Deletion of photos can be requested by staff.
\n\nWhen taking pictures of your friends please use “portrait mode” because this will blur the picture background, respecting the privacy of those inadvertently captured.
\n\nNOTE: It is permissible to record violations of the DEF CON CoC to share with our safety team (link) to help us investigate and take action.
\n\n\n- We reserve the right to revoke an individual\'s permission to photograph, at any time, on a case by case basis. Failure to comply can result in revocation of admission without refund.
\n
\n\'',0,2228,'8016532e1c940e97fb9e03b56a21a439'),('\'DEF CON Merch\'','\'The short version
\n\n\n- All sales are USD CASH ONLY.
\n- You can now add your selections to a list in HackerTracker, on your phone. We do not hold merchandise simply because you put it on your list in HackerTracker – that list stays on your device. We aren’t aware of it until we scan the QR code during order taking.
\n- All sales are final. There are no returns.
\n- We\'re open as many hours as we practically can be. Please refer to the conference schedule to see our latest hours.
\n
\n\nThe slightly longer version:
\n\nThis year, HackerTracker has artwork of the merch -- you can decide ahead of time if you are interested in a product. HackerTracker is also showing stock status – if an item goes out of stock, that’ll be indicated in-app; this is on a best-effort basis, and some products move fast. We’re also experimenting with the concept of an in-app wish list. We hope that it makes the product selection process faster and easier for everyone. If you don\'t want to make a wish list in Hacker Tracker, you can have a merch goon create the order on your behalf.
\n\nTentative instructions
\n\nHere’s the process, from beginning to end:
\n\n\n- Browse the products, in-app. The list of products with associated artwork are expected to be published early the morning of August 8.
\n- When you find a product that you want to buy, make sure that you’ve selected the right variant/size, and then tap “Add to List”. Think of your list like a wish list.
\n- To view your list: If you’re using iOS, tap on the QR code at the top right. If you’re using Android, tap the “View List” button at the bottom.
\n- Your list shows everything you’ve added; if an item has gone out of stock since you added it, a warning will appear, and you’ll be required to remove the item from your list.
\n- When you near the front of the merch line, show the QR code at the top of your list to the order taker. They’ll scan it, and print a paper list. The list will have an order number on it, as well as your total amount due. The order taker can help answer any questions and help you modify your order if needed. If any items have sold out since they were added to your list, the order taker can help you find a replacement or remove it from your list.
\n- The paper list will be used to retrieve the merchandise from the warehouse. You will wait in a space that is after order taking but before checkout while your order is being picked. While you are waiting, please get your cash out. Exact change is preferred (it makes everything move faster), but change is available when required. If there are any issues picking your order, someone will help with you find alternatives or update your order.
\n- Once your merch is ready, a cashier will shout your order number, and/or hold up a sign with your order number written on it. Quickly make your way to the cashier, and complete the transaction.
\n- Enjoy!
\n
\n\'',0,2229,'6cc49294e571ebf420427154a0803555'),('\'Lost & Found\'','\'If you find something that seems to have been lost, please take that item to the nearest NFO Node. The item will enter the DEF CON Lost & Found system.
\n\nIf you\'ve lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in room LVCC - L2 - W238. You may also call Lost & Found at +1 (725) 377-5045.
\n\nThe Lost & Found department plans to be open Thursday - Saturday, during all hours that the conference operates. On Sunday, the Lost & Found department will open with the venue at 08:00, but will close at the beginning of DEF CON 32 Closing Ceremonies (15:00). Shortly thereafter, all remaining lost items will be transferred to the LVCC West Lobby Security Office. If you need to reach LVCC\'s West Lobby Security Office, you may call +1 (702) 943-3532.
\n\'',0,2230,'1c1ecba6ad0b80ad52f0a2c15c785259'),('\'Important Message\'','\'There are a few things that we would like everyone to be aware of, leading up to DEF CON 32.
\n\nSticker Policy
\n\nWe have a beautiful culture of #stickerlife at DEF CON, and we hope that it can continue well into the future. Refer to the conference schedule for \"sticker swaps\". We\'re also putting up multiple sticker walls this year -- it was a hit last year, and we hope that having a couple of them will be even more awesome this year.
\n\nThe LVCVA (Las Vegas Convention and Visitors Authority, owners of the LVCC) has a zero-tolerance policy with regard to adhering anything at all to their property, including stickers. Please DFIU. If you are caught adhering anything to LVCC property, you will likely be trespassed from the property by Las Vegas Police. Beyond stickers, you may also not use tape, sticky putty, tacks, or even non-stick clings.
\n\nAdmission inspections and searches
\n\nThe LVCC will not be searching or scanning people or bags entering the facility.
\n\nMoney
\n\nAs always, human badges (that were not pre-purchased) are exclusively sold using cash (US currency). Merch is the same. No credit cards, debit cards, mobile payments, cryptocurrency, or any means other than USD cash will be accepted at either human registration or DEF CON Merch. We recommend bringing cash with you: there are only two ATMs inside the LVCC.
\n\nFood and beverage operations inside the LVCC, including the food court and bars, only accept cards and mobile payments. You cannot use cash to purchase food or beverage inside the LVCC.
\n\nVendors are permitted to conduct transactions via whatever means they choose. We do not have a list of which vendors are accepting cash vs card.
\n\nWater
\n\nThe LVCC has many modern water-bottle filling stations, so free water will be readily available for those who bring their own reusable water bottles.
\n\nDCTV
\n\nDCTV will exclusively be streaming online this year, and will not be available on any hotel TV channels.
\n\nOutside food and beverage
\n\nLVCC prohibits attendees from bringing outside food and beverage into the convention center, except in cases of medical or dietary necessity.
\n\nPhotography policy
\n\nPublic photography is allowed*. It’s okay to take photos of your friends if they’re cool with it. We’ve setup several “selfie spots” that are amazing art pieces created specifically for the yearly theme where you can take cool photos.
\n\nWe want you to take consenting photos of each other and we want others to see the wide range of attendees we have at DEF CON having a good time. What we don’t want to see are group shots taken without consent/warning, images taken by the press, video of people standing in lines, etc.
\n\nOfficial Press & DEF CON Policy Village rules may differ, please refer to them. At DEF CON you may see our official photography goons capturing the uniqueness that is to be expected at DEF CON; they adhere to our photo policy.
\n\nGroups & individuals participating in public on stage (events, contests, or activities) are allowed* to be photographed.
\n\nPhotography in the CTF room is NOT permitted without consent of the individuals to be photographed.
\n\nCrowd shots are VERY discouraged, if so desired you must alert the crowd to give them time to opt out. For example: \" Hey, I\'m taking a photo, if you don\'t want to be in it hide your face\" .
\n\nTaking photos of people in hallways, lines, hanging out, at random, is not allowed without consent. Respect the rights of the individual not to be photographed. Deletion of photos can be requested by staff.
\n\nWhen taking pictures of your friends please use “portrait mode” because this will blur the picture background, respecting the privacy of those inadvertently captured.
\n\nNOTE: It is permissible to record violations of the DEF CON CoC to share with our safety team (link) to help us investigate and take action.
\n\n\n- We reserve the right to revoke an individual\'s permission to photograph, at any time, on a case by case basis. Failure to comply can result in revocation of admission without refund.
\n
\n\'',0,2231,'4fee856c077728fc3f01db13be74ade9'),('\'LVCC Food Court\'','\'The LVCC West Hall contains a food court with the following brands:
\n\n\n- Brand Burgers & Fries - Hamburgers, french fries, etc.
\n- Dunkin’ Express - Donuts, muffins, Munchkins, eclairs, hot coffee, iced coffee, iced tea, etc.
\n- The Fancy Wok - Asian food
\n- Go Natural - Healthy fast food
\n- Metro Pizza - Pizza, pasta, salads, calzones, etc.
\n- The Roost - Farm-fresh fried chicken
\n
\n\nThese locations do not accept cash. All sales are conducted using a credit or debit card only.
\n\nPlanned hours for the food court are as follows:
\n\n\n- Wednesday 08:00 - 20:00 (limited)
\n- Thursday 10:00 - 23:00 (limited)
\n- Friday 07:00 - 10:00 (breakfast only)
\n- Friday 10:00 - 23:00
\n- Saturday 07:00 - 10:00 (breakfast only)
\n- Saturday 10:00 - 23:00
\n- Sunday 07:00 - 10:00 (breakfast only)
\n- Sunday 10:00 - 23:00
\n
\n\'',0,2232,'7242bf5d3eca13a602d806c76e6fb906'),('\'Help & Support\'','\'Emergencies
\n\nIf you have a 🚑 🏥 Medical or 👮 Police Emergency: Call 911.
\n\n\n\nIf you have questions about what\'s happening in or around DEF CON, or otherwise need help answering a question: please visit one of the NFO Nodes (formerly known as information booth) located throughout LVCC West. They\'re highlighted in teal (green-ish) on the venue maps.
\n\nUrgent Help & Wellness
\n\nMental wellness and physical safety are both important to us at DEF CON. If you’re struggling, scared, or just need someone to voice a concern to, DEF CON Hotline is here to support you. Help is available to all, especially if talking to DEF CON Goons in person isn’t a good option for you.
\n\nHotline is confidential and available well into the early morning hours on conference days. Volunteers are standing by to listen and, if needed, connect you to appropriate support services. Whether that’s SOC Goons or external services we partner with such as Kick at Darkness, The Rape Crisis Center Las Vegas, and the Nevada Coalition to End Domestic and Sexual Violence to provide expert resources for survivors. The Hotline team is diverse and undergoes extensive training including dedicated support for LGBTQ+. Hotline is here to listen.
\n\nYou can reach DEF CON Hotline Goons during normal hours of operation to anonymously report any behavior violating our code of conduct or to find an empathic ear by phone call, text, or Signal at +1 (725) 222-0934, or reaching out on Discord @defconhotline.
\n\nNeed First Aid?
\n\nIf you are in need of First Aid, there is a nurse on-duty in room W1056-MA. It\'s under the escalators near human registration. If you cannot find it, ask a goon for help. SOC goons in particular are able to quickly summon medical help.
\n\nNeed a Nursing Room?
\n\nHere are the concise walking instructions:
\n\n\n- On the first floor of LVCC West Hall, head toward the North Lobby near Hall 4.
\n- Before reaching the Hall 4 sign, look for a sign on the left wall of the corridor for the W1016-VA Vending Area.
\n- Turn right into the vending area near the ATM.
\n- Turn right again at the \"Goon Only Beyond This Point\" sign.
\n- Find the W1016-NR Nursing Room on the right side of the hallway.
\n- Use your phone to call 702-892-7400 to have an LVCC staff member open the room.
\n
\n\'',0,2233,'e7fbee2c9c3ca587f80a4da87916cab5'),('\'Local Transportation\'','\'A shuttle service will run between the Las Vegas Convention Center West Hall and the Rio Hotel and Casino. Departures are as follows:
\n\n\n\n\n\n\n\n\n\n | Day | \n Begin | \n End | \n Rio | \n LVCC | \n
\n\n\n\n | Mon | \n 08:00 | \n 11:30 | \n every :00 | \n every :30 | \n
\n\n | Mon | \n 18:00 | \n 21:30 | \n every :00 | \n every :30 | \n
\n\n | Tue | \n 08:00 | \n 11:30 | \n every :00 | \n every :30 | \n
\n\n | Tue | \n 18:00 | \n 21:30 | \n every :00 | \n every :30 | \n
\n\n | Wed | \n 08:00 | \n 23:30 | \n every :00 | \n every :30 | \n
\n\n | Thu | \n 03:00 | \n 07:30 | \n every :00 | \n every :30 | \n
\n\n | Thu | \n 06:00 | \n 23:30 | \n every :00 and :30 | \n every :00 and :30 | \n
\n\n | Fri | \n 00:00 | \n 03:30 | \n every :00 and :30 | \n every :00 and :30 | \n
\n\n | Fri | \n 06:00 | \n 23:30 | \n every :00 and :30 | \n every :00 and :30 | \n
\n\n | Sat | \n 00:00 | \n 03:30 | \n every :00 and :30 | \n every :00 and :30 | \n
\n\n | Sat | \n 06:00 | \n 23:30 | \n every :00 and :30 | \n every :00 and :30 | \n
\n\n | Sun | \n 00:00 | \n 03:30 | \n every :00 and :30 | \n every :00 and :30 | \n
\n\n | Sun | \n 06:00 | \n 19:30 | \n every :00 and :30 | \n every :00 and :30 | \n
\n\n
\n\nThe times listed in the Rio column are the times that the shuttle departs Rio, and the times listed in the LVCC column are the times that the shuttle departs the LVCC West Hall. Maximum capacity varies throughout the day.
\n\nThe LVCC Loop hours are as follows:
\n\n\n- Thursday 07:30 – 22:00
\n- Friday 07:30 – 03:00
\n- Saturday 07:30 – 03:00
\n- Sunday 07:30 – 20:00
\n
\n\nThe Las Vegas Monorail arrives and departs every 4 to 8 minutes, and its hours are:
\n\n\n- Wednesday 07:00 – 02:00
\n- Thursday 07:00 – 02:00
\n- Friday 07:00 – 03:00
\n- Saturday 07:00 – 03:00
\n- Sunday 07:00 – 03:00
\n
\n\nTo walk from the LVCC West Hall to the Monorail (Westgate Station):
\n\n\n- Go to the second level of LVCC near La Villa.
\n- Follow the hallway signs to Paradise Bridge.
\n- Cross the bridge over Paradise Road (you’ll see the monorail above).
\n- Pass the construction zone, continue on the red carpet, and turn right toward Westgate Resort.
\n- Walk down the hallway until it ends in the alley between LVCC North Hall and Westgate Patio Garden.
\n- Cross the road and enter Westgate Resort through the patio garden.
\n- Follow signs to Restaurants, pass the pool tournament on your right, and go through Restaurant Row.
\n- Continue following signs to the front desk.
\n- At the far side of the front desk, follow the \"Monorail\" sign to the left.
\n- Exit the door to the left, then immediately turn right into the Westgate Monorail Station.
\n
\n\'',0,2234,'54fb412154aef7b232056513f11c3951'),('\'Response to Badge Controversy\'','\'DEF CON thrives on community collaboration and has operated for over 30 years successfully working with hundreds of vendors including the dozens that have helped with our badges over the years. For this year’s Raspberry Pi badges, DEF CON hired Entropic Engineering to do the hardware development and firmware. After going overbudget by more than 60%, several bad-faith charges, and with a product still in preproduction, DEF CON issued a stop work order. Any claims that DEF CON did not pay Entropic Engineering for its hardware or firmware development are false. Unfortunately, we heard that these issues with Entropic Engineering were not unique to DEF CON. We decided at that point to finish the badge on our own. We paid to send engineers to Vietnam to work onsite to finalize and test the badges in order to ensure they would be done on time for the conference. We never removed Entropic Engineering’s logo from our badge, it is still on the PCB. However, Entropic was not involved in the design and production of the case, and we removed their logo we had added as a courtesy.
\n\nWe were happy to still include one of their contractors on the badge panel session. Unfortunately, shortly before the talk was set to take place DEF CON became aware that unauthorized code had been included in the firmware we had paid Entropic Engineering to produce, claiming credit for the whole badge and promoting their coin wallet to solicit money from DEF CON attendees above and beyond what we had negotiated. When asked about the unauthorized code, the engineer said it had been done as a “joke” two months ago and forgot to remove it, and we decided as an organization not to have him on stage while we kept the slides in the talk giving him credit for his work. We communicated the change in advance of the talk, and this individual decided to show up for the panel anyway. He refused to leave, demanding that our security team remove him. Wanting to ensure that the other people involved in creating the badge were able to deliver their presentation, we complied with his wishes and escorted him off the stage, where he was free to continue attending the conference.
\n\nAny issues of non-payment are between him and Entropic Engineering; DEF CON fulfilled its financial obligations.
\n\'',0,2235,'58a1148c2ef71d0b693f519fc454f0e8');
/*!40000 ALTER TABLE `documents` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `events`
--
DROP TABLE IF EXISTS `events`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `events` (
`day` varchar(16) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`hour` varchar(2) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`starttime` varchar(6) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`endtime` varchar(6) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`continuation` char(1) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`village` varchar(64) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`track` varchar(90) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`title` varchar(512) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`speaker` varchar(256) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`hash` varchar(64) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`desc` text CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci NOT NULL,
`modflag` tinyint DEFAULT NULL,
`autoincre` int NOT NULL AUTO_INCREMENT,
PRIMARY KEY (`autoincre`),
KEY `title` (`title`(255)),
KEY `hash` (`hash`)
) ENGINE=InnoDB AUTO_INCREMENT=617881 DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_unicode_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `events`
--
LOCK TABLES `events` WRITE;
/*!40000 ALTER TABLE `events` DISABLE KEYS */;
INSERT INTO `events` VALUES ('4_Sunday','08','08:00','15:59','N','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'Title: Human Registration Open
\nWhen: Sunday, Aug 11, 08:00 - 15:59 PDT
\nWhere: LVCC West - Map
\n
\nDescription:
\nOur human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.
\n\nBasics
\n\nWho needs a badge?
\n\nA badge is required for each human age 8 and older.
\n\nHuman?
\n\nYou are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don\'t know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.
\n\nLines? Linecon?
\n\nLinecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
\n\nOnline badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
\n\nPlease help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
\n\nWays to buy a badge
\n\n\n- $480 online purchase until August 1, 2024. Tickets are transferable. Please read the details on the linked page.
\n- $460 cash purchase on-site.
\n- As part of a BlackHat registration.
\n
\n\nOnline Purchase
\n\nYou will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash -- it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site -- they will not be mailed or shipped.
\n\nWe can scan the QR code either from your phone\'s display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.
\n\nIf you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 until July 15, and $84 on and after July 15.
\n\nOnline purchases are provided a receipt via email when the purchase is made.
\n\nOnline purchase -- often referred to as pre-registration -- does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.
\n\nCash Purchase
\n\nBadges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.
\n\nThere are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.
\n\nWe are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt on plain paper.
\n\nVia BlackHat
\n\nIf you attend BlackHat, it is possible to purchase a DEF CON badge with your BlackHat registration. If you did so, please get your DEF CON badge from BlackHat before they close.
\n\nBlackHat should send you an email with instructions for how to obtain your DEF CON badge. In case you missed it, you can go to the second floor, at the concierge desk, halfway down Black Hat Blvd.
\n\nMisc
\n\nWant to buy multiple badges? No problem! We\'re happy to sell you however many badges you want to pay for.
\n\nIf you lose your badge, there is unfortunately no way for us to replace it. You\'ll have to buy a replacement at full price. Please don\'t lose your badge. :(
\n\nIf you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
\n\nStill need help?
\n\nIf you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.
\n\n\'',NULL,613969),('4_Sunday','09','08:00','15:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'\'',NULL,613970),('4_Sunday','10','08:00','15:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'\'',NULL,613971),('4_Sunday','11','08:00','15:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'\'',NULL,613972),('4_Sunday','12','08:00','15:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'\'',NULL,613973),('4_Sunday','13','08:00','15:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'\'',NULL,613974),('4_Sunday','14','08:00','15:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'\'',NULL,613975),('4_Sunday','15','08:00','15:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_eeb236f61d86991bfea9df889cf11c4b','\'\'',NULL,613976),('1_Thursday','08','08:00','19:59','N','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'Title: Human Registration Open
\nWhen: Thursday, Aug 8, 08:00 - 19:59 PDT
\nWhere: LVCC West - Map
\n
\nDescription:
\nOur human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.
\n\nBasics
\n\nWho needs a badge?
\n\nA badge is required for each human age 8 and older.
\n\nHuman?
\n\nYou are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don\'t know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.
\n\nLines? Linecon?
\n\nLinecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
\n\nOnline badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
\n\nPlease help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
\n\nWays to buy a badge
\n\n\n- $480 online purchase until August 1, 2024. Tickets are transferable. Please read the details on the linked page.
\n- $460 cash purchase on-site.
\n- As part of a BlackHat registration.
\n
\n\nOnline Purchase
\n\nYou will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash -- it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site -- they will not be mailed or shipped.
\n\nWe can scan the QR code either from your phone\'s display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.
\n\nIf you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 until July 15, and $84 on and after July 15.
\n\nOnline purchases are provided a receipt via email when the purchase is made.
\n\nOnline purchase -- often referred to as pre-registration -- does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.
\n\nCash Purchase
\n\nBadges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.
\n\nThere are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.
\n\nWe are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt on plain paper.
\n\nVia BlackHat
\n\nIf you attend BlackHat, it is possible to purchase a DEF CON badge with your BlackHat registration. If you did so, please get your DEF CON badge from BlackHat before they close.
\n\nBlackHat should send you an email with instructions for how to obtain your DEF CON badge. In case you missed it, you can go to the second floor, at the concierge desk, halfway down Black Hat Blvd.
\n\nMisc
\n\nWant to buy multiple badges? No problem! We\'re happy to sell you however many badges you want to pay for.
\n\nIf you lose your badge, there is unfortunately no way for us to replace it. You\'ll have to buy a replacement at full price. Please don\'t lose your badge. :(
\n\nIf you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
\n\nStill need help?
\n\nIf you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.
\n\n\'',NULL,613977),('1_Thursday','09','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613978),('1_Thursday','10','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613979),('1_Thursday','11','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613980),('1_Thursday','12','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613981),('1_Thursday','13','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613982),('1_Thursday','14','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613983),('1_Thursday','15','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613984),('1_Thursday','16','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613985),('1_Thursday','17','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613986),('1_Thursday','18','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613987),('1_Thursday','19','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_8fc5e48baa9c39570cbf33221ddb2a0e','\'\'',NULL,613988),('2_Friday','08','08:00','19:59','N','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'Title: Human Registration Open
\nWhen: Friday, Aug 9, 08:00 - 19:59 PDT
\nWhere: LVCC West - Map
\n
\nDescription:
\nOur human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.
\n\nBasics
\n\nWho needs a badge?
\n\nA badge is required for each human age 8 and older.
\n\nHuman?
\n\nYou are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don\'t know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.
\n\nLines? Linecon?
\n\nLinecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
\n\nOnline badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
\n\nPlease help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
\n\nWays to buy a badge
\n\n\n- $480 online purchase until August 1, 2024. Tickets are transferable. Please read the details on the linked page.
\n- $460 cash purchase on-site.
\n- As part of a BlackHat registration.
\n
\n\nOnline Purchase
\n\nYou will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash -- it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site -- they will not be mailed or shipped.
\n\nWe can scan the QR code either from your phone\'s display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.
\n\nIf you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 until July 15, and $84 on and after July 15.
\n\nOnline purchases are provided a receipt via email when the purchase is made.
\n\nOnline purchase -- often referred to as pre-registration -- does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.
\n\nCash Purchase
\n\nBadges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.
\n\nThere are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.
\n\nWe are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt on plain paper.
\n\nVia BlackHat
\n\nIf you attend BlackHat, it is possible to purchase a DEF CON badge with your BlackHat registration. If you did so, please get your DEF CON badge from BlackHat before they close.
\n\nBlackHat should send you an email with instructions for how to obtain your DEF CON badge. In case you missed it, you can go to the second floor, at the concierge desk, halfway down Black Hat Blvd.
\n\nMisc
\n\nWant to buy multiple badges? No problem! We\'re happy to sell you however many badges you want to pay for.
\n\nIf you lose your badge, there is unfortunately no way for us to replace it. You\'ll have to buy a replacement at full price. Please don\'t lose your badge. :(
\n\nIf you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
\n\nStill need help?
\n\nIf you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.
\n\n\'',NULL,613989),('2_Friday','09','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613990),('2_Friday','10','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613991),('2_Friday','11','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613992),('2_Friday','12','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613993),('2_Friday','13','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613994),('2_Friday','14','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613995),('2_Friday','15','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613996),('2_Friday','16','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613997),('2_Friday','17','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613998),('2_Friday','18','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,613999),('2_Friday','19','08:00','19:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_ac07b4b67d7ad399362d9b6f0012f5a6','\'\'',NULL,614000),('3_Saturday','08','08:00','18:59','N','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'Title: Human Registration Open
\nWhen: Saturday, Aug 10, 08:00 - 18:59 PDT
\nWhere: LVCC West - Map
\n
\nDescription:
\nOur human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.
\n\nBasics
\n\nWho needs a badge?
\n\nA badge is required for each human age 8 and older.
\n\nHuman?
\n\nYou are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don\'t know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.
\n\nLines? Linecon?
\n\nLinecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
\n\nOnline badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
\n\nPlease help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
\n\nWays to buy a badge
\n\n\n- $480 online purchase until August 1, 2024. Tickets are transferable. Please read the details on the linked page.
\n- $460 cash purchase on-site.
\n- As part of a BlackHat registration.
\n
\n\nOnline Purchase
\n\nYou will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash -- it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site -- they will not be mailed or shipped.
\n\nWe can scan the QR code either from your phone\'s display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.
\n\nIf you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 until July 15, and $84 on and after July 15.
\n\nOnline purchases are provided a receipt via email when the purchase is made.
\n\nOnline purchase -- often referred to as pre-registration -- does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.
\n\nCash Purchase
\n\nBadges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.
\n\nThere are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.
\n\nWe are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt on plain paper.
\n\nVia BlackHat
\n\nIf you attend BlackHat, it is possible to purchase a DEF CON badge with your BlackHat registration. If you did so, please get your DEF CON badge from BlackHat before they close.
\n\nBlackHat should send you an email with instructions for how to obtain your DEF CON badge. In case you missed it, you can go to the second floor, at the concierge desk, halfway down Black Hat Blvd.
\n\nMisc
\n\nWant to buy multiple badges? No problem! We\'re happy to sell you however many badges you want to pay for.
\n\nIf you lose your badge, there is unfortunately no way for us to replace it. You\'ll have to buy a replacement at full price. Please don\'t lose your badge. :(
\n\nIf you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
\n\nStill need help?
\n\nIf you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.
\n\n\'',NULL,614001),('3_Saturday','09','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614002),('3_Saturday','10','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614003),('3_Saturday','11','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614004),('3_Saturday','12','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614005),('3_Saturday','13','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614006),('3_Saturday','14','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614007),('3_Saturday','15','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614008),('3_Saturday','16','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614009),('3_Saturday','17','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614010),('3_Saturday','18','08:00','18:59','Y','MISC','LVCC West','\'Human Registration Open\'','\'\'','MISC_bbeda125d60102e0d3d60cdbb189f53a','\'\'',NULL,614011),('0_Wednesday','17','17:00','05:59','N','MISC','LVCC West','\'Linecon\'','\'\'','MISC_381386fad586fba701d99803361083d7','\'Title: Linecon
\nWhen: Wednesday, Aug 7, 17:00 - 05:59 PDT
\nWhere: LVCC West - Map
\n
\nDescription:
\nLinecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
\n\nOnline badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
\n\nPlease help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
\n\nPlease also review the \"Human Registration Open\" event, and familiarize yourself with the important notes therein.
\n\n\'',NULL,614012),('2_Friday','20','20:00','01:59','N','SOC','LVCC West/Floor 2/W222-Creator Stage 4','\'Hacker Karaoke\'','\'\'','SOC_e58fd6d4f855c683234a6e2646e83c37','\'Title: Hacker Karaoke
\nWhen: Friday, Aug 9, 20:00 - 01:59 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nWe are the event to go to if you want to hang out, enjoy the festivities, sing along, and show ones hidden talent.
\n\n\'',NULL,614013),('3_Saturday','20','20:00','01:59','N','SOC','LVCC West/Floor 2/W222-Creator Stage 4','\'Hacker Karaoke\'','\'\'','SOC_f0941f9b16741e52db3cbcad0cf73684','\'Title: Hacker Karaoke
\nWhen: Saturday, Aug 10, 20:00 - 01:59 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nWe are the event to go to if you want to hang out, enjoy the festivities, sing along, and show ones hidden talent.
\n\n\'',NULL,614014),('2_Friday','12','12:00','13:30','N','SOC','LVCC West/Floor 3/W322-W327','\'Veilid Dev and Community Meetup\'','\'\'','SOC_a9f0dc3c49aa37b9346511987fd2dc30','\'Title: Veilid Dev and Community Meetup
\nWhen: Friday, Aug 9, 12:00 - 13:30 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nCult of the Dead Cow and Hackers.Town are bringing you a meet and greet and chat session about Veilid Framework. Come by, say hi, talk shop, let’s see each other in person and have a little fun! Veilid Foundation directors and many of the primary contributors will be there to share progress over the last year. Come by and help us to restore the future and ensure the privacy of the internet for generations to come!
\n\n\'',NULL,614015),('2_Friday','13','12:00','13:30','Y','SOC','LVCC West/Floor 3/W322-W327','\'Veilid Dev and Community Meetup\'','\'\'','SOC_a9f0dc3c49aa37b9346511987fd2dc30','\'\'',NULL,614016),('3_Saturday','11','11:00','16:59','N','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_40171a976a1119add9e4dae9ff3ce06c','\'Title: Ham Radio Exams
\nWhen: Saturday, Aug 10, 11:00 - 16:59 PDT
\nWhere: LVCC West/Floor 3/W320 - Map
\n
\nDescription:
\nHam radio is the original group of electronic hackers, starting long before computers, circuit chips, or even transistors. Continuing this pioneer spirit, The Ham Radio Village is offering free ham radio exams again at DEF CON! All are welcome to come and take the exam and get their amateur radio license upon passing. All three levels (technician, general, and amateur extra) of exams will be offered during DEF CON at the Ham Radio Village. Examinees are encouraged to study the question pool and take practice exams on ham.study.
\n\nEverything we do today involves wireless communications of some sort, and a basic knowledge of how radio works is crucial. Getting your amateur radio license and entering the world of amateur radio will better equip you with knowledge about what goes on in the radio frequency domain, and this can be applied to other RF topics (like RFID credentials, WiFi, or anything else that communicated wirelessly)
\n\n\'',NULL,614017),('3_Saturday','12','11:00','16:59','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_40171a976a1119add9e4dae9ff3ce06c','\'\'',NULL,614018),('3_Saturday','13','11:00','16:59','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_40171a976a1119add9e4dae9ff3ce06c','\'\'',NULL,614019),('3_Saturday','14','11:00','16:59','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_40171a976a1119add9e4dae9ff3ce06c','\'\'',NULL,614020),('3_Saturday','15','11:00','16:59','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_40171a976a1119add9e4dae9ff3ce06c','\'\'',NULL,614021),('3_Saturday','16','11:00','16:59','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_40171a976a1119add9e4dae9ff3ce06c','\'\'',NULL,614022),('2_Friday','13','13:00','15:59','N','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_a6347a9439b4afd66d31779aaed1d471','\'Title: Ham Radio Exams
\nWhen: Friday, Aug 9, 13:00 - 15:59 PDT
\nWhere: LVCC West/Floor 3/W320 - Map
\n
\nDescription:
\nHam radio is the original group of electronic hackers, starting long before computers, circuit chips, or even transistors. Continuing this pioneer spirit, The Ham Radio Village is offering free ham radio exams again at DEF CON! All are welcome to come and take the exam and get their amateur radio license upon passing. All three levels (technician, general, and amateur extra) of exams will be offered during DEF CON at the Ham Radio Village. Examinees are encouraged to study the question pool and take practice exams on ham.study.
\n\nEverything we do today involves wireless communications of some sort, and a basic knowledge of how radio works is crucial. Getting your amateur radio license and entering the world of amateur radio will better equip you with knowledge about what goes on in the radio frequency domain, and this can be applied to other RF topics (like RFID credentials, WiFi, or anything else that communicated wirelessly)
\n\n\'',NULL,614023),('2_Friday','14','13:00','15:59','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_a6347a9439b4afd66d31779aaed1d471','\'\'',NULL,614024),('2_Friday','15','13:00','15:59','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_a6347a9439b4afd66d31779aaed1d471','\'\'',NULL,614025),('4_Sunday','10','10:00','13:30','N','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_232a9dc4ccc6cf1a27bcb31ac3c35e9d','\'Title: Ham Radio Exams
\nWhen: Sunday, Aug 11, 10:00 - 13:30 PDT
\nWhere: LVCC West/Floor 3/W320 - Map
\n
\nDescription:
\nHam radio is the original group of electronic hackers, starting long before computers, circuit chips, or even transistors. Continuing this pioneer spirit, The Ham Radio Village is offering free ham radio exams again at DEF CON! All are welcome to come and take the exam and get their amateur radio license upon passing. All three levels (technician, general, and amateur extra) of exams will be offered during DEF CON at the Ham Radio Village. Examinees are encouraged to study the question pool and take practice exams on ham.study.
\n\nEverything we do today involves wireless communications of some sort, and a basic knowledge of how radio works is crucial. Getting your amateur radio license and entering the world of amateur radio will better equip you with knowledge about what goes on in the radio frequency domain, and this can be applied to other RF topics (like RFID credentials, WiFi, or anything else that communicated wirelessly)
\n\n\'',NULL,614026),('4_Sunday','11','10:00','13:30','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_232a9dc4ccc6cf1a27bcb31ac3c35e9d','\'\'',NULL,614027),('4_Sunday','12','10:00','13:30','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_232a9dc4ccc6cf1a27bcb31ac3c35e9d','\'\'',NULL,614028),('4_Sunday','13','10:00','13:30','Y','HRV','LVCC West/Floor 3/W320','\'Ham Radio Exams\'','\'\'','HRV_232a9dc4ccc6cf1a27bcb31ac3c35e9d','\'\'',NULL,614029),('2_Friday','16','16:00','18:59','N','SOC','LVCC West/Floor 2/W236','\'DCG Atlanta (DC404,678,770,470)\'','\'\'','SOC_2d9d2aaf7e52b8c188facabbff0256e0','\'Title: DCG Atlanta (DC404,678,770,470)
\nWhen: Friday, Aug 9, 16:00 - 18:59 PDT
\nWhere: LVCC West/Floor 2/W236 - Map
\n
\nDescription:
\nThey say Atlanta is the city too busy to hate, but it also has too much traffic for its widespread hacker fam to get together in a single meetup. So instead, we\'re meeting up in the desert during DEF CON! The one time of year when intown, northern burbs, south siders, and anyone else connected to DC404\'s 25+ year legacy can catch up and share stories. Join us and meet your fellow ATL hackers!
\n\n\'',NULL,614030),('2_Friday','17','16:00','18:59','Y','SOC','LVCC West/Floor 2/W236','\'DCG Atlanta (DC404,678,770,470)\'','\'\'','SOC_2d9d2aaf7e52b8c188facabbff0256e0','\'\'',NULL,614031),('2_Friday','18','16:00','18:59','Y','SOC','LVCC West/Floor 2/W236','\'DCG Atlanta (DC404,678,770,470)\'','\'\'','SOC_2d9d2aaf7e52b8c188facabbff0256e0','\'\'',NULL,614032),('2_Friday','16','16:00','18:59','N','SOC','LVCC West/Floor 2/HallwayCon Lounge past W234','\'DEF CON Holland Group Presents: VrijMiBo\'','\'\'','SOC_0ab1f7ea505e06c6e06c15366482e491','\'Title: DEF CON Holland Group Presents: VrijMiBo
\nWhen: Friday, Aug 9, 16:00 - 18:59 PDT
\nWhere: LVCC West/Floor 2/HallwayCon Lounge past W234 - Map
\n
\nDescription:
\nIn The Netherlands it\'s a tradition to catch up with your colleagues just before the end of the workday on Friday when the weekend starts to kick in. In The Netherlands this is called the \"VrijMiBo\" (Vrijdag/Friday - Middag/Afternoon Borrel/Drink)
\n\n\"VrijMiBo/Friday afternoon Drink\" at DEF CON is a perfect moment to talk about what your favorite thing is at DEF CON, show your cool handmade badges, impress other hackers about your latest hacks, make new friends, gossip about your boss and show your cat or dog pictures.
\n\nVrijdag Middag Borrel, Freitag Mittags Getränk, Apéritif du vendredi après-midi, trago de viernes por la tarde.
\n\n\'',NULL,614033),('2_Friday','17','16:00','18:59','Y','SOC','LVCC West/Floor 2/HallwayCon Lounge past W234','\'DEF CON Holland Group Presents: VrijMiBo\'','\'\'','SOC_0ab1f7ea505e06c6e06c15366482e491','\'\'',NULL,614034),('2_Friday','18','16:00','18:59','Y','SOC','LVCC West/Floor 2/HallwayCon Lounge past W234','\'DEF CON Holland Group Presents: VrijMiBo\'','\'\'','SOC_0ab1f7ea505e06c6e06c15366482e491','\'\'',NULL,614035),('2_Friday','19','19:00','00:59','N','SOC','LVCC West/Floor 3/W305-W306','\'BlanketFort Con\'','\'\'','SOC_3589b58e1c3b4c861d72f814bb005056','\'Title: BlanketFort Con
\nWhen: Friday, Aug 9, 19:00 - 00:59 PDT
\nWhere: LVCC West/Floor 3/W305-W306 - Map
\n
\nDescription:
\nBlanketFort Con: Come for the chill vibes and diversity, stay for the Blanket Fort Building, Cool Lights, Music, and Kid Friendly \\ Safe environment. Now with less Gluten and more animal onesies!
\n\n\n\n\'',NULL,614036),('2_Friday','19','19:00','01:59','N','SOC','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber Lituation 2.0\'','\'BIC Village Staff,DJ Roma\'','SOC_f0347dc127cc7d9e18e1d8fd2f8f28d8','\'Title: Blacks in Cyber Lituation 2.0
\nWhen: Friday, Aug 9, 19:00 - 01:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\n19: 00 - 21:00
\nBIC Village \"Chat & Chew\" Networking Session
\nLight Music & Food! Network with our sponsors, partners, volunteers, members and visitors!
\n\n21:00 - 02:00\nBIC Village Party with DJ Roma\nAs the sun sets, gather around for a celebration of Reggae, Soca, Dancehall, Hiphop, Pop, R&B, Regional Hits and Caribbean Dance Style! All Flags Welcome! Rep Your Flag!
\n\nSpeakers:BIC Village Staff,DJ Roma
\n
\nSpeakerBio: BIC Village Staff
\nNo BIO available
\nSpeakerBio: DJ Roma
\nNo BIO available
\n\n\'',NULL,614037),('2_Friday','21','21:00','01:59','N','SOC','LVCC West/Floor 1/W106-W109-Chillout 1','\'Arcade Party\'','\'\'','SOC_30323b52c3a4845780581bab994491a1','\'Title: Arcade Party
\nWhen: Friday, Aug 9, 21:00 - 01:59 PDT
\nWhere: LVCC West/Floor 1/W106-W109-Chillout 1 - Map
\n
\nDescription:
\nThe Arcade Party is back! Come play your favorite classic arcade games while jamming out to Keith Myers DJing. Your favorite custom built 16 player LED foosball table will be ready for some competitive games. This epic party, free for DEF CON 32 attendees to enjoy and play, is hosted by the Military Cyber Professionals Association (a tech ed charity) and friends.
\n\n\'',NULL,614038),('2_Friday','21','21:00','01:59','N','SOC','LVCC West/Floor 3/W322-W324, W327','\'GOTHCON 2024\'','\'\'','SOC_10961b1065b79aa093037d3f89697282','\'Title: GOTHCON 2024
\nWhen: Friday, Aug 9, 21:00 - 01:59 PDT
\nWhere: LVCC West/Floor 3/W322-W324, W327 - Map
\n
\nDescription:
\nReturning for their 7th year, Gothcon invites you to come dance the night away with a line-up of some of the community\'s best dark dance music DJ\'s from across the US! Dress however you would like in whatever makes you feel comfortable and happy, and all are welcome (except nazis). Follow @dcgothcon on X for current updates on lineup and other surprises we have in store.
\n\n\'',NULL,614039),('2_Friday','22','22:00','00:59','N','SOC','LVCC West/Floor 3/W325-W326','\'QueerCon\'','\'\'','SOC_3f83b6abb75c205b5f947a7f2d55460e','\'Title: QueerCon
\nWhen: Friday, Aug 9, 22:00 - 00:59 PDT
\nWhere: LVCC West/Floor 3/W325-W326 - Map
\n
\nDescription:
\nA fun gathering space for the lgbtqia+ community to listen to DJ dance music and party together. An inclusive and vibrant option with others in the community.
\n\n\'',NULL,614040),('2_Friday','21','21:00','01:59','N','MISC','LVCC West/Floor 2/W208','\'Capitol Technology University (CTU)\'','\'\'','MISC_69bdc69a03b889dabbcab04ed96958cc','\'Title: Capitol Technology University (CTU)
\nWhen: Friday, Aug 9, 21:00 - 01:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nJoin Capitol Technology University for a night of fun, drinks, and networking amongst like-minded peers! Capitol Tech\'s industry-expert leadership will be discussing exciting career paths in cybersecurity, as well as the future of cyber higher education.
\n\n\'',NULL,614041),('3_Saturday','19','19:30','21:59','N','SOC','LVCC West/Floor 2/W228','\'DC Next Gen party\'','\'\'','SOC_ee33f9344baebf037d9a604da0bf3b7f','\'Title: DC Next Gen party
\nWhen: Saturday, Aug 10, 19:30 - 21:59 PDT
\nWhere: LVCC West/Floor 2/W228 - Map
\n
\nDescription:
\nParty with DEF CON NextGen. Enjoy some music, and some good conversation with other young DEF CON attendees!
\n\n\'',NULL,614042),('3_Saturday','20','19:30','21:59','Y','SOC','LVCC West/Floor 2/W228','\'DC Next Gen party\'','\'\'','SOC_ee33f9344baebf037d9a604da0bf3b7f','\'\'',NULL,614043),('3_Saturday','21','19:30','21:59','Y','SOC','LVCC West/Floor 2/W228','\'DC Next Gen party\'','\'\'','SOC_ee33f9344baebf037d9a604da0bf3b7f','\'\'',NULL,614044),('3_Saturday','21','21:00','01:59','N','SOC','LVCC West/Floor 1/W106-W109-Chillout 1','\'VETCON\'','\'\'','SOC_620b0283fcab01e1a7b5c32e976737ae','\'Title: VETCON
\nWhen: Saturday, Aug 10, 21:00 - 01:59 PDT
\nWhere: LVCC West/Floor 1/W106-W109-Chillout 1 - Map
\n
\nDescription:
\nWelcome to VETCON, the DEFCON Community event and of course, THE VETCON Party where veterans, active duty military, and even civilians looking for a taste of the action come together for a cyber rendezvous. Because let\'s face it, sometimes you need a little civilian perspective to hack the system!
\n\n\'',NULL,614045),('3_Saturday','19','19:00','20:59','N','SOC','LVCC West/Floor 3/W305-W306','\'Women, gender non-conforming and non-binary meetup with The Diana Initiative\'','\'\'','SOC_36087f7c2c361f8319f247855de1b105','\'Title: Women, gender non-conforming and non-binary meetup with The Diana Initiative
\nWhen: Saturday, Aug 10, 19:00 - 20:59 PDT
\nWhere: LVCC West/Floor 3/W305-W306 - Map
\n
\nDescription:
\nThe Diana Initiative is hosting a meetup where we’d love to get all the gender non conforming, non-binary and women attendees together to hang out and make friends! DEF CON is better with friends.
\n\n\'',NULL,614046),('3_Saturday','20','19:00','20:59','Y','SOC','LVCC West/Floor 3/W305-W306','\'Women, gender non-conforming and non-binary meetup with The Diana Initiative\'','\'\'','SOC_36087f7c2c361f8319f247855de1b105','\'\'',NULL,614047),('3_Saturday','14','14:00','15:59','N','MISC','LVCC West/Floor 2/HallwayCon Lounge past W234','\'DC Book Club Discussion\'','\'\'','MISC_aeac33f8ccc20cfdba1124558b593de4','\'Title: DC Book Club Discussion
\nWhen: Saturday, Aug 10, 14:00 - 15:59 PDT
\nWhere: LVCC West/Floor 2/HallwayCon Lounge past W234 - Map
\n
\nDescription:
\nA quieter space for those who want to discuss what they are reading, recommend books, and trade books too. We will have a logo themed sticker.
\n\n\'',NULL,614048),('3_Saturday','15','14:00','15:59','Y','MISC','LVCC West/Floor 2/HallwayCon Lounge past W234','\'DC Book Club Discussion\'','\'\'','MISC_aeac33f8ccc20cfdba1124558b593de4','\'\'',NULL,614049),('3_Saturday','17','17:00','18:59','N','SOC','LVCC West/Floor 2/HallwayCon Lounge past W234','\'Sticker Swap at DEF CON 32\'','\'\'','SOC_2d2c21d4cc456150d400e9e706297712','\'Title: Sticker Swap at DEF CON 32
\nWhen: Saturday, Aug 10, 17:00 - 18:59 PDT
\nWhere: LVCC West/Floor 2/HallwayCon Lounge past W234 - Map
\n
\nDescription:
\nWe\'ve ran The UnOfficial DEF CON Sticker Swap for 5 years now. Maybe a few other things. This year will be the officially official DC Sticker Swap, come visit for sticker hacker culture and to swap a bit of history.
\n\n\'',NULL,614050),('3_Saturday','18','17:00','18:59','Y','SOC','LVCC West/Floor 2/HallwayCon Lounge past W234','\'Sticker Swap at DEF CON 32\'','\'\'','SOC_2d2c21d4cc456150d400e9e706297712','\'\'',NULL,614051),('2_Friday','19','19:30','21:59','N','SOC','LVCC West/Floor 2/W228','\'Lawyers Meet\'','\'\'','SOC_12d9bb3c452ddc0af1a451f0d286cecf','\'Title: Lawyers Meet
\nWhen: Friday, Aug 9, 19:30 - 21:59 PDT
\nWhere: LVCC West/Floor 2/W228 - Map
\n
\nDescription:
\nIf you’re a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join Jeff McNamara for a friendly get-together, drinks, and conversation.
\n\n\'',NULL,614052),('2_Friday','20','19:30','21:59','Y','SOC','LVCC West/Floor 2/W228','\'Lawyers Meet\'','\'\'','SOC_12d9bb3c452ddc0af1a451f0d286cecf','\'\'',NULL,614053),('2_Friday','21','19:30','21:59','Y','SOC','LVCC West/Floor 2/W228','\'Lawyers Meet\'','\'\'','SOC_12d9bb3c452ddc0af1a451f0d286cecf','\'\'',NULL,614054),('3_Saturday','21','21:00','00:59','N','SOC','LVCC West/Floor 3/W325-W326','\'Jack Rhysider Masquerade Party\'','\'Jack Rhysider\'','SOC_7eafb4ccc01d53dc4ce63af35323036e','\'Title: Jack Rhysider Masquerade Party
\nWhen: Saturday, Aug 10, 21:00 - 00:59 PDT
\nWhere: LVCC West/Floor 3/W325-W326 - Map
\n
\nDescription:
\nCome party with Jack Rhysider at the Darknet Diaries Masquerade party! You\'re not going to want to miss this event as there will be free swag, killer music, interactive exhibits, and of course Jack Rhysider.
\n\nSpeakerBio: Jack Rhysider
\nNo BIO available
\n\n\'',NULL,614055),('3_Saturday','21','21:00','01:59','N','SOC','LVCC West/Floor 3/W322-W324, W327','\'RAA for Workgroups 3.11\'','\'\'','SOC_bf03c65c3f7ef45c32ea0fd35ca21e14','\'Title: RAA for Workgroups 3.11
\nWhen: Saturday, Aug 10, 21:00 - 01:59 PDT
\nWhere: LVCC West/Floor 3/W322-W324, W327 - Map
\n
\nDescription:
\nRAA For Workgroups 3.11 is a continuation of the Rent an Assassin series of parties from DC Shenanigans. Based on the World of Assassination from the Hitman video game franchise, RAA has been serving up clandestine client acquisition events in top-secret locations since DC30. This year marks our first-ever official DEF CON event, and we are excited to bring you some of the best DJs (and shenanigans) DEF CON has to offer.
\n\n\'',NULL,614056),('3_Saturday','18','18:30','21:30','N','MISC','LVCC West/Floor 3/W307-W308','\'EFF Tech Trivia\'','\'\'','MISC_62dd7dca8ddbbea810385e693417c24a','\'Title: EFF Tech Trivia
\nWhen: Saturday, Aug 10, 18:30 - 21:30 PDT
\nWhere: LVCC West/Floor 3/W307-W308 - Map
\n
\nDescription:
\nEFF\'s team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Trophy and EFF swag pack. The second and third place teams will also win great EFF gear.
\n\n\'',NULL,614057),('3_Saturday','19','18:30','21:30','Y','MISC','LVCC West/Floor 3/W307-W308','\'EFF Tech Trivia\'','\'\'','MISC_62dd7dca8ddbbea810385e693417c24a','\'\'',NULL,614058),('3_Saturday','20','18:30','21:30','Y','MISC','LVCC West/Floor 3/W307-W308','\'EFF Tech Trivia\'','\'\'','MISC_62dd7dca8ddbbea810385e693417c24a','\'\'',NULL,614059),('3_Saturday','21','18:30','21:30','Y','MISC','LVCC West/Floor 3/W307-W308','\'EFF Tech Trivia\'','\'\'','MISC_62dd7dca8ddbbea810385e693417c24a','\'\'',NULL,614060),('1_Thursday','19','19:00','20:59','N','SOC','LVCC West/Floor 2/W236','\'DC702\'','\'\'','SOC_280d4a85d7b068cdfd4b49e6f9261f63','\'Title: DC702
\nWhen: Thursday, Aug 8, 19:00 - 20:59 PDT
\nWhere: LVCC West/Floor 2/W236 - Map
\n
\nDescription:
\nJoin the local DC702 Group in this year\'s official DEF CON Meetup! The meetup will be casual and include typical meetup activities (e.g., socializing, \"challenges,\" lockpicking, etc.) and maybe a few little surprises. To stay up-to-date, check out dc702.space/dc32-meetup.
\n\n\'',NULL,614061),('1_Thursday','20','19:00','20:59','Y','SOC','LVCC West/Floor 2/W236','\'DC702\'','\'\'','SOC_280d4a85d7b068cdfd4b49e6f9261f63','\'\'',NULL,614062),('2_Friday','16','16:00','17:59','N','SOC','LVCC West/Floor 2/W231-W233','\'QueerCon Mixer\'','\'\'','SOC_dab821107df7c4b6f4b0a591aa0ff54d','\'Title: QueerCon Mixer
\nWhen: Friday, Aug 9, 16:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W231-W233 - Map
\n
\nDescription:
\nCome by this informal mixer to meet others in the lgbtqia+ community who are a part of this wonderful world that is InfoSec. This is a safe and inclusive space to meet and talk to others with your shared experience and is a nice environment to network and unwind with a drink.
\n\n\'',NULL,614063),('2_Friday','17','16:00','17:59','Y','SOC','LVCC West/Floor 2/W231-W233','\'QueerCon Mixer\'','\'\'','SOC_dab821107df7c4b6f4b0a591aa0ff54d','\'\'',NULL,614064),('1_Thursday','16','16:00','17:59','N','SOC','LVCC West/Floor 2/W231-W233','\'QueerCon Mixer\'','\'\'','SOC_170a44cd66a49cd672b83e9eea03c1ea','\'Title: QueerCon Mixer
\nWhen: Thursday, Aug 8, 16:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W231-W233 - Map
\n
\nDescription:
\nCome by this informal mixer to meet others in the lgbtqia+ community who are a part of this wonderful world that is InfoSec. This is a safe and inclusive space to meet and talk to others with your shared experience and is a nice environment to network and unwind with a drink.
\n\n\'',NULL,614065),('1_Thursday','17','16:00','17:59','Y','SOC','LVCC West/Floor 2/W231-W233','\'QueerCon Mixer\'','\'\'','SOC_170a44cd66a49cd672b83e9eea03c1ea','\'\'',NULL,614066),('3_Saturday','16','16:00','17:59','N','SOC','LVCC West/Floor 2/W231-W233','\'QueerCon Mixer\'','\'\'','SOC_bf6cc0be1356352925ee472955a86e74','\'Title: QueerCon Mixer
\nWhen: Saturday, Aug 10, 16:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W231-W233 - Map
\n
\nDescription:
\nCome by this informal mixer to meet others in the lgbtqia+ community who are a part of this wonderful world that is InfoSec. This is a safe and inclusive space to meet and talk to others with your shared experience and is a nice environment to network and unwind with a drink.
\n\n\'',NULL,614067),('3_Saturday','17','16:00','17:59','Y','SOC','LVCC West/Floor 2/W231-W233','\'QueerCon Mixer\'','\'\'','SOC_bf6cc0be1356352925ee472955a86e74','\'\'',NULL,614068),('2_Friday','05','05:00','07:59','N','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_c16b116eadb4f82c230817eedcf1de71','\'Title: Defcon.run
\nWhen: Friday, Aug 9, 05:00 - 07:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nThursday, Friday, Saturday and Sunday: 05:00 to 08:00, with random pop up meetings throughout the day in the con space.
\n\nDefcon.run is an evolution of the now long running DEF CON 4x5K running event. Due to stupendous growth, we’ve been forced to change up the format. This year\'s activity will look to match up folks for fun runs, and rucks (!), in small distributed groups around Las Vegas. It’s the same old event but at a distributed scale!
\n\nShow up in the morning, go for a run with folks, have a good time!
\n\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances. Full Information at https://defcon.run
\n\n\'',NULL,614069),('2_Friday','06','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_c16b116eadb4f82c230817eedcf1de71','\'\'',NULL,614070),('2_Friday','07','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_c16b116eadb4f82c230817eedcf1de71','\'\'',NULL,614071),('1_Thursday','05','05:00','07:59','N','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_4e35ae98afffdcd903897e56741069f4','\'Title: Defcon.run
\nWhen: Thursday, Aug 8, 05:00 - 07:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nThursday, Friday, Saturday and Sunday: 05:00 to 08:00, with random pop up meetings throughout the day in the con space.
\n\nDefcon.run is an evolution of the now long running DEF CON 4x5K running event. Due to stupendous growth, we’ve been forced to change up the format. This year\'s activity will look to match up folks for fun runs, and rucks (!), in small distributed groups around Las Vegas. It’s the same old event but at a distributed scale!
\n\nShow up in the morning, go for a run with folks, have a good time!
\n\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances. Full Information at https://defcon.run
\n\n\'',NULL,614072),('1_Thursday','06','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_4e35ae98afffdcd903897e56741069f4','\'\'',NULL,614073),('1_Thursday','07','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_4e35ae98afffdcd903897e56741069f4','\'\'',NULL,614074),('3_Saturday','05','05:00','07:59','N','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_3100939c3e5ac6750d19074e0d10806f','\'Title: Defcon.run
\nWhen: Saturday, Aug 10, 05:00 - 07:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nThursday, Friday, Saturday and Sunday: 05:00 to 08:00, with random pop up meetings throughout the day in the con space.
\n\nDefcon.run is an evolution of the now long running DEF CON 4x5K running event. Due to stupendous growth, we’ve been forced to change up the format. This year\'s activity will look to match up folks for fun runs, and rucks (!), in small distributed groups around Las Vegas. It’s the same old event but at a distributed scale!
\n\nShow up in the morning, go for a run with folks, have a good time!
\n\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances. Full Information at https://defcon.run
\n\n\'',NULL,614075),('3_Saturday','06','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_3100939c3e5ac6750d19074e0d10806f','\'\'',NULL,614076),('3_Saturday','07','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_3100939c3e5ac6750d19074e0d10806f','\'\'',NULL,614077),('4_Sunday','05','05:00','07:59','N','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_10c9d7a573475b6c1b492ee27d39805e','\'Title: Defcon.run
\nWhen: Sunday, Aug 11, 05:00 - 07:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nThursday, Friday, Saturday and Sunday: 05:00 to 08:00, with random pop up meetings throughout the day in the con space.
\n\nDefcon.run is an evolution of the now long running DEF CON 4x5K running event. Due to stupendous growth, we’ve been forced to change up the format. This year\'s activity will look to match up folks for fun runs, and rucks (!), in small distributed groups around Las Vegas. It’s the same old event but at a distributed scale!
\n\nShow up in the morning, go for a run with folks, have a good time!
\n\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances. Full Information at https://defcon.run
\n\n\'',NULL,614078),('4_Sunday','06','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_10c9d7a573475b6c1b492ee27d39805e','\'\'',NULL,614079),('4_Sunday','07','05:00','07:59','Y','MISC','Other / See Description','\'Defcon.run\'','\'\'','MISC_10c9d7a573475b6c1b492ee27d39805e','\'\'',NULL,614080),('1_Thursday','15','15:00','20:59','N','MISC','Other / See Description','\'Toxic BBQ\'','\'\'','MISC_6dc5f8b8e9df485f0f6a0086e6a6dc8b','\'Title: Toxic BBQ
\nWhen: Thursday, Aug 8, 15:00 - 20:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nThe humans of Vegas invite you to our unofficial welcome party. Whether it\'s your 1st or 18th time, we\'re still in the EXACT SAME PLACE. Join us off-Strip in the shade for a volunteer-run grill and chill.
\n\nWe stock the larder with the basics: burgers, dogs, meatless delights, and all the fixin\'s. You procure your favorite food, drinks, and sides to keep the party going. Volunteer for setup, grill-up, or clean-up. Most of all, show up and become a part of what makes Toxic BBQ the best place to start your con.
\n\nCheck out https://www.toxicbbq.org for more news, and watch #ToxicBBQ for the latest info.
\n\nOff-site at Sunset Park, Foxtail Pavilion
\n\n\'',NULL,614081),('1_Thursday','16','15:00','20:59','Y','MISC','Other / See Description','\'Toxic BBQ\'','\'\'','MISC_6dc5f8b8e9df485f0f6a0086e6a6dc8b','\'\'',NULL,614082),('1_Thursday','17','15:00','20:59','Y','MISC','Other / See Description','\'Toxic BBQ\'','\'\'','MISC_6dc5f8b8e9df485f0f6a0086e6a6dc8b','\'\'',NULL,614083),('1_Thursday','18','15:00','20:59','Y','MISC','Other / See Description','\'Toxic BBQ\'','\'\'','MISC_6dc5f8b8e9df485f0f6a0086e6a6dc8b','\'\'',NULL,614084),('1_Thursday','19','15:00','20:59','Y','MISC','Other / See Description','\'Toxic BBQ\'','\'\'','MISC_6dc5f8b8e9df485f0f6a0086e6a6dc8b','\'\'',NULL,614085),('1_Thursday','20','15:00','20:59','Y','MISC','Other / See Description','\'Toxic BBQ\'','\'\'','MISC_6dc5f8b8e9df485f0f6a0086e6a6dc8b','\'\'',NULL,614086),('0_Wednesday','11','11:00','11:59','N','MISC','Other / See Description','\'The Unofficial DEF CON Shoot\'','\'\'','MISC_1b51cb07e52a70b2748f1e212dc8a934','\'Title: The Unofficial DEF CON Shoot
\nWhen: Wednesday, Aug 7, 11:00 - 11:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nWednesday August 7th Registration usually opens at 11am
\n\nOFFSITE: Pro Gun Vegas Address: 12801 US 95 South Boulder City, NV 89005
\n\n\'',NULL,614087),('3_Saturday','20','20:00','23:59','N','MISC','LVCC West/Floor 3/W320','\'DEF CON Movie Night\'','\'\'','MISC_0a0fc389dac1eb2293554b0298f33a78','\'Title: DEF CON Movie Night
\nWhen: Saturday, Aug 10, 20:00 - 23:59 PDT
\nWhere: LVCC West/Floor 3/W320 - Map
\n
\nDescription:
\n\n\n\'',NULL,614088),('3_Saturday','21','20:00','23:59','Y','MISC','LVCC West/Floor 3/W320','\'DEF CON Movie Night\'','\'\'','MISC_0a0fc389dac1eb2293554b0298f33a78','\'\'',NULL,614089),('3_Saturday','22','20:00','23:59','Y','MISC','LVCC West/Floor 3/W320','\'DEF CON Movie Night\'','\'\'','MISC_0a0fc389dac1eb2293554b0298f33a78','\'\'',NULL,614090),('3_Saturday','23','20:00','23:59','Y','MISC','LVCC West/Floor 3/W320','\'DEF CON Movie Night\'','\'\'','MISC_0a0fc389dac1eb2293554b0298f33a78','\'\'',NULL,614091),('2_Friday','20','20:00','23:59','N','MISC','LVCC West/Floor 3/W320','\'DEF CON Movie Night\'','\'\'','MISC_fa76e0b713bd9508e36d9eaa619aa7a7','\'Title: DEF CON Movie Night
\nWhen: Friday, Aug 9, 20:00 - 23:59 PDT
\nWhere: LVCC West/Floor 3/W320 - Map
\n
\nDescription:
\n\n\n\'',NULL,614092),('2_Friday','21','20:00','23:59','Y','MISC','LVCC West/Floor 3/W320','\'DEF CON Movie Night\'','\'\'','MISC_fa76e0b713bd9508e36d9eaa619aa7a7','\'\'',NULL,614093),('2_Friday','22','20:00','23:59','Y','MISC','LVCC West/Floor 3/W320','\'DEF CON Movie Night\'','\'\'','MISC_fa76e0b713bd9508e36d9eaa619aa7a7','\'\'',NULL,614094),('2_Friday','23','20:00','23:59','Y','MISC','LVCC West/Floor 3/W320','\'DEF CON Movie Night\'','\'\'','MISC_fa76e0b713bd9508e36d9eaa619aa7a7','\'\'',NULL,614095),('3_Saturday','21','21:00','01:59','N','MISC','LVCC West/Floor 2/W208','\'Intigriti Hack Shack\'','\'\'','MISC_8a88cd5022e18774b8fac6893ada4b90','\'Title: Intigriti Hack Shack
\nWhen: Saturday, Aug 10, 21:00 - 01:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nJoin us at the Hack Shack Saturday night from 21: 00-02:00 in room 208 for an evening full of exploits and fun! Enjoy some byte-sized bites, groove to our cyber beats, and mingle with the best in the bug bounty biz. Stop by Intigriti\'s booth in Exhibitors area before the party and grab a scratch card for your chance to win a free drink! Don\'t miss out on this bug bounty bonanza!
\n\n\n\n\'',NULL,614096),('3_Saturday','21','21:00','01:59','N','SOC','LVCC West/Floor 3/W303-W304','\'The Illuminati Party\'','\'\'','SOC_cb95130a9a37f0173e917b8d902b677e','\'Title: The Illuminati Party
\nWhen: Saturday, Aug 10, 21:00 - 01:59 PDT
\nWhere: LVCC West/Floor 3/W303-W304 - Map
\n
\nDescription:
\nThe Illuminati Party is excited to open our doors once again to all those who wish to join us at DEF CON for an OPEN party welcoming all of our Hacker Family! Follow us on X (Twitter: @IlluminatiParty)
\n\n\'',NULL,614097),('3_Saturday','18','18:30','22:30','N','SOC','LVCC West/Floor 2/W237','\'Policy Mixer @ DEF CON\'','\'\'','SOC_74f1c7d6771d14a9f6478258e2cab8fe','\'Title: Policy Mixer @ DEF CON
\nWhen: Saturday, Aug 10, 18:30 - 22:30 PDT
\nWhere: LVCC West/Floor 2/W237 - Map
\n
\nDescription:
\n\n\n\'',NULL,614098),('3_Saturday','19','18:30','22:30','Y','SOC','LVCC West/Floor 2/W237','\'Policy Mixer @ DEF CON\'','\'\'','SOC_74f1c7d6771d14a9f6478258e2cab8fe','\'\'',NULL,614099),('3_Saturday','20','18:30','22:30','Y','SOC','LVCC West/Floor 2/W237','\'Policy Mixer @ DEF CON\'','\'\'','SOC_74f1c7d6771d14a9f6478258e2cab8fe','\'\'',NULL,614100),('3_Saturday','21','18:30','22:30','Y','SOC','LVCC West/Floor 2/W237','\'Policy Mixer @ DEF CON\'','\'\'','SOC_74f1c7d6771d14a9f6478258e2cab8fe','\'\'',NULL,614101),('3_Saturday','22','18:30','22:30','Y','SOC','LVCC West/Floor 2/W237','\'Policy Mixer @ DEF CON\'','\'\'','SOC_74f1c7d6771d14a9f6478258e2cab8fe','\'\'',NULL,614102),('2_Friday','18','18:30','22:30','N','SOC','LVCC West/Floor 2/W237','\'Policy Mixer @ DEF CON\'','\'\'','SOC_b0ef77a7910bd8e818251d76c4a8fdd3','\'Title: Policy Mixer @ DEF CON
\nWhen: Friday, Aug 9, 18:30 - 22:30 PDT
\nWhere: LVCC West/Floor 2/W237 - Map
\n
\nDescription:
\n\n\n\'',NULL,614103),('2_Friday','19','18:30','22:30','Y','SOC','LVCC West/Floor 2/W237','\'Policy Mixer @ DEF CON\'','\'\'','SOC_b0ef77a7910bd8e818251d76c4a8fdd3','\'\'',NULL,614104),('2_Friday','20','18:30','22:30','Y','SOC','LVCC West/Floor 2/W237','\'Policy Mixer @ DEF CON\'','\'\'','SOC_b0ef77a7910bd8e818251d76c4a8fdd3','\'\'',NULL,614105),('2_Friday','21','18:30','22:30','Y','SOC','LVCC West/Floor 2/W237','\'Policy Mixer @ DEF CON\'','\'\'','SOC_b0ef77a7910bd8e818251d76c4a8fdd3','\'\'',NULL,614106),('2_Friday','22','18:30','22:30','Y','SOC','LVCC West/Floor 2/W237','\'Policy Mixer @ DEF CON\'','\'\'','SOC_b0ef77a7910bd8e818251d76c4a8fdd3','\'\'',NULL,614107),('3_Saturday','12','12:00','12:59','N','SOC','LVCC West/Floor 3/W301','\'Friends of Bill W\'','\'\'','SOC_90781efefb8678dd01f9daee81067ed9','\'Title: Friends of Bill W
\nWhen: Saturday, Aug 10, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 3/W301 - Map
\n
\nDescription:
\nWe know DEF CON and Vegas can be a lot. If you\'re a friend of Bill W who\'s looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
\n\n\'',NULL,614108),('3_Saturday','17','17:00','17:59','N','SOC','LVCC West/Floor 3/W301','\'Friends of Bill W\'','\'\'','SOC_bf3488df81f32b94c1c5001dd8dca345','\'Title: Friends of Bill W
\nWhen: Saturday, Aug 10, 17:00 - 17:59 PDT
\nWhere: LVCC West/Floor 3/W301 - Map
\n
\nDescription:
\nWe know DEF CON and Vegas can be a lot. If you\'re a friend of Bill W who\'s looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
\n\n\'',NULL,614109),('1_Thursday','17','17:00','17:59','N','SOC','LVCC West/Floor 3/W301','\'Friends of Bill W\'','\'\'','SOC_d82fa234b6bccaa39eed029b0259fbd7','\'Title: Friends of Bill W
\nWhen: Thursday, Aug 8, 17:00 - 17:59 PDT
\nWhere: LVCC West/Floor 3/W301 - Map
\n
\nDescription:
\nWe know DEF CON and Vegas can be a lot. If you\'re a friend of Bill W who\'s looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
\n\n\'',NULL,614110),('4_Sunday','12','12:00','12:59','N','SOC','LVCC West/Floor 3/W301','\'Friends of Bill W\'','\'\'','SOC_79907c5ed02f53a855cb6912ea810658','\'Title: Friends of Bill W
\nWhen: Sunday, Aug 11, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 3/W301 - Map
\n
\nDescription:
\nWe know DEF CON and Vegas can be a lot. If you\'re a friend of Bill W who\'s looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
\n\n\'',NULL,614111),('2_Friday','17','17:00','17:59','N','SOC','LVCC West/Floor 3/W301','\'Friends of Bill W\'','\'\'','SOC_10e7ed1b9ec6e9a9989f10a35afb6eb0','\'Title: Friends of Bill W
\nWhen: Friday, Aug 9, 17:00 - 17:59 PDT
\nWhere: LVCC West/Floor 3/W301 - Map
\n
\nDescription:
\nWe know DEF CON and Vegas can be a lot. If you\'re a friend of Bill W who\'s looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
\n\n\'',NULL,614112),('2_Friday','12','12:00','12:59','N','SOC','LVCC West/Floor 3/W301','\'Friends of Bill W\'','\'\'','SOC_363177989f2a4e3cba48816cf7d2c994','\'Title: Friends of Bill W
\nWhen: Friday, Aug 9, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 3/W301 - Map
\n
\nDescription:
\nWe know DEF CON and Vegas can be a lot. If you\'re a friend of Bill W who\'s looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
\n\n\'',NULL,614113),('1_Thursday','12','12:00','12:59','N','SOC','LVCC West/Floor 3/W301','\'Friends of Bill W\'','\'\'','SOC_beb6314bc431a98448738e2e32a71413','\'Title: Friends of Bill W
\nWhen: Thursday, Aug 8, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 3/W301 - Map
\n
\nDescription:
\nWe know DEF CON and Vegas can be a lot. If you\'re a friend of Bill W who\'s looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room 301. Meetings will be Thursday, Friday, Saturday: 12:00-13:00, 17:00-18:00 Sunday 12:00-13:00
\n\n\'',NULL,614114),('2_Friday','17','17:30','21:30','N','MISC','LVCC West/Floor 3/W307-W308','\'Ask the EFF\'','\'\'','MISC_c727e02df6e2f3aa4149b35c597adf5f','\'Title: Ask the EFF
\nWhen: Friday, Aug 9, 17:30 - 21:30 PDT
\nWhere: LVCC West/Floor 3/W307-W308 - Map
\n
\nDescription:
\nElectronic Frontier Foundation (EFF) is excited to be back at DEF CON. Our expert panelists will offer brief updates on EFF\'s work defending your digital rights, before opening the floor for attendees to ask their questions. This dynamic conversation centers challenges DEF CON attendees actually face, and is an opportunity to connect on common causes.
\n\n\'',NULL,614115),('2_Friday','18','17:30','21:30','Y','MISC','LVCC West/Floor 3/W307-W308','\'Ask the EFF\'','\'\'','MISC_c727e02df6e2f3aa4149b35c597adf5f','\'\'',NULL,614116),('2_Friday','19','17:30','21:30','Y','MISC','LVCC West/Floor 3/W307-W308','\'Ask the EFF\'','\'\'','MISC_c727e02df6e2f3aa4149b35c597adf5f','\'\'',NULL,614117),('2_Friday','20','17:30','21:30','Y','MISC','LVCC West/Floor 3/W307-W308','\'Ask the EFF\'','\'\'','MISC_c727e02df6e2f3aa4149b35c597adf5f','\'\'',NULL,614118),('2_Friday','21','17:30','21:30','Y','MISC','LVCC West/Floor 3/W307-W308','\'Ask the EFF\'','\'\'','MISC_c727e02df6e2f3aa4149b35c597adf5f','\'\'',NULL,614119),('3_Saturday','18','18:30','19:30','N','CON','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'Feet Feud (Hacker Family Feud)\'','\'\'','CON_e944509c1cc0ee704d2c11c5c8292f90','\'Title: Feet Feud (Hacker Family Feud)
\nWhen: Saturday, Aug 10, 18:30 - 19:30 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Tracks 1-2 - Map
\n
\nDescription:
\nFeet Feud (Hacker Family Feud) is a Cybersecurity-themed Family Feud style game arranged by members of the OnlyFeet CTF team and hosted by Toeb3rius (aka Tib3rius). Both survey questions and their answers are crowd-sourced from the Cybersecurity community. Two teams (Left Foot and Right Foot) captained by members of OnlyFeet and comprised of audience members go head to head, trying to figure out the top answers to the survey questions.
\n\nAttendees can either watch the game or volunteer to play on one of the two teams. Audience participation is also encouraged if either of the two teams fails to get every answer of a survey question.
\n\nUltimately Feet Feud is about having a laugh, watching people in the industry attempt to figure out what randomly surveyed people from the Cybersecurity community put as answers to a number of security / tech related questions.
\n\n\'',NULL,614120),('3_Saturday','19','18:30','19:30','Y','CON','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'Feet Feud (Hacker Family Feud)\'','\'\'','CON_e944509c1cc0ee704d2c11c5c8292f90','\'\'',NULL,614121),('2_Friday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W303','\'Docker Exploitation Framework\'','\'Emmanuel Law,Rohit Pitke\'','DL_bc8645298fd42b03085afba46105505a','\'Title: Docker Exploitation Framework
\nWhen: Friday, Aug 9, 10:00 - 11:45 PDT
\nWhere: LVCC West/Floor 3/W303 - Map
\n
\nDescription:
\nDocker Exploitation Framework is a cross-platform framework that is focused on attacking container environments (think Kubernetes, docker, etc). It can identify vulnerabilities, misconfigurations, and potential attack vectors. It also helps to automate different stages of a successful kill-chain through features such as:
\n\n\n- Vulnerability scanning
\n- Container breakouts
\n- Pod2pod lateral movement
\n- File layers deep inspection and extraction
\n- Attack surface discovery and mapping
\n- Privilege escalation, etc
\n
\n\nSpeakers:Emmanuel Law,Rohit Pitke
\n
\nSpeakerBio: Emmanuel Law, Senior Staff Security Engineer
\nEmmanuel Law (@libnex) has over a decade of security research experience. He has presented at various international conferences such as Black Hat USA Arsenal, Troopers, Kiwicon, Ruxcon etc. He has also released tools such as Shadow Workers for browser exploitation. He is currently working as a Senior Staff Security Engineer in San Francisco Bay Area.
\n\nSpeakerBio: Rohit Pitke
\nRohit Pitke has been working in the security industry over a decade in various fields like application and infrastructure security, offensive security and security software development. He has presented in various conferences like AppSec USA, AppSec Rome, NullCon.
\n\n\n\'',NULL,614122),('2_Friday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W303','\'Docker Exploitation Framework\'','\'Emmanuel Law,Rohit Pitke\'','DL_bc8645298fd42b03085afba46105505a','\'\'',NULL,614123),('2_Friday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W303','\'distribRuted - Distributed Attack Framework\'','\'Ismail Melih Tas,Numan Ozdemir\'','DL_cbfa76c8730e852ec7ca5e765f4fdc3e','\'Title: distribRuted - Distributed Attack Framework
\nWhen: Friday, Aug 9, 12:00 - 13:45 PDT
\nWhere: LVCC West/Floor 3/W303 - Map
\n
\nDescription:
\nPenetration testing tools often face limitations such as IP blocking, insufficient computing power, and time constraints. However, by executing these tests across a distributed network of hundreds of devices, these challenges can be overcome. Organizing such a large-scale attack efficiently is complex, as the number of nodes increases, so does the difficulty in orchestration and management. distribRuted provides the necessary infrastructure and orchestration for distributed attacks. This framework allows developers to easily create and execute specific distributed attacks using standard application modules. Users can develop their attack modules or utilize pre-existing ones from the community. With distribRuted, automating, managing, and tracking a distributed attack across hundreds of nodes becomes straightforward, thereby enhancing efficiency, reducing time and costs, and eliminating Single Point of Failure (SPoF) in penetration testing.
\n\nSpeakers:Ismail Melih Tas,Numan Ozdemir
\n
\nSpeakerBio: Ismail Melih Tas, Founder and CEO at Siber Ninja
\nMelih Tas is a VP in Application Security at a multi-national financial company in London, UK, and the founder and CEO of VulnHero and Siber Ninja, two cybersecurity startups. He has previously worked as a Senior Security Consultant at Synopsys, a Tech Lead at Garanti BBVA Bank, and a Security Researcher at Nortel-Networks Netas. Melih holds a Ph.D. in Cyber Security, has presented at renowned hacker conferences including DEF CON and Black Hat, and is a published academic author with a focus on VoIP security and Application Security.
\n\nSpeakerBio: Numan Ozdemir, Cybersecurity Researcher and Computer Programmer
\nNuman Ozdemir is a cybersecurity researcher and computer programmer currently pursuing a degree in Mathematics and Computer Science. His research interests include blockchain and application security.
\n\n\n\'',NULL,614124),('2_Friday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W303','\'distribRuted - Distributed Attack Framework\'','\'Ismail Melih Tas,Numan Ozdemir\'','DL_cbfa76c8730e852ec7ca5e765f4fdc3e','\'\'',NULL,614125),('2_Friday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W303','\'Automated Control Validation with Tommyknocker\'','\'Jeremy Banker\'','DL_b99c31b85dd7561492555543c473f98f','\'Title: Automated Control Validation with Tommyknocker
\nWhen: Friday, Aug 9, 14:00 - 15:45 PDT
\nWhere: LVCC West/Floor 3/W303 - Map
\n
\nDescription:
\nTommyknocker is an open source project designed to facilitate automation of continuous security control validation, bringing some of the processes developers have been using for years for regressing testing, to the security world. It allows users to easily create test scenarios using docker images and standard scripts to perform one or more test actions, followed by the ability to easily check common tooling (SIEM, IDS, Log aggregators) for any expected alerts or log entries. Using Tommyknocker, security organizations can add test cases each time a new security control is created, so that any time a change is made in the environment, the continued functioning of existing controls can be validated. Many times, security organizations will only test controls when they are first implemented, and potentially a few times a year for audit purposes. With Tommyknocker, controls can be tested multiple times per day, ensuring that alerts are raised as soon as possible when a control ceases to function correctly, or is compromised by a threat actor.
\n\nSpeakerBio: Jeremy Banker
\nJeremy is an accomplished software developer and lifelong hacker with a combined 10 years of experience in software development and cybersecurity. After working his way up from customer support, and earning a Master\'s degree in Information Security, Jeremy helped found the Security Product Engineering, Automation and Research group at VMware. Having spoken at both Blackhat Arsenal and Def Con Demolabs on his open source projects, he continues to be passionate about sharing new tools and technologies with the community. In his spare time, Jeremy enjoys gardening, camping, and tinkering with all manner of technology.
\n\n\n\'',NULL,614126),('2_Friday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W303','\'Automated Control Validation with Tommyknocker\'','\'Jeremy Banker\'','DL_b99c31b85dd7561492555543c473f98f','\'\'',NULL,614127),('2_Friday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W304','\'Zip It Up, Sneak It In - Introduction of apkInspector\'','\'Kaloyan Velikov,Leonidas Vasileiadis\'','DL_d82c3fd9763d664b6a80fa9bdba4f9ae','\'Title: Zip It Up, Sneak It In - Introduction of apkInspector
\nWhen: Friday, Aug 9, 10:00 - 11:45 PDT
\nWhere: LVCC West/Floor 3/W304 - Map
\n
\nDescription:
\napkInspector is a tool designed to tackle Android APKs, helping to uncover and decode the evasive tactics used by malware. It can decompress APK entries and extract detailed information such as entry names and sizes, making it easy to analyze the contents of an app. The tool also processes and decodes Android XML (AXML) files into a human-readable format, all while considering the sneaky evasion tactics that malware might employ. apkInspector is able to also identify specific evasion techniques used by malware to bypass static analysis, providing crucial insights for security analysis. It is built to function both as a standalone command-line interface (CLI) for direct operations and as a library that can be integrated into other security tools, enhancing its utility and adaptability in various cybersecurity environments.
\n\nSpeakers:Kaloyan Velikov,Leonidas Vasileiadis
\n
\nSpeakerBio: Kaloyan Velikov
\nKaloyan Velikov is a security professional that has also been in the cybersecurity field for more than five years. While he is proficient in web application and network security pentesting, as well as various device assessments, in the recent years he has been busy learning the testing of mobile applications and device configurations. This led to a more focused specialization in pentesting on both the Android and iOS platforms. He is always eager to try new tools and see how they can be implemented into the penetration testing playbook. Kaloyan is always up for a challenge even if there is a skill gap and extra research will be required to proceed. He also loves to share the knowledge he has obtained, because it is great to help each other to succeed in our assignments.
\n\nSpeakerBio: Leonidas Vasileiadis
\nMeet Leonidas, an enthusiast in Android’s security landscape, a physicist with a double master\'s in cybersecurity and over five years of dedicated cybersecurity experience. He’s not just about flashy titles; he’s got the certifications to prove he can push buttons and hack the world. Passionate about web and mobile security, he loves building solutions with code. He’s a firm believer that sharing is caring and enjoys unraveling the complexities of cyber threats as much as he loves tackling riddles. Dive into his session to explore sneaky Android malware tricks, leaving equipped to spot and stop them like a pro.
\n\n\n\'',NULL,614128),('2_Friday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W304','\'Zip It Up, Sneak It In - Introduction of apkInspector\'','\'Kaloyan Velikov,Leonidas Vasileiadis\'','DL_d82c3fd9763d664b6a80fa9bdba4f9ae','\'\'',NULL,614129),('2_Friday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W304','\'BypassIT - Using AutoIT & Similar Tools for Covert Payload Delivery\'','\'Ezra Woods,Mike Manrod\'','DL_13ce746138f9bd82c6b7cf9d36c3674e','\'Title: BypassIT - Using AutoIT & Similar Tools for Covert Payload Delivery
\nWhen: Friday, Aug 9, 12:00 - 13:45 PDT
\nWhere: LVCC West/Floor 3/W304 - Map
\n
\nDescription:
\nBypassIT is a framework for covert delivery of malware, using AutoIT, AutoHotKey, and other Live off the Land (LotL) tools to deliver payloads and avoid detection. These techniques were derived from reversing attacks observed in the wild by DarkGate and other MaaS actors, revealing universal principles and methods useful for red teaming or internal testing. The framework will consist of a series of tools, techniques, and methods along with testing and reporting on effectiveness, as it relates to evading multiple specific antivirus products.
\n\nSpeakers:Ezra Woods,Mike Manrod
\n
\nSpeakerBio: Ezra Woods, Information Security Analyst, Department of Economic Security at Arizona
\nEzra Woods is a recent cybersecurity graduate from Grand Canyon University, working as an Information Security Analyst for Arizona\'s Department of Economic Security. Captain of Grand Canyon University\'s collegiate cyber defense team, and Team Lead for the Arizona Cyber Threat Response Alliance\'s Threat Intelligence Support Unit (TISU).
\n\nSpeakerBio: Mike Manrod, Chief Information Security Officer at Grand Canyon Education
\nMike serves as the Chief Information Security Officer for Grand Canyon Education, responsible for leading the security team and formulating the vision and strategy for protecting students, staff, and information assets across the enterprise. He also serves as Adjunct Faculty for Grand Canyon University, teaching Malware Analysis and Threat Intelligence. Previous experiences include serving as a threat prevention engineer for Check Point and working as a consultant and analyst for other organizations.
\n\n\n\'',NULL,614130),('2_Friday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W304','\'BypassIT - Using AutoIT & Similar Tools for Covert Payload Delivery\'','\'Ezra Woods,Mike Manrod\'','DL_13ce746138f9bd82c6b7cf9d36c3674e','\'\'',NULL,614131),('2_Friday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W304','\'HIDe & SEEK\'','\'Jonathan Fischer,Matthew Richard\'','DL_0d4e905a7c8011c179317609d0d5b082','\'Title: HIDe & SEEK
\nWhen: Friday, Aug 9, 14:00 - 15:45 PDT
\nWhere: LVCC West/Floor 3/W304 - Map
\n
\nDescription:
\nThe Injectyll-HIDe project (released at DEF CON 30) is back and better than ever! The hardware implant utilizes the same standard features that you have come to know and love (keystroke recording, keystroke injection, mouse jiggler, etc.) but it has evolved into so much more. The functionality has been steadily growing over its initial release to offer users even more tools! But wait, there’s more! We’re proud to show off the new SEEK shields this year at the CON! Tired of running a covert mesh network? Want to try out new RF technologies? We’ve added LoRa and LoRaWAN to the mix as well! These shields are field swappable and work with the existing C2 and implant code to give you the versatility that you need to continue evading detection. Attendees should be prepared to flip 0ut over these features, as well as some new additions to the project that we will be announcing at DEF CON. Who’s ready for a high stakes game of hacker’s HIDe and SEEK?
\n\nSpeakers:Jonathan Fischer,Matthew Richard
\n
\nSpeakerBio: Jonathan Fischer, Red Team Consultant and Researcher
\nJonathan Fischer (a.k.a. c4m0ufl4g3) is a hardware and IoT security enthusiast that started off designing, programming, and implementing electronic controls for industrial control systems and off-highway machinery. After a decade in that industry, Jonathan obtained his BS in Computer Science and transitioned over to the cyber security industry where he has been working as a Red Team consultant and researcher for more than seven years at a Fortune 500 company. Since joining the cyber security industry, Jonathan has earned various industry certifications (OSCP, GXPN, etc.) and continues to leverage his unique experience in his research into hardware hacking. Jonathan has presented his research at conferences such as DEF CON Demo Labs, ShmooCon, THOTCON, BSides LV, and Hardware Hacking Village. He is also the co-creator of Injectyll-HIDe, an open-source hardware implant designed for use by red teams.
\n\nSpeakerBio: Matthew Richard
\nMatthew Richard is a software developer that enjoys coding in low level languages. His favorite text editor is Neovim. As an average Neovim enjoyer he is obligated to stand on the side of Vi in the text editor war, but chooses to be on the side of Ed to make everyone equally unhappy. His operating system of choice is NixOS... by the way. :)
\n\n\n\'',NULL,614132),('2_Friday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W304','\'HIDe & SEEK\'','\'Jonathan Fischer,Matthew Richard\'','DL_0d4e905a7c8011c179317609d0d5b082','\'\'',NULL,614133),('2_Friday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W305','\'Volatile Vault - Data Exfiltration in 2024\'','\'Moritz Laurin Thomas,Patrick Eisenschmidt\'','DL_119e743d254bc28d35dc4ceab24dbc9c','\'Title: Volatile Vault - Data Exfiltration in 2024
\nWhen: Friday, Aug 9, 10:00 - 11:45 PDT
\nWhere: LVCC West/Floor 3/W305 - Map
\n
\nDescription:
\nIn red team operations, selecting the right tools for data exfiltration is critical, yet comes with obstacles such as triggering Data Exfiltration Prevention (DEP) systems. We present \"Volatile Vault\" as a solution, a custom-built platform tailored to evade DEP detection. Our tool encrypts the data on the client-side and then provides a modular approach for uploading said data. Some of the currently implemented upload strategies are chunked HTTP uploads to multiple domain fronted endpoints (AWS) or QUIC as an alternative protocol.
\n\nSpeakers:Moritz Laurin Thomas,Patrick Eisenschmidt
\n
\nSpeakerBio: Moritz Laurin Thomas, Senior Red Team Security Consultant at NVISO ARES
\nMoritz is a senior red team security consultant at NVISO ARES (Adversarial Risk Emulation & Simulation). He focuses on research & development in red teaming to support, enhance and extend the team’s capabilities in red team engagements of all sorts. Before joining the offensive security community, Moritz worked on a voluntary basis as a technical malware analyst for a well-known internet forum with focus on evading detections and building custom exploits. When he isn’t infiltrating networks or exfiltrating data, he is usually knees deep in research and development, dissecting binaries and developing new tools.
\n\nSpeakerBio: Patrick Eisenschmidt, Red Team Lead at NVISO ARES
\nPatrick has gained extensive experience in the offensive security domain. Currently, he serves as the Red Team Lead at NVISO ARES (Adversarial Risk Emulation & Simulation). In this role, he supervises a team of operators and directs both high-profile Red Team operations and Tiber/TLPT Assessments. Beyond leadership, Patrick actively participates in crafting intricate spear phishing campaigns and boosts the Red Team\'s effectiveness by developing and maintaining open-source methodologies and tools.
\n\n\n\'',NULL,614134),('2_Friday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W305','\'Volatile Vault - Data Exfiltration in 2024\'','\'Moritz Laurin Thomas,Patrick Eisenschmidt\'','DL_119e743d254bc28d35dc4ceab24dbc9c','\'\'',NULL,614135),('2_Friday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W305','\'Tengu Marauder\'','\'Leonardo Serrano,Lexie Thach\'','DL_d1895d4d92747a8f2fd078de134189c7','\'Title: Tengu Marauder
\nWhen: Friday, Aug 9, 12:00 - 13:45 PDT
\nWhere: LVCC West/Floor 3/W305 - Map
\n
\nDescription:
\nThe Tengu Marauder, derived from a previous security drone project, is a portable wheeled robot equipped with an ESP32 Marauder, currently in its testing phase. Designed for simplicity and efficiency, the Tengu Marauder serves as an alternative and interactive tool for WiFi network security testing. Its capabilities include WiFi scanning, deauthentication attacks, packet sniffing, and other wireless security tests. The compact design ensures ease of construction and maintenance using readily available parts and straightforward code integration. Essentially an advanced RC robot, the Tengu Marauder operates headless via XBee, providing a fun and engaging platform for testing the security of network-controlled devices over WiFi, such as IoT smart home devices and smaller WiFi-controlled drones like the Ryze Tello. This project would not have been possible without the development help, test runs, and support from the Philadelphia RAICES organization, the Philadelphia DEFCON group, and DeciSym.AI.
\n\nSpeakers:Leonardo Serrano,Lexie Thach
\n
\nSpeakerBio: Leonardo Serrano
\nLeonardo Serrano is a dedicated community organizer who spends his time learning more about the cyberz, connecting people, and supporting cool projects. His focus is primarily on threat modeling and the intersection of security architecture, process, and decision-making. Leo runs a hackerspace in Philadelphia called “The Tooolbox” with his partners where he hopes to showcase the amazing hackers who call Philadelphia home.
\n\nSpeakerBio: Lexie Thach
\nLexie Thach has worked in cybersecurity for ten years in various positions. During this time, I developed a strong affinity for electrical engineering, programming, and robotics engineering. Despite not having a traditional academic background, I have extensive hands-on experience from my eight years in the US Air Force, specializing in cybersecurity and tactical networks for aircraft missions and operations. My focus on securing and testing the security of autonomous systems stems from these experiences, and I am passionate about sharing the techniques I have learned. Currently I run a local hackerspace in Philadelphia in support of DC215 called The Tooolbox where anyone can come to learn new hacking tools, try to build offensive or defensive security robots and we have 3D printers on standby for any prototyping people want.
\n\n\n\'',NULL,614136),('2_Friday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W305','\'Tengu Marauder\'','\'Leonardo Serrano,Lexie Thach\'','DL_d1895d4d92747a8f2fd078de134189c7','\'\'',NULL,614137),('2_Friday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W305','\'SCAGoat - Exploiting Damn Vulnerable SCA Application\'','\'Hare Krishna Rai,Prashant Venkatesh\'','DL_7b96db2c10042d1826a9203bb6a02ce3','\'Title: SCAGoat - Exploiting Damn Vulnerable SCA Application
\nWhen: Friday, Aug 9, 14:00 - 15:45 PDT
\nWhere: LVCC West/Floor 3/W305 - Map
\n
\nDescription:
\nSCAGoat is a deliberately insecure web application designed for learning and testing Software Composition Analysis (SCA) tools. It offers a hands-on environment to explore vulnerabilities in Node.js and Java Springboot applications, including actively exploitable CVEs like CVE-2023-42282 and CVE-2021-44228 (log4j). This application can be utilized to evaluate various SCA and container security tools, assessing their capability to identify vulnerable packages and code reachability. As part of our independent research, the README includes reports from SCA tools like semgrep, snyk, and endor labs. Future research plans include incorporating compromised or malicious packages to test SCA tool detection and exploring supply chain attack scenarios.
\n\nSpeakers:Hare Krishna Rai,Prashant Venkatesh
\n
\nSpeakerBio: Hare Krishna Rai, Product Security Engineer
\nAs a Product Security Engineer, Hare Krishna Rai\'s passion for cybersecurity drives him to excel in various areas. He specializes in conducting penetration testing, actively participates in security Capture The Flag (CTF) competitions, and performs code reviews to ensure secure code development. His expertise extends to leveraging Static Application Security Testing (SAST) techniques in languages like Java, Python, JavaScript, JSP, among others.
\n\nSpeakerBio: Prashant Venkatesh, Manager, Product Security
\nPrashant Venkatesh is an information security expert with over 20 years of experience. He presently works as Manager, Product Security at an ecommerce company. Prashant is an enthusiastic participant in the field who consistently coordinates, reviews papers, and presents his work at numerous InfoSec conferences, including Blackhat Nullcon and c0c0n. He is also active through the OWASP Bay Area chapter Leadership and is co-founder of the annual Seasides Conference in India.
\n\n\n\'',NULL,614138),('2_Friday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W305','\'SCAGoat - Exploiting Damn Vulnerable SCA Application\'','\'Hare Krishna Rai,Prashant Venkatesh\'','DL_7b96db2c10042d1826a9203bb6a02ce3','\'\'',NULL,614139),('2_Friday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W306','\'Bluetooth Landscape Exploration & Enumeration Platform (BLEEP)\'','\'Paul Wortman\'','DL_a9eec34216b1694807070a674a600290','\'Title: Bluetooth Landscape Exploration & Enumeration Platform (BLEEP)
\nWhen: Friday, Aug 9, 10:00 - 11:45 PDT
\nWhere: LVCC West/Floor 3/W306 - Map
\n
\nDescription:
\nThe purpose of the tool platform is to provide both novice and experienced Bluetooth researchers a “swiss-army knife” for device exploration and enumeration. The Bluetooth Landscape Exploration & Enumeration Platform (BLEEP) is capable of discovering Bluetooth Low Energy (BLE) devices, connecting to them, and enumerating the device as well. BLEEP leverages Python3, BlueZ, and the Linux D-Bus to provide a terminal user interface for identifying and interacting with BLE implements. The I/O capabilities of the toolset include read I/O, performing writes, and capturing of notification signals. The purpose of using these low-level libraries is to maintain small granularity control over the interactivity between BLEEP and the BLE environment.
\n\nSpeakerBio: Paul Wortman
\nDr. Wortman has a PhD in Electrical and Computer Engineering from the University of Connecticut with research that ranged from network analysis to cyber security risk evaluation. He now focuses on Bluetooth protocol and devices research.
\n\n\n\'',NULL,614140),('2_Friday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W306','\'Bluetooth Landscape Exploration & Enumeration Platform (BLEEP)\'','\'Paul Wortman\'','DL_a9eec34216b1694807070a674a600290','\'\'',NULL,614141),('2_Friday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W306','\'Skynet\'','\'Craig Chamberlain,Rewanth Tammana\'','DL_f4e54b9f1961a0a7d47eee8815449018','\'Title: Skynet
\nWhen: Friday, Aug 9, 12:00 - 13:45 PDT
\nWhere: LVCC West/Floor 3/W306 - Map
\n
\nDescription:
\nSkynet is an AI project (just kidding.) It is meant to be a sort of unified theory of detection, enabling us to plot any detection artifact types on screen around an entity and decision them faster and more accurately. While plotting alert sets, attack trees, and kill chains has been done, for the presentation of alert sets and cases, we are planning to use graphing as the primary presentation, triage and decisioning mechanism, at scale, using a novel combination of heuristics and machine learning. It is an alert manager made by users, for users.
\n\nSpeakers:Craig Chamberlain,Rewanth Tammana
\n
\nSpeakerBio: Craig Chamberlain
\nCraig Chamberlain has been working on threat hunting and detection for most of his life and has contributed to several SIEM-like products you may have used. Most of them had unnecessarily simple alert pages and workflow, which makes him sad, and this is his attempt to put things right. He has presented at numerous conferences including the SANS Threat Hunting Summit; RSA 2024; CactusCon; the ISC2 Congress; SOURCE Boston; and several B-Sides conferences in Washington DC, San Francisco, NoVA, Boston, and Rochester.
\n\nSpeakerBio: Rewanth Tammana
\nRewanth Tammana is a security ninja, open-source contributor, and an independent consultant. Previously, Senior Security Architect at Emirates NBD National Bank of Dubai). He is passionate about DevSecOps, Cloud, and Container Security. He added 17,000+ lines of code to Nmap. Rewanth speaks and delivers training at numerous security conferences worldwide. He was recognized as one of the MVP researchers on Bugcrowd (2018), published an IEEE research paper on ML and security, and more.
\n\n\n\'',NULL,614142),('2_Friday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W306','\'Skynet\'','\'Craig Chamberlain,Rewanth Tammana\'','DL_f4e54b9f1961a0a7d47eee8815449018','\'\'',NULL,614143),('2_Friday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W306','\'Garak\'','\'Erick Galinkin,Leon Derczynski\'','DL_22418485c4e7451b8bf4611b5fdc4b80','\'Title: Garak
\nWhen: Friday, Aug 9, 14:00 - 15:45 PDT
\nWhere: LVCC West/Floor 3/W306 - Map
\n
\nDescription:
\nGarak, Generative AI Red-teaming and Assessment Kit, is a vulnerability scanner for large language models (LLMs) and dialogue systems. It has a host of different probes, each working on different vulnerabilities and payloads. It connects to a broad range of different LLMs. The attacks range between static tests of fixed prompts, to dynamically assembled prompts, to probes that respond to existing model behavior when working out their next move. Community contribution plays a big part of Garak already, with an active repo & over 300 members in the Discord. Garak can assess and attack anything that takes text and returns text, and is already used by many industry players in assessment of internal and external models, including NVIDIA and Microsoft as well as a range of emerging AI Security startups; it’s the #1 ranked tool for LLM security on Hackernews. But we think it’s mostly a lot of fun.
\n\nSpeakers:Erick Galinkin,Leon Derczynski
\n
\nSpeakerBio: Erick Galinkin, Research Scientist at NVIDIA
\nErick Galinkin is a Research Scientist at NVIDIA working on the security assessment and protection of large language models. Previously, he led the AI research team at Rapid7 and has extensive experience working in the cybersecurity space. He is an alumnus of Johns Hopkins University and holds degrees in applied mathematics and computer science. Outside of his work, Erick is a lifelong student, currently at Drexel University and is renowned for his ability to be around equestrians.
\n\nSpeakerBio: Leon Derczynski, Principal Research Scientist, LLM Security at NVIDIA
\nLeon Derczynski is principal research scientist in LLM Security at NVIDIA and prof in natural language processing at ITU Copenhagen. He’s on the OWASP LLM Top 10 core team, and consults with governments and supranational bodies. He co-wrote a paper on how LLM red teaming is like demon summoning, that you should definitely read. He’s been doing NLP since 2005, deep learning since it was more than one layer, and LLM security for about two years, which is almost a lifetime in this field. Finally, Prof. Derczynski also contributes to ML Commons, and regularly appears in national and international media.
\n\n\n\'',NULL,614144),('2_Friday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W306','\'Garak\'','\'Erick Galinkin,Leon Derczynski\'','DL_22418485c4e7451b8bf4611b5fdc4b80','\'\'',NULL,614145),('2_Friday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W307','\'Nebula - 3 Years of Kicking *aaS and Taking Usernames\'','\'Bleon Proko\'','DL_0c19920ceb8bbc1222acd85178f4926c','\'Title: Nebula - 3 Years of Kicking *aaS and Taking Usernames
\nWhen: Friday, Aug 9, 10:00 - 11:45 PDT
\nWhere: LVCC West/Floor 3/W307 - Map
\n
\nDescription:
\nCloud Penetration Testing has become a hot topic in the offensive community, as the cloud based infrastructures have been slowly taking the place on-prem ones used to have. This requires a tool to help with it. Nebula is a cloud Pentest Framework, which offers reconnaissance, enumeration, exploitation, post exploitation on AWS, Azure, DigitalOcean and above all opportunity to extend even more. It is built modulary for each provider and each attack, allowing for a diversity in attack surface. This coupled with the client-server architecture, allows for a collaborated team assessment of a hybrid cloud environment.
\n\nSpeakerBio: Bleon Proko
\nBleon Proko is an info-sec passionate about Infrastructure Penetration Testing and Security, including Active Directory, Cloud (AWS, Azure, GCP, Digital Ocean), Hybrid Infrastructures, as well as Defense, Detection and Thread Hunting. He has presented in conferences like BlackHat and BSides on topics related to Cloud Penetration Testing and Security. His research include Nebula, a Cloud Penetration Testing Framework (https://github.com/gl4ssesbo1/Nebula) and other blogs, which you can also find on his blog (blog.pepperclipp.com). He is also the author of the upcoming book \"Deep Dive into Clouded Waters: An overview in Digital Ocean\'s Pentest and Security\" (https://leanpub.com/deep-dive-into-clouded-waters-an-overview-in-digitaloceans-pentest-and-security)
\n\n\n\'',NULL,614146),('2_Friday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W307','\'Nebula - 3 Years of Kicking *aaS and Taking Usernames\'','\'Bleon Proko\'','DL_0c19920ceb8bbc1222acd85178f4926c','\'\'',NULL,614147),('2_Friday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W307','\'The World Wide Paraweb\'','\'Nathan Sidles\'','DL_65e4b901098d95b71da050e0a66bb596','\'Title: The World Wide Paraweb
\nWhen: Friday, Aug 9, 12:00 - 13:45 PDT
\nWhere: LVCC West/Floor 3/W307 - Map
\n
\nDescription:
\nParaweb empowers people to publish and surf invisibly on a World Wide Web without the telltale traffic patterns that can betray our use of Tor and VPNs to network monitors. Paraweb is a wide-area hypermedia information retrieval initiative that combines steganography and open Web 1.0-inspired protocols to hijack and embed itself as a parasitic communications network inside existing social network websites like Tumblr, Instagram, and Reddit. Paraweb publishers can steganographically encode HTML-based, para-hyperlinked sites within innocuous media, then post those media on social network sites indistinguishably from benign content creators. Paraweb surfers can traverse these media as benign social network users, decoding the contents of para-sites as they appear normally in their searches, traversals, and feeds. Paraweb traffic is designed to blend indistinguishably with normal Web 2.0 and social network traffic, enabling Paraweb netizens to “hide in plain sight.” Paraweb’s loose and open-source combination of steganography and web-based protocols extends the hard-shell defenses of the encrypted web to the realms of deniability and stealth.
\n\nSpeakerBio: Nathan Sidles
\nNathan Sidles is a person.
\n\n\n\'',NULL,614148),('2_Friday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W307','\'The World Wide Paraweb\'','\'Nathan Sidles\'','DL_65e4b901098d95b71da050e0a66bb596','\'\'',NULL,614149),('2_Friday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W307','\'XenoboxX - Hardware Sandbox Toolkit\'','\'Cesare Pizzi\'','DL_6f5036a428c7dd5360ed977b041a1b13','\'Title: XenoboxX - Hardware Sandbox Toolkit
\nWhen: Friday, Aug 9, 14:00 - 15:45 PDT
\nWhere: LVCC West/Floor 3/W307 - Map
\n
\nDescription:
\nMalware frequently employs anti-VM techniques, which can vary in their difficulty to detect and counteract. While integrating anti-detection measures in our labs is a frequently used option, we should also consider using a real hardware sandbox, even if this sounds weird. By leveraging the awesome PCILeech project and DMA hardware access, XenoboxX provides a suite of tools for analysis tasks, such as dumping dynamically allocated memory and searching for IoC. These tools allow us to inject code at kernel level through DMA, making detection significantly more challenging and giving a new perspective to the analysis.
\n\nSpeakerBio: Cesare Pizzi, Security Researcher, Analyst, and Technology Enthusiast
\nCesare Pizzi is a Security Researcher, Analyst, and Technology Enthusiast. Mainly focused on low level programming, he developed a lot of OpenSource software, sometimes hardware related (USBvalve) and sometimes not.
\n\nDoing a lot of reverse engineering too. He likes to share his job when possible (at Defcon, Insomni\'hack, Nullcon. etc). Contributor of several OS Security project (Volatility, OpenCanary, PersistenceSniper, Speakeasy, CETUS, TinyTracer, etc) and CTF player.
\n\n\n\'',NULL,614150),('2_Friday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W307','\'XenoboxX - Hardware Sandbox Toolkit\'','\'Cesare Pizzi\'','DL_6f5036a428c7dd5360ed977b041a1b13','\'\'',NULL,614151),('2_Friday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W308','\'Cloud Offensive Breach and Risk Assessment (COBRA)\'','\'Anand Tiwari,Harsha Koushik\'','DL_1a3578bb0b0fa1dca25bf4508e1ccf57','\'Title: Cloud Offensive Breach and Risk Assessment (COBRA)
\nWhen: Friday, Aug 9, 10:00 - 11:45 PDT
\nWhere: LVCC West/Floor 3/W308 - Map
\n
\nDescription:
\nCloud Offensive Breach and Risk Assessment (COBRA) is an open-source tool designed to empower users to simulate attacks within multi-cloud environments, offering a comprehensive evaluation of security controls. By automating the testing of various threat vectors including external and insider threats, lateral movement, and data exfiltration, CNBAS enables organizations to gain insights into their security posture vulnerabilities. CNBAS is designed to conduct simulated attacks to assess an organization\'s ability to detect and respond to security threats effectively.
\n\nSpeakers:Anand Tiwari,Harsha Koushik
\n
\nSpeakerBio: Anand Tiwari
\nAnand Tiwari is an information security professional with a strong technical background working as a Product Manager (PM), focusing on the more technical aspects of a cloud security product. He tries to fill it in by doing in-depth technical research and competitive analysis, given business issues, strategy, and a deep understanding of what the product should do and how the products actually work. He has authored ArcherySec—an open source-tool and has presented at BlackHat, DEF CON USA, and HITB conferences. He has successfully given workshops at many conferences such as DevOpsDays Istanbul, Boston.
\n\nSpeakerBio: Harsha Koushik
\nHarsha Koushik is a security engineer and researcher, passionate about securing digital systems. Specializing in Cloud-Native Application Platform Protection (CNAPP), tackling emerging cyber threats while working at large scales. Additionally, Harsha hosts the security podcast \'Kernel-Space,\' exploring insightful discussions on the latest trends and issues in cybersecurity.
\n\n\n\'',NULL,614152),('2_Friday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W308','\'Cloud Offensive Breach and Risk Assessment (COBRA)\'','\'Anand Tiwari,Harsha Koushik\'','DL_1a3578bb0b0fa1dca25bf4508e1ccf57','\'\'',NULL,614153),('2_Friday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W308','\'Serberus\'','\'Patrick Kiley\'','DL_03079d13ee1708fbf309e3fe17d9e1c0','\'Title: Serberus
\nWhen: Friday, Aug 9, 12:00 - 13:45 PDT
\nWhere: LVCC West/Floor 3/W308 - Map
\n
\nDescription:
\nThe Serberus is a serial Man-in-the-Middle hardware hacking tool designed to connect to embedded devices . It has 4 channels and has headers to interface with up to 3 UARTs simultaneously and also has the ability to connect to JTAG, SPI, I2C and SWD interfaces. During this talk I will introduce the Serberus and what makes it different than other, similar tools. It has a level shifter and switch to allow you to connect to logic voltages of 1.8, 2.5 and 3.3v or any arbitrary voltage between 1.65v and 5.5v, matching that of your target. The Serberus is unique in that it was designed to use open source tools like the Akheron proxy in order to MitM serial communications. I will demonstrate the Serberus connecting to a wifi router, to a JTAG, I2C or SPI target and I will also show the MitM capabilities on the serial connection between an aircraft transponder and its avionics system. The Serberus project is free and open source with all board layouts, gerbers and schematics published.
\n\nSpeakerBio: Patrick Kiley, Principal Consultant at Mandiant
\nPrincipal Consultant at Mandiant (a division of Google Cloud) has over 20 years of information security experience working with both private sector employers and the Department of Energy/National Nuclear Security Administration (NNSA). Patrick has spoken at DEF CON, BlackHat, Bsides and RSA. Patrick can usually be found in the Car Hacking or Aerospace village where he volunteered for several years. His passion is embedded systems security and has released research in Avionics, embedded systems and even bricked his own Tesla while trying to make it faster.
\n\n\n\'',NULL,614154),('2_Friday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W308','\'Serberus\'','\'Patrick Kiley\'','DL_03079d13ee1708fbf309e3fe17d9e1c0','\'\'',NULL,614155),('2_Friday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W308','\'Hopper - Distributed Fuzzer\'','\'Luciano Remes,Wade Cappa\'','DL_ed156ab2077bc2663b7d78d5b086cf3d','\'Title: Hopper - Distributed Fuzzer
\nWhen: Friday, Aug 9, 14:00 - 15:45 PDT
\nWhere: LVCC West/Floor 3/W308 - Map
\n
\nDescription:
\nHopper is a Coverage-Guided Greybox Distributed Fuzzer, inspired by AFL++, and written in Golang. Like other fuzzers, Hopper operates as a standard command-line interface tool, allowing you to run fuzz campaigns to find vulnerabilities and exploits in software. Hopper\'s mutation algorithm, energy assigning strategy, and out-of-process coverage gathering, are all inspired by AFL++, the current state of the art fuzzer. However, Hopper\'s distributed strategy differs substantially than AFL++ in an attempt to define a new distributed fuzzing paradigm. AFL++ and LibFuzzer have clear scaling limitations in larger environments, notably the AFL++’s rudimentary multi-machine mode. As an early prototype, Hopper addresses these limitations by implementing a deduplicating communication schema that establishes a consistency invariant, minimizing repeated work done by fuzzing nodes. Hopper is a standalone, new piece of software developed from scratch in the spirit of exploration, this is not yet another python plugin/extension for AFL++. Hopper is currently available on GitHub, including containerized runnable campaign demos. Tooling and observability are first class features, in the form of a TUI to monitor fuzzing campaigns, usage docs, and quick-start scripts for orchestrating fuzz campaigns.
\n\nSpeakers:Luciano Remes,Wade Cappa
\n
\nSpeakerBio: Luciano Remes, Software Engineer at Palantir Technologies
\nLuciano Remes received a B.S. in Computer Science from the University of Utah, where he did 2 years of grant-funded Systems research under the FLUX Research Group, finally working on his Thesis Hopper: Distributed Fuzzer. During this time, he also interned at AWS EC2 and Goldman Sachs SPARC infrastructure teams, as well as a few startups including Blerp and Basecamp. Currently, he\'s a Software Engineer at Palantir Technologies building distributed network infrastructure.
\n\nSpeakerBio: Wade Cappa, Software Engineer at Palantir Technologies
\nWade Cappa recently graduated from Washington State University with a B.S in Computer Science and is now working at Palantir Technologies as a Software Engineer on distributed data systems. He previously worked at Microsoft in the Semantic Machines department, creating a dynamically linked debugging utility for an internal use tooling language. In his freetime he is working with a high-performance-computing research group on a cutting edge distributed strategy for approximating submodular monotonic optimizations.
\n\n\n\'',NULL,614156),('2_Friday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W308','\'Hopper - Distributed Fuzzer\'','\'Luciano Remes,Wade Cappa\'','DL_ed156ab2077bc2663b7d78d5b086cf3d','\'\'',NULL,614157),('3_Saturday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W303','\'Maestro\'','\'Chris Thompson\'','DL_084e6518193fd70288867a239a56b0a5','\'Title: Maestro
\nWhen: Saturday, Aug 10, 10:00 - 11:45 PDT
\nWhere: LVCC West/Floor 3/W303 - Map
\n
\nDescription:
\nMaestro is a post-exploitation tool designed to interact with Intune/EntraID from a C2 agent on a user\'s workstation without requiring knowledge of the user\'s password or Azure authentication flows, token manipulation, and web-based administration console. Maestro makes interacting with Intune and EntraID from C2 much easier, as the operator does not need to obtain the user\'s cleartext password, extract primary refresh token (PRT) cookies from the system, run additional tools or a browser session over a SOCKS proxy, or deal with Azure authentication flows, tokens, or conditional access policies in order to execute actions in Azure on behalf of the logged-in user. Maestro enables attack paths between on-prem and Azure. For example, by running Maestro on an Intune admin\'s machine, you can execute PowerShell scripts on any enrolled device without ever knowing the admin\'s credentials!
\n\nSpeakerBio: Chris Thompson, Principal Consultant at SpecterOps
\nChris Thompson (@_Mayyhem) is a Principal Consultant at SpecterOps, where he conducts red team operations, research, tool development, and training. Chris has instructed at Black Hat USA/EU and spoken at Arsenal, DEF CON Demo Labs, SO-CON, and Troopers. He is the primary author of Maestro and SharpSCCM and co-author of Misconfiguration Manager, an open-source tool and knowledge base that can be used to help demonstrate, mitigate, and detect attacks that abuse Microsoft Configuration Manager (formerly SCCM).
\n\n\n\'',NULL,614158),('3_Saturday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W303','\'Maestro\'','\'Chris Thompson\'','DL_084e6518193fd70288867a239a56b0a5','\'\'',NULL,614159),('3_Saturday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W303','\'Open Hardware Design for BusKill Cord\'','\'Melanie Allen\'','DL_068f761f4c2e9eaf3ef6d4ad9755f69b','\'Title: Open Hardware Design for BusKill Cord
\nWhen: Saturday, Aug 10, 12:00 - 13:45 PDT
\nWhere: LVCC West/Floor 3/W303 - Map
\n
\nDescription:
\nAn open hardware design for BusKill cables that uses 3D printing and easily sourceable components. BusKill cables are hardware Dead Man’s Switches that use USB events to trigger a laptop to lock, shutdown, or self-destruct when the laptop is physically separated from the operator.
\n\nSpeakerBio: Melanie Allen
\nMelanie Allen is a 3D-printing enthusiast and volunteer hardware developer with the BusKill project.
\n\n\n\'',NULL,614160),('3_Saturday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W303','\'Open Hardware Design for BusKill Cord\'','\'Melanie Allen\'','DL_068f761f4c2e9eaf3ef6d4ad9755f69b','\'\'',NULL,614161),('3_Saturday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W303','\'MITRE Caldera for OT\'','\'Blaine Jeffries,Devon Colmer\'','DL_2cfb66d8b4680182aaa1ef32c2f56da4','\'Title: MITRE Caldera for OT
\nWhen: Saturday, Aug 10, 14:00 - 15:45 PDT
\nWhere: LVCC West/Floor 3/W303 - Map
\n
\nDescription:
\nCaldera for Operational Technology (C4OT) is an extension to the open-source Caldera adversary emulation platform. Adversary emulation has long helped defenders of information systems exercise and improve their cyber defenses by using real adversary techniques. While Caldera has been out since 2021, C4OT was released September 2023. Specifically, C4OT exposes native OT protocol functions to Caldera. The initial release of C4OT supported three popular OT protocols (Modbus, BACnet, and DNP3). Since then, we have added support for two more protocols (IEC61850 and Profinet). Today, we are actively working on support for the space protocol GEMS. By utilizing Caldera and the C4OT plugins, end-users can emulate threat activity across both Enterprise and Operational networks with ease.
\n\nSpeakers:Blaine Jeffries,Devon Colmer
\n
\nSpeakerBio: Blaine Jeffries, Operational Technology Security Engineer at MITRE Corp
\nBlaine Jeffries is an Operational Technology Security Engineer at MITRE with a focus on defensive cybersecurity research, threat intelligence and adversary emulation. At MITRE, Blaine currently serves as a co-lead of Caldera for OT and supports a variety of DoD and government sponsors. Prior to joining MITRE, Blaine served in the US Air Force as a Cyberspace Operations Officer. Currently he holds degrees in Electrical Engineering and Cyberspace Operations.
\n\nSpeakerBio: Devon Colmer, Cybersecurity Engineer, Critical Infrastructure Protection Innovation Center at MITRE Corp
\nDevon Colmer is a Cybersecurity Engineer in MITRE’s Critical Infrastructure Protection Innovation Center, working principally in OT adversary emulation and detection engineering. Prior to joining MITRE, Devon served as a Submarine Officer in the US Navy. He has led the development of OT plugins for MITRE’s adversary emulation platform, Caldera, and is currently researching a common data model for OT protocols.
\n\n\n\'',NULL,614162),('3_Saturday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W303','\'MITRE Caldera for OT\'','\'Blaine Jeffries,Devon Colmer\'','DL_2cfb66d8b4680182aaa1ef32c2f56da4','\'\'',NULL,614163),('3_Saturday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W304','\'Tempest\'','\'Kirk Trychel\'','DL_ded1c0264b7dd87e3fe9732889715d5e','\'Title: Tempest
\nWhen: Saturday, Aug 10, 10:00 - 11:45 PDT
\nWhere: LVCC West/Floor 3/W304 - Map
\n
\nDescription:
\nTempest is a command and control framework written in 100% Rust. It began as a research project and personal challenge, but has grown into a very effective c2 framework. The original concept was to write a simple yet effective c2 framework, and design continues to focus on this simple goal. Because it started out as a research project with a learning goal, the framework is not directly based on any existing c2 frameworks and the vast majority of code will not be found anywhere else.
\n\nSpeakerBio: Kirk Trychel, Senior Red Team Engineer at Box.com
\nKirk Trychel is a Senior Red Team Engineer with Box.com and a lifelong hacker. He has lead Red Teams with the Department of Defense, Secureworks Adversary Group, and CrowdStrike Adversary Emulations. Always eager to hack the newest technology, Kirk has produced original research across many areas of offensive security. His diverse experience combines with a passion to understand and expand attack surfaces, and do what defenders have not considered. Besides breaching systems, Kirk loves sharing his knowledge with the community and helping enhance organizations’ security posture.
\n\n\n\'',NULL,614164),('3_Saturday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W304','\'Tempest\'','\'Kirk Trychel\'','DL_ded1c0264b7dd87e3fe9732889715d5e','\'\'',NULL,614165),('3_Saturday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W304','\'The Metasploit Framework v6.4\'','\'Jack Heysel,Spencer McIntyre\'','DL_7eb8537941c559e934cf4ba6e19eba4c','\'Title: The Metasploit Framework v6.4
\nWhen: Saturday, Aug 10, 12:00 - 13:45 PDT
\nWhere: LVCC West/Floor 3/W304 - Map
\n
\nDescription:
\nThe Metasploit Framework released version 6.4 earlier this year, including multiple improvements to Kerberos-related attack workflows. The latest changes added support for forging diamond and sapphire tickets, as well as dumping tickets from compromised hosts. Metasploit users can now exploit unconstrained delegation in Active Directory environments for privilege escalation as well as use pass-the-ticket authentication for the Windows secrets dump module. These new Kerberos improvements increase the ways in which tickets can be forged, gathered, as well as used. Additionally, Metasploit has added support for new protocol based sessions, allowing users to interact with targets without uploading payloads, thus increasing their evasive capabilities. These new sessions can be established to database, SMB and LDAP servers. Once opened, they enable users to interact and run post modules with them, all without running a payload on the remote host. Finally, version 6.4 includes a complete overhaul of how Metasploit handles its own DNS queries. These improvements ensure that users pivoting their traffic over compromised hosts are not leaking their queries and offer a high degree of control over how queries should be resolved. This demonstration will cover these latest improvements and show how the changes can be combined for new, streamlined attack workflows using the latest Metasploit release.
\n\nSpeakers:Jack Heysel,Spencer McIntyre
\n
\nSpeakerBio: Jack Heysel, Senior Security Researcher at Rapid7
\nJack Heysel is a Senior Security Researcher at Rapid7, where he contributes to and helps maintain the Metasploit Framework. Jack started at Rapid7 in 2016 working on their vulnerability management solution. He transitioned to the Metasploit team in 2021 and has been happily writing and reviewing exploits ever since. While AFK, Jack enjoys exploring the mountains and outdoors that surround his home.
\n\nSpeakerBio: Spencer McIntyre, Security Research Manager at Rapid7
\nSpencer McIntyre is a Security Research Manager at Rapid7, where he works on the Metasploit Framework. He has been contributing to Metasploit since 2010, a committer since 2014, and a core team member at Rapid7 since 2019. Previously, Spencer worked at a consulting firm working with clients from various industries, including healthcare, energy, and manufacturing. He is an avid open-source contributor and comic book reader.
\n\n\n\'',NULL,614166),('3_Saturday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W304','\'The Metasploit Framework v6.4\'','\'Jack Heysel,Spencer McIntyre\'','DL_7eb8537941c559e934cf4ba6e19eba4c','\'\'',NULL,614167),('3_Saturday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W304','\'Vovk - Advanced YARA Rule Generator v2.0\'','\'Benjamyn Whiteman,Vishal Thakur\'','DL_43f6329b7b39c29be932b64ab5117a1f','\'Title: Vovk - Advanced YARA Rule Generator v2.0
\nWhen: Saturday, Aug 10, 14:00 - 15:45 PDT
\nWhere: LVCC West/Floor 3/W304 - Map
\n
\nDescription:
\nVovk is a toolset that can be used to create YARA rules. The Vovk DEF CON 2024 version will be released at DEF CON.
\n\nSpeakers:Benjamyn Whiteman,Vishal Thakur
\n
\nSpeakerBio: Benjamyn Whiteman, Lead Analyst, Global CSOC at TikTok USDS
\nBenjamyn Whiteman has worked in the InfoSec industry for the past 7 years in roles that include Security Engineering, Forensics Analysis and Global CSIRTs. Ben regularly presents his research at internal company summits and security conferences. Ben has been training and mentoring new cyber security professionals for a few years now and also presented his research at HackSydney 2022 and 2023. Currently, Ben is a part of the Global CSOC for TikTok USDS as the Lead Analyst at Sydney, Australia.
\n\nSpeakerBio: Vishal Thakur, Senior Director, Cyber Fusion Center at TikTok USDS
\nVishal Thakur has worked in the information security industry for many years in hands-on technical roles, specializing in Incident Response with a heavy focus on Emerging Threats, Malware Analysis and Research. He has presented his research at international conferences (BlackHat, DEFCON, FIRST, SANS DFIR Summit) and has also run training/workshops at some of these conferences. Vishal is currently working as Senior Director, Cyber Fusion Center at TikTok USDS. In past roles, Vishal worked as a Senior Researcher at Salesforce, helping their Incident Response Centre with advanced threat analysis and developing DFIR tools and has been a part of the Incident Response team at the Commonwealth Bank of Australia. For the past few years, Vishal has been involved in ML and AI security and has been researching this subject.
\n\n\n\'',NULL,614168),('3_Saturday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W304','\'Vovk - Advanced YARA Rule Generator v2.0\'','\'Benjamyn Whiteman,Vishal Thakur\'','DL_43f6329b7b39c29be932b64ab5117a1f','\'\'',NULL,614169),('3_Saturday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W305','\'5Ghoul Framework - 5G NR Attacks & 5G OTA Fuzzing\'','\'Matheus Eduardo Garbelini,Sudipta Chattopadhyay\'','DL_68dcc1e397c9fe0ee2cdeeb2a98ef693','\'Title: 5Ghoul Framework - 5G NR Attacks & 5G OTA Fuzzing
\nWhen: Saturday, Aug 10, 10:00 - 11:45 PDT
\nWhere: LVCC West/Floor 3/W305 - Map
\n
\nDescription:
\n5Ghoul Fuzzer is an over-the-air security testing tool and fuzzing framework that leverages a rogue 5G NR base station to systematically create test cases targeting 5G-capable smartphones or Qualcomm USB-based modems. Moreover, such framework contains test case scripts to launch attacks exploiting 10 implementation-level vulnerabilities ranging from DoS to Downgrades that affect commercial 5G modems from major chipset vendors such as Qualcomm and MediaTek. The tool is released open sourced, but it is also continuously experimented with newer devices. For example, there are two more 5G implementation vulnerabilities that are under embargo and will be released by the end of this month in the open source repository and website maintained for the project.
\n\nSpeakers:Matheus Eduardo Garbelini,Sudipta Chattopadhyay
\n
\nSpeakerBio: Matheus Eduardo Garbelini, Research Fellow at Singapore University of Technology and Design (SUTD)
\nMatheus Eduardo Garbelini is a Research fellow at Singapore University of Technology and Design (SUTD) and a White Hat Wireless Hacker by hobby. Through his research in wireless fuzzing, he discovered implementation vulnerabilities in the chipset of countless Bluetooth, Wi-Fi, and 5G commercial IoT devices.
\n\nSpeakerBio: Sudipta Chattopadhyay, Associate Professor at Singapore University of Technology and Design (SUTD)
\nSudipta Chattopadhyay is an Associate Professor at Singapore University of Technology and Design (SUTD) and hacks code during his spare time. His general research interests lie in the broad area of cyber security including but not limited to security for AI, Wireless Technologies, and Internet of Things (IoTs). Together with Matheus, he discovered SweynTooth, BrakTooth and 5Ghoul, families of Bluetooth and 5G NR vulnerabilities that affected billions of devices worldwide.
\n\n\n\'',NULL,614170),('3_Saturday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W305','\'5Ghoul Framework - 5G NR Attacks & 5G OTA Fuzzing\'','\'Matheus Eduardo Garbelini,Sudipta Chattopadhyay\'','DL_68dcc1e397c9fe0ee2cdeeb2a98ef693','\'\'',NULL,614171),('3_Saturday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W305','\'CODASM - Hiding Payloads in Plain .text\'','\'Moritz Laurin Thomas\'','DL_733e32e87d7339d50163b9a392cc234d','\'Title: CODASM - Hiding Payloads in Plain .text
\nWhen: Saturday, Aug 10, 12:00 - 13:45 PDT
\nWhere: LVCC West/Floor 3/W305 - Map
\n
\nDescription:
\nCODASM aims to decrease a stageless payload\'s Shannon entropy, which was found to be a simple but annoying detection vector used by EDRs. It\'s a Python program that processes arbitrary binary inputs and produces a C program consisting of two parts: a buffer holding generated x86-64 ASM instructions with the original payload encoded into it, and a set of functions that can decode the ASM at runtime. The buffer is designed to be compiled into the final payload\'s .text section, thus it looks like regular (if not functional) code to AVs, EDRs and analysts. This encoding effectively decreases the payload\'s Shannon entropy but comes with a significant increase in output size. The demo will cover usage of the tool and dissection/reverse engineering of the resulting payload.
\n\nSpeakerBio: Moritz Laurin Thomas, Senior Red Team Security Consultant at NVISO ARES
\nMoritz is a senior red team security consultant at NVISO ARES (Adversarial Risk Emulation & Simulation). He focuses on research & development in red teaming to support, enhance and extend the team’s capabilities in red team engagements of all sorts. Before joining the offensive security community, Moritz worked on a voluntary basis as a technical malware analyst for a well-known internet forum with focus on evading detections and building custom exploits. When he isn’t infiltrating networks or exfiltrating data, he is usually knees deep in research and development, dissecting binaries and developing new tools.
\n\n\n\'',NULL,614172),('3_Saturday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W305','\'CODASM - Hiding Payloads in Plain .text\'','\'Moritz Laurin Thomas\'','DL_733e32e87d7339d50163b9a392cc234d','\'\'',NULL,614173),('3_Saturday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W305','\'TheAllCommander 2.0\'','\'Matthew Handy\'','DL_c5b919b6edd0c44eebb428c4bdcdacd8','\'Title: TheAllCommander 2.0
\nWhen: Saturday, Aug 10, 14:00 - 15:45 PDT
\nWhere: LVCC West/Floor 3/W305 - Map
\n
\nDescription:
\nTheAllCommander is an open-source tool which offers red teams and blue teams a framework to rapidly prototype and model malware communications, as well as associated client-side indicators of compromise. The framework provides a structured, documented, and object-oriented API for both the client and server, allowing anyone to quickly implement a novel communications protocol between a simulated malware daemon and its command and control server. For Blue Teamers, this allows rapid modeling of emerging threats and comprehensive testing in a controlled manner to develop reliable detection models. For Red Teamers, this framework allows rapid iteration and development of new protocols and communications schemes with an easy to use Python interface. The framework has many tools or techniques used by red teams built in to allow out-of-the-box modeling, including emulated client browser HTTPS traffic Remote Desktop tunneling, and UAC bypass.
\n\nSpeakerBio: Matthew Handy, NASA
\nMatt Handy completed his BS in Computer Science at the University of Maryland, College Park (UMD) in 2010, and MS in CyberSecurity at Johns Hopkins in 2014. He has worked for NASA\'s Goddard Space Flight Center doing satellite ground systems development since 2009. He has specialized in secure software systems development and has helped to develop several missions over the course of his career. In his off time, he enjoys doing independent security research and creating tools like TheAllCommander to help make a more secure cyber world.
\n\n\n\'',NULL,614174),('3_Saturday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W305','\'TheAllCommander 2.0\'','\'Matthew Handy\'','DL_c5b919b6edd0c44eebb428c4bdcdacd8','\'\'',NULL,614175),('3_Saturday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W306','\'Testbed Virtual Factory\'','\'Borja Pintos Castro,Camilo Piñón Blanco\'','DL_0694832aa2f73fbe8f9ec233b74e20d0','\'Title: Testbed Virtual Factory
\nWhen: Saturday, Aug 10, 10:00 - 11:45 PDT
\nWhere: LVCC West/Floor 3/W306 - Map
\n
\nDescription:
\nAs the landscape of industrial control systems (ICS) evolves, the security vulnerabilities inherent in these systems have become increasingly important. In response to this escalating situation, in this paper, we present the development of a virtualized cybersecurity research testbed tailored for these environments. Addressing the challenge of limited access to proprietary OT network data for research purposes, our this talk proposes a comprehensive framework for simulating industrial environments, aiming to facilitate the development and testing of cybersecurity solutions by providing functionalities for network traffic logging, attack impact simulation, generation of labeled multivariate time series sensor datasets, among others, bridging the gap between theoretical research and practical application needs, especially in situations of low data availability and data-driven cybersecurity research.
\n\nSpeakers:Borja Pintos Castro,Camilo Piñón Blanco
\n
\nSpeakerBio: Borja Pintos Castro, Researcher, Security and Privacy Area at Gradiant
\nBorja Pintos-Castro is passionate about cybersecurity, he spends the day reading and tinkering. He obtained a degree in Computer Engineering from the University of A Coruña. He also has a Master of Computer Security by the International University of La Rioja. Now, he is a researcher at Gradiant in the Security and Privacy Area and specifically in Cybersecurity industry 4.0 projects. Currently, he manages some industrial security projects, specifically analyzing network traffic and using honeypots to detect threats and attacks. He has the certification OSCP (PEN-200) from Offensive Security.
\n\nSpeakerBio: Camilo Piñón Blanco
\nCamilo Piñón-Blanco graduated in Telecommunication Technologies Engineering (2021) and Master in Telecommunication Engineering (2023) from the University of Vigo, both specializing in Telematics Engineering. He did his Bachelor’s Thesis with GRADIANT, focused on detection of cyber-attacks in industrial networks with Machine Learning techniques. He has worked at the atlanTTic research center as a researcher, dealing with natural language processing and text data analysis. In 2022 he re-joined the GRADIANT as an Engineer-Researcher in Security and Privacy, within the Privacy & Security Analytics line, where he has done his Master\'s Thesis on anomaly detection in time series through UEBA and LSTM neural networks. His main lines of work are applied machine learning, data analysis and software development.
\n\n\n\'',NULL,614176),('3_Saturday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W306','\'Testbed Virtual Factory\'','\'Borja Pintos Castro,Camilo Piñón Blanco\'','DL_0694832aa2f73fbe8f9ec233b74e20d0','\'\'',NULL,614177),('3_Saturday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W306','\'GC2 - The First Serverless Command & Control\'','\'Lorenzo Grazian\'','DL_84d14491ed20c4cd1b0bd7191acbed1b','\'Title: GC2 - The First Serverless Command & Control
\nWhen: Saturday, Aug 10, 12:00 - 13:45 PDT
\nWhere: LVCC West/Floor 3/W306 - Map
\n
\nDescription:
\nGC2 is the first serverless command and control. This project aims to demonstrate how attackers could take advantage of third-party tools (Google Sheets and Google Drive) to execute commands and exfiltrate information from a compromised system. First released in 2021, became well known in April 2023 after being mentioned in Google\'s Threat Horizons Report.
\n\nSpeakerBio: Lorenzo Grazian
\nLorenzo Grazian has more than 6 years of experience in red teaming, penetration testing and source code review mainly in the financial and transport industries. He worked and led local and global cybersecurity projects. Besides his offensive security background, he developed several tools to support offensive security activities.
\n\n\n\'',NULL,614178),('3_Saturday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W306','\'GC2 - The First Serverless Command & Control\'','\'Lorenzo Grazian\'','DL_84d14491ed20c4cd1b0bd7191acbed1b','\'\'',NULL,614179),('3_Saturday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W306','\'Drop-Pi\'','\'Doug Kent,Robert Ditmer\'','DL_644728957a127f8ac18846df2a8b30f0','\'Title: Drop-Pi
\nWhen: Saturday, Aug 10, 14:00 - 15:45 PDT
\nWhere: LVCC West/Floor 3/W306 - Map
\n
\nDescription:
\nThe Drop-Pi is a suite of software developed on a Raspberry Pi to facilitate the automatic bypassing of 802.1x/NAC implementations (pre 802.1x-2010 standards) and establish discrete remote access into target networks. Designed with physical penetration testing in mind, the Drop-Pi can establish remote access inside a target network within a matter of seconds after being plugged in, affording assessors with a quick in and out on an objective. Its built with common and easily sourced hardware which allows for easy and quick provisioning of multiple Drop-Pi devices. When it\'s not feasible to utilize a target network for egress traffic, the Drop-Pi can easily be configured to employ a wireless connection or mobile hotspot to facilitate access in and out of the network.
\n\nSpeakers:Doug Kent,Robert Ditmer
\n
\nSpeakerBio: Doug Kent, Pentesting Team at State Farm
\nDoug has worked at State Farm for about 20 years. Working on mostly security technologies ranging from Active Directory, PKI, Endpoint protection and finally landing recently on the Pentesting team. Doug has a passion for identifying vulnerabilities and partnering with control solution teams to protect State Farm data and fulfill our promise to customers. He strives to help others with offensive security skills by providing training, guidance, and kill chain demonstrations.
\n\nSpeakerBio: Robert Ditmer, Red Team at State Farm
\nRob has been on the State Farm Pentesting Team for 3 years and has recently moved the Red Team. Prior to his time at State Farm, he has worked with various other companies as a penetration testing consultant - enabling him to experience a wide range of technologies and their differing implementations. Rob enjoys the challenge of developing tools and infrastructure to better the skills and abilities of the State Farms Red Team.
\n\n\n\'',NULL,614180),('3_Saturday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W306','\'Drop-Pi\'','\'Doug Kent,Robert Ditmer\'','DL_644728957a127f8ac18846df2a8b30f0','\'\'',NULL,614181),('3_Saturday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W307','\'Cyber Security Transformation Chef (CSTC)\'','\'Florian Haag,Matthias Göhring\'','DL_e3bfc01574b28595a5a371d6c52ef28f','\'Title: Cyber Security Transformation Chef (CSTC)
\nWhen: Saturday, Aug 10, 10:00 - 11:45 PDT
\nWhere: LVCC West/Floor 3/W307 - Map
\n
\nDescription:
\nImagine GCHQ\'s CyberChef integrated in BurpSuite with live modification of requests at your fingertips. That\'s exactly what we had in mind when we built the Cyber Security Transformation Chef (CSTC) a few years ago. The CSTC is an extension to the popular BurpSuite Proxy built for experts working with web applications. It enables users to define recipes that are applied to outgoing or incoming HTTP requests/responses automatically. Whatever quirks and specialties an application might challenge you with during an assessment, the CSTC has you covered. Furthermore, it allows to quickly apply custom formatting to a chosen message, if a more detailed analysis is needed. After the initial release the CSTC is finally back! It contains new features and improvements such as many new operations to be used in recipes, inclusion of community requested features and a refactoring of the codebase. Alongside the CTSC we will launch a new public repository with recipes we found useful in our experience as penetration testers and of course open for contribution by the community. This helps the community to solve common challenges and getting started working with the CSTC.
\n\nSpeakers:Florian Haag,Matthias Göhring
\n
\nSpeakerBio: Florian Haag, Managing Security Consultant at usd AG
\nFlorian Haag is a managing security consultant at usd AG with experience in penetration testing, software security assessments as well as code reviews. He is specialized in penetration tests of thick client applications, leveraging his background in software development to reverse engineer proprietary client applications and network protocols. In addition, he maintains several open source tools for web application pentesting presented at international conferences like BlackHat and DEF CON.
\n\nSpeakerBio: Matthias Göhring, Security Consultant and Penetration Tester at usd AG
\nMatthias Göhring is security consultant and penetration tester at usd AG, an information security company based in Germany with the mission #moresecurity. He is Head of usd HeroLab, the division of usd specialized in technical security assessments. In addition, he holds lectures at Technical University Darmstadt and University of Applied Sciences Darmstadt on ethical hacking and penetration testing. In previous scientific work, he focused on network and communication security as well as software security.
\n\n\n\'',NULL,614182),('3_Saturday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W307','\'Cyber Security Transformation Chef (CSTC)\'','\'Florian Haag,Matthias Göhring\'','DL_e3bfc01574b28595a5a371d6c52ef28f','\'\'',NULL,614183),('3_Saturday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W307','\'MPT - Pentest in Action\'','\'Jyoti Raval\'','DL_dca69f4877e28b773ef1fd8e70b3d97c','\'Title: MPT - Pentest in Action
\nWhen: Saturday, Aug 10, 12:00 - 13:45 PDT
\nWhere: LVCC West/Floor 3/W307 - Map
\n
\nDescription:
\nIn ever evolving software development world, security is also becoming fast paced. Hence, each product going through the pentest cycle has to be managed effectively and efficiently. Managing multiple pentests and testers is important. A single pane of glass view for managing pentests and testers is what the goal of this tool is.
\n\nSpeakerBio: Jyoti Raval, Senior Staff Product Security Leader at Baker Hughes
\nJyoti Raval works as Senior Staff Product Security Leader at Baker Hughes. She is responsible for securing product end-to-end and involved in various phases of security life cycle. She is author of the Phishing Simulation Assessment and MPT tools, and has presented at Defcon, BlackHat, Nullcon, HITB, OWASP NZ and Infosec Girls. She also heads OWASP Pune chapter.
\n\n\n\'',NULL,614184),('3_Saturday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W307','\'MPT - Pentest in Action\'','\'Jyoti Raval\'','DL_dca69f4877e28b773ef1fd8e70b3d97c','\'\'',NULL,614185),('3_Saturday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W307','\'Moriarty\'','\'Anthony “Coin” Rose,Jake “Hubble” Krasnov\'','DL_60e6808b8690a98f9f2850557c499134','\'Title: Moriarty
\nWhen: Saturday, Aug 10, 14:00 - 15:45 PDT
\nWhere: LVCC West/Floor 3/W307 - Map
\n
\nDescription:
\nMoriarty is a.NET tool designed to identify vulnerabilities for privilege escalation in Windows environments. Building upon Watson and Sherlock, Moriarty extends their capabilities by incorporating advanced scanning techniques for newer vulnerabilities and integrating additional checks. This tool supports a wide range of Windows versions, from Windows 10 to Windows 11 and Server versions 2016, 2019, and 2022. Moriarty differentiates itself by its ability to enumerate missing KBs and detect a variety of vulnerabilities linked to privilege escalation, offering suggestions for potential exploits. The tool\'s extensive database includes well-known vulnerabilities such as PrintNightmare (CVE-2021-1675), Log4Shell (CVE-2021-44228), and SMBGhost (CVE-2020-0796), among others.
\n\nSpeakers:Anthony “Coin” Rose,Jake “Hubble” Krasnov
\n
\nSpeakerBio: Anthony “Coin” Rose, Lead Security Researcher and Chief Operating Officer at BC Security
\nAnthony \"Coin\" Rose, CISSP, is a Lead Security Researcher and Chief Operating Officer at BC Security, where he specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. He has presented at numerous security conferences, including Black Hat, DEF CON, HackMiami, and RSA conferences. Anthony is the author of various offensive security tools, including Empire and Starkiller, which he actively develops and maintains. He is recognized for his work, revealing wide-spread vulnerabilities in Bluetooth devices and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
\n\nSpeakerBio: Jake “Hubble” Krasnov, Red Team Operations Lead and Chief Executive Officer at BC Security
\nJake \"Hubble\" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security. He has spent the first half of his career as an Astronautical Engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. Jake has presented at DEF CON, where he taught courses on offensive PowerShell and has been recognized by Microsoft for his discovery of a vulnerability in AMSI. Jake has authored numerous tools, including Invoke-PrintDemon and Invoke-ZeroLogon, and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
\n\n\n\'',NULL,614186),('3_Saturday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W307','\'Moriarty\'','\'Anthony “Coin” Rose,Jake “Hubble” Krasnov\'','DL_60e6808b8690a98f9f2850557c499134','\'\'',NULL,614187),('3_Saturday','10','10:00','11:45','N','DL','LVCC West/Floor 3/W308','\'MITRE Caldera\'','\'Mark Perry,Rachel Murphy\'','DL_0faa48b47ab79bcb5746d2c721ba3f9c','\'Title: MITRE Caldera
\nWhen: Saturday, Aug 10, 10:00 - 11:45 PDT
\nWhere: LVCC West/Floor 3/W308 - Map
\n
\nDescription:
\nMITRE Caldera is a scalable, automated adversary emulation, open-source cybersecurity platform developed by MITRE. It empowers cyber practitioners to save time, money, and energy through automated security assessments. Caldera not only tests and evaluates detection/analytic and response platforms, but it also provides the capability for your red team to perform manual assessments with computer assistance. This is achieved by augmenting existing offensive toolsets. The framework can be extended to integrate with any custom tools you may have. The development team behind the platform is a group of red teamers, software developers, exploit writers, cyber threat analysts, AI researchers, cybersecurity engineers, and computer scientists. They all pursue the common goal of building a premier adversary emulation platform for our security defenders around the world.
\n\nSpeakers:Mark Perry,Rachel Murphy
\n
\nSpeakerBio: Mark Perry, Lead Applied Cyber Security Engineer at MITRE Corp
\nMark Perry is a Lead Applied Cyber Security Engineer at MITRE Corp, where he specializes in adversary emulation and work development. With a robust background in infrastructure and cyber security frameworks, Mark brings extensive expertise to his role, focusing on fortifying systems against sophisticated cyber threats. He has worked on projects involving adversary emulation, red teaming, cyber threat intelligence, and software development. Mark also leads development and delivery of Caldera workshops, providing participants with practical, hands-on training utilizing cybersecurity techniques. Additionally, he actively promotes Caldera’s benefactor program, fostering community support and engagement to further the development of cybersecurity tools and resources. Outside of his professional endeavors, Mark enjoys traveling and is a supercar enthusiast.
\n\nSpeakerBio: Rachel Murphy, Cyber Security Engineer at MITRE Corp
\nRachel Murphy is a Cyber Security Engineer at MITRE Corp. She has a B.S. in Mechanical Engineering and prior to joining MITRE, she worked as a mechanical engineer at NASA performing thermal analysis for the International Space Station at Johnson Space Center in Houston, TX. Rachel has worked on projects in adversary emulation, red teaming, cyber threat intelligence, and software development. Part of this work includes supporting Caldera’s research in artificial intelligence, developing Caldera workshops like this one, and promoting Caldera’s benefactor program. She has also served as a red team operator for MITRE Engenuity’s ATT&CK Evaluations.
\n\n\n\'',NULL,614188),('3_Saturday','11','10:00','11:45','Y','DL','LVCC West/Floor 3/W308','\'MITRE Caldera\'','\'Mark Perry,Rachel Murphy\'','DL_0faa48b47ab79bcb5746d2c721ba3f9c','\'\'',NULL,614189),('3_Saturday','12','12:00','13:45','N','DL','LVCC West/Floor 3/W308','\'FACTION\'','\'Josh Summitt\'','DL_800349f1de6b150f90abe9dc7c5c91d1','\'Title: FACTION
\nWhen: Saturday, Aug 10, 12:00 - 13:45 PDT
\nWhere: LVCC West/Floor 3/W308 - Map
\n
\nDescription:
\nFACTION is an all-encompassing solution for streamlined security assessment workflows and enhancing collaboration within your teams. In addition, It\'s fully open source and extendable so it can integrate within diverse environments. FACTION\'s key benefits are that it cuts reporting time down to more than half for manual pen-tests, keeps tabs on all outstanding vulnerabilities with custom alerts based on your SLAs, becomes the hub of shared information for your assessments enabling other teammates to replay attacks you share, facilitates large scale assessment scheduling that typically becomes hard to manage when your teams are doing more than 100 assessments a year, and is fully extendable with REST APIs and FACTION Extensions.
\n\nSpeakerBio: Josh Summitt, Founder at Faction Security
\nWith over 18 years of experience in application security, Josh has played diverse roles—from being a penetration tester and reverse engineer to serving as a full-stack developer and CTO of a cybersecurity startup. He founded Faction Security, an organization committed to hosting open-source tools with the goal of supporting security teams by providing resources that enhance collaboration and efficiency. In addition to making open-source security tools, Josh builds custom modular synths and generally enjoys making strange and unusual noise-making devices.
\n\n\n\'',NULL,614190),('3_Saturday','13','12:00','13:45','Y','DL','LVCC West/Floor 3/W308','\'FACTION\'','\'Josh Summitt\'','DL_800349f1de6b150f90abe9dc7c5c91d1','\'\'',NULL,614191),('2_Friday','06','06:00','06:59','N','MISC','Other / See Description','\'CycleOverride DEF CON Bike Ride\'','\'\'','MISC_4e40e6c3074413bf6e06b08e7cb239a9','\'Title: CycleOverride DEF CON Bike Ride
\nWhen: Friday, Aug 9, 06:00 - 06:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nAt 6am on Friday, the @cycle_override crew will be hosting the 13th DEF CON Bikeride. We\'ll meet at a local bikeshop, get some rental bicycles, and about 7am will make the ride out to Red Rocks. It\'s about a 15 mile ride, all downhill on the return journey. So, if you are crazy enough to join us, get some water, and head over to cycleoverride.org for more info. See you at 6am Friday! @jp_bourget @gdead @heidishmoo.
\n\n\'',NULL,614192),('1_Thursday','10','10:00','17:59','N','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'Title: HDA Community - Open for Accessibility Questions/Help
\nWhen: Thursday, Aug 8, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/W110 - Map
\n
\nDescription:
\nDEF CON has made HDA a community, and we now have a community room! This room will be dedicated to the attendees with ADA needs, their friends, helpers, and anyone who wants to hang out and be social! So far we plan on providing charging stations, chill out sessions, an open call for a modular synth jam session, and more to come! Let\'s all work together to make DEFCON Awesomely Accessible!
\n\n(Please note that on Thursday, we will be open only to provide assistance to those in need. Regular community programming will begin on Friday.)
\n\nHang out, chill out deck out your mobility device and more!
\n\n\'',NULL,614193),('1_Thursday','11','10:00','17:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'\'',NULL,614194),('1_Thursday','12','10:00','17:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'\'',NULL,614195),('1_Thursday','13','10:00','17:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'\'',NULL,614196),('1_Thursday','14','10:00','17:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'\'',NULL,614197),('1_Thursday','15','10:00','17:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'\'',NULL,614198),('1_Thursday','16','10:00','17:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'\'',NULL,614199),('1_Thursday','17','10:00','17:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_dd99d5e5ae00bb4dfb8b2431d53b5fe0','\'\'',NULL,614200),('4_Sunday','10','10:00','14:59','N','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_6e132a36a72a6c800bc962fbc791f56c','\'Title: HDA Community - Open for Accessibility Questions/Help
\nWhen: Sunday, Aug 11, 10:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/W110 - Map
\n
\nDescription:
\nDEF CON has made HDA a community, and we now have a community room! This room will be dedicated to the attendees with ADA needs, their friends, helpers, and anyone who wants to hang out and be social! So far we plan on providing charging stations, chill out sessions, an open call for a modular synth jam session, and more to come! Let\'s all work together to make DEFCON Awesomely Accessible!
\n\n(Please note that on Thursday, we will be open only to provide assistance to those in need. Regular community programming will begin on Friday.)
\n\nHang out, chill out deck out your mobility device and more!
\n\n\'',NULL,614201),('4_Sunday','11','10:00','14:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_6e132a36a72a6c800bc962fbc791f56c','\'\'',NULL,614202),('4_Sunday','12','10:00','14:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_6e132a36a72a6c800bc962fbc791f56c','\'\'',NULL,614203),('4_Sunday','13','10:00','14:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_6e132a36a72a6c800bc962fbc791f56c','\'\'',NULL,614204),('4_Sunday','14','10:00','14:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_6e132a36a72a6c800bc962fbc791f56c','\'\'',NULL,614205),('3_Saturday','10','10:00','23:59','N','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'Title: HDA Community - Open for Accessibility Questions/Help
\nWhen: Saturday, Aug 10, 10:00 - 23:59 PDT
\nWhere: LVCC West/Floor 1/W110 - Map
\n
\nDescription:
\nDEF CON has made HDA a community, and we now have a community room! This room will be dedicated to the attendees with ADA needs, their friends, helpers, and anyone who wants to hang out and be social! So far we plan on providing charging stations, chill out sessions, an open call for a modular synth jam session, and more to come! Let\'s all work together to make DEFCON Awesomely Accessible!
\n\n(Please note that on Thursday, we will be open only to provide assistance to those in need. Regular community programming will begin on Friday.)
\n\nHang out, chill out deck out your mobility device and more!
\n\n\'',NULL,614206),('3_Saturday','11','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614207),('3_Saturday','12','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614208),('3_Saturday','13','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614209),('3_Saturday','14','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614210),('3_Saturday','15','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614211),('3_Saturday','16','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614212),('3_Saturday','17','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614213),('3_Saturday','18','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614214),('3_Saturday','19','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614215),('3_Saturday','20','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614216),('3_Saturday','21','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614217),('3_Saturday','22','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614218),('3_Saturday','23','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_ab8cad15ecce1a5246228a68f74b6d54','\'\'',NULL,614219),('2_Friday','10','10:00','23:59','N','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'Title: HDA Community - Open for Accessibility Questions/Help
\nWhen: Friday, Aug 9, 10:00 - 23:59 PDT
\nWhere: LVCC West/Floor 1/W110 - Map
\n
\nDescription:
\nDEF CON has made HDA a community, and we now have a community room! This room will be dedicated to the attendees with ADA needs, their friends, helpers, and anyone who wants to hang out and be social! So far we plan on providing charging stations, chill out sessions, an open call for a modular synth jam session, and more to come! Let\'s all work together to make DEFCON Awesomely Accessible!
\n\n(Please note that on Thursday, we will be open only to provide assistance to those in need. Regular community programming will begin on Friday.)
\n\nHang out, chill out deck out your mobility device and more!
\n\n\'',NULL,614220),('2_Friday','11','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614221),('2_Friday','12','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614222),('2_Friday','13','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614223),('2_Friday','14','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614224),('2_Friday','15','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614225),('2_Friday','16','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614226),('2_Friday','17','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614227),('2_Friday','18','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614228),('2_Friday','19','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614229),('2_Friday','20','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614230),('2_Friday','21','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614231),('2_Friday','22','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614232),('2_Friday','23','10:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Community - Open for Accessibility Questions/Help\'','\'\'','HDA_5494e140276f2c2922004e065c3b150b','\'\'',NULL,614233),('2_Friday','18','18:00','23:59','N','HDA','LVCC West/Floor 1/W110','\'HDA Chillout w/ Dj Delchi\'','\'\'','HDA_8433ef85d844b923fb40d27bb2aec6b3','\'Title: HDA Chillout w/ Dj Delchi
\nWhen: Friday, Aug 9, 18:00 - 23:59 PDT
\nWhere: LVCC West/Floor 1/W110 - Map
\n
\nDescription:
\nChillout to etherial / downtempo tunes and hang with your community
\n\n\'',NULL,614234),('2_Friday','19','18:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Chillout w/ Dj Delchi\'','\'\'','HDA_8433ef85d844b923fb40d27bb2aec6b3','\'\'',NULL,614235),('2_Friday','20','18:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Chillout w/ Dj Delchi\'','\'\'','HDA_8433ef85d844b923fb40d27bb2aec6b3','\'\'',NULL,614236),('2_Friday','21','18:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Chillout w/ Dj Delchi\'','\'\'','HDA_8433ef85d844b923fb40d27bb2aec6b3','\'\'',NULL,614237),('2_Friday','22','18:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Chillout w/ Dj Delchi\'','\'\'','HDA_8433ef85d844b923fb40d27bb2aec6b3','\'\'',NULL,614238),('2_Friday','23','18:00','23:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Chillout w/ Dj Delchi\'','\'\'','HDA_8433ef85d844b923fb40d27bb2aec6b3','\'\'',NULL,614239),('2_Friday','14','14:00','15:59','N','HDA','LVCC West/Floor 1/W110','\'HDA Presents : Naomi Brockwell\'','\'Naomi Brockwell\'','HDA_29f5a98215e95cc4ff3fa783697f4007','\'Title: HDA Presents : Naomi Brockwell
\nWhen: Friday, Aug 9, 14:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/W110 - Map
\n
\nDescription:
\nTalk on health info privacy
\n\nSpeakerBio: Naomi Brockwell, NBTV
\nNo BIO available
\n\n\'',NULL,614240),('2_Friday','15','14:00','15:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Presents : Naomi Brockwell\'','\'Naomi Brockwell\'','HDA_29f5a98215e95cc4ff3fa783697f4007','\'\'',NULL,614241),('1_Thursday','09','09:00','12:59','N','WS','Springhill Suites/Frontier','\'Sold Out - Dissecting Malware for Defense - Crafting Custom Yara Rules\'','\'Francisco Perdomo,Josh Stroschein\'','WS_916b7fc14c69c0c10ac7aa10ee2aa185','\'Title: Sold Out - Dissecting Malware for Defense - Crafting Custom Yara Rules
\nWhen: Thursday, Aug 8, 09:00 - 12:59 PDT
\nWhere: Springhill Suites/Frontier - Map
\n
\nDescription:
\nThreat actors skillfully deploy malware to evade detection, outmaneuvering traditional security tools. In this workshop, \"Dissecting Malware for Defense - Crafting Custom Yara Rules\", you\'ll harness the power of malware analysis and crowdsourced intelligence to build tailored Yara rules. These rules will supercharge your security systems, enabling you to detect emerging threats, enhance threat hunting, and accurately pinpoint malicious activity. This fast-paced course will guide you in mastering static and behavioral detections, empowering you to safeguard your organization. By the end, you\'ll expertly translate malware analysis insights into high-quality Yara rules, bolstering your defensive arsenal.
\n\nSpeakers:Francisco Perdomo,Josh Stroschein
\n
\nSpeakerBio: Francisco Perdomo, Security Engineer, VirusTotal Research Team at Google
\nFrancisco is a skilled security professional with a strong background in detection engineering and a keen interest in reverse engineering. With extensive blue team experience, he currently works as a Security Engineer at Google\'s VirusTotal Research team where he leverages his operational expertise to investigate malware trends and create insightful technical content. Francisco\'s background includes roles as a SecOps Engineer and Professor of Computer Security.
\n\nSpeakerBio: Josh Stroschein, Reverse Engineer, FLARE team at Google
\nJosh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, RE, and other security topics.
\n\n\n\'',NULL,614242),('1_Thursday','10','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Dissecting Malware for Defense - Crafting Custom Yara Rules\'','\'Francisco Perdomo,Josh Stroschein\'','WS_916b7fc14c69c0c10ac7aa10ee2aa185','\'\'',NULL,614243),('1_Thursday','11','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Dissecting Malware for Defense - Crafting Custom Yara Rules\'','\'Francisco Perdomo,Josh Stroschein\'','WS_916b7fc14c69c0c10ac7aa10ee2aa185','\'\'',NULL,614244),('1_Thursday','12','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Dissecting Malware for Defense - Crafting Custom Yara Rules\'','\'Francisco Perdomo,Josh Stroschein\'','WS_916b7fc14c69c0c10ac7aa10ee2aa185','\'\'',NULL,614245),('1_Thursday','09','09:00','12:59','N','WS','Springhill Suites/Desert Inn','\'Sold Out - Med Team vs Red Team: Intro into Medical Device Hacking\'','\'Alex Delifer,Michael \"v3ga\" Aguilar\'','WS_e4d9b90115bb0a497db663ef5f4957a0','\'Title: Sold Out - Med Team vs Red Team: Intro into Medical Device Hacking
\nWhen: Thursday, Aug 8, 09:00 - 12:59 PDT
\nWhere: Springhill Suites/Desert Inn - Map
\n
\nDescription:
\nConnected medical device and medical device security assessments utilize a varying and wide range of practices, from reverse engineering to hardware exploitation. If you have ever been curious about how to get started, this is the class for you. We will be covering how to get started in Adversarial Medical Device testing, tooling, tactics, exploits and certain bypasses to restrictions you may encounter during testing these devices. Use the tactics learned to exploit devices within\nthe Device Lab!
\n\nSpeakers:Alex Delifer,Michael \"v3ga\" Aguilar
\n
\nSpeakerBio: Alex Delifer
\nAlex is medical device testing sledgehammer. He is a DevSecOps guru for a large medical device company and cut his teeth building, maintaining and hacking medical devices.
\n\nSpeakerBio: Michael \"v3ga\" Aguilar, Principle Consultant at Secureworks Adversary Group
\nMichael Aguilar (v3ga) is a Principle Consultant for Secureworks Adversary Group. He runs Adversary Simulation operations, Physical Security and Network/Web based assessments as well as Adversarial Medical Device Tests. When not doing computer things, he reads a lot and likes to run to de-stress. He is also an avid fan of playing guitar really fast and screaming at people.
\n\n\n\'',NULL,614246),('1_Thursday','10','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Med Team vs Red Team: Intro into Medical Device Hacking\'','\'Alex Delifer,Michael \"v3ga\" Aguilar\'','WS_e4d9b90115bb0a497db663ef5f4957a0','\'\'',NULL,614247),('1_Thursday','11','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Med Team vs Red Team: Intro into Medical Device Hacking\'','\'Alex Delifer,Michael \"v3ga\" Aguilar\'','WS_e4d9b90115bb0a497db663ef5f4957a0','\'\'',NULL,614248),('1_Thursday','12','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Med Team vs Red Team: Intro into Medical Device Hacking\'','\'Alex Delifer,Michael \"v3ga\" Aguilar\'','WS_e4d9b90115bb0a497db663ef5f4957a0','\'\'',NULL,614249),('1_Thursday','09','09:00','12:59','N','WS','Springhill Suites/Dean Martin','\'Sold Out - Offensive SCCM: Abusing Microsoft\'s C2 Framework\'','\'Chris Thompson,Duane Michael,Garrett Foster\'','WS_665320585f620bdcb0b32818922e4a11','\'Title: Sold Out - Offensive SCCM: Abusing Microsoft\'s C2 Framework
\nWhen: Thursday, Aug 8, 09:00 - 12:59 PDT
\nWhere: Springhill Suites/Dean Martin - Map
\n
\nDescription:
\nMicrosoft Configuration Manager, formerly SCCM (System Center Configuration Manager), is a powerful technology that has been used to deploy software to Windows systems in the majority of enterprise environments since it was released by Microsoft in 1994. Although SCCM has a high potential for abuse due to its privileged access to entire fleets of servers and workstations, it has not been heavily researched or leveraged by security professionals until recently, presumably due to the time-consuming installation process and learning curve. In this workshop, students will be provided access to a live environment that reflects an enterprise SCCM deployment, gain an understanding of how the different components of SCCM interact, and learn how to execute recently discovered attack primitives that can be used compromise SCCM clients, servers, and entire hierarchies. By completing both guided exercises and optional CTF challenges in this lab environment, students will learn how to demonstrate the impact of attack paths involving SCCM.
\n\nBy the end of this workshop, participants will be able to:\n - understand the foundational concepts needed to attack and defend SCCM\n - understand SCCM defaults and configurations that can be abused\n - use SCCM to complete a realistic attack chain, including recon, privilege escalation, credential gathering, site takeover, and lateral movement\n - understand how to use offensive security tools to interact with SCCM, such as SCCMHunter, SharpSCCM, sccmwtf, PXEThief, and ntlmrelayx
\n\nTo get the most out of this training, participants will benefit from reviewing the following resources, although they are not required:\n - Misconfiguration Manager (misconfigurationmanager.com)\n - System Center Configuration Manager Current Branch Unleashed, by Kerrie Meyler\n - Configuration Manager Terminology\n - Looking Inside Configuration Manager\n - Network Design\n - Client Management
\n\nThis workshop is the second version of Flipping the Coin and features upgraded attack paths, and lab environments.
\n\nBy the end of the workshop, attendees will:
\n\n\nUnderstand and perform common offensive attacks (supported by the Metasploit Framework) against Windows Domains, including:
\n\n\n- Pass the Hash attacks;
\n- gMSA Golden Attack;
\n- ADCS abuse;
\n- Common tunnelling techniques;
\n- PrintSpoofer exploits;
\n- LSASS exploitation (using Mimikatz);
\n- AD enumeration (using BloodHound);
\n- DACL abuse;
\n- Kerberos golden tickets; and
\n- DLL hijacking.
\n
Understand the process of detecting attacks against Windows infrastructure, including how to design and implement their own detection rules based on attendees’ previous attacks, using:
\n\n\n- Sigma/Yara rules.
\n- Log ingestion/normalisation platforms, and query engines (e.g. ELK).
\n
Understand and appreciate how the actions and processes of red and blue teams are interlinked, for the greater collective good.
\n\nRecommended (but not required) prior reading:
\n\n\n- https://nooblinux.com/metasploit-tutorial/
\n- https://posts.specterops.io/introducing-bloodhound-enterprise-attack-path-management-for-everyone-39cfd8d6eb7c
\n- https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview
\n- https://socprime.com/blog/sigma-rules-the-beginners-guide/
\n- https://github.com/socprime/SigmaUI
\n- https://blog.netwrix.com/2021/11/30/how-to-detect-pass-the-hash-attacks/
\n- https://posts.specterops.io/certified-pre-owned-d95910965cd2
\n- https://www.elastic.co/guide/en/security/current/suspicious-print-spooler-point-and-print-dll.html
\n
\n\nMuch of the material and core concepts of the workshop remain the same from the DEF CON 31 workshop with some updated topics for DEF CON 32, including an updated environment, and gMSA attacks within the lab.
\n\nSince 2022, Chris, Duane, and Garrett have released a combined 8 blog posts and authored 3 tools (SharpSCCM, SCCMHunter, and Misconfiguration Manager) that demonstrate novel offensive techniques to abuse SCCM functionality.
\n\nSpeakers:Chris Thompson,Duane Michael,Garrett Foster
\n
\nSpeakerBio: Chris Thompson, Principal Consultant at SpecterOps
\nChris Thompson (@_Mayyhem) is a Principal Consultant at SpecterOps, where he conducts red team operations, research, tool development, and training. Chris has instructed at Black Hat USA/EU and spoken at Arsenal, DEF CON Demo Labs, SO-CON, and Troopers. He is the primary author of Maestro and SharpSCCM and co-author of Misconfiguration Manager, an open-source tool and knowledge base that can be used to help demonstrate, mitigate, and detect attacks that abuse Microsoft Configuration Manager (formerly SCCM).
\n\nSpeakerBio: Duane Michael, Managing Consultant at SpecterOps
\nDuane Michael (@subat0mik) is a Managing Consultant at SpecterOps, where he conducts red team operations, penetration tests, research, course development, and training. Duane has instructed courses on red teaming and vulnerability research at BH USA/EU, NorthSec, and SO-CON. He has presented at Arsenal and DEF CON Demo Labs, contributes to various open source projects, and is a co-author of Misconfiguration Manager.
\n\nSpeakerBio: Garrett Foster, Senior Consultant at SpecterOps
\nGarrett Foster (@garrfoster) is a Senior Consultant at SpecterOps, where he conducts red team operations, penetration testing, research, training, and course development. Garrett has presented at WWHF and BsidesPDX. Garrett is a the primary author of SCCMHunter and a co-author of Misconfiguration Manager.
\n\n\n\'',NULL,614250),('1_Thursday','10','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Offensive SCCM: Abusing Microsoft\'s C2 Framework\'','\'Chris Thompson,Duane Michael,Garrett Foster\'','WS_665320585f620bdcb0b32818922e4a11','\'\'',NULL,614251),('1_Thursday','11','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Offensive SCCM: Abusing Microsoft\'s C2 Framework\'','\'Chris Thompson,Duane Michael,Garrett Foster\'','WS_665320585f620bdcb0b32818922e4a11','\'\'',NULL,614252),('1_Thursday','12','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Offensive SCCM: Abusing Microsoft\'s C2 Framework\'','\'Chris Thompson,Duane Michael,Garrett Foster\'','WS_665320585f620bdcb0b32818922e4a11','\'\'',NULL,614253),('1_Thursday','09','09:00','12:59','N','WS','Springhill Suites/Dunes','\'Sold Out - Supercharge SAST: Semgrep Strategies for Secure Software\'','\'Arjun Gopalakrishna,Gautam Peri,Marcelo Ribeiro\'','WS_f94f8c9e29269370b68167fc1ca0427e','\'Title: Sold Out - Supercharge SAST: Semgrep Strategies for Secure Software
\nWhen: Thursday, Aug 8, 09:00 - 12:59 PDT
\nWhere: Springhill Suites/Dunes - Map
\n
\nDescription:
\nBefore the Training: Attendees are expected to have a basic understanding of programming concepts and syntax in a programming language such as JavaScript, Python, Go, or C#/Java. While familiarity with common security vulnerabilities (e.g., OWASP Top 10) is beneficial, it is not a prerequisite.To ensure a smooth and productive experience, participants should come equipped with a laptop that has administrative access for software installation. A pre-training checklist, including software installation guides (Semgrep and a preferred text editor/IDE), will be provided to all registered attendees to prepare them for the workshop.
\nParticipants will: - Gain an understanding of SAST and its importance in the AppSec ecosystem. - Learn to navigate Semgrep’s rule syntax and create custom rules tailored to their specific security needs. - Engage in hands-on exercises to apply Semgrep on real-world code snippets and projects, enhancing their learning through practical application. - Explore the Semgrep Playground for testing and refining rules in an interactive environment. - Delve into advanced Semgrep features and techniques for a comprehensive security strategy. - Understand how Semgrep findings can be leveraged for LLM-based code analysis, taking code security to the next level.
\nSupercharge SAST: Semgrep Strategies for Secure Software\" is a meticulously designed workshop aimed at introducing participants to the world of Static Application Security Testing (SAST) through the lens of Semgrep, a cutting-edge tool that combines the simplicity of syntax with the power of complex analysis.
\nTechnical Level and Tools Used: This workshop is tailored for beginner to intermediate skill levels, focusing on practical, actionable insights that participants can immediately apply to their projects. The primary tool used will be Semgrep, supplemented by the Semgrep Playground for online rule testing. Instructions for installing necessary software and accessing online resources will be provided ahead of the workshop.
\nWhat You Will Learn: This workshop is structured to guide attendees from the foundational concepts of SAST and application security to the practical application of Semgrep for identifying and mitigating security risks in codebases.
\n\n\n\nSpeakers:Arjun Gopalakrishna,Gautam Peri,Marcelo Ribeiro
\n
\nSpeakerBio: Arjun Gopalakrishna, Senior Software Security Engineering Manager, Azure Security at Microsoft
\nArjun Gopalakrishna is a Senior Software Security Engineering Manager in Azure Security with more than a decade of experience at Microsoft. His work has been instrumental in fortifying Microsoft\'s Azure platform against a myriad of cyberthreats. His expertise lies in developing and implementing robust security measures to protect cloud-based systems and data. Arjun has presented at DEFCON in 2021, in addition to numerous security talks internally at Microsoft. Arjun\'s commitment to continuous learning and development, coupled with his passion for cybersecurity, continues to drive his contributions to the field.
\n\nSpeakerBio: Gautam Peri, Senior Security Engineer, EPSF SERPENT Team at Microsoft
\nGautam Peri is a Senior Security Engineer in EPSF SERPENT (Service Pentest) team at Microsoft. He has over 8 years of experience as a security professional in multiple organizations including Microsoft and Citibank N.A. He started his career as a software developer and became a security professional. Currently, Gautam focuses on securing in Azure Edge & Platform & Devices services at Microsoft. He is passionate about identifying vulnerabilities at scale. Gautam presented at multiple internal events and got accepted to OWASP BASC (Boston Application Security Conference) 2024. Gautam holds CISSP & GCPN certifications, he is committed to continuous learning and development and drives internal knowledge share events.
\n\nSpeakerBio: Marcelo Ribeiro, Senior Offensive Security Engineer in Azure Security at Microsoft
\nMarcelo Ribeiro is a Senior Offensive Security Engineer in Azure Security with over 20 years of experience in various organizations, including Microsoft, IBM, and the Brazilian Navy. As a former Navy Officer, Marcelo was instrumental in establishing the Brazilian Navy\'s Cyber Security capacity. He also played a pivotal role in building IBM\'s DFIR (Digital Forensics and Incident Response) practice in Latin America. Currently, Marcelo focuses on enhancing the security of Microsoft\'s Azure platform against the constantly evolving cyber threats landscape. Always seeking new challenges, Marcelo\'s commitment to learning keeps his passion for cybersecurity alive. Marcelo holds several certifications, including CISSP, CISM, OSCP, CEH, GXPN, GPEN, GWAPT, GAWN, GPYC, GREM, GISP, GICSP, GRID, GNFA, GCIH, GCIA, GSEC, and MCSE, among others. In 2023, Marcelo was inducted into the EC-Council\'s CEH Hall of Fame in recognition of his outstanding career achievements.
\n\n\n\'',NULL,614254),('1_Thursday','10','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Supercharge SAST: Semgrep Strategies for Secure Software\'','\'Arjun Gopalakrishna,Gautam Peri,Marcelo Ribeiro\'','WS_f94f8c9e29269370b68167fc1ca0427e','\'\'',NULL,614255),('1_Thursday','11','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Supercharge SAST: Semgrep Strategies for Secure Software\'','\'Arjun Gopalakrishna,Gautam Peri,Marcelo Ribeiro\'','WS_f94f8c9e29269370b68167fc1ca0427e','\'\'',NULL,614256),('1_Thursday','12','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Supercharge SAST: Semgrep Strategies for Secure Software\'','\'Arjun Gopalakrishna,Gautam Peri,Marcelo Ribeiro\'','WS_f94f8c9e29269370b68167fc1ca0427e','\'\'',NULL,614257),('1_Thursday','09','09:00','12:59','N','WS','Springhill Suites/Sands','\'Sold Out - Tracing The Pain Away - Practical Binary Tracing Techniques For Defeating Modern Malware Protections\'','\'Sean ,Serrgei Frankoff\'','WS_a7bae4a943c6eba0eadbf8e8f16a6589','\'Title: Sold Out - Tracing The Pain Away - Practical Binary Tracing Techniques For Defeating Modern Malware Protections
\nWhen: Thursday, Aug 8, 09:00 - 12:59 PDT
\nWhere: Springhill Suites/Sands - Map
\n
\nDescription:
\nCode obfuscation is fast becoming a normal part of modern Windows malware. Pioneered by Emotet and popularized by the Conti ransomware leaks, we now see even simple credential stealers using commercial grade code virtualization! The solution… if you can’t reverse it, just run it!\nIn this workshop we will cover different tracing techniques that can be used to bypass and extract information from protected code. The workshop is divided into modules covering tracing with x64dbg, dynamic binary instrumentation with PIN, and API tracing with DTrace. A challenge binary is provided with each module for students to practice and the final challenge is a real world malware sample that has been virtualized.\nThis workshop is aimed at reverse engineers and malware analysts who have experience analyzing malware and are comfortable with debugging in userland. If you don’t have experience with malware but you do have a few hours behind the debugger you should have no problem completing the workshop. \nStudents must bring a laptop/workstation capable of running a Windows Virtual Machine (VM) and a preinstalled Windows 10 (64bit) 20H1(or later) VM with at least 50G of free space. You will be provided with detailed tools installation and setup instructions prior to the workshop
\n\nSpeakers:Sean ,Serrgei Frankoff
\n
\nSpeakerBio: Sean , Co-founder at OpenAnalysis
\nSean, a co-founder of OpenAnalysis Inc., splits his time between reverse engineering, tracking malware and building automated malware analysis systems. Sean brings over a decade of experience working in a number of incident response, malware analysis and reverse engineering roles.
\n\nSpeakerBio: Serrgei Frankoff, Co-founder at OpenAnalysis
\nSergei is a co-founder of OpenAnalysis Inc. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis, and producing tutorials for the OALABS YouTube channel. With over a decade in the security industry Sergei has extensive experience working at the intersection of incident response and threat intelligence.
\n\n\n\'',NULL,614258),('1_Thursday','10','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Tracing The Pain Away - Practical Binary Tracing Techniques For Defeating Modern Malware Protections\'','\'Sean ,Serrgei Frankoff\'','WS_a7bae4a943c6eba0eadbf8e8f16a6589','\'\'',NULL,614259),('1_Thursday','11','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Tracing The Pain Away - Practical Binary Tracing Techniques For Defeating Modern Malware Protections\'','\'Sean ,Serrgei Frankoff\'','WS_a7bae4a943c6eba0eadbf8e8f16a6589','\'\'',NULL,614260),('1_Thursday','12','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Tracing The Pain Away - Practical Binary Tracing Techniques For Defeating Modern Malware Protections\'','\'Sean ,Serrgei Frankoff\'','WS_a7bae4a943c6eba0eadbf8e8f16a6589','\'\'',NULL,614261),('1_Thursday','14','14:00','17:59','N','WS','Springhill Suites/Dunes','\'Sold Out - 64-bit Intel Assembly Language Programming for Hackers\'','\'Wesley McGrew\'','WS_744b69e867aa50670c8296c1192fc140','\'Title: Sold Out - 64-bit Intel Assembly Language Programming for Hackers
\nWhen: Thursday, Aug 8, 14:00 - 17:59 PDT
\nWhere: Springhill Suites/Dunes - Map
\n
\nDescription:
\nAssembly language has a reputation for being intimidating, but once\nyou learn the basics--and know how to read the documentation for the\nrest--there\'s nothing you can\'t follow. There are many interesting\nfields of study in computer security that depend on the \"\"closer to the\nmetal\"\" knowledge you\'ll gain from learning to code in assembly:\n- Software reverse engineering\n- Vulnerability and exploit research\n- Malware/implant development\n- Digital forensics\n...among others. There is no substitute for the confidence that you\ngain from being able to research and understand computer systems at\nlower levels of abstraction.\nThe purpose of this workshop is to introduce Intel x64 assembly language to the attendees. We will be using the Microsoft Macro Assembler, and we will be examining our code step-by-step in the x64dbg debugger. No prior programming experience is required--we will be working on things from first principles. There will be few slides.\nConcepts will be presented primarily within the x64dbg environment, with a focus on experimentation and using primary documentation. Attendees can follow along with their own laptops and programming environments.\nWe will cover the following topics:\n- Assembling and linking code\n- The execution environment of x64 programs\n- Memory\n- Registers\n- A wide variety of instructions\n- Addressing modes\n- How to read instruction documentation in the Intel manuals\n- Moving data around\n- Stack operations\n- x64 ABI and calling conventions\n- Representing data\n- Integer math\n- Program flow: conditional execution, loops\n- Leveraging the Windows API\n- How to read MSDN articles on Windows API functions\n- Resources for reference and future learning
\n\nSpeakerBio: Wesley McGrew, Senior Cybersecurity Fellow at MartinFederal
\nDr. Wesley McGrew directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and malware analysis at DEF CON and Black Hat USA and taught a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.
\n\n\n\'',NULL,614262),('1_Thursday','15','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - 64-bit Intel Assembly Language Programming for Hackers\'','\'Wesley McGrew\'','WS_744b69e867aa50670c8296c1192fc140','\'\'',NULL,614263),('1_Thursday','16','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - 64-bit Intel Assembly Language Programming for Hackers\'','\'Wesley McGrew\'','WS_744b69e867aa50670c8296c1192fc140','\'\'',NULL,614264),('1_Thursday','17','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - 64-bit Intel Assembly Language Programming for Hackers\'','\'Wesley McGrew\'','WS_744b69e867aa50670c8296c1192fc140','\'\'',NULL,614265),('1_Thursday','14','14:00','17:59','N','WS','Springhill Suites/Frontier','\'Sold Out - Dodging the EDR Bullet: A Workshop on Malware Stealth Tactics\'','\'Dimitri Di Cristofaro,Giorgio \"gbyolo\" Bernardinetti\'','WS_49ebb7fd9b9b276744e25b2b127f3f98','\'Title: Sold Out - Dodging the EDR Bullet: A Workshop on Malware Stealth Tactics
\nWhen: Thursday, Aug 8, 14:00 - 17:59 PDT
\nWhere: Springhill Suites/Frontier - Map
\n
\nDescription:
\nThe workshop will walk through a number of state of the art techniques used for detection and will show the process of thinking used to research and develop cutting-edge evasion techniques. We will dive deep into interesting aspects of Windows and AV internals with respect to malware development.\nThe focus will be on the mindset used to defeat security products starting with the analysis of a variety of detection mechanisms and ending with the final development of countermeasures. Moreover, the training will contain a number of live demonstrations to practically show how to apply those concepts and how to integrate them, showing how to develop evasive implants and post-exploitation tools.\nBy altering the fundamental rules of engagement, we can confound EDR systems and reshape their perception of the digital environment.\nThe workshop will dig deep into the internals of certain aspects of AV/EDRs and the Windows operating system to identify the area to exploit to lower the detection rate, it will involve the usage of Visual Studio and debuggers.
\n\nSpeakers:Dimitri Di Cristofaro,Giorgio \"gbyolo\" Bernardinetti
\n
\nSpeakerBio: Dimitri Di Cristofaro, Senior Security Consultant and Researcher at SECFORCE LTD
\nDimitri \"GlenX\" Di Cristofaro is a senior security consultant and researcher at the London office of SECFORCE LTD where he performs Red Teams on a daily basis. The main focus of his research activities is about Red Teaming and in particular on identifying new ways of attacking operating systems and looking for cutting edge techniques to increase stealthiness in strictly monitored environments. He enjoys malware writing and offensive tools development as well as producing electronic music in his free time.
\n\nSpeakerBio: Giorgio \"gbyolo\" Bernardinetti, Lead Researcher, System Securitiy Division at CNIT
\nGiorgio \"gbyolo\" Bernardinetti is lead researcher at the System Securitiy division of CNIT. His research activities are geared towards Red Teaming support activities, in particular design and development of advanced evasion techniques in strictly monitored environments, with emphasis on (but not limited to) the Windows OS, both in user-space and kernel-space. He is certified OSCP and OSCE, and enjoys playing electric guitar in his free time.
\n\n\n\'',NULL,614266),('1_Thursday','15','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Dodging the EDR Bullet: A Workshop on Malware Stealth Tactics\'','\'Dimitri Di Cristofaro,Giorgio \"gbyolo\" Bernardinetti\'','WS_49ebb7fd9b9b276744e25b2b127f3f98','\'\'',NULL,614267),('1_Thursday','16','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Dodging the EDR Bullet: A Workshop on Malware Stealth Tactics\'','\'Dimitri Di Cristofaro,Giorgio \"gbyolo\" Bernardinetti\'','WS_49ebb7fd9b9b276744e25b2b127f3f98','\'\'',NULL,614268),('1_Thursday','17','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Dodging the EDR Bullet: A Workshop on Malware Stealth Tactics\'','\'Dimitri Di Cristofaro,Giorgio \"gbyolo\" Bernardinetti\'','WS_49ebb7fd9b9b276744e25b2b127f3f98','\'\'',NULL,614269),('1_Thursday','14','14:00','17:59','N','WS','Springhill Suites/Dean Martin','\'Sold Out - Flipping the Coin: Red and Blue Teaming in Windows Environments (++)\'','\'Angus Strom,Troy Defty\'','WS_2a26a18632f1bdecc6eb435ccfd4b29f','\'Title: Sold Out - Flipping the Coin: Red and Blue Teaming in Windows Environments (++)
\nWhen: Thursday, Aug 8, 14:00 - 17:59 PDT
\nWhere: Springhill Suites/Dean Martin - Map
\n
\nDescription:
\nRed and blue are two sides of the same coin. Offensive and defensive teams deliver the best results when working together; sharing knowledge, ideas, and understanding with each other. And a core part of this information exchange is understanding each respective perspective. This is the overarching theme of the workshop; attackers thinking like defenders, and defenders thinking like attackers.
\n\nThis workshop is the second version of Flipping the Coin and features upgraded attack paths, and lab environments.
\n\nBy the end of the workshop, attendees will:
\n\n\nUnderstand and perform common offensive attacks (supported by the Metasploit Framework) against Windows Domains, including:
\n\n\n- Pass the Hash attacks;
\n- gMSA Golden Attack;
\n- ADCS abuse;
\n- Common tunnelling techniques;
\n- PrintSpoofer exploits;
\n- LSASS exploitation (using Mimikatz);
\n- AD enumeration (using BloodHound);
\n- DACL abuse;
\n- Kerberos golden tickets; and
\n- DLL hijacking.
\n
Understand the process of detecting attacks against Windows infrastructure, including how to design and implement their own detection rules based on attendees’ previous attacks, using:
\n\n\n- Sigma/Yara rules.
\n- Log ingestion/normalisation platforms, and query engines (e.g. ELK).
\n
Understand and appreciate how the actions and processes of red and blue teams are interlinked, for the greater collective good.
\n\nRecommended (but not required) prior reading:\n- https://nooblinux.com/metasploit-tutorial/\n- https://posts.specterops.io/introducing-bloodhound-enterprise-attack-path-management-for-everyone-39cfd8d6eb7c\n- https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview\n- https://socprime.com/blog/sigma-rules-the-beginners-guide/\n- https://github.com/socprime/SigmaUI\n- https://blog.netwrix.com/2021/11/30/how-to-detect-pass-the-hash-attacks/\n- https://posts.specterops.io/certified-pre-owned-d95910965cd2\n- https://www.elastic.co/guide/en/security/current/suspicious-print-spooler-point-and-print-dll.html
\n\nMuch of the material and core concepts of the workshop remain the same from the DEF CON 31 workshop with some updated topics for DEF CON 32, including an updated environment, and gMSA attacks within the lab.
\n\nSpeakers:Angus Strom,Troy Defty
\n
\nSpeakerBio: Angus Strom, Senior Security Engineer
\nAngus (0x10f2c_) is currently a Senior Security Engineer working at a tech company. He obtained a love for all things computers by scavenging computer parts from local garbage pickups as a kid, and then trying to make them work together without blowing up. Angus eventually realised that a career could be made out of his skills hacking together poorly written LUA code in Garry’s mod, and finished a Bachelors in Network Security. In his professional career Angus has 5+ years working in Security Consulting, working across many industries and gaining many shells. More recently Angus has made the move to a security engineer focused role. When not hacking he loves to ski on the little snow that Australia has, and loves to paint small miniatures while listening to Drone Metal.
\n\nSpeakerBio: Troy Defty, Security Engineering Manager
\nFollowing over a decade in the UK and Australian InfoSec industries, including an 8-and-a-half year stint in red teaming, Troy jumped the proverbial fence from red to blue, and is currently a Security Engineering Manager at a tech company. His interest and experience is in detection engineering, red teaming, threat modelling, hardware, and assessing ICS environments. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and making piano-related noise.
\n\n\n\'',NULL,614270),('1_Thursday','15','14:00','17:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Flipping the Coin: Red and Blue Teaming in Windows Environments (++)\'','\'Angus Strom,Troy Defty\'','WS_2a26a18632f1bdecc6eb435ccfd4b29f','\'\'',NULL,614271),('1_Thursday','16','14:00','17:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Flipping the Coin: Red and Blue Teaming in Windows Environments (++)\'','\'Angus Strom,Troy Defty\'','WS_2a26a18632f1bdecc6eb435ccfd4b29f','\'\'',NULL,614272),('1_Thursday','17','14:00','17:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Flipping the Coin: Red and Blue Teaming in Windows Environments (++)\'','\'Angus Strom,Troy Defty\'','WS_2a26a18632f1bdecc6eb435ccfd4b29f','\'\'',NULL,614273),('1_Thursday','14','14:00','17:59','N','WS','Springhill Suites/Sands','\'Sold Out - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 201\'','\'James Hawk\'','WS_f46116a98663d08bba52c97372d4fa0f','\'Title: Sold Out - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 201
\nWhen: Thursday, Aug 8, 14:00 - 17:59 PDT
\nWhere: Springhill Suites/Sands - Map
\n
\nDescription:
\nIn the 201 version of Hide your kids, turn off your Wi-Fi, they Rogue APing up in here, we will launch the next level of attacks using Rogue APs and other wireless tools. We will look into different ways to attack wireless networks and leverage credentials harvested to gain a foothold, PITM, deliver payloads, and demonstrate impact to the client. During the workshop we will walk through different attacks against OPEN, WPA2, and 802.1X networks. During the CTF participants will have the chance to attack a simulated client network to leverage the attacks learned during the workshop. We will be using EAPHAMMER, BERATE_AP, WIFIPUMPKIN3, BETTERCAP, and RESPONDER. This workshop will be at the Intermediate level(all skill levels welcome), participants should have a solid knowledge of Linux, 802.11, networking, and using virtual machines. It is recommended that all students use the provided VM.
\n\nSpeakerBio: James Hawk, Senior Consultant, Proactive Services at Google Public Sector
\nJames Hawk (He/Him) is a Senior Consultant with Google Public Sector, within Proactive Services. He is the wireless subject matter expert for his team. James has led and contributed to multiple assessments (Red Teams and Pen Tests). He has developed internal training and tool updates for 802.11 for his company and team. James is a 20-year veteran of the U.S. Army and has over 10 years of hands-on experience in wireless technologies. James is always researching/testing 802.11 attacks against his home lab. He is a fan of hockey, Letter Kenny, and almost anything Sci-Fi.
\n\n\n\'',NULL,614274),('1_Thursday','15','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 201\'','\'James Hawk\'','WS_f46116a98663d08bba52c97372d4fa0f','\'\'',NULL,614275),('1_Thursday','16','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 201\'','\'James Hawk\'','WS_f46116a98663d08bba52c97372d4fa0f','\'\'',NULL,614276),('1_Thursday','17','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 201\'','\'James Hawk\'','WS_f46116a98663d08bba52c97372d4fa0f','\'\'',NULL,614277),('1_Thursday','14','14:00','17:59','N','WS','Springhill Suites/Desert Inn','\'Sold Out - Long Live Empire: A C2 Workshop for Modern Red Teaming\'','\'Jake “Hubble” Krasnov,Kevin \"Kent\" Clark,Rey \"Privesc\" Bango\'','WS_1518e70f7837e049f31b467bf40f31d7','\'Title: Sold Out - Long Live Empire: A C2 Workshop for Modern Red Teaming
\nWhen: Thursday, Aug 8, 14:00 - 17:59 PDT
\nWhere: Springhill Suites/Desert Inn - Map
\n
\nDescription:
\nCommand and Control (C2) play a crucial role for Red Teams and Advanced Persistent Threats (APTs), establishing persistent access and control over targeted networks. This workshop offers an in-depth exploration of the C2 frameworks, with a specific focus on the open-source Empire framework. Participants will gain valuable insights into the deployment, features, and real-world application of C2 in offensive security. Attendees will learn how to leverage Empire to create, customize, and execute advanced attack scenarios, honing their skills as red team operators. \nThrough practical exercises, attendees will learn to navigate the Empire framework, from basic setup to deploying sophisticated C2 infrastructures. The workshop covers key aspects such as listener configurations, agent management, and the utilization of Empire\'s diverse modules for effective post-exploitation. A unique feature of this training is the inclusion of a mini Capture-The-Flag (CTF) challenge, offering participants a hands-on opportunity to apply their skills in a controlled, competitive environment. \nBy the conclusion of this workshop, participants will be equipped with the knowledge and skills to leverage the Empire framework effectively in their red team operations, enhancing their capabilities in conducting advanced cyber attacks and navigating the complexities of modern cybersecurity landscapes. \nKey Workshop Highlights: \nComprehensive Introduction to Empire: Gain a solid understanding of Empire\'s capabilities, setup procedures, and its role in modern offensive operations. \nHands-On Deployment and Configuration: Learn through doing, with exercises designed to build proficiency in configuring Empire, managing agents, and customizing listeners. \nAdvanced Attack Scenarios: Delve into sophisticated techniques for post-exploitation, credential harvesting, and evasion, enhancing your arsenal as a red team operator. \nReal-World Application: Translate workshop learnings into actionable skills through a mini CTF challenge, simulating real-world offensive scenarios in a cloud-hosted environment.
\n\nSpeakers:Jake “Hubble” Krasnov,Kevin \"Kent\" Clark,Rey \"Privesc\" Bango
\n
\nSpeakerBio: Jake “Hubble” Krasnov, Red Team Operations Lead and Chief Executive Officer at BC Security
\nJake \"Hubble\" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security. He has spent the first half of his career as an Astronautical Engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. Jake has presented at DEF CON, where he taught courses on offensive PowerShell and has been recognized by Microsoft for his discovery of a vulnerability in AMSI. Jake has authored numerous tools, including Invoke-PrintDemon and Invoke-ZeroLogon, and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
\n\nSpeakerBio: Kevin \"Kent\" Clark, Security Consultant at TrustedSec
\nKevin \"Kent\" Clark is a Security Consultant with TrustedSec and a Red Team Instructor with BC Security. His previous work includes Penetration Testing and Red Team Operator, focusing on initial access and active directory exploitation. Kevin contributes to open-source tools such as PowerShell Empire and publishes custom security toolkits such as Badrats and WindowsBinaryReplacements. Kevin authors a cybersecurity blog at https://henpeebin.com/kevin/blog.
\n\nSpeakerBio: Rey \"Privesc\" Bango, Principal Cloud Advocate at Microsoft
\nRey \"Privesc\" Bango is a Principal Cloud Advocate at Microsoft focused on empowering companies and information technologists to take full advantage of transformative technologies. He works to build patterns and practices that streamline the development of solutions that take advantage of Artificial Intelligence and Machine Learning while ensuring that trust and confidence are a top priority, whether through security or responsible use of technology. Since 1989, Rey has explored the world of information technology through the lens of software developer, open-source contributor, cybersecurity practitioner, and an advocate for the secure and responsible use of artificial intelligence for social good.
\n\n\n\'',NULL,614278),('1_Thursday','15','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Long Live Empire: A C2 Workshop for Modern Red Teaming\'','\'Jake “Hubble” Krasnov,Kevin \"Kent\" Clark,Rey \"Privesc\" Bango\'','WS_1518e70f7837e049f31b467bf40f31d7','\'\'',NULL,614279),('1_Thursday','16','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Long Live Empire: A C2 Workshop for Modern Red Teaming\'','\'Jake “Hubble” Krasnov,Kevin \"Kent\" Clark,Rey \"Privesc\" Bango\'','WS_1518e70f7837e049f31b467bf40f31d7','\'\'',NULL,614280),('1_Thursday','17','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Long Live Empire: A C2 Workshop for Modern Red Teaming\'','\'Jake “Hubble” Krasnov,Kevin \"Kent\" Clark,Rey \"Privesc\" Bango\'','WS_1518e70f7837e049f31b467bf40f31d7','\'\'',NULL,614281),('2_Friday','09','09:00','12:59','N','WS','Springhill Suites/Desert Inn','\'Sold Out - Finding the Needle: An Introduction to Detection Engineering\'','\'Kathy Zhu,Troy Defty\'','WS_55ce12c74a5675c413494ecb02dac3e2','\'Title: Sold Out - Finding the Needle: An Introduction to Detection Engineering
\nWhen: Friday, Aug 9, 09:00 - 12:59 PDT
\nWhere: Springhill Suites/Desert Inn - Map
\n
\nDescription:
\nAs defenders, we are always outnumbered, but we are by no means outmaneuvered. Attackers may hide in the haystack of haystacks, but with scalable detection logic, efficient coding practices, a thorough investigation methodology, and a reasonable corpus of computing, we can still determine which haystack to look within, and subsequently find the needle.
\n\nThis is often made possible by a detection pipeline. And knowing how detection pipelines work, and the role each component plays, can help us write more efficient, more accurate detections to make life hard for the attacker. By reducing the attacker\'s window of opportunity, whilst making the subsequent investigation easier for the would-be analyst, we can maintain a strong defensive position, forcing the attacker to burn significantly more resources in an attempt to make progress.
\n\nThis workshop will run attendees through implementing a simple detection pipeline in code, and some basic detection rules, to understand how to:\n- Ingest and normalize arbitrary log data, and make such data available for downstream detection rules;\n- Implement detection logic, to isolate potentially malicious behaviour;\n- Enrich log data with more context, aiding investigation; and\n- Draw relationships from individual log entries, to reduce investigative noise.
\n\nAttendees should be comfortable with either Python 3 or Golang, including core language syntax and the execution environment of their preferred language.
\n\nSpeakers:Kathy Zhu,Troy Defty
\n
\nSpeakerBio: Kathy Zhu, Security Engineering Tech Lead at Google
\nHaving worked in the security industry for 8+ years, Kathy is currently a Security Engineering Tech Lead in the detection space at Google. Her interest and experience is in detection engineering and software development. Outside of work, she also enjoys running, the outdoors, and reading.
\n\nSpeakerBio: Troy Defty, Security Engineering Manager
\nFollowing over a decade in the UK and Australian InfoSec industries, including an 8-and-a-half year stint in red teaming, Troy jumped the proverbial fence from red to blue, and is currently a Security Engineering Manager at a tech company. His interest and experience is in detection engineering, red teaming, threat modelling, hardware, and assessing ICS environments. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and making piano-related noise.
\n\n\n\'',NULL,614282),('2_Friday','10','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Finding the Needle: An Introduction to Detection Engineering\'','\'Kathy Zhu,Troy Defty\'','WS_55ce12c74a5675c413494ecb02dac3e2','\'\'',NULL,614283),('2_Friday','11','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Finding the Needle: An Introduction to Detection Engineering\'','\'Kathy Zhu,Troy Defty\'','WS_55ce12c74a5675c413494ecb02dac3e2','\'\'',NULL,614284),('2_Friday','12','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Finding the Needle: An Introduction to Detection Engineering\'','\'Kathy Zhu,Troy Defty\'','WS_55ce12c74a5675c413494ecb02dac3e2','\'\'',NULL,614285),('2_Friday','09','09:00','12:59','N','WS','Springhill Suites/Sands','\'Sold Out - Machine Learning for N00bs\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_257a900048db1900c3d30216c297af7d','\'Title: Sold Out - Machine Learning for N00bs
\nWhen: Friday, Aug 9, 09:00 - 12:59 PDT
\nWhere: Springhill Suites/Sands - Map
\n
\nDescription:
\nEvery technical product is now incorporating machine learning at an explosive rate. But most people, even those with strong technical skills, don\'t understand how it works, what its capabilities are, and what security risks come with it. In this workshop, we\'ll make machine learning models using simple Python scripts, train them, and evaluate their worth. Projects include computer vision, breaking a CAPTCHA, deblurring images, regression, and classification tasks. We will perform poisoning and evasion attacks on machine learning systems, and implement deep neural rejection to block such attacks.\nNo experience with programming or machine learning is required, and the only software required is a Web browser. We will use TensorFlow on free Google Colab cloud systems. \nAll materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.
\n\nSpeakers:Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne
\n
\nSpeakerBio: Elizabeth Biddlecome
\nElizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.
\n\nSpeakerBio: Irvin Lemus, Cyber Range Engineer at By Light IT Professional Services
\nIrvin Lemus, CISSP is a Cyber Range Engineer at By Light IT Professional Services, training military personnel through international cyber security exercises. Irvin has been in the field since 2006, involved with cybersecurity competitions since 2015 as a trainer, coach, and mentor. He also has taught IT and Cybersecurity courses at Coastline and Cabrillo Colleges. He is the BACCC Cyber Competitions Regional Coordinator, Board member at Pacific Hackers and is a speaker at DEFCON. He describes himself as, \"A professional troublemaker who loves hacking all the things.\"
\n\nSpeakerBio: Kaitlyn Handelman, Offensive Security Engineer at Amazon
\nKaitlyn Handelman is an offensive security engineer at Amazon. Her focus is cybersecurity in space. In addition to traditional penetration testing, Kaitlyn works on physical devices and RF signals. In her free time, she enjoys ham radio, astronomy, and her cat, Astrocat.
\n\nSpeakerBio: Sam Bowne, Instructor at City College San Francisco
\nSam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000, and is the founder of Infosec Decoded, Inc. He has given talks and hands-on trainings at Black Hat USA, RSA, DEF CON, DEF CON China, HOPE, and many other conferences.\nCredentials: PhD, CISSP, DEF CON Black Badge Co-Winner
\n\n\n\'',NULL,614286),('2_Friday','10','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Machine Learning for N00bs\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_257a900048db1900c3d30216c297af7d','\'\'',NULL,614287),('2_Friday','11','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Machine Learning for N00bs\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_257a900048db1900c3d30216c297af7d','\'\'',NULL,614288),('2_Friday','12','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Machine Learning for N00bs\'','\'Elizabeth Biddlecome,Irvin Lemus,Kaitlyn Handelman,Sam Bowne\'','WS_257a900048db1900c3d30216c297af7d','\'\'',NULL,614289),('2_Friday','09','09:00','12:59','N','WS','Springhill Suites/Frontier','\'Sold Out - Small Choices, Global Repercussions: A Tabletop Exercise about Decision-Making in Healthcare Cybersecurity\'','\'Isabel Straw,Jorge Acevedo Canabal,Nathan Case\'','WS_8b75a366a43f2c8c5026d5191a1f5cb2','\'Title: Sold Out - Small Choices, Global Repercussions: A Tabletop Exercise about Decision-Making in Healthcare Cybersecurity
\nWhen: Friday, Aug 9, 09:00 - 12:59 PDT
\nWhere: Springhill Suites/Frontier - Map
\n
\nDescription:
\nIn the unpredictable world of healthcare, the ability to respond effectively to emergencies and technology failures is paramount to ensuring patient safety and continuity of care. As hospitals and emergency rooms increasingly rely on technology to deliver critical services, it\'s essential for all personnel to understand the complex interplay between technology, emergency response, and the potential cascading effects of failures. This immersive workshop is designed to equip participants with the knowledge and skills needed to navigate emergencies and technology failures in healthcare environments. Through a series of simulated scenarios encompassing various emergency situations and technology breakdowns, participants will explore the intricate challenges of maintaining operational resilience in the face of adversity.\nFrom power outages to cyberattacks, participants will learn how to identify, assess, and respond to emergencies with a focus on mitigating second and third-order consequences. Leveraging real-time data and insights from tools and techniques, participants will gain practical experience in detecting anomalies, coordinating response efforts, and minimizing disruption to patient care.\nKey Learning Objectives:\nUnderstand the complex interplay between technology, emergency response, and the potential cascading effects of failures in healthcare environments.\nExplore various emergency scenarios and technology failures, including power outages, cyberattacks, and system malfunctions.\nGain practical experience in assessing the impact of emergencies and technology failures on patient care and operational continuity.\nLearn how to use the available tools for real-time monitoring, detection, and response to security incidents and technology failures.\nDiscuss strategies for mitigating second and third-order consequences of emergencies and technology failures, including communication, collaboration, and contingency planning.
\n\nSpeakers:Isabel Straw,Jorge Acevedo Canabal,Nathan Case
\n
\nSpeakerBio: Isabel Straw, MD
\nUK Emergency Doctor, Artificial intelligence in Health PHD & Cybersecurity Researcher, Fulbright & Thouron Alum (Global Health Scholar)
\n\nSpeakerBio: Jorge Acevedo Canabal, Adjunct Professor at University of Puerto RicoMD
\nPhysician, Adjunct Professor at University of Puerto Rico with Research in Natural Disaster Recovery, Emerging Healthcare Crises, Cyber Resiliency, and Vulnerable Populations (rare genetic disease, extremes of human life-span)
\n\nSpeakerBio: Nathan Case
\nCISO, CTO, Incident Responder, Tinkerer, and Dumpster fire guru
\n\n\n\'',NULL,614290),('2_Friday','10','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Small Choices, Global Repercussions: A Tabletop Exercise about Decision-Making in Healthcare Cybersecurity\'','\'Isabel Straw,Jorge Acevedo Canabal,Nathan Case\'','WS_8b75a366a43f2c8c5026d5191a1f5cb2','\'\'',NULL,614291),('2_Friday','11','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Small Choices, Global Repercussions: A Tabletop Exercise about Decision-Making in Healthcare Cybersecurity\'','\'Isabel Straw,Jorge Acevedo Canabal,Nathan Case\'','WS_8b75a366a43f2c8c5026d5191a1f5cb2','\'\'',NULL,614292),('2_Friday','12','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Small Choices, Global Repercussions: A Tabletop Exercise about Decision-Making in Healthcare Cybersecurity\'','\'Isabel Straw,Jorge Acevedo Canabal,Nathan Case\'','WS_8b75a366a43f2c8c5026d5191a1f5cb2','\'\'',NULL,614293),('2_Friday','09','09:00','12:59','N','WS','Springhill Suites/Dean Martin','\'Sold Out - Traumatic Library Loading : If you want to use it, you have to implement it...\'','\'Yoann Dequeker\'','WS_2cac49c1189f264df54e8c86d40c0bcd','\'Title: Sold Out - Traumatic Library Loading : If you want to use it, you have to implement it...
\nWhen: Friday, Aug 9, 09:00 - 12:59 PDT
\nWhere: Springhill Suites/Dean Martin - Map
\n
\nDescription:
\nDLL Loading is one of the most important parts of the Windows system. When you install, run, use, or hack a system, you will always use DLL. This DLL mechanism has been exploited for several years for malware development through several techniques : DLL injection, DLL sideloading, Reflective DLL but do you really know how Windows is loading a DLL ? Do you know how it links all sections ? Which structures are used to store internally ? How does it resolve dependencies ? And are you able to design your own Perfect DLL Loader that fully integrate with the WIN32API? \nIn this workshop, you will lose you sanity and dive into the Windows DLL mechanism. Armed with your decompiler and your brain, step by step, you will build your own (almost) Perfect DLL loader.\nYou will try to load from the simple AMSI.DLL to the most complexe WINHTTP.DLL. At each step, you will dive deeper into the Windows DLL Loader and the Windows Internals.\nMalware developers, you will be able to use this code as a PE loader that never failed me for the last years and a DLL loader that does not raise the LoadImage kernel callback you can use on your own C2 beacon.\nWARNING: while this is a windows internal DISCOVERY discovery course, it is still a HIGHLY TECHNICAL workshop. You should have some entry-level knowledge on Windows systems, C programing and reverse engineering to fully enjoy the workshop.\nIt is expected from the student to bring a laptop with either a Windows 10 or Windows 10 VM, a C compiler (Mingw or MSVC), a decompiler (IDA Free or Ghidra), the WinDBG debugger and the Sysinternals suite. I will personally use the following toolchain : WIN10, MSVC, IDA, WinDBG Preview.
\n\nSpeakerBio: Yoann Dequeker, Red Team Operator at Wavestone
\nYoann Dequeker (@OtterHacker) is a red team operator at Wavestone entitle with OSCP and CRTO certification. Aside from his RedTeam engagements and his contributions to public projects such as Impacket, he spends time working on Malware Development to ease beacon deployment and EDR bypass during engagements and is currently developing a fully custom C2. His research leads him to present his results on several conferences such as LeHack (Paris), Insomni\'hack (Swiss) or even through a 4-hour malware workshop at Defcon31 (Las Vegas). All along the year, he publishes several white papers on the techniques he discovered or upgraded and the vulnerabilities he found on public products.
\n\n\n\'',NULL,614294),('2_Friday','10','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Traumatic Library Loading : If you want to use it, you have to implement it...\'','\'Yoann Dequeker\'','WS_2cac49c1189f264df54e8c86d40c0bcd','\'\'',NULL,614295),('2_Friday','11','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Traumatic Library Loading : If you want to use it, you have to implement it...\'','\'Yoann Dequeker\'','WS_2cac49c1189f264df54e8c86d40c0bcd','\'\'',NULL,614296),('2_Friday','12','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Traumatic Library Loading : If you want to use it, you have to implement it...\'','\'Yoann Dequeker\'','WS_2cac49c1189f264df54e8c86d40c0bcd','\'\'',NULL,614297),('2_Friday','09','09:00','12:59','N','WS','Springhill Suites/Dunes','\'Sold Out - Whitebox Web Exploit Development\'','\'Cale Smith,Priyanka Joshi\'','WS_492617df489b8b3c0ed3b01f453e9d57','\'Title: Sold Out - Whitebox Web Exploit Development
\nWhen: Friday, Aug 9, 09:00 - 12:59 PDT
\nWhere: Springhill Suites/Dunes - Map
\n
\nDescription:
\nGain experience popping root shells on real world web applications and taking your hacking skills to the next level. Students will learn accessible and powerful vulnerability discovery techniques to identify, exploit and chain vulnerabilities for root shells. Getting hands-on experience using free and widely available Linux utilities to debug and dynamically monitor applications, to more effectively discover and exploit vulnerabilities. Using a whitebox approach students will rapidly discover and exploit non-trivial bugs. A progressive hint system will be used during the labs to incrementally reveal step-by-step progressions of each exploit exercise in case students are stuck or fall behind.\nCourse Objectives:\n--Students will gain hands-on experience analyzing and developing exploits for real world application vulnerabilities.\n--Students will learn how to discover vulnerabilities and subsequently weaponize them in an exploit chain to spawn remote shells on application servers.\n--Students will gain experience using open source linux tools like strace and tcpdump to analyze application behavior and isolate vulnerabilities.\n--Students will gain experience weaponizing web application vulnerabilities and writing exploits\nUpon Completion of this training, attendees will know:\n--How to identify situations where openbox application vulnerability assessments are appropriate and how to leverage this powerful context.\n--How to utilize openbox penetration testing methodologies to achieve more thorough and effective assessments.\n--How to leverage vulnerability chaining to assemble multiple medium criticality findings into a single remote root exploit.
\n\nSpeakers:Cale Smith,Priyanka Joshi
\n
\nSpeakerBio: Cale Smith, Amazon
\nCale Smith is a nerd who loves both building but also breaking, so he can get better at building. He is passionate about understanding how anything and everything works, improving security along the way is just a bonus. Also, he is passionate about sharing his passion and created this course to pass along some of the more accessible techniques he has picked. His professional career originated exclusively as a builder, but has been focusing on the security and breaking side for the last 15 years. During that time he has dabbled in the web weenie life, cloud, binary, IoT and mobile most recently. Currently he manages a device oriented AppSec team at Amazon. While AFK he is probably riding a bike or climbing rocks.
\n\nSpeakerBio: Priyanka Joshi, Security Engineer, Ring AppSec at Amazon
\nPriyanka Joshi started her career through the academic path of computer engineering followed by a masters degree in information security. Her learning journey truly began doing security engineering in the industry. She discovered her passion in the identity space during her first software security engineer job at an ancient mid sized company. There she focused on research, development, maintenance and security testing of OAuth2.0/OpenID implementations for over two years. In her current appsec engineer role at Amazon, she enjoys working on secure design assessments, bug bounty triage and fix validation, consults and security testing of web services. Outside of work, she enjoys hiking, sketching, music, watching anime and reading manga.
\n\n\n\'',NULL,614298),('2_Friday','10','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Whitebox Web Exploit Development\'','\'Cale Smith,Priyanka Joshi\'','WS_492617df489b8b3c0ed3b01f453e9d57','\'\'',NULL,614299),('2_Friday','11','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Whitebox Web Exploit Development\'','\'Cale Smith,Priyanka Joshi\'','WS_492617df489b8b3c0ed3b01f453e9d57','\'\'',NULL,614300),('2_Friday','12','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Whitebox Web Exploit Development\'','\'Cale Smith,Priyanka Joshi\'','WS_492617df489b8b3c0ed3b01f453e9d57','\'\'',NULL,614301),('2_Friday','14','14:00','17:59','N','WS','Springhill Suites/Sands','\'Sold Out - Dissecting and Defeating Ransomware\'s Evasion Tactics\'','\'Aaron Rosenmund,Josh Stroschein,Ryan Chapman\'','WS_4216a8a5ca52106b718a41589d07eab1','\'Title: Sold Out - Dissecting and Defeating Ransomware\'s Evasion Tactics
\nWhen: Friday, Aug 9, 14:00 - 17:59 PDT
\nWhere: Springhill Suites/Sands - Map
\n
\nDescription:
\nGain a deeper understanding of how ransomware evades analysis and learn how to identify and counter these techniques. This workshop will explore common evasion methods, how they work, and how you can develop the skills to write code that re-enacts these methods. This workshop will begin by showing you how ransomware builders work. How do the builders generate reliable, viable ransomware code? You’ll learn! Once built, how do these malicious binaries implement analysis evasion techniques? Which techniques are used often? How do they function? We\'ll dive into the most prevalent techniques to show you how they work and why. Finally, you will learn how to re-enact some of these techniques along with more advanced methods within your own code. Are you ready to take your reverse engineering and coding skills to the next levels? – Let’s do this! And remember: #RansomwareSucks!
\n\nSpeakers:Aaron Rosenmund,Josh Stroschein,Ryan Chapman
\n
\nSpeakerBio: Aaron Rosenmund, Senior Director of Content Strategy & Curriculum at Pluralsight
\nAaron Rosenmund is the Senior Director of Content Strategy & Curriculum for Pluralsight, where he has also authored over 115 courses and technical labs across offensive and defensive security operations topics. Part time work includes service as an Cyber Warfare Operations office in the Delaware Air National guard, where he has also led a 100+ member red team for the largest cyber exercise in the Nation, Cybershield.
\n\nSpeakerBio: Josh Stroschein, Reverse Engineer, FLARE team at Google
\nJosh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, RE, and other security topics.
\n\nSpeakerBio: Ryan Chapman
\nRyan Chapman is the author of SANS’ “FOR528: Ransomware and Cyber Extortion” course, teaches SANS’ “FOR610: Reverse Engineering Malware” course, works as a threat hunter @ $dayJob, and is an author for Pluralsight. Ryan has a passion for life-long learning, loves to teach people about ransomware-related attacks, and enjoys pulling apart malware.
\n\n\n\'',NULL,614302),('2_Friday','15','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Dissecting and Defeating Ransomware\'s Evasion Tactics\'','\'Aaron Rosenmund,Josh Stroschein,Ryan Chapman\'','WS_4216a8a5ca52106b718a41589d07eab1','\'\'',NULL,614303),('2_Friday','16','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Dissecting and Defeating Ransomware\'s Evasion Tactics\'','\'Aaron Rosenmund,Josh Stroschein,Ryan Chapman\'','WS_4216a8a5ca52106b718a41589d07eab1','\'\'',NULL,614304),('2_Friday','17','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Dissecting and Defeating Ransomware\'s Evasion Tactics\'','\'Aaron Rosenmund,Josh Stroschein,Ryan Chapman\'','WS_4216a8a5ca52106b718a41589d07eab1','\'\'',NULL,614305),('2_Friday','14','14:00','17:59','N','WS','Springhill Suites/Frontier','\'Sold Out - From an attacker\'s lair to your home: A practical journey through the world of Malware\'','\'Sebastian Tapia De la torre\'','WS_d7371a45a7409c6ca2285aefea14b217','\'Title: Sold Out - From an attacker\'s lair to your home: A practical journey through the world of Malware
\nWhen: Friday, Aug 9, 14:00 - 17:59 PDT
\nWhere: Springhill Suites/Frontier - Map
\n
\nDescription:
\nAre you ready to dive deep into the world of malware analysis? Join me for an immersive workshop that will demystify the process of dissecting and analyzing malicious software. Throughout this hands-on session, participants will explore essential techniques and methodologies for uncovering the inner workings of malware and identifying potential threats.\nDuring the workshop we will analyze different kinds of malware, from malicious documents, .NET malware and more . Through practical demonstrations attendees will learn how to conduct static and dynamic analysis effectively, gaining valuable insights into malware behaviors and characteristics. Moreover, attendees will gain firsthand experience in executing and analyzing techniques used by attackers, deepening their understanding of how threat actors operate and how to detect and mitigate their malware effectively.\nBy the end of the workshop, attendees will have developed practical skills and techniques for analyzing real-world malware samples, empowering them to defend against evolving cyberthreats effectively.
\n\nSpeakerBio: Sebastian Tapia De la torre, Offensive Security Architect
\nSebastian\'s journey into cybersecurity began with a childhood fascination for taking things apart and figuring out how they worked. As he grew older, this curiosity evolved into a passion for hacking and uncovering vulnerabilities in websites and applications, landing him a role in vulnerability management. Eventually, he pivoted into a Security Architect role, where he applied offensive thinking with defensive strategies to advance the security posture of the company he works for. Now an Offensive Security Architect, Sebastian specializes in designing and leading purple team exercises, leveraging real attacker TTPs to test and enhance their security posture effectively.
\n\n\n\'',NULL,614306),('2_Friday','15','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - From an attacker\'s lair to your home: A practical journey through the world of Malware\'','\'Sebastian Tapia De la torre\'','WS_d7371a45a7409c6ca2285aefea14b217','\'\'',NULL,614307),('2_Friday','16','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - From an attacker\'s lair to your home: A practical journey through the world of Malware\'','\'Sebastian Tapia De la torre\'','WS_d7371a45a7409c6ca2285aefea14b217','\'\'',NULL,614308),('2_Friday','17','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - From an attacker\'s lair to your home: A practical journey through the world of Malware\'','\'Sebastian Tapia De la torre\'','WS_d7371a45a7409c6ca2285aefea14b217','\'\'',NULL,614309),('2_Friday','14','14:00','17:59','N','WS','Springhill Suites/Dean Martin','\'Sold Out - Ghidra Analysis & Automation Masterclass\'','\'Max \"Libra\" Kersten\'','WS_b7238e38113340dcd559f0a93fca3cd3','\'Title: Sold Out - Ghidra Analysis & Automation Masterclass
\nWhen: Friday, Aug 9, 14:00 - 17:59 PDT
\nWhere: Springhill Suites/Dean Martin - Map
\n
\nDescription:
\nReverse engineering is done for a variety of reasons, most commonly to analyze malware, when searching for (and when looking to understand) vulnerabilities, or simply because of one’s curiosity. The NSA understood this early on and developed a framework to aid them in their reversing endeavors, which they open-sourced in early 2019: Ghidra. Since then, Ghidra has been one of the industry standard tools to analyze files, mainly due to its active development, as well as due to its accessible and versatile nature.
\n\nThis four-hour workshop primarily focuses on the analyst mindset and fundamental knowledge with regards to reverse engineering, including but not limited to understanding Ghidra’s core capabilities such as the disassembly and decompiler views, creating and retyping data structures, writing scripts to extend and automate tasks, and the creation and use of function recognition databases for FunctionID and BSim.
\n\nThe concepts behind the capabilities of Ghidra are the focus of the theory and during the hands-on exercises, allowing one to transfer the gained knowledge to another tool if so desired. As such, this class is perfect for aspiring and beginning analysts, while also providing background information and additional techniques for intermediate analysts.
\n\nThe workshop’s materials will partially consist of multiple malware samples, the precautions for which will be explained in-detail during the workshop, ensuring the safety and integrity of the systems of the attendees. A laptop with a preinstalled Intel based 64-bit Ubuntu 22.04 VM, along with Ghidra, Eclipse, and OpenJDK 21 is required.
\n\nAdditionally, knowing how to read C/C++ is required when dealing with decompiled code. Being able to read and write Java is required for the automation scripting, even though Python 2 can be used as well. If you cannot write Java and would still like to participate, you are welcome, but do note that this will impede some parts of the workshop’s exercises.
\n\nSpeakerBio: Max \"Libra\" Kersten
\nMax Kersten is a malware analyst, blogger, and speaker who aims to make malware analysis more approachable for those who are starting. In 2019, Max graduated cum laude with a bachelor\'s in IT & Cyber Security, during which Max also worked as an Android malware analyst. Currently, Max works as a malware analyst at Trellix, where he analyses APT malware and creates open-source tooling to aid such research. Over the past few years, Max spoke at international conferences, such as DEFCON, Black Hat (USA, EU, MEA, Asia), Botconf, Confidence-Conference, HackYeahPL, and HackFestCA. Additionally, he gave guest lectures and workshops for DEFCON, Botconf, several universities, and private entities.
\n\n\n\'',NULL,614310),('2_Friday','15','14:00','17:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Ghidra Analysis & Automation Masterclass\'','\'Max \"Libra\" Kersten\'','WS_b7238e38113340dcd559f0a93fca3cd3','\'\'',NULL,614311),('2_Friday','16','14:00','17:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Ghidra Analysis & Automation Masterclass\'','\'Max \"Libra\" Kersten\'','WS_b7238e38113340dcd559f0a93fca3cd3','\'\'',NULL,614312),('2_Friday','17','14:00','17:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Ghidra Analysis & Automation Masterclass\'','\'Max \"Libra\" Kersten\'','WS_b7238e38113340dcd559f0a93fca3cd3','\'\'',NULL,614313),('2_Friday','14','14:00','17:59','N','WS','Springhill Suites/Dunes','\'Sold Out - Hack the connected plant!\'','\'Alexandrine Torrents,Arnaud Soullié\'','WS_b7abb1fa014fea6a6b4fdef4f9937437','\'Title: Sold Out - Hack the connected plant!
\nWhen: Friday, Aug 9, 14:00 - 17:59 PDT
\nWhere: Springhill Suites/Dunes - Map
\n
\nDescription:
\nTired of legacy ICS systems? Attend this workshop to hack the next generation of Industrial Control Systems! No more Modbus, no more standard PLC, no more Purdue model!\nThis workshop is designed to show what the future might look like for Industrial Control Systems, and how it will impact cybersecurity.\nWe’ll bring a realistic ICS setup that features all the fancy current and future trends: SD-WAN and Zero Trust, OPC-UA, MQTT, Digital Twin, Edge devices and soft-PLCs to control a small-scale industrial process simulation.\nAfter a short introduction, we’ll get into hacking! We will walk you through a CTF-style exercise to go from 0 to full industrial process hacking! The CTF will be guided so that everyone learns something and gets a chance to get most flags!
\n\nSpeakers:Alexandrine Torrents,Arnaud Soullié
\n
\nSpeakerBio: Alexandrine Torrents, Cybersecurity Expert at Wavestone
\nAlexandrine Torrents is a cybersecurity expert at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.
\n\nSpeakerBio: Arnaud Soullié, Senior Manager at Wavestone
\nArnaud Soullié (@arnaudsoullie) is a Senior Manager at Wavestone, a global consulting company. For 14 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He spoke and taught workshops at numerous security conferences on ICS topics : BlackHat Europe, BruCon, CS3STHLM, BSides Las Vegas, DEFCON... He is also the creator of the DYODE project, an opensource data diode aimed at ICS. He has been teaching ICS cybersecurity training since 2015
\n\n\n\'',NULL,614314),('2_Friday','15','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Hack the connected plant!\'','\'Alexandrine Torrents,Arnaud Soullié\'','WS_b7abb1fa014fea6a6b4fdef4f9937437','\'\'',NULL,614315),('2_Friday','16','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Hack the connected plant!\'','\'Alexandrine Torrents,Arnaud Soullié\'','WS_b7abb1fa014fea6a6b4fdef4f9937437','\'\'',NULL,614316),('2_Friday','17','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Hack the connected plant!\'','\'Alexandrine Torrents,Arnaud Soullié\'','WS_b7abb1fa014fea6a6b4fdef4f9937437','\'\'',NULL,614317),('2_Friday','14','14:00','17:59','N','WS','Springhill Suites/Desert Inn','\'Sold Out - Learning to Hack Bluetooth Low Energy with BLE CTF\'','\'Alek Amrani,Ryan Holeman\'','WS_d75f8653a17b9ee668ccbb8764aa96ff','\'Title: Sold Out - Learning to Hack Bluetooth Low Energy with BLE CTF
\nWhen: Friday, Aug 9, 14:00 - 17:59 PDT
\nWhere: Springhill Suites/Desert Inn - Map
\n
\nDescription:
\nBLE CTF is a series of Bluetooth Low Energy challenges in a capture-the-flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. \nOver the past few years, BLE CTF has expanded to support multiple platforms and skill levels. Various books, workshops, training, and conferences have utilized it as an educational platform and CTF. As an open source, low-cost of entry, and expandable education solution, BLE CTF has helped progress Bluetooth security research.\nThis workshop will teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. For this workshop, we will undergo a series of exercises to teach beginner students new concepts and allow more seasoned users to try new tools and techniques. After completing this workshop, you should have a good solid understanding of how to interact with and hack on BLE devices in the wild.\nIf you have done BLE CTF in the past, this class is still valuable. For advanced users, we offer BLE CTF Infinity, a sequel to BLE CTF. The workshop will also showcase new hardware platforms and client tools for interacting with and completing the exercises.\nTo prepare for the workshop, please follow the setup documentation located at https://github.com/hackgnar/ble_ctf/blob/master/docs/workshop_setup.md
\n\nSpeakers:Alek Amrani,Ryan Holeman
\n
\nSpeakerBio: Alek Amrani
\nAlek Amrani is bad at expense reports.
\n\nSpeakerBio: Ryan Holeman, CISO at Stability AI
\nRyan Holeman resides in Austin, Texas, where he works as the CISO for Stability AI. He is currently pursuing a Ph.D. in cyber defense from Dakota State University. He has spoken at respected venues such as Black Hat, DEF CON, Lockdown, BSides, Ruxcon, Notacon, and Shmoocon. You can keep up with his current activity, open source contributions, and general news on his blog. His spare time is mostly spent digging into various network protocols, random hacking, creating art, and shredding local skateparks.
\n\n\n\'',NULL,614318),('2_Friday','15','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Learning to Hack Bluetooth Low Energy with BLE CTF\'','\'Alek Amrani,Ryan Holeman\'','WS_d75f8653a17b9ee668ccbb8764aa96ff','\'\'',NULL,614319),('2_Friday','16','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Learning to Hack Bluetooth Low Energy with BLE CTF\'','\'Alek Amrani,Ryan Holeman\'','WS_d75f8653a17b9ee668ccbb8764aa96ff','\'\'',NULL,614320),('2_Friday','17','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Learning to Hack Bluetooth Low Energy with BLE CTF\'','\'Alek Amrani,Ryan Holeman\'','WS_d75f8653a17b9ee668ccbb8764aa96ff','\'\'',NULL,614321),('3_Saturday','09','09:00','12:59','N','WS','Springhill Suites/Dunes','\'Sold Out - Capture the Flag 101\'','\'Micah Silverman\'','WS_98d0f882a8354a4f1fd8cff47a9eac29','\'Title: Sold Out - Capture the Flag 101
\nWhen: Saturday, Aug 10, 09:00 - 12:59 PDT
\nWhere: Springhill Suites/Dunes - Map
\n
\nDescription:
\nCapture the Flag (CTF) is a competition where teams and individuals compete to solve security challenges. The one that collects most flags the fastest wins the competition (and typically, prizes).\nCTF-101 is an interactive workshop where we attendees learn about CTF competitions and common security vulnerabilities in a game-like environment. A couple of challenges are presented throughout the session and our hosts walk through how to solve them and provide support as attendees try to solve the challenges during the live hacking part of the workshop. Plus, there’s a leaderboard for attendees to track their progress.
\n\nSpeakerBio: Micah Silverman, Director of Security Relations at Snyk
\nMicah is Snyk\'s Director of Security Relations. With 29 years of Java Experience (yup, that\'s from the beginning) and 23 years as a security professional Micah\'s authored numerous articles, co-authored a Java EE book, and spoken at many conferences. He\'s a maker, who\'s built full-size MAME arcade cabinets and repaired old electronic games (http://afitnerd.com/2011/10/16/weekend-project-fix-dark-tower/). He brings his love of all things security and Java to a conference near you!
\n\n\n\'',NULL,614322),('3_Saturday','10','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Capture the Flag 101\'','\'Micah Silverman\'','WS_98d0f882a8354a4f1fd8cff47a9eac29','\'\'',NULL,614323),('3_Saturday','11','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Capture the Flag 101\'','\'Micah Silverman\'','WS_98d0f882a8354a4f1fd8cff47a9eac29','\'\'',NULL,614324),('3_Saturday','12','09:00','12:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Capture the Flag 101\'','\'Micah Silverman\'','WS_98d0f882a8354a4f1fd8cff47a9eac29','\'\'',NULL,614325),('3_Saturday','09','09:00','12:59','N','WS','Springhill Suites/Frontier','\'Sold Out - Hacking Apps on Salesforce\'','\'Rodney David Beede\'','WS_d794fe6f7f4ae5ed68bbd3388cb8a22c','\'Title: Sold Out - Hacking Apps on Salesforce
\nWhen: Saturday, Aug 10, 09:00 - 12:59 PDT
\nWhere: Springhill Suites/Frontier - Map
\n
\nDescription:
\nThis training will cover how to discover vulnerabilities in custom Salesforce applications hosted on the Salesforce PaaS platform. This is not hacking Salesforce itself, but instead custom applications deployed by customers of Salesforce. You should already know OWASP Top 10 fundamentals such as how XSS or injection attacks work. You will learn how to find vulnerabilities specific to Salesforce apps such as SOQL injection, SOSL, cross-site scripting filter bypasses, and bypassing access controls of hidden functions to exfiltrate data.\nA new open-source tool “PaaS Cloud Goat” will be used to provide a simulated vulnerable Salesforce application for testing. Students will be expected to use a MitM proxy tool (Burp Suite) to craft malicious attacks to exploit the application. This training will provide a lab manual and live walk-through of the attack process and methods. We will also cover source code review and practice how to find vulnerabilities in code and translate them to working exploits of the simulator app.
\n\nTakeaways:\n1. Hands-on learning opportunity of pen testing custom Salesforce applications\n2. Detailed training documentation material about the underlying flaws\n3. Consolidated list of common Salesforce application vulnerabilities
\n\nSpeakerBio: Rodney David Beede, Principal Consultant
\nRodney is a principal consultant and has specialized in web and cloud security for over 10 years. He has spoken at multiple conferences on topics from cloud security engineering to IoT device hacking. He has multiple CVEs for discovered web application security vulnerabilities. He started his career in enterprise web application software development but shifted to the security industry with his master\'s thesis research project \"A Framework for Benevolent Computer Worms\" 2012.
\n\n\n\'',NULL,614326),('3_Saturday','10','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Hacking Apps on Salesforce\'','\'Rodney David Beede\'','WS_d794fe6f7f4ae5ed68bbd3388cb8a22c','\'\'',NULL,614327),('3_Saturday','11','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Hacking Apps on Salesforce\'','\'Rodney David Beede\'','WS_d794fe6f7f4ae5ed68bbd3388cb8a22c','\'\'',NULL,614328),('3_Saturday','12','09:00','12:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Hacking Apps on Salesforce\'','\'Rodney David Beede\'','WS_d794fe6f7f4ae5ed68bbd3388cb8a22c','\'\'',NULL,614329),('3_Saturday','09','09:00','12:59','N','WS','Springhill Suites/Desert Inn','\'Sold Out - Hacking The Metal: A Spark of Intelligence\'','\'eigentourist\'','WS_87823cbf53064a0eadf88b156ca3ecec','\'Title: Sold Out - Hacking The Metal: A Spark of Intelligence
\nWhen: Saturday, Aug 10, 09:00 - 12:59 PDT
\nWhere: Springhill Suites/Desert Inn - Map
\n
\nDescription:
\nWe live in a time of unexpected transformation. Machines can hold conversations, compose prose and poetry, and generate very convincing deepfakes. The field of AI where this all happens – deep learning – has a long history, starting with one simple building block: the neural network.\nIn this workshop, we will tour through the evolution of neural networks and discover that much of their evolution occurred in the world of low-level programming. Using C, C++ and a bit of assembly language, we will learn the fundamentals behind neural networks in their various forms, and build a foundation of knowledge that will allow us to understand how we arrived at large language models, the current state of the art. Most importantly, we will discover how far we can stretch everyday hardware to run deep learning models that solve interesting problems.
\n\nSpeakerBio: eigentourist
\nEigentourist is a programmer who learned the craft in the early 1980s. He began formal education in computer science when the height of software engineering discipline meant avoiding the use of GOTO statements. Over the course of his career, he has created code of beautiful simplicity and elegance, and of horrific complexity and unpredictability. Sometimes, it\'s hard to tell which was which. Today, he works on systems integration and engineering in the healthcare industry.
\n\n\n\'',NULL,614330),('3_Saturday','10','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Hacking The Metal: A Spark of Intelligence\'','\'eigentourist\'','WS_87823cbf53064a0eadf88b156ca3ecec','\'\'',NULL,614331),('3_Saturday','11','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Hacking The Metal: A Spark of Intelligence\'','\'eigentourist\'','WS_87823cbf53064a0eadf88b156ca3ecec','\'\'',NULL,614332),('3_Saturday','12','09:00','12:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Hacking The Metal: A Spark of Intelligence\'','\'eigentourist\'','WS_87823cbf53064a0eadf88b156ca3ecec','\'\'',NULL,614333),('3_Saturday','09','09:00','12:59','N','WS','Springhill Suites/Sands','\'Sold Out - Industrial Control Systems: how to secure them in practice!\'','\'Alexandrine Torrents\'','WS_51d86da1c90492e4eec30bdb276d4e05','\'Title: Sold Out - Industrial Control Systems: how to secure them in practice!
\nWhen: Saturday, Aug 10, 09:00 - 12:59 PDT
\nWhere: Springhill Suites/Sands - Map
\n
\nDescription:
\n\"Pentesting ICS is too easy and you are looking for a new challenge? Attend this workshop to discover and practice how to secure Industrial Control Systems! This workshop is designed to show some key cybersecurity measures to implement on Industrial Control Systems.\nWe’ll bring a realistic but simple ICS setup and let you secure it step by step. After a short introduction, we’ll deep dive in several hands-on exercises: ICS inventory, backups, network security, system hardening and detection.\n\"
\n\nSpeakerBio: Alexandrine Torrents, Cybersecurity Expert at Wavestone
\nAlexandrine Torrents is a cybersecurity expert at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.
\n\n\n\'',NULL,614334),('3_Saturday','10','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Industrial Control Systems: how to secure them in practice!\'','\'Alexandrine Torrents\'','WS_51d86da1c90492e4eec30bdb276d4e05','\'\'',NULL,614335),('3_Saturday','11','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Industrial Control Systems: how to secure them in practice!\'','\'Alexandrine Torrents\'','WS_51d86da1c90492e4eec30bdb276d4e05','\'\'',NULL,614336),('3_Saturday','12','09:00','12:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Industrial Control Systems: how to secure them in practice!\'','\'Alexandrine Torrents\'','WS_51d86da1c90492e4eec30bdb276d4e05','\'\'',NULL,614337),('3_Saturday','09','09:00','12:59','N','WS','Springhill Suites/Dean Martin','\'Sold Out - Sharp Security from All Angles: Mastering Security in .NET Core 8 and Angular 17 Applications\'','\'Or Sahar,Yariv Tal\'','WS_9e587a9de4a64349640f01571f588f5e','\'Title: Sold Out - Sharp Security from All Angles: Mastering Security in .NET Core 8 and Angular 17 Applications
\nWhen: Saturday, Aug 10, 09:00 - 12:59 PDT
\nWhere: Springhill Suites/Dean Martin - Map
\n
\nDescription:
\nWe’ve developed an interactive workshop for all those who want to learn secure coding practices and/or experience attacking with up-to-date technologies.\nWe prefer simplicity:\nAttacks are performed with swagger and C# scripts, and exploit XSS, CSRF, SSRF, and SQLI. We’ll also steal secrets and cookies.\nSecure coding practices are summarized in an easy-to-remember acronym (PREVENT).\nParticipants will transform RecipeRealm, a naive webapi+angular recipes repository, into a secure solution.\nThrough the hands-on real-world coding exercises, we will cover dealing with a vulnerable third party, using the built-in defense mechanism of Angular, implementing antiCSRF mechanisms, coding a secure data layer, and how to protect a web API from being exploited to get information about our internal assets.
\n\nSpeakers:Or Sahar,Yariv Tal
\n
\nSpeakerBio: Or Sahar, Co-founder at Secure From Scratch
\nOr Sahar is a security researcher and the co-founder of Secure From Scratch. With two decades of experience in software development and security, she specializes in penetration testing, application security, and instructing on secure coding practices. Currently pursuing a second Master\'s degree in computer science, Or Sahar holds a BSc in software engineering and is certified as an OSCE.
\n\nSpeakerBio: Yariv Tal
\nYariv Tal is a senior developer turned security researcher. He graduated Summa Cum Laude with a BSc in Software Engineering and is currently pursuing a Master\'s degree in Computer Science. Yariv leverages his four decades of programming experience, university lecturing, and BootCamp mentoring to promote a \"secure from scratch\" coding philosophy.
\n\n\n\'',NULL,614338),('3_Saturday','10','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Sharp Security from All Angles: Mastering Security in .NET Core 8 and Angular 17 Applications\'','\'Or Sahar,Yariv Tal\'','WS_9e587a9de4a64349640f01571f588f5e','\'\'',NULL,614339),('3_Saturday','11','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Sharp Security from All Angles: Mastering Security in .NET Core 8 and Angular 17 Applications\'','\'Or Sahar,Yariv Tal\'','WS_9e587a9de4a64349640f01571f588f5e','\'\'',NULL,614340),('3_Saturday','12','09:00','12:59','Y','WS','Springhill Suites/Dean Martin','\'Sold Out - Sharp Security from All Angles: Mastering Security in .NET Core 8 and Angular 17 Applications\'','\'Or Sahar,Yariv Tal\'','WS_9e587a9de4a64349640f01571f588f5e','\'\'',NULL,614341),('3_Saturday','14','14:00','17:59','N','WS','Springhill Suites/Dunes','\'Sold Out - Crash Course in Physical Access Control Systems\'','\'Lorenzo Pedroncelli,Randy Belbin\'','WS_47729bad318e90808072e8ca8f9eeaaf','\'Title: Sold Out - Crash Course in Physical Access Control Systems
\nWhen: Saturday, Aug 10, 14:00 - 17:59 PDT
\nWhere: Springhill Suites/Dunes - Map
\n
\nDescription:
\nThis Physical Access Control Learning Lab will teach attendees about physical access control and the systems involved. Many of the subjects being taught will be related to their cybersecurity counterparts and lots of focus placed on the why of each concept, not only the fun parts.
\n\nSpeakers:Lorenzo Pedroncelli,Randy Belbin
\n
\nSpeakerBio: Lorenzo Pedroncelli, RSA
\nLorenzo has been working with technology since childhood, directly out of high school he went to work for the National Laboratories. Lorenzo helped drive a new security initiative for High Performance Computing, eventually moving to another National Laboratory to do the same. After leaving government contracting Lorenzo joined RSA and started his first \"official\" job in cybersecurity as a consultant for NetWitness helping customers improve their knowledge and use of the SIEM. Most recently Lorenzo switched into supporting RSA\'s internal security operations, leading the Converged Security team including the Incident Response, Data Security, Cloud Security, and Endpoint Security programs, among others.
\n\nSpeakerBio: Randy Belbin, RSA
\nRandy began his Information Technology and cybersecurity career in the MSP space over a decade ago, before joining RSA as a Sales Engineer in 2016. In the years since, Randy has become an industry expert for Identity and Access Management. In 2022, Randy moved to RSA’s Security and Risk office to lead the identity program at the newly independent RSA. As part of the security team, Randy has been able to broaden his experience and currently assists with physical security, cloud security, and incident response, in addition to his role as the identity guy.
\n\n\n\'',NULL,614342),('3_Saturday','15','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Crash Course in Physical Access Control Systems\'','\'Lorenzo Pedroncelli,Randy Belbin\'','WS_47729bad318e90808072e8ca8f9eeaaf','\'\'',NULL,614343),('3_Saturday','16','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Crash Course in Physical Access Control Systems\'','\'Lorenzo Pedroncelli,Randy Belbin\'','WS_47729bad318e90808072e8ca8f9eeaaf','\'\'',NULL,614344),('3_Saturday','17','14:00','17:59','Y','WS','Springhill Suites/Dunes','\'Sold Out - Crash Course in Physical Access Control Systems\'','\'Lorenzo Pedroncelli,Randy Belbin\'','WS_47729bad318e90808072e8ca8f9eeaaf','\'\'',NULL,614345),('3_Saturday','14','14:00','17:59','N','WS','Springhill Suites/Desert Inn','\'Sold Out - Email Detection Engineering and Threat Hunting\'','\'Alfie Champion,Josh Kamdjou\'','WS_34131ec52fd35ae3b2d887985097f54b','\'Title: Sold Out - Email Detection Engineering and Threat Hunting
\nWhen: Saturday, Aug 10, 14:00 - 17:59 PDT
\nWhere: Springhill Suites/Desert Inn - Map
\n
\nDescription:
\nEmail remains the #1 initial access vector for commodity malware and nation state actors. Historically, tackling email-based threats has been considered the purview of black-box vendor solutions, with defenders having limited scope (or tooling!) to swiftly and effectively respond to emerging attacker activity and novel offensive tradecraft.\nIn this workshop, attendees will be given detailed insight into the latest techniques used to deliver prevalent malware strains, including Pikabot and DarkGate, and will hunt through email data to identify this malicious activity, developing rules to detect and block these attacks.\nInitially attendees will be introduced to the foundational technologies that enable threat hunting, detection engineering, and response in the email domain, before being given access to the email data of a fictitious company seeded with benign and real-world attack data. Throughout the day, participants will learn to hunt common phishing techniques including:\n- QR codes\n- Image-as-content\n- Drive-by delivery via links and HTML smuggling\n- Excel attachments with embedded links to SMB shares\n- ISO attachments\n- PDF attachments with embedded links to malware (PDF -> URL -> ZIP -> WSF)\n- VIP impersonations\n- BEC\nAttendees will be guided through the rule creation process, utilizing free and open detection engines including Sublime and Yara, and will be introduced to the signals and email attributes that can be used to craft high-fidelity rules, including targeted user groups, sentiment analysis, sender domain age, and attachment analysis. Having completed the workshop, attendees will have a strong understanding of the tools and techniques at their disposal to defend their organizations from all manor of email threats.
\n\nSpeakers:Alfie Champion,Josh Kamdjou
\n
\nSpeakerBio: Alfie Champion, Co-founder at DelivrTo
\nAlfie specialises in the delivery of attack detection and adversary emulation services, actively contributing education content, tooling and blogs to further the industry. He has previously worked with organisations across multiple industry verticals to uplift and validate their detective capability through red or purple team engagements, and now leads the global adversary emulation function at a FTSE 250 company. He has previously spoken at BlackHat USA, RSA and Blue Team Con 2022, among others, and is the co-founder of DelivrTo.
\n\nSpeakerBio: Josh Kamdjou, Founder and CEO at Sublime Security
\nJosh has been doing offensive security-related things for the past 12 years. He\'s spent most of his professional career breaking into networks via spear-phishing and other methods, and building software for both the public (Department of Defense) and private sectors. Josh is the Founder and CEO of Sublime Security, and in his private life enjoys weight lifting, Martial Arts, soccer, and spending time with his niece and nephew.
\n\n\n\'',NULL,614346),('3_Saturday','15','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Email Detection Engineering and Threat Hunting\'','\'Alfie Champion,Josh Kamdjou\'','WS_34131ec52fd35ae3b2d887985097f54b','\'\'',NULL,614347),('3_Saturday','16','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Email Detection Engineering and Threat Hunting\'','\'Alfie Champion,Josh Kamdjou\'','WS_34131ec52fd35ae3b2d887985097f54b','\'\'',NULL,614348),('3_Saturday','17','14:00','17:59','Y','WS','Springhill Suites/Desert Inn','\'Sold Out - Email Detection Engineering and Threat Hunting\'','\'Alfie Champion,Josh Kamdjou\'','WS_34131ec52fd35ae3b2d887985097f54b','\'\'',NULL,614349),('3_Saturday','14','14:00','17:59','N','WS','Springhill Suites/Sands','\'Sold Out - Master Class: Hands-On Machine Learning to Enhance Malware Analysis, Classification, and Detection\'','\'Solomon Sonya\'','WS_941a719327044372247fc3bd7f76c78e','\'Title: Sold Out - Master Class: Hands-On Machine Learning to Enhance Malware Analysis, Classification, and Detection
\nWhen: Saturday, Aug 10, 14:00 - 17:59 PDT
\nWhere: Springhill Suites/Sands - Map
\n
\nDescription:
\nMalware continues to increase in prevalence and sophistication. VirusTotal reported a daily submission of 2M+ malware samples. Of those 2 million malware daily submissions, over 1 million were unique malware samples. Successfully exploiting networks and systems has become a highly profitable operation for malicious threat actors. Traditional detection mechanisms including antivirus software fail to adequately detect new and varied malware. Artificial Intelligence provides advanced capabilities that can enhance cybersecurity. The purpose of this workshop is to provide an immersive, hands on projects that teach security analysts how to train Machine Learning models to detect thousands and thousands of unique malware samples. This workshop delivers a new framework that uses Machine Learning models to analyze malware, produce uniform datasets for additional analysis, and classify malicious samples into malware families. Additionally, this research presents a new Ensemble Classification Facility we developed that leverages several Machine Learning models to enhance malware classification. To our knowledge, this is the first research that utilizes Machine Learning to provide enhanced classification of an entire 200+ gigabyte-malware family corpus consisting of 80K+ unique malware samples and 70+ unique malware families. New, labeled datasets are released to aid in future classification of malware. It is time we leverage the capabilities of Artificial Intelligence and Machine Learning to enhance detection and classification of malware. Topics taught through hands-on projects include Machine Learning, Natural Language Processing, and Deep Learning models. This workshop provides a pathway to incorporate Artificial Intelligence into the automated malware analysis domain.
\n\nSpeakerBio: Solomon Sonya, Computer Science Graduate Student at Purdue University
\nSolomon Sonya (@0xSolomonSonya) is a Computer Science Graduate Student at Purdue University. He earned his undergraduate degree in Computer Science and Master’s Degrees in Computer Science, Information Systems Engineering, and Operational Strategy. Solomon routinely develops new cybersecurity tools and presents research, leads workshops, and delivers keynote addresses at cyber security conferences around the world. Prior to attending Purdue, Solomon was the Director of Cyber Operations Training. Prior to that position, Solomon was a Distinguished Computer Science Instructor at the United States Air Force Academy, Research Scholar at the University of Southern California, Los Angeles, and an Adjunct Faculty Instructor with the Advanced Course in Engineering Cyberspace Security (ACE) at the Air Force Research Lab in Rome, NY.
\n\n\n\'',NULL,614350),('3_Saturday','15','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Master Class: Hands-On Machine Learning to Enhance Malware Analysis, Classification, and Detection\'','\'Solomon Sonya\'','WS_941a719327044372247fc3bd7f76c78e','\'\'',NULL,614351),('3_Saturday','16','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Master Class: Hands-On Machine Learning to Enhance Malware Analysis, Classification, and Detection\'','\'Solomon Sonya\'','WS_941a719327044372247fc3bd7f76c78e','\'\'',NULL,614352),('3_Saturday','17','14:00','17:59','Y','WS','Springhill Suites/Sands','\'Sold Out - Master Class: Hands-On Machine Learning to Enhance Malware Analysis, Classification, and Detection\'','\'Solomon Sonya\'','WS_941a719327044372247fc3bd7f76c78e','\'\'',NULL,614353),('3_Saturday','14','14:00','17:59','N','WS','Springhill Suites/Frontier','\'Sold Out - Playing with RFID\'','\'Vinnie \"kernelpaniek\" Vanhoecke\'','WS_c854c4fe8bc9c8933f09aee6f251d438','\'Title: Sold Out - Playing with RFID
\nWhen: Saturday, Aug 10, 14:00 - 17:59 PDT
\nWhere: Springhill Suites/Frontier - Map
\n
\nDescription:
\nGet ready for everything you always wanted to know about RFID, but were afraid to ask! The workshop will start with a basic introduction to Radio-frequency Identification (RFID) and build to a set of practical hands-on challenges. The workshop delves into the theory behind RFID, including different types and protocols (insecure vs. secure types), and how to perform an assessment. Several hands-on assignments will punctuate the theory portion, preparing participants for challenges (of increasing difficulty) on an RFID simulation device, all while participants obtain points for the CTF contest. The objective is to make this workshop fun and accessible to a wide audience. The RFID protocols discussed and in the challenges will be limited to HID and Mifare Classic Instructions and walkthroughs for three devices will be available in the workshop materials, including:\n * Proxmark3\n * Flipper Zero\n * ACR122U\nACR122U devices will be available from the instructor during the workshop.
\n\nSpeakerBio: Vinnie \"kernelpaniek\" Vanhoecke, Senior Security Consultant at Bishop Fox
\nVinnie Vanhoecke (OSCE, OSCP) is a Senior Security Consultant at Bishop Fox, where he focuses on web application assessments (static and dynamic), external and internal network penetration testing, and cloud security assessments. He also has extensive experience in red teaming and mobile application assessments for Android. As hobby he likes anything from space to nature, HAM radio, 3D printing and any other IT related topic. Vinnie holds a Bachelor of Computer Science with a Computer and Cybercrime Professional specialisation from Howest in Bruges, Belgium.
\n\n\n\'',NULL,614354),('3_Saturday','15','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Playing with RFID\'','\'Vinnie \"kernelpaniek\" Vanhoecke\'','WS_c854c4fe8bc9c8933f09aee6f251d438','\'\'',NULL,614355),('3_Saturday','16','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Playing with RFID\'','\'Vinnie \"kernelpaniek\" Vanhoecke\'','WS_c854c4fe8bc9c8933f09aee6f251d438','\'\'',NULL,614356),('3_Saturday','17','14:00','17:59','Y','WS','Springhill Suites/Frontier','\'Sold Out - Playing with RFID\'','\'Vinnie \"kernelpaniek\" Vanhoecke\'','WS_c854c4fe8bc9c8933f09aee6f251d438','\'\'',NULL,614357),('2_Friday','12','12:00','12:59','N','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Aw, man…pages!\'','\'\'','CON_68a88044135c2b54fe86254cf8062b6d','\'Title: Aw, man…pages!
\nWhen: Friday, Aug 9, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage - Map
\n
\nDescription:
\nHow well do you know your man pages? Find out by teaming up with up to 3 other people (or come solo and get matched up with some new friends) and play \"Aw, man...pages!\". Across several rounds, your knowledge of man pages will be tested to the limit. Can you remember what command line flag is being described by its help text? Can you identify a tool just from a man page snippet? Can you provide the long-form flag when only given the short? Will you prove yourself worthy to be crowned the man page champion?
\n\n\'',NULL,614358),('2_Friday','13','13:00','14:59','N','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'AI Art Battle\'','\'\'','CON_080fb07bea1f9b990c23b9587767c261','\'Title: AI Art Battle
\nWhen: Friday, Aug 9, 13:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage - Map
\n
\nDescription:
\nWelcome to the “AI Art Battle\" Generative AI Art Contest!
\n\nThis unique competition invites creative minds to dive into the world of artificial intelligence and art. The challenge is to craft the most imaginative prompts that will be used by generative AI models to create artwork.
\n\nContestants will not be creating the art themselves; instead, they will focus on designing prompts for well-known topics that push the boundaries of creativity and innovation.
\n\nHow It Works:
\n\nSelect a Topic: Contestants will choose from a list of random topics.
\n\nThese could range from historical events, famous literary works, mythical creatures, futuristic landscapes, to iconic pop culture references.
\n\nCraft a Prompt:
\n\nUsing their creativity, contestants will write a detailed prompt designed to guide AI models in generating original artwork. The prompts should be clear, imaginative, and offer enough detail to spark the AI\'s artistic capabilities.
\n\nSubmission: Each contestant will submit their prompt and the intended outcome.
\n\nAI Generation: The submitted prompts will be fed into a generative AI art model, which will create corresponding artworks based on the prompts.
\n\nA random panel will determine who the winners are.
\n\nSchedule:\n- 13:00 - 13:30 setup\n- 13:30 - 14:00 qualifiers\n- 14:00 - 15:00 contest
\n\n\'',NULL,614359),('2_Friday','14','13:00','14:59','Y','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'AI Art Battle\'','\'\'','CON_080fb07bea1f9b990c23b9587767c261','\'\'',NULL,614360),('3_Saturday','11','11:00','12:59','N','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'DEF CON 32 Beard and Mustache Contest\'','\'\'','CON_61b7a1579e5dc73d0c92ab963c2cbc56','\'Title: DEF CON 32 Beard and Mustache Contest
\nWhen: Saturday, Aug 10, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage - Map
\n
\nDescription:
\nHeld every year since DEF CON 19 in 2011 (R.I.P. Riviera), (Except during that COVID thing - but we are not going to talk about that COVID thing), the DEF CON (unofficial) Beard and Mustache Contest highlights the intersection of facial hair and hacker culture.
\n\nFor 2024 there will be four categories for the competition you may only enter one:\n- Full beard: Self-explanatory, for the truly bearded.\n- Partial Beard: For those sporting Van Dykes, Goatees, Mutton Chops, and other partial beard styles.\n- Mustache only: Judging on the mustache only, even if bearded. Bring your Handlebars, Fu Manchus, or whatever adorns your upper lip.\n- Freestyle: Anything goes, including fake and creatively adorned beards. Creative women often do well in the Freestyle category.
\n\n\'',NULL,614361),('3_Saturday','12','11:00','12:59','Y','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'DEF CON 32 Beard and Mustache Contest\'','\'\'','CON_61b7a1579e5dc73d0c92ab963c2cbc56','\'\'',NULL,614362),('3_Saturday','13','13:00','14:59','N','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Hack3r Runw@y\'','\'\'','CON_2d14ee578545fd9a332282ba75ca44dd','\'Title: Hack3r Runw@y
\nWhen: Saturday, Aug 10, 13:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage - Map
\n
\nDescription:
\nGet ready to strut your stuff, hackers! We\'re thrilled to announce the 6th annual Hack3r Runw@y returning to DEF CON 32, bigger and bolder than ever.
\n\nCalling all glamorous geeks, crafty coders, and fashionably functional folks: Dust off your soldering irons, grab your needles and threads, and unleash your creativity! Hack3r Runw@y challenges you to reimagine fashion through the lens of hacking.
\n\nShow us your wearable tech wonders in the following 4 categories for a chance to win in each category plus one coveted People’s Choice trophy where ANYONE can win, but there will be a twist. Did you see this year\'s theme (hint).
\n\nSmart wear that wows: Integrate LEDs, microcontrollers, and sensors into your designs for dazzling functionality.
\n\nDigital design that dazzles: light it up with LEDs, bling with lights, but keep it passive.
\n\nFunctional Fashion: masks and shields, hazmat suit, lockpick earrings, and cufflink shims.
\n\nExtraordinary style: Elevate your daily wardrobe with unique fabrics, passive design, 3d textures, optical illusions, cosplay, and security-inspired patterns.
\n\nNo matter your skill level, Hack3r Runw@y has a place for you! Whether you\'re a seasoned maker or a coding newbie, join us in celebrating the convergence of creativity, technology, and style.
\n\nWinners selected by judges selection based on:
\n\nUniqueness\nTrendy\nPractical\nCouture\nCreativity\nRelevance\nOriginality\nPresentation\nMastery
\n\n\'',NULL,614363),('3_Saturday','14','13:00','14:59','Y','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Hack3r Runw@y\'','\'\'','CON_2d14ee578545fd9a332282ba75ca44dd','\'\'',NULL,614364),('3_Saturday','16','16:00','18:59','N','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Crash and Compile\'','\'\'','CON_724b417aa2293953ff2d45f1c911e3a0','\'Title: Crash and Compile
\nWhen: Saturday, Aug 10, 16:00 - 18:59 PDT
\nWhere: LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage - Map
\n
\nDescription:
\nIn-person contest\nFriday: 10:00 to 15:00, Qualifications \nContest Area\nSaturday: 16:00 - 19:00\nContest Stage
\n\nWhat happens when you take an ACM style programming contest, smash it head long into a drinking game, throw in a mix of our most distracting helpers, then shove the resulting chaos incarnate onto a stage? You get the contest known as Crash and Compile.
\n\nTeams are given programming challenges and have to solve them with code. If your code fails to compile? Take a drink. Segfault? Take a drink. Did your code fail to produce the correct answer when you ran it? Take a drink. We set you against the clock and the other teams. And because our \"Team Distraction\" think watching people simply code is boring, they have taken it upon themselves to be creative in hindering you from programming, much to the enjoyment of the audience. At the end of the night, one team will have proven their ability, and walk away with the coveted Crash and Compile trophy.
\n\nCrash and Compile is looking for the top programmers to test their skills in our contest. Do you have the problem solving and programming ability to complete our challenges? More importantly can you do so with style that sets your team ahead of the others? We encourage you to try your hand at the Crash and Compile qualifiers. Gather your team and see if you have the coding chops to secure your place as one of the top teams to move on to the main contest event.
\n\nQualifications for Crash and Compile will take place 10:00 to 15:00. Come see us in contest area West Hall 4, or if you are excited to get started, qualifying can be completed from anywhere, as it takes place online at https://crashandcompile.org. You need a two hour block of time to complete the qualifying round. Points are awarded based on time to complete and problem difficulty.
\n\n\'',NULL,614365),('3_Saturday','17','16:00','18:59','Y','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Crash and Compile\'','\'\'','CON_724b417aa2293953ff2d45f1c911e3a0','\'\'',NULL,614366),('3_Saturday','18','16:00','18:59','Y','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Crash and Compile\'','\'\'','CON_724b417aa2293953ff2d45f1c911e3a0','\'\'',NULL,614367),('2_Friday','10','10:00','14:59','N','CON','LVCC West/Floor 1/Hall 4/Contest Area','\'Crash and Compile - Qualifications\'','\'\'','CON_2bb9d1b7ea6710c41dab3f9ca2258a1a','\'Title: Crash and Compile - Qualifications
\nWhen: Friday, Aug 9, 10:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Contest Area - Map
\n
\nDescription:
\nWhat happens when you take an ACM style programming contest, smash it head long into a drinking game, throw in a mix of our most distracting helpers, then shove the resulting chaos incarnate onto a stage? You get the contest known as Crash and Compile.
\n\nTeams are given programming challenges and have to solve them with code. If your code fails to compile? Take a drink. Segfault? Take a drink. Did your code fail to produce the correct answer when you ran it? Take a drink. We set you against the clock and the other teams. And because our \"Team Distraction\" think watching people simply code is boring, they have taken it upon themselves to be creative in hindering you from programming, much to the enjoyment of the audience. At the end of the night, one team will have proven their ability, and walk away with the coveted Crash and Compile trophy.
\n\nCrash and Compile is looking for the top programmers to test their skills in our contest. Do you have the problem solving and programming ability to complete our challenges? More importantly can you do so with style that sets your team ahead of the others? We encourage you to try your hand at the Crash and Compile qualifiers. Gather your team and see if you have the coding chops to secure your place as one of the top teams to move on to the main contest event.
\n\nQualifications for Crash and Compile will take place 10:00 to 15:00. Come see us in contest area West Hall 4, or if you are excited to get started, qualifying can be completed from anywhere, as it takes place online at https://crashandcompile.org. You need a two hour block of time to complete the qualifying round. Points are awarded based on time to complete and problem difficulty.
\n\n\'',NULL,614368),('2_Friday','11','10:00','14:59','Y','CON','LVCC West/Floor 1/Hall 4/Contest Area','\'Crash and Compile - Qualifications\'','\'\'','CON_2bb9d1b7ea6710c41dab3f9ca2258a1a','\'\'',NULL,614369),('2_Friday','12','10:00','14:59','Y','CON','LVCC West/Floor 1/Hall 4/Contest Area','\'Crash and Compile - Qualifications\'','\'\'','CON_2bb9d1b7ea6710c41dab3f9ca2258a1a','\'\'',NULL,614370),('2_Friday','13','10:00','14:59','Y','CON','LVCC West/Floor 1/Hall 4/Contest Area','\'Crash and Compile - Qualifications\'','\'\'','CON_2bb9d1b7ea6710c41dab3f9ca2258a1a','\'\'',NULL,614371),('2_Friday','14','10:00','14:59','Y','CON','LVCC West/Floor 1/Hall 4/Contest Area','\'Crash and Compile - Qualifications\'','\'\'','CON_2bb9d1b7ea6710c41dab3f9ca2258a1a','\'\'',NULL,614372),('2_Friday','16','16:00','18:59','N','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Pub Quiz\'','\'\'','CON_a6e7dab92ea7df545d7279d3fc43c7be','\'Title: Pub Quiz
\nWhen: Friday, Aug 9, 16:00 - 18:59 PDT
\nWhere: LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage - Map
\n
\nDescription:
\nWe are back with another Pub Quiz at DEF CON. Here at Pub Quiz, we felt the need to add additional prizes for 4th and 5th place. We had a very successful one last year and we have made some improvements to make it every better. So do you like Pub Quizzes?? If you do then get your butts to join us in participating in the 2nd Pub Quiz at DEF CON 32.
\n\nQuiz will consist of 7 rounds question will include 90’s/2000’s TV and Movies, DefCon trivia, music, anime, and a little sex. The theme for our Pub Quiz will be all things that make DEF CON attendees exceptional. There will be a little something for everyone. The quiz will consist of visual and audio rounds along with some Con questions; we need to make sure we stimulate you peeps. We encourage people to get into teams of 5 or 6.
\n\nThis is a social event, so we try to get people into Teams. You never know you may meet the love of your life. Did I mention CASH! Yes we will have cold hard cash prizes for the 1st, 2nd, 3rd, 4th, and 5th high scoring groups. As always if we do have ties will be break those ties with a good old fashion dance off from a person of the tied teams. The hosts and a few goons will help in judging.
\n\n\'',NULL,614373),('2_Friday','17','16:00','18:59','Y','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Pub Quiz\'','\'\'','CON_a6e7dab92ea7df545d7279d3fc43c7be','\'\'',NULL,614374),('2_Friday','18','16:00','18:59','Y','CON','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Pub Quiz\'','\'\'','CON_a6e7dab92ea7df545d7279d3fc43c7be','\'\'',NULL,614375),('2_Friday','14','14:00','15:59','N','CON','LVCC West/Floor 1/Hall 4/Contest Area','\'Hack3r Runw@y - Signups\'','\'\'','CON_59a542cd9cf1c3cb763d6d40f8b510e7','\'Title: Hack3r Runw@y - Signups
\nWhen: Friday, Aug 9, 14:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Contest Area - Map
\n
\nDescription:
\nGet ready to strut your stuff, hackers! We\'re thrilled to announce the 6th annual Hack3r Runw@y returning to DEF CON 32, bigger and bolder than ever.
\n\nCalling all glamorous geeks, crafty coders, and fashionably functional folks: Dust off your soldering irons, grab your needles and threads, and unleash your creativity! Hack3r Runw@y challenges you to reimagine fashion through the lens of hacking.
\n\nShow us your wearable tech wonders in the following 4 categories for a chance to win in each category plus one coveted People’s Choice trophy where ANYONE can win, but there will be a twist. Did you see this year\'s theme (hint).
\n\nSmart wear that wows: Integrate LEDs, microcontrollers, and sensors into your designs for dazzling functionality.
\n\nDigital design that dazzles: light it up with LEDs, bling with lights, but keep it passive.
\n\nFunctional Fashion: masks and shields, hazmat suit, lockpick earrings, and cufflink shims.
\n\nExtraordinary style: Elevate your daily wardrobe with unique fabrics, passive design, 3d textures, optical illusions, cosplay, and security-inspired patterns.
\n\nNo matter your skill level, Hack3r Runw@y has a place for you! Whether you\'re a seasoned maker or a coding newbie, join us in celebrating the convergence of creativity, technology, and style.
\n\nWinners selected by judges selection based on:
\n\nUniqueness\nTrendy\nPractical\nCouture\nCreativity\nRelevance\nOriginality\nPresentation\nMastery
\n\n\'',NULL,614376),('2_Friday','15','14:00','15:59','Y','CON','LVCC West/Floor 1/Hall 4/Contest Area','\'Hack3r Runw@y - Signups\'','\'\'','CON_59a542cd9cf1c3cb763d6d40f8b510e7','\'\'',NULL,614377),('2_Friday','10','10:00','10:45','N','DC','LVCC West/Floor 3/W322-W327','\'Behind Enemy Lines: Going undercover to breach the LockBit Ransomware Operation\'','\'Jon DiMaggio\'','DC_19d657d9996a79658aabf8ce1de14c54','\'Title: Behind Enemy Lines: Going undercover to breach the LockBit Ransomware Operation
\nWhen: Friday, Aug 9, 10:00 - 10:45 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nDelve into the clandestine world of the LockBit ransomware gang! In this revealing presentation, I will recount my two-year journey spent infiltrating the inner ranks of the LockBit crime syndicate. Learn about the strategies employed to earn the trust of key individuals within the syndicate, including the gang\'s leader, LockBitSupp.
\n\nYou will see firsthand accounts of these exchanges, and I will detail the intricacies of my relationship with LockBit\'s leadership and its network of affiliate hackers. You will also gain insight into the unintended consequences of my actions, including how my perceived breach of their infrastructure impacted the syndicate\'s operations. More importantly, I will share how I assisted in unmasking the real-world person behind the mask of LockBitSupp.
\n\nJoin me as I illustrate the pivotal role of human intelligence in tandem with cyber threat intelligence to combat ransomware threats. This talk offers a compelling narrative of real-world efforts to thwart ransomware activities and safeguard organizations from LockBit ransomware attacks.
\n\n\n- 60 min (full episode): 4/14/2024: Scattered Spider; Knife; Tasmanian Tiger - CBS News
\n- 60 Min Overtime (additional footage from my interview about LockBit): Infiltrating ransomware gangs on the dark web - CBS News
\n- Ransomware Diaries
\n- Ransomware Diaries: Volume 1 | Analyst1
\n- Ransomware Diaries V. 2: A Ransomware Hacker Origin Story (analyst1.com)
\n- Ransomware Diaries V. 3: LockBit\'s Secrets (analyst1.com)
\n- Ransomware Diaries Volume 5: Unmasking LockBit (analyst1.com)
\n
\n\nSpeakerBio: Jon DiMaggio, Chief Security Strategist at Analyst1
\nJon DiMaggio is the chief security strategist at Analyst1 and has over 16 years of experience hunting, researching, and writing about advanced cyber threats. In 2022, Jon\'s authored his first book, \"The Art of Cyberwarfare,\" which earned him the prestigious SANS Difference Makers Award, solidifying his status as a thought leader in the industry. The following year, SANs recognized his work once again, awarding his most notable research, \"The Ransomware Diaries,\" detailing his operation to infiltrate the real-world humans behind the LockBit criminal operation. Jon’s other notable achievements include his appearance on 60 Minutes, where he discussed his undercover operations infiltrating some of the world top ransomware gangs. Jon’s research has been featured in The New York Times, Wired, Bloomberg, Fox, CNN, Reuters, and other news organizations.
\n\n\n\'',NULL,614378),('2_Friday','10','10:00','10:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Mobile Mesh RF Network Exploitation: Getting the Tea from goTenna\'','\'Erwin Karincic,Woody\'','DC_b874ceb930aacaad622e97a6aca9d6c1','\'Title: Mobile Mesh RF Network Exploitation: Getting the Tea from goTenna
\nWhen: Friday, Aug 9, 10:00 - 10:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nFalse sense of security in devices that guarantee security is worse than no security at all. One device used by personnel who require communication security is goTenna Pro radio that creates an \"off-the-grid\" encrypted mobile mesh network.This network does not require any traditional cellular or satellite infrastructure and they may be found locally in your community. The datasheet says it is using AES-256 encryption. Has anyone bothered to verify that it is being implemented in the most secure manner? We examined this device and found that it was possible to fingerprint and track every off-the-grid message regardless of encryption. We also identified vulnerabilities that result in interception and decryption of the most secure encryption algorithm AES-256 as well as injection of messages into the existing mesh network. We don’t just trust what datasheets say, we verify it for you. We will explain our testing methodologies and demonstrate exploitation in a live demo. We will discuss the operational implications of these vulnerabilities and safe ways of using these devices that decrease the chance of a compromise. The tools developed as part of this research will be released open-source to inform what was possible to inspire future research against similar devices. We will discuss how we worked with goTenna to remedy these issues.
\n\nSpeakers:Erwin Karincic,Woody
\n
\nSpeakerBio: Erwin Karincic
\nErwin is an experienced security researcher specializing in both hardware and software reverse engineering, binary analysis, and exploit development across a range of processor architectures. He has notable experience in implementing complex Radio Frequency (RF) waveforms using Software Defined Radios (SDRs) for cybersecurity applications, complemented by his proficiency in designing, simulating, and fabricating antennas tailored for such applications. His past work includes extensive TCP/IP networking experience, designing worldwide secure communication systems. Erwin holds a number of prestigious certifications, including OSCP, OSCE, OSWE, OSEE, and CCIE Enterprise Infrastructure.
\n\nSpeakerBio: Woody
\nWoody thinks Linux is a member of the Charlie Brown gang who can lift heavy things but not always spell them. He has had some success with RF exploits in the past with the first ever goTenna exploit talk in the RF wireless village as well as the first attack against Ford Raptor key fobs with RaptorCaptor exploit. Woody’s unique background, familiar to some, gives him a creative aspect to the impact of goTenna Pro research in the physical and RF world. Woody is also a staff member in the RFHacker Sanctuary, a member of Security Tribe, and has appeared on a few episodes of Hak5 describing novel device attacks.
\n\n\n\'',NULL,614379),('2_Friday','10','10:00','10:20','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Securing CCTV Cameras Against Blind Spots\'','\'Jacob Shams\'','DC_6f0862dfacdd0c1435f7a740134921f9','\'Title: Securing CCTV Cameras Against Blind Spots
\nWhen: Friday, Aug 9, 10:00 - 10:20 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nIn recent years, CCTV footage has been integrated in systems to observe areas and detect traversing malicious actors (e.g., criminals, terrorists). However, this footage has \"blind spots\", areas where objects are detected with lower confidence due to their angle/distance from the camera.
\n\nIn this talk, we investigate a novel side effect of object detection in CCTV footage; location-based confidence weakness.
\n\nWe demonstrate that a pedestrian\'s position (distance, angle, height) in footage impacts an object detector\'s confidence.
\n\nWe analyze this phenomenon in four lighting conditions (lab, morning, afternoon, night) using five object detectors (YOLOv3, Faster R-CNN, SSD, DiffusionDet, RTMDet).
\n\nWe then demonstrate this in footage of pedestrian traffic from three locations (Broadway, Shibuya Crossing, Castro Street), showing they contain \"blind spots\" where pedestrians are detected with low confidence. This persists across various locations, object detectors, and times of day. A malicious actor could take advantage of this to avoid detection.
\n\nWe propose TipToe, a novel evasion attack leveraging \"blind spots\" to construct a minimum confidence path between two points in a CCTV-recorded area.\nWe demonstrate its performance on footage of Broadway, Shibuya Crossing, and Castro Street, observed by YOLOv3, Faster R-CNN, SSD, DiffusionDet, and RTMDet.
\n\nTipToe reduces max/average confidence by 0.10 and 0.16, respectively, on paths in Shibuya Crossing observed by YOLOv3, with similar performance for other locations and object detectors.
\n\n\n- Artificial intelligence in medicine: A comprehensive survey of medical doctor’s perspectives in Portugal link, (Accessed 09-10-2023).
\n- The impact of artificial intelligence along the insurance value chain and on the insurability of risks - The Geneva Papers on Risk and Insurance - Issues and Practice link, (Accessed 09-10-2023).
\n- R. Chopra and G. D. Sharma, “Application of artificial intelligence in stock market forecasting: A critique, review, and research agenda,” Journal of Risk and Financial Management, vol. 14, no. 11, 2021.link
\n- [B. B. Elallid, N. Benamar, A. S. Hafid, T. Rachidi, and N. Mrani, “A comprehensive survey on the application of deep and reinforcement learning approaches in autonomous driving,” Journal of King Saud University - Computer and Information Sciences, vol. 34, no. 9, pp. 7366–7390, 2022. (Online). Available: link
\n- I. J. Goodfellow, J. Pouget-Abadie, M. Mirza, B. Xu, D. Warde-Farley, S. Ozair, A. Courville, and Y. Bengio, “Generative adversarial networks,” 2014.
\n- I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and harnessing adversarial examples,” 2015.
\n- A. Kurakin, I. Goodfellow, and S. Bengio, “Adversarial examples in the physical world,” 2017.
\n- A. Chakraborty, M. Alam, V. Dey, A. Chattopadhyay, and D. Mukhopadhyay, “Adversarial attacks and defences: A survey,” 2018.
\n- A. Athalye, L. Engstrom, A. Ilyas, and K. Kwok, “Synthesizing robust adversarial examples,” 2018.
\n- M. Sharif, S. Bhagavatula, L. Bauer, and M. K. Reiter, “Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition,” in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’16. New York, NY, USA: Association for Computing Machinery, 2016, p. 1528–1540. (Online). Available: link
\n- Z. Zhou, D. Tang, X. Wang, W. Han, X. Liu, and K. Zhang, “Invisible mask: Practical attacks on face recognition with infrared,” 2018.
\n- S. Komkov and A. Petiushko, “AdvHat: Real-world adversarial attack on ArcFace face ID system,” in 2020 25th International Conference on Pattern Recognition (ICPR). IEEE, jan 2021. (Online). Available: link
\n- B. Yin, W. Wang, T. Yao, J. Guo, Z. Kong, S. Ding, J. Li, and C. Liu, “Adv-makeup: A new imperceptible and transferable attack on face recognition,” in Proceedings of the Thirtieth International Joint Conference on Artificial Intelligence, IJCAI-21, Z.- H. Zhou, Ed. International Joint Conferences on Artificial Intelligence Organization, 8 2021, pp. 1252–1258, main Track. (Online). Available: link
\n- A. Zolfi, S. Avidan, Y. Elovici, and A. Shabtai, “Adversarial mask: Real-world universal adversarial attack on face recognition model,” 2022.
\n- C. Sitawarin, A. N. Bhagoji, A. Mosenia, M. Chiang, and P. Mittal, “Darts: Deceiving autonomous cars with toxic signs,” 2018.
\n- Y. Zhao, H. Zhu, R. Liang, Q. Shen, S. Zhang, and K. Chen, “Seeing isn’t believing: Towards more robust adversarial attack against real world object detectors,”Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 2019. (Online). Available: link
\n- G. Lovisotto, H. Turner, I. Sluganovic, M. Strohmeier, and I. Martinovic, “SLAP: Improving physical adversarial examples with Short-Lived adversarial perturbations,” in 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, Aug. 2021, pp. 1865–1882. (Online). Available: link
\n- T. Sato, J. Shen, N. Wang, Y. Jia, X. Lin, and Q. A. Chen, “Dirty road can attack: Security of deep learning based automated lane centering under Physical-World attack,” in 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, Aug. 2021, pp. 3309–3326. (Online). Available: link
\n- W. Wang, Y. Yao, X. Liu, X. Li, P. Hao, and T. Zhu, “I can see the light: Attacks on autonomous vehicles using invisible lights,” in Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’21. New York, NY, USA: Association for Computing Machinery, 2021, p. 1930–1944. (Online). Available: link
\n- S.-T. Chen, C. Cornelius, J. Martin, and D. H. Chau, “ShapeShifter: Robust physical adversarial attack on faster r-CNN object detector,” in Machine Learning and Knowledge Discovery in Databases. Springer International Publishing, 2019, pp. 52–68. (Online). Available: link
\n- K. Eykholt, I. Evtimov, E. Fernandes, B. Li, A. Rahmati, C. Xiao, A. Prakash, T. Kohno, and D. Song, “Robust physical-world attacks on deep learning models,” 2018.
\n- S. Thys, W. V. Ranst, and T. Goedemé, “Fooling automated surveillance cameras: adversarial patches to attack person detection,” 2019.
\n- Z. Wu, S.-N. Lim, L. Davis, and T. Goldstein, “Making an invisibility cloak: Real world adversarial attacks on object detectors,” 2020.
\n- R. M. Oza, A. Geisen, and T. Wang, “Traffic sign detection and recognition using deep learning,” in 2021 4th International Conference on Artificial Intelligence for Industries (AI4I), 2021, pp. 16–20.
\n
\n\nSpeakerBio: Jacob Shams, Ph.D. Researcher at Cyber@Ben-Gurion University
\nJacob Shams is a Ph.D. student at Ben-Gurion University of the Negev (BGU). His work addresses the security of AI models and systems, model extraction attacks, deep neural network (DNN) watermarking, and robustness of computer vision (CV) models.
\n\nJacob is a Ph.D. researcher at Cyber@Ben-Gurion University (CBG) and is working on multiple research projects in the area of AI security. Jacob holds a B.Sc. in Software Engineering from BGU and an M.Sc. in Software and Information Systems Engineering from BGU.
\n\n\n\'',NULL,614380),('2_Friday','10','10:00','10:20','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Welcome to DEF CON\'','\'Jeff \"The Dark Tangent\" Moss\'','DC_4c24e326fbac9b1ae0b87feb3b3b03b8','\'Title: Welcome to DEF CON
\nWhen: Friday, Aug 9, 10:00 - 10:20 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Jeff \"The Dark Tangent\" Moss, DEF CON Communications
\nNo BIO available
\n\n\'',NULL,614381),('2_Friday','10','10:00','10:45','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Where’s the Money: Defeating ATM Disk Encryption\'','\'Matt Burch\'','DC_bfe5a6bc59afff5fc508409ce64194d9','\'Title: Where’s the Money: Defeating ATM Disk Encryption
\nWhen: Friday, Aug 9, 10:00 - 10:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nHolding upwards of $400,000, ATMs continue to be a target of opportunity and have seen over a 600% increase in crime in just the last few years. During this time, I led security research with another colleague into the enterprise ATM industry resulting in the discovery of 6 zero-day vulnerabilities affecting Diebold Nixdorf’s Vynamic Security Suite (VSS), the most prolific ATM security solution in the market. 10 minutes or less is all that a malicious actor would need to gain full control of any system running VSS via offline code injection and decryption of the primary Windows OS. Diebold Nixdorf is one of three major North American enterprise class ATM manufacturers with a global presence in the financial, casino/gaming, and point-of-sale markets. Similar attack surfaces are currently being used in the wild and impact millions of systems across the globe. Furthermore, VSS is known to be present throughout the US gaming industry, including most of the ATM/cash-out systems across Vegas.
\n\nIn this session, I will publicly disclose this research, review the discovery process, and dive into the technical intricacies of each vulnerability. The Full Disk Encryption module of VSS conducts a complex integrity validation process to ensure a trusted system state, performed as a layered approach during system initialization. Examination of the workflow will highlight various deficiencies that I will demonstrate through PoC exploitation.
\n\nEach vulnerability presented in this session has been observed to have a recursive impact across all major versions of VSS and represents a systemic ongoing risk. We will explore the root-cause, vendor remediation steps, and short-comings thereof – perpetuating the attack narrative. In conclusion, proper mitigation techniques and procedures will be covered, providing valuable insights into defending against potential compromise.
\n\n\n- Vynamic Security Suite - Vynamic Security Hard Disk Encryption Secure Sensitive Consumer Data: link
\n- SEC Consult - Manipulation of pre-boot authentication in CryptWare CryptoPro Secure Disk for Bitlocker: link
\n- Diebold Nixdorf - EULA for Vynamic Security Suite 3.0: link
\n- Diebold Nixdorf - Product Legal Terms Website: link
\n- CryptWare Website: link
\n- Secure Disk for BitLocker Website: link
\n- CPSD Website: link
\n- O\'Reilly - Essential System Administration, 3rd Edition by Æleen Frisch: link
\n- Flowblok\'s Blog - Shell Startup Scripts: link
\n- Red Hat Customer Portal - Enhancing Security with the Kernel Integrity Subsystem: link
\n- OpenSUSE Wiki - SDB:Ima evm: link
\n- ATMIA - ATM Operator Training: link
\n- 3SI Systems - Stop Criminals from Cashing in at the ATM: link
\n- Diebold Nixdorf - Vynamic Security Intrusion Protection Product Card: link
\n- Diebold Nixdorf - DN Product Card - Vynamic Security Hard Disk Encryption: link
\n- Everi - Everi to Showcase \"Digital Neighborhood\" Connecting Guest Loyalty, Cash Access Experiences, and Casino Solutions Made Possible by Industry-Leading Financial Technology Portfolio at 2019 Global Gaming Expo: link
\n- GlobeNewswire - NRT Accelerates Growth through Acquisition of Casino ATM Portfolio: link
\n- Northox - How does the TPM perform integrity measurements on a system?: link
\n
\n\nSpeakerBio: Matt Burch, Independent Vulnerability Researcher
\nMatt Burch is an independent vulnerability researcher with 20 years of experience in the information security industry and 15 years of focus in adversarial testing and simulation. He specializes in ATM, IoT, mobile application, and IP based vulnerability research. With this diverse background, he has successfully identified unique deficiencies in high-security products – awarding him numerous CVE accreditations.
\n\n\n\'',NULL,614382),('2_Friday','10','10:30','11:15','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Defeating magic by magic:Using ALPC security features to compromise RPC services\'','\'WangJunJie Zhang,YiSheng He\'','DC_bccf51c0761724b27733f5522754dfcd','\'Title: Defeating magic by magic:Using ALPC security features to compromise RPC services
\nWhen: Friday, Aug 9, 10:30 - 11:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nAdvanced Local Procedure Call (ALPC) is an Inter Process Communication method in the Windows kernel. In the past few years, Windows ALPC and RPC vulnerabilities have emerged in an endless stream. These vulnerabilities are mainly based on TOCTOU file operations, memory corruption vulnerabilities in RPC services and ALPC syscalls in ntoskrnl.
\n\nWindows kernel provides a variety of security measures to ensure that the data and context accepted by the ALPC and RPC servers are safe. We noticed the attack surface in the security mechanism of the ALPC kernel, and we found a security flaw in this mechanism (magic) and successfully obtained the system privilege from unauthorized users (defeating magic by magic).
\n\nIn this talk, we will first overview the communication mechanism of ALPC and RPC services. We will discuss the details of ALPC and RPC in the marshal/unmarshal process that has not been disclosed before. We\'ll also talk about the kernel security mechanism in ALPC syscalls. Then we will analyze some historical bugs in ALPC and RPC, and disclose the details of the vulnerability we found, discussing how we bypassed the security mechanism through a small security flaw in security mechanisms. Later we\'ll discuss the exploitation, you will learn about the multiple ways. Finally, We\'ll make conclusions and share our opinions on this attack surface, including some tips and opinions on how to find these kinds of bugs.
\n\n\n- A view into ALPC-RPC by Clement Rouault and Thomas Imbert Hack.lu 2017
\n- Exploiting Errors in Windows Error Reporting - Gal De Leon
\n- Windows Internals, Part 2, 7th Edition
\n
\n\nSpeakers:WangJunJie Zhang,YiSheng He
\n
\nSpeakerBio: WangJunJie Zhang, Senior Security Researcher at Hillstone Network Security Research Institute
\nWangJunJie Zhang is a senior security researcher of Hillstone Network Security Research Institute. His work involved exploit development and bug hunting. He is currently focusing on windows components and kernel security and he has reported many vulnerabilities to Microsoft and RedHat and got acknowledgements. He was also listed on Microsoft Most Valuable Researcher from 2020 to 2023. He was also the speaker of CansecWest 2023 and HITBSecConf Amsterdam 2023 conference.
\n\nSpeakerBio: YiSheng He
\nYiSheng He is a member of OWASP, (ISC)², CSA and other organizations. He is the organizer of the DCG86020 event. He has obtained various international professional certifications such as CISSP, CCSK, CISA, and participated in many open source security projects. He obtained a large number of CVE numbers and received acknowledgements from Microsoft, Apple and other companies. He also participated in many CTF competitions and won good ranking. His research interests include AIoT and WEB security. He was also the speaker of CansecWest 2023 and HITBSecConf Amsterdam 2023 conference.
\n\n\n\'',NULL,614383),('2_Friday','11','10:30','11:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Defeating magic by magic:Using ALPC security features to compromise RPC services\'','\'WangJunJie Zhang,YiSheng He\'','DC_bccf51c0761724b27733f5522754dfcd','\'\'',NULL,614384),('2_Friday','10','10:30','11:15','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Spies and Bytes: Victory in the Digital Age\'','\'General Paul M. Nakasone\'','DC_4bc652369191619a62b9ebeddcfc0b91','\'Title: Spies and Bytes: Victory in the Digital Age
\nWhen: Friday, Aug 9, 10:30 - 11:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\nJoin General Paul M. Nakasone, U.S. Army (Retired), for a deep dive into the realities of modern cyber warfare at DefCon. With critical stories from his extensive career, General Nakasone will expose the details of national security in the digital era.
\n\nThe longest-serving leader of both the National Security Agency and U.S. Cyber Command, General Nakasone has been on the frontlines of America\'s cyber defense. He will share firsthand accounts of defending against nation-state hackers, securing critical infrastructure during global crises, and the strategies that kept adversaries at bay.
\n\nThis talk will examine the evolving nature of conflict, where the battlefield extends into cyberspace and unique partnerships must be built to offer agility and resilience. General Nakasone will discuss the persistent threats posed by sophisticated hackers and the innovative defenses employed to counteract them. He’ll delve into the importance of intelligence sharing, international alliances, and transparency in operations.
\n\nLooking ahead, General Nakasone will present a forward-thinking vision for the future of warfare. He’ll highlight the necessity for adaptive cyber strategies, resilient defenses, and the cultivation of new leadership to address emerging threats.
\n\nSpeakerBio: General Paul M. Nakasone, Founding Director at Vanderbilt’s Institute of National Security
\nPaul M. Nakasone, General, U.S. Army (Retired), is the founding director of Vanderbilt’s Institute of National Security. With over three decades of distinguished service in the Army, his career began at the end of the Cold War and included pivotal moments such as being at the Pentagon on 9-11, deploying to combat zones in Iraq and Afghanistan, and spearheading cyber operations. His service spanned the Trump and Biden administrations, culminating as the Director of the National Security Agency and Commander of U.S. Cyber Command. Over nearly six years, he led the largest element of the US Intelligence Community and the Defense Department’s cyber forces through three national elections, a global pandemic, and escalating threats to the homeland.
\n\nThroughout his career, General Nakasone has been a transformative leader, adept at navigating complex challenges. He implemented a persistent strategy in deploying cyber forces to combat nation-state hackers and expanded cooperation with international, interagency, and private sector partners to enhance insights into national adversaries. His efforts to increase operational transparency have significantly bolstered public trust in both the Agency and Command.
\n\nHe remains deeply committed to fostering national service and leadership development.
\n\n\n\'',NULL,614385),('2_Friday','11','10:30','11:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Spies and Bytes: Victory in the Digital Age\'','\'General Paul M. Nakasone\'','DC_4bc652369191619a62b9ebeddcfc0b91','\'\'',NULL,614386),('2_Friday','11','11:00','11:20','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'No Symbols When Reversing? No Problem: Bring Your Own\'','\'Max \"Libra\" Kersten\'','DC_2d4ac9e3c9846a156d6028a9cff40e45','\'Title: No Symbols When Reversing? No Problem: Bring Your Own
\nWhen: Friday, Aug 9, 11:00 - 11:20 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nWe all know it all too well: that ominous feeling when opening an unknown file in your favorite analysis tool, only to be greeted with hundreds or thousands of unknown functions, none of which are matched by your existing function signatures, nor any of your helper scripts. This makes the analysis a painfully slow and tedious process. Additionally, it sometimes means that the required analysis time exceeds the available time, and another file is chosen to be reversed instead. Especially when dealing with malware, this is an undesired scenario, as it would create a blind spot from a blue team’s perspective.
\n\nThe goal of this talk is to share a tried and tested method on how to deal with thousands of unknown functions in a given file, significantly decreasing the time spent on the analysis. The example throughout the talk is the Golang based qBit family, but is applicable to any kind of binary. While this talk focuses on using Ghidra, given its free and open-source nature, it is equally possible with other industry standard tools. The focus will be on scripts, as well as the creation and usage of FunctionID and BSim databases. By combining these, you will be able to create your own symbols, and bring them anywhere you go, for any language of choice.
\n\nWhile the symbols are portable, an aggregation of them scales very well over any number of analysts. As such, this methodology works well for individual researchers, but when scaling it for a team of researchers, the outcome will be greater than the sum of its parts.
\n\nThis talk will use (malicious) Golang binaries as examples and provide a large dataset of symbols for this language. The scripts, as well as FunctionID and BSim databases, mentioned in this talk will all be made publicly available at the time of this talk.
\n\nIn no particular order:
\n\n\n- Automate .fidb generation with headless Ghidra: link
\n- Understanding static and dynamic compilation and linking: link
\n- How symbols work: link
\n- BSim answers from the Ghidra team: link
\n- Feeding Gophers to Ghidra (a blog I wrote for my employer about my research into Golang internals): link
\n- A blog I wrote summarising my Golang reversing journey for my employer: link
\n- The open-source scripts on GitHub: link
\n- A talk I gave about the Golang internals at HackInTheBox Amsterdam 2023: link
\n- Ghidra’s FunctionID codebase: link
\n- Hex-Ray’s IDA Pro’s F.L.I.R.T. explained: link
\n- BSim’s GhidraDoc explanation and tutorial: link
\n
\n\nSpeakerBio: Max \"Libra\" Kersten
\nMax Kersten is a malware analyst, blogger, and speaker who aims to make malware analysis more approachable for those who are starting. In 2019, Max graduated cum laude with a bachelor\'s in IT & Cyber Security, during which Max also worked as an Android malware analyst. Currently, Max works as a malware analyst at Trellix, where he analyses APT malware and creates open-source tooling to aid such research. Over the past few years, Max spoke at international conferences, such as DEFCON, Black Hat (USA, EU, MEA, Asia), Botconf, Confidence-Conference, HackYeahPL, and HackFestCA. Additionally, he gave guest lectures and workshops for DEFCON, Botconf, several universities, and private entities.
\n\n\n\'',NULL,614387),('4_Sunday','11','11:30','12:15','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Open sesame - or how vulnerable is your stuff in electronic lockers\'','\'Dennis Giese,Braelynn\'','DC_5b28b63e4cc44caf996ec9a758ee6748','\'Title: Open sesame - or how vulnerable is your stuff in electronic lockers
\nWhen: Sunday, Aug 11, 11:30 - 12:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nPhysical security is often overlooked in many organizational threat models. An increasing amount of physical security devices with smart components are being introduced to the market with widespread adoption. This creates an enticing attack surface for physical red teams.
\n\nLockers and cabinets equipped with electronic smart locks can be found in many places such as offices, factories, hospitals, labs, and gyms. With remote and hybrid work increasing in popularity, shared use office setups becoming the default. Co-working spaces in offices are now commonplace with lockers being installed for employee device storage. People generally trust that their belongings will be secure in these lockers and entrust the locks with sensitive information, like their personal PIN.
\n\nIs there a more stealthy way to get into lockers that don\'t involve using a crowbar?
\n\nIn this talk we will analyze the vulnerabilities affecting locks manufactured by the \"global leader in keyless lock solutions,\" Digilock and Schulte-Schlagbaum AG (SAG). Both companies have been in the physical security industry for many decades. What went wrong in the development of these devices and how can these vulnerabilities be fixed? We will also discuss several other vendors operating in this space and compare findings.
\n\nWe will demonstrate practical physical and side-channel attacks targeting locks that accept a standard PIN and RFID. Learn why it is poor practice to reuse the same secret PIN for lockers and safes and devices such as mobile phones and laptops (especially if they are stored inside the lockers).
\n\nSpeakers:Dennis Giese,Braelynn
\n
\nSpeakerBio: Dennis Giese
\nDennis Giese is a researcher with the focus on the security and privacy of IoT devices. While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices. His most known projects are the documentation and hacking of various vacuum robots. He calls himself a \"robot collector\" and his current vacuum robot army consists of over 60 different models from various vendors. He talked about his research at the Chaos Communication Congress, REcon BRX, NULLCON, and DEFCON.
\n\nSpeakerBio: Braelynn, Security Consultant at Leviathan Security Group
\nBraelynn is a security consultant at Leviathan Security Group where she conducts security assessments of products for startups, Fortune 500 companies, and everything in between. She enjoys partaking in CTFs and researching the security anything that piques her curiosity. She has previously presented this research at conferences such as Chaos Communication Congress.
\n\n\n\'',NULL,614388),('4_Sunday','12','11:30','12:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Open sesame - or how vulnerable is your stuff in electronic lockers\'','\'Dennis Giese,Braelynn\'','DC_5b28b63e4cc44caf996ec9a758ee6748','\'\'',NULL,614389),('2_Friday','11','11:00','11:45','N','DC','LVCC West/Floor 3/W322-W327','\'The XZ Backdoor Story: The Undercover Operation That Set the Internet on Fire\'','\'Thomas Roccia\'','DC_1705ef50da6fa270bf24e84caafc7b95','\'Title: The XZ Backdoor Story: The Undercover Operation That Set the Internet on Fire
\nWhen: Friday, Aug 9, 11:00 - 11:45 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nOn Fri, 29 Mar 2024, at exactly 08:51:26, OSS security received a message from Andres Freund, a software engineer at Microsoft, stating he had discovered a backdoor in upstream xz/liblzma that could compromise SSH servers. The open-source project XZ, specifically the liblzma library, has been compromised by a mysterious maintainer named Jia Tan, putting the entire internet at risk. Fortunately, this discovery helped us avoid the worst.
\n\nBut what happened? How long has this rogue maintainer been part of the project? Who is Jia Tan? Was he involved in other projects? How does the backdoor work? And what should we learn from this?
\n\nThese are questions we will attempt to answer. First, we will discuss the discovery, which is so riddled with coincidences and chance that it\'s hard not to think about all the ones we\'ve missed. Then, we\'ll examine the process itself, from gaining trust within the project to deploying the backdoor, dissecting the operating methods and the main protagonists. We will also dive into the technical details, explaining how the backdoor is deployed and how it can be exploited.
\n\nThe XZ backdoor is not just an incredible undercover operation but also a gigantic puzzle to solve. Beyond the technical background, there is a story to tell here, to capitalize on what went wrong and what we could improve.
\n\n\n- OSS Security Andres Freund Email: link
\n- My work on the XZ Backdoor: link
\n- Second tweet of the XZ Backdoor: link
\n- Additional works related to my presentation:\n
\n- Gynvael Coldwind: link
\n- link by @thesamesam@social.treehouse.systems
\n- link by @eb@social.coop
\n- link by @wiz_io
\n- link by smx
\n- link by Kaspersky
\n- link by @bl4sty
\n
\n
\n\nSpeakerBio: Thomas Roccia, Senior Security Researcher at Microsoft
\nThomas Roccia is working as a Senior Security Researcher at Microsoft and works on malware research, generative AI and threat intelligence. In addition to his work at Microsoft, Thomas also runs SecurityBreak, an online platform where he showcases his latest projects and research findings.
\n\nThomas has travelled the world to manage critical outbreaks and has been on the front lines of some of the most well-known threats. He has tracked cybercrime and nation-state campaigns and has worked closely with law enforcement agencies.
\n\nIn addition to his professional work, Thomas is a regular speaker at security conferences and is committed to contributing to the open-source community through various projects. He runs the Unprotect Project, an open malware evasion techniques database, since 2015. He is also the author of the book Visual Threat Intelligence, an illustrated guide for threat researchers. Thomas\'s work has been quoted by multiple media outlets around the world.
\n\n\n\'',NULL,614390),('2_Friday','11','11:30','12:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'High Intensity Deconstruction: Chronicles of a Cryptographic Heist\'','\'Babak Javadi,Aaron Levy,Nick Draffen\'','DC_f5ea130b64716fafd53371b9e062b953','\'Title: High Intensity Deconstruction: Chronicles of a Cryptographic Heist
\nWhen: Friday, Aug 9, 11:30 - 12:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nIntroduced in 2011, HID Global’s iCLASS SE solution is one of the world’s most widely-deployed Electronic Physical Access Control platforms. HID\'s iCLASS SE Readers are ubiquitous in electronic physical access control and used in most government agencies and Fortune 500 companies. The readers can be easily seen and identified in almost every form of mainstream media. Almost 13 years after iCLASS SE’s introduction, ground-breaking research and technical exploits will be disclosed publicly for the first time.
\n\nIn this talk, we detail the process by which we reverse engineered the complex hardware and software chain of trust securing HID’s iCLASS SE platform.
\n\nOver a seven-year research period, we analyzed hardware, firmware, and software elements the ecosystem, uncovering an unfortunate series of pitfalls and implementation defects. These flaws culminated in an attack chain that allowed for the recovery of sensitive cryptographic key material from secure elements, which have received CC EAL 5+ accreditation. This chain resulted in revealing some cryptographic keys to the kingdom.
\n\nFinally, we provide comprehensive guidance on technical and operational mitigations for end customers to identify practical risks and reduce impact.
\n\nInspirational (research done on previous generation system)
\n\n\n- Heart of Darkness - Milosch Meriac link
\n- Dismantling iClass and iClass Elite - Garcia, de Koning Gans, Verdult, & Meriac link
\n
\n\nSpeakers:Babak Javadi,Aaron Levy,Nick Draffen
\n
\nSpeakerBio: Babak Javadi, Founder at The CORE Group
\nBabak Javadi is the Founder of The CORE Group and Co-Founder of the Red Team Alliance, a covert entry training and certification body. As a professional red teamer with over a decade of field experience, Babak’s expertise includes a wide range of disciplines, from high security mechanical cylinders to alarm systems and physical access control platforms. Babak’s community contributions include the co-founding of The Open Organisation of Lockpickers (TOOOL) where he served on the Board of Directors for over 13 years.
\n\nSpeakerBio: Aaron Levy, Lead of Security Engineering at Clover
\nAaron Levy is an independent security researcher that was credited in the discovery of CVE-2018-10897 and CVE-2019-11630. In his day job, he leads Security Engineering for Clover, a Payments and Point of Sale company that is a subsidiary of Fiserv.
\n\nSpeakerBio: Nick Draffen, Product Security Architect
\nNick Draffen is a Product Security Architect, focusing on the protection of laboratory instruments and their software. Outside of work, he dives into research, reverse engineering, and hardware hacking, leveraging his technical expertise to both build and break things. He is a member of the Security Tribe and volunteers with the RF Village, creating and overseeing challenges for the RF CTF at various security conferences. Always eager to lend a helping hand, he is known for his ability to pull just the right tool from his extensive bag of tricks.
\n\n\n\'',NULL,614391),('2_Friday','12','11:30','12:45','Y','DC','LVCC West/Floor 1/Hall 1/Track 4','\'High Intensity Deconstruction: Chronicles of a Cryptographic Heist\'','\'Babak Javadi,Aaron Levy,Nick Draffen\'','DC_f5ea130b64716fafd53371b9e062b953','\'\'',NULL,614392),('2_Friday','11','11:30','12:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Listen to the whispers: web timing attacks that actually work\'','\'James \"albinowax\" Kettle\'','DC_c0a54f893744b2ed46107978f68b2cc1','\'Title: Listen to the whispers: web timing attacks that actually work
\nWhen: Friday, Aug 9, 11:30 - 12:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nWebsites are riddled with timing oracles eager to divulge their innermost secrets. It\'s time we started listening to them.
\n\nIn this session, I\'ll unleash novel attack concepts to coax out server secrets including masked misconfigurations, blind data-structure injection, hidden routes to forbidden areas, and a vast expanse of invisible attack-surface.
\n\nThis is not a theoretical threat; every technique will be illustrated with multiple real-world case studies on diverse targets. Unprecedented advances have made these attacks both accurate and efficient; in the space of ten seconds you can now reliably detect a sub-millisecond differential with no prior configuration or \'lab conditions\' required. In other words, I\'m going to share timing attacks you can actually use.
\n\nTo help, I\'ll equip you with a suite of battle-tested open-source tools enabling both hands-free automated exploitation, and custom attack scripting. I\'ll also share a little CTF to help you hone your new skillset.
\n\nWant to take things further? I\'ll help you transform your own attack ideas from theory to reality, by sharing a methodology refined through testing countless concepts on thousands of websites. We\'ve neglected this omnipresent and incredibly powerful side-channel for too long.
\n\n\n\nSpeakerBio: James \"albinowax\" Kettle, Director of Research at PortSwigger
\nJames \'albinowax\' Kettle is the Director of Research at PortSwigger, the makers of Burp Suite. He\'s best known for his HTTP Desync Attacks research, which popularised HTTP Request Smuggling. James has extensive experience cultivating novel attack techniques, including web cache poisoning, browser-powered desync attacks, server-side template injection, and password reset poisoning. James is also the author of multiple popular open-source tools including Param Miner, Turbo Intruder, and HTTP Request Smuggler. He is a frequent speaker at numerous prestigious venues including both Black Hat USA and EU, OWASP AppSec USA and EU, and DEF CON.
\n\n\n\'',NULL,614393),('2_Friday','12','11:30','12:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Listen to the whispers: web timing attacks that actually work\'','\'James \"albinowax\" Kettle\'','DC_c0a54f893744b2ed46107978f68b2cc1','\'\'',NULL,614394),('2_Friday','16','16:00','16:59','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Making the DEF CON 32 Badge\'','\'Mar Williams\'','DC_5af26b9d170031262b2b80551eea87c1','\'Title: Making the DEF CON 32 Badge
\nWhen: Friday, Aug 9, 16:00 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Mar Williams
\nNo BIO available
\n\n\'',NULL,614395),('2_Friday','12','12:00','12:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Fireside Chat with DNSA Anne Neuberger\'','\'Anne Neuberger,Jeff \"The Dark Tangent\" Moss\'','DC_ab125b8f3dfd2c235937213a12750382','\'Title: Fireside Chat with DNSA Anne Neuberger
\nWhen: Friday, Aug 9, 12:00 - 12:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\nThis fireside chat will feature an in depth conversation between DNSA Neuberger and Dark Tangent on a variety of cybersecurity and emerging technology topics such as artificial intelligence and quantum computing. DNSA Neuberger has served in a variety of senior intelligence and cybersecurity roles within the National Security Agency, including Director of NSA’s cybersecurity organization and Deputy Director of NSA’s intelligence operations. She has also held multiple positions at the Department of Defense and the private sector, and now leads development of the Biden Administration’s policies on cybersecurity and emerging technologies from the White House. She and DT will delve into the latest and most pressing issues in these domains that concern the White House and how hackers can influence tech-related discussions to improve policy and operational outcomes.
\n\nSpeakers:Anne Neuberger,Jeff \"The Dark Tangent\" Moss
\n
\nSpeakerBio: Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Tech
\nAs the Deputy National Security Advisor for Cyber and Emerging Tech, I serve as an advisor to the President on matters related to cybersecurity, digital innovation, and emerging technologies. I coordinate the interagency response to cyber threats and engage with allies and partners on cyber cooperation. With over 25 years of experience in the government and private sector, I try to bring a unique perspective and experience to this work, which is primarily around advancing US national security interests, enhancing cyber resilience, and fostering innovation and collaboration between the private and public sectors.
\n\nPrior to joining the White House, I led the establishment of the NSA\'s Cybersecurity Directorate, bringing together thousands of intelligence analysts, cybersecurity professionals, cryptographers, researchers, and technologists. I previously led NSA’s global intelligence operations, and served as a White House Fellow. I care deeply about public service, inspired by the gifts this country has provided my family and so many other refugee and immigrant families.
\n\nSpeakerBio: Jeff \"The Dark Tangent\" Moss, DEF CON Communications
\nNo BIO available
\n\n\'',NULL,614396),('2_Friday','12','12:00','12:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'On Your Ocean\'s 11 Team, I\'m the AI Guy (technically Girl)\'','\'Harriet Farlow\'','DC_dd8ceff380d3ef5a86dedf0891fca439','\'Title: On Your Ocean\'s 11 Team, I\'m the AI Guy (technically Girl)
\nWhen: Friday, Aug 9, 12:00 - 12:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nOne of the best parts of DEF CON is the glitz and glam of Vegas, the gambling capital of the world. Many have explored hacking casinos (on and off stage). Unfortunately, it’s just not like it is portrayed in the Oceans franchise.. in real life there’s much less action, no George Clooney, and it’s a lot harder to pull off a successful heist.
\n\nFortunately I’m not your typical hacker, I’m an AI hacker. I use adversarial machine learning techniques to disrupt, deceive and disclose information from Artificial Intelligence systems.
\n\nI chose my target carefully: Canberra Casino. It’s the best casino in my city.. It’s also the only casino but that’s not the point. \nThe casino industry is at an interesting inflection point. Many large casinos have already adopted AI for surveillance and gameplay monitoring, smaller casinos are starting to make the transition, and there’s only a couple of companies in the world that provide this software. It’s ripe for exploitation.
\n\nIn this talk I’m going to show you how I bypassed Casino Canberra\'s AI systems - facial recognition, surveillance systems and gameplay monitoring. AI Security is the new cyber security threat, and attacks on AI systems could have broad implications including misdiagnoses in medical imaging, navigation errors in autonomous vehicles.. and successful casino heists.
\n\n\n- Standing Committee of the One Hundred Year Study of Artificial Intelligence. Gathering Strength,Gathering Storms: The One Hundred Year Study on Artificial Intelligence (AI100) 2021 Study Panel Report | One Hundred Year Study on Artificial Intelligence (AI100). Technical report, September 2021.
\n- Eva A. M. van Dis, Johan Bollen, Willem Zuidema, Robert van Rooij, and Claudi L. Bockting. ChatGPT: five priorities for research. Nature, 614(7947):224–226, February 2023. Bandiera abtest: a Cg type: Comment Number: 7947 Publisher: Nature Publishing Group Subject term: Com-puter science, Research management, Publishing, Machine learning.
\n- Mingfu Xue, Chengxiang Yuan, Heyi Wu, Yushu Zhang, and Weiqiang Liu. Machine Learn-ing Security: Threats, Countermeasures, and Evaluations. IEEE Access, 8:74720–74742, 2020.Conference Name: IEEE Access.
\n- NSCAI. The National Security Commission on Artificial Intelligence.
\n- Elisa Bertino, Murat Kantarcioglu, Cuneyt Gurcan Akcora, Sagar Samtani, Sudip Mittal, and Maanak Gupta. AI for Security and Security for AI. In Proceedings of the Eleventh ACM Confer-ence on Data and Application Security and Privacy, CODASPY ’21, pages 333–334, New York, NY, USA, April 2021. Association for Computing Machinery.
\n- Battista Biggio and Fabio Roli. Wild patterns: Ten years after the rise of adversarial machine learning. Pattern Recognition, 84:317–331, December 2018.
\n- Ian Goodfellow, Jonathon Shlens, and Christian Szegedy. Explaining and Harnessing Adversarial Examples. In International Conference on Learning Representations, 2015.
\n- Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. Intriguing properties of neural networks, February 2014. arXiv:1312.6199 [cs].
\n- Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, and Michael K. Reiter. Accessorize to a Crime: Real and Stealthy Attacks on State-of-the-Art Face Recognition. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, pages 1528–1540, New York, NY, USA, October 2016. Association for Computing Machinery.
\n- Tom Brown, Dandelion Mane, Aurko Roy, Martin Abadi, and Justin Gilmer. Adversarial Patch. 2017.
\n- US Marines Defeat DARPA Robot by Hiding Under a Cardboard Box | Extremetech.
\n- Walter David, Paolo Pappalepore, Alexandra Stefanova, and Brindusa Andreea Sarbu. AI-Powered Lethal Autonomous Weapon Systems in Defence Transformation. Impact and Chal-lenges. In Jan Mazal, Adriano Fagiolini, and Petr Vasik, editors, Modelling and Simulation for Autonomous Systems, Lecture Notes in Computer Science, pages 337–350, Cham, 2020. Springer International Publishing.
\n- C Wise and J Plested. Developing Imperceptible Adversarial Patches to Camouflage Military Assets From Computer Vision Enabled Technologies, May 2022. arXiv:2202.08892 cs..
\n- Anish Athalye, Nicholas Carlini, and David Wagner. Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples. In Proceedings of the 35th International Conference on Machine Learning, pages 274–283. PMLR, July 2018. ISSN: 2640-3498.
\n- Kevin Eykholt, Ivan Evtimov, Earlence Fernandes, Bo Li, Amir Rahmati, Chaowei Xiao, Atul Prakash, Tadayoshi Kohno, and Dawn Song. Robust Physical-World Attacks on Deep Learning Visual Classification. In 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 1625–1634, Salt Lake City, UT, USA, June 2018. IEEE.
\n- Ram Shankar Siva Kumar, Magnus Nystr ̈om, John Lambert, Andrew Marshall, Mario Goertzel, Andi Comissoneru, Matt Swann, and Sharon Xia. Adversarial Machine Learning-Industry Perspectives. In 2020 IEEE Security and Privacy Workshops (SPW), pages 69–75, May 2020.
\n
\n\nSpeakerBio: Harriet Farlow, CEO at Mileva Security Labs
\nHarriet Farlow is the CEO of AI Security company Mileva Security Labs, a PhD Candidate in Machine Learning Security, and creative mind behind the YouTube channel HarrietHacks. She missed the boat on computer hacking so now she hacks AI and Machine Learning models instead. Her career has spanned consulting, academia, a start-up and Government, but don’t judge her for that one. She also has a Bachelor in Physics and a Master in Cyber Security. She calls Australia home but has lived in the UK and the US. Her ultimate hack was in founding her own AI Security company but if Skynet takes over she will deny everything and pretend the AI stood for Artificial Insemination, like her Mum thinks it does. (Sorry Mum but I’m not really a Medical Doctor).
\n\n\n\'',NULL,614397),('2_Friday','12','12:00','13:15','N','DC','LVCC West/Floor 3/W322-W327','\'Veilid Dev and Community Meetup\'','\'The_Gibson\'','DC_186a95fad380579578ab6d98db0229bb','\'Title: Veilid Dev and Community Meetup
\nWhen: Friday, Aug 9, 12:00 - 13:15 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\n\n\nSpeakerBio: The_Gibson
\nNo BIO available
\n\n\'',NULL,614398),('2_Friday','13','12:00','13:15','Y','DC','LVCC West/Floor 3/W322-W327','\'Veilid Dev and Community Meetup\'','\'The_Gibson\'','DC_186a95fad380579578ab6d98db0229bb','\'\'',NULL,614399),('2_Friday','12','12:30','13:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnerabilities for Initial Access\'','\'Nick Frichette\'','DC_3636822d82a49c08bfae1cbc44e87c2c','\'Title: Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnerabilities for Initial Access
\nWhen: Friday, Aug 9, 12:30 - 13:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nIn this talk we will explore vulnerabilities in Amazon Web Services (AWS) products which allowed us to gain access to cloud environments.
\n\nTraditionally, adversaries have abused misconfigurations and leaked credentials to gain access to AWS workloads. Things like exposed long-lived access keys and exploiting the privileges of virtual machines have allowed adversaries to breach cloud resources. However, these mistakes are on the customer side of the shared responsibility model. In this session, we will cover vulnerabilities in AWS services that have been fixed and that previously allowed us to access cloud resources.
\n\nWe will start with an exploration of how Identity and Access Management (IAM) roles establish trust with AWS services and cover the mechanisms that prevent an adversary from assuming roles in other AWS accounts. We’ll then demonstrate a vulnerability that bypassed those protections. We’ll cover a real world example of a confused deputy vulnerability we found in AWS AppSync that allowed us to hijack IAM roles in other accounts.
\n\nNext, we\'ll highlight potential misconfigurations involving IAM roles leveraging sts:AssumeRoleWithWebIdentity. These misconfigurations cloud permit unauthorized global access to these roles without the need for authentication, affecting services like Amazon Cognito, GitHub Actions, and more.
\n\nFinally, we’ll cover a vulnerability we found in AWS Amplify that exposed customer IAM roles associated with the service to takeover, allowing anyone the ability to gain a foothold in that victim account. We’ll also discuss how security practitioners can secure their environments, even against a zero-day like one we’ll demonstrate.
\n\nJoin us to learn how attackers search for and exploit vulnerabilities in AWS services to gain access to cloud environments.
\n\n\n\nSpeakerBio: Nick Frichette, Staff Security Researcher at Datadog
\nNick Frichette is a Staff Security Researcher at Datadog, where he specializes in offensive AWS security. He is known for finding multiple zero-day vulnerabilities in AWS services and regularly publishing on new attack techniques. In addition to his research, Nick is the creator and primary contributor to Hacking the Cloud, an open source encyclopedia of offensive security capabilities for cloud environments. He is also a part of the AWS Community Builder Program, where he develops content on AWS security.
\n\n\n\'',NULL,614400),('2_Friday','13','12:30','13:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnerabilities for Initial Access\'','\'Nick Frichette\'','DC_3636822d82a49c08bfae1cbc44e87c2c','\'\'',NULL,614401),('2_Friday','13','13:00','13:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Defeating EDR Evading Malware with Memory Forensics\'','\'Andrew Case,Austin Sellers,Golden Richard,David McDonald,Gustavo Moreira\'','DC_c1c26f2da67a095689ceeaf14e369d66','\'Title: Defeating EDR Evading Malware with Memory Forensics
\nWhen: Friday, Aug 9, 13:00 - 13:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nEndpoint detection and response (EDR) software has gained significant market share due to its ability to examine system state for signs of malware and attacker activity well beyond what traditional anti-virus software is capable of detecting. This deep inspection capability of EDRs has led to an arms race with malware developers who want to evade EDRs while still achieving desired goals, such as code injection, lateral movement, and credential theft. This monitoring and evasion occurs in the lowest levels of hardware and software, including call stack frames, exception handlers, system calls, and manipulation of native instructions. Given this reality, EDRs are limited in how much lower they can operate to maintain an advantage. The success of EDR bypasses has led to their use in many high-profile attacks and by prolific ransomware groups.
\n\nIn this talk, we discuss our research effort that led to the development of new memory forensics techniques for the detection of the bypasses that malware uses to evade EDRs. This includes bypass techniques, such as direct and indirect system calls, module overwriting, malicious exceptions handlers, and abuse of debug registers. Our developed capabilities were created as new plugins to the Volatility memory analysis framework, version 3, and will be released after the talk.
\n\n\n- “Operation Dragon Castling: APT group targeting betting companies,” link, 2023.
\n- “Defeating Guloader Anti-Analysis Technique,” link, 2023.
\n- “A Deep Dive Into ALPHV/BlackCat Ransomware,” link, 2024.
\n- “APT Operation Skeleton Key,” link, 2023.
\n- “LockBit Ransomware Side-loads Cobalt Strike Beacon with Legitimate VMware Utility,” link, 2024.19
\n- “BlueBravo Uses Ambassador Lure to Deploy,” link, 2024.
\n- “UNMASKING THE DARK ART OF VECTORED EXCEPTION HANDLING: BYPASSING XDR AND EDR IN THE EVOLVING CYBER THREAT LANDSCAPE,” link, 2023.
\n- “Dirty Vanity: A New Approach to Code injection & EDR by-pass,” link, 2022.
\n- Volexity, “Surge Collect Pro,” link, 2022.
\n- “capstone,” link, 2024.
\n- “Silencing cylance: A case study in modern edrs,” link, 2019.
\n- “Av/edr evasion — malware development p — 3,” link, 2023.
\n- “A practical guide to bypassing userland api hooking,” link, 2022.
\n- A. Case, A. Ali-Gombe, M. Sun, R. Maggio, M. Firoz-Ul-Amin, M. Jalalzai, and G. G. R. III, “HookTracer: A System for Automated and Accessible API Hooks Analysis,” Proceedings of the 18th Annual Digital Forensics Research Conference (DFRWS), 2019.
\n- F. Block, “Windows memory forensics: Identification of (malicious) modifications in memory-mapped image files,” Forensic Science International: Digital Investigation, 2023. (Online). Available: link
\n- F. Block and A. Dewald, “Windows memory forensics: Detecting (un)intentionally hidden injected code by examining page table entries,” Digital Investigation, vol. 29, pp. S3–S12, 07 2019.
\n- “CCob,” link, 2024.
\n- “Lets Create An EDR. . . And Bypass It! Part 1,” link, 2020.
\n- “r77 rootkit,” link, 2024.
\n- “Deep Vanity,” link, 2022. 20
\n- “Peruns-Fart,” link, 2023.
\n- “FREEZE – A PAYLOAD TOOLKIT FOR BYPASSING EDRS USING SUSPENDED PROCESSES,” link, 2023.
\n- “Process Cloning,” link, 2023.
\n- “APT Group Chimera,” link, 2022.
\n- “Red Team Tactics: Combining Direct System Calls and sRDI to bypass AV/EDR,” link, 2019.
\n- “Hell’s Gate,” link, 2020.
\n- “Halo’s Gate,” link, 2021.
\n- “Tartarus Gate,” link, 2021.
\n- “Bypassing User-Mode Hooks and Direct Invocation of System Calls for Red Teams,” link, 2020.
\n- “SysWhispers2,” link, 2022.
\n- “An Introduction into Stack Spoofing,” link, 2023.
\n- “SilentMoonwalk: Implementing a dynamic Call Stack Spoofer,” link, 2022.
\n- “Spoofing Call Stacks To Confuse EDRs,” link, 2022.
\n- “Behind the Mask: Spoofing Call Stacks Dynamically with Timers,” link, 2022.
\n- “HellHall,” link, 2023.
\n- link, 2008.
\n- “Defeating Guloader Anti-Analysis Technique,” link, 2022.21
\n- “GULoader Campaigns: A Deep Dive Analysis of a highly evasive Shellcode based loader,” link, 2023.
\n- “Gh0stRat Anti-Debugging : Nested SEH (try - catch) to Decrypt and Load its Payload,” link, 2021.
\n- “Syscalls via Vectored Exception Handling,” link, 2024.
\n- “Bypassing AV/EDR Hooks via Vectored Syscall - POC,” link, 2022.
\n- “MutationGate,” link, 2024.
\n- Cymulate Research, “BlindSide,” link, 2023.
\n- “In-Process Patchless AMSI Bypass,” link, 2022.
\n- “PatchlessCLR,” link, 2022.
\n- “Dumping the VEH in Windows 10,” link, 2020.
\n- “Detecting anomalous Vectored Exception Handlers on Windows,” link, 2022.
\n- “SetUnhandledExceptionFilter,” link, 2024.
\n
\n\nSpeakers:Andrew Case,Austin Sellers,Golden Richard,David McDonald,Gustavo Moreira
\n
\nSpeakerBio: Andrew Case, Director of Research at Volexity
\nAndrew Case is the Director of Research at Volexity and has significant experience in incident response handling and malware analysis. He has conducted numerous large-scale investigations that span enterprises and industries. Case is a core developer of the Volatility memory analysis framework, and a co-author of the highly popular and technical forensics analysis book \"The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory.\"
\n\nSpeakerBio: Austin Sellers, Detection Engineer at Volexity
\nAustin Sellers is a Detection Engineer at Volexity where he focuses on automating large scale memory analysis and threat detection techniques. He has significant experience in developing memory analysis datasets that allow for automated verification and testing of kernel and userland memory forensics techniques.
\n\nSpeakerBio: Golden Richard, Professor of Computer Science and Engineering and Associate Director for Cybersecurity at Center for Computation and Technology (CCT) at LSU
\nGolden G. Richard III is a cybersecurity researcher and teacher and a Fellow of the American Academy of Forensic Sciences. He has over 40 years of practical experience in computer systems and computer security and is a devoted advocate for applied cybersecurity education. He is currently Professor of Computer Science and Engineering and Associate Director for Cybersecurity at the Center for Computation and Technology (CCT) at LSU. He also supports NSA\'s CAE-CO internship program, teaching memory forensics, vulnerability analysis, and other topics to cleared interns. His primary research interests are memory forensics, digital forensics, malware analysis, reverse engineering, and operating systems. Dr. Richard earned his BS in Computer Science from the University of New Orleans and MS and PhD in Computer Science from The Ohio State University.
\n\nSpeakerBio: David McDonald, Volcano team at Volexity
\nDavid McDonald is a researcher and software engineer with 3 years of digital forensics R&D experience. His passion for this field began with his involvement in the University of New Orleans CTF team, as well as through his time as a Systems Programming teaching assistant. After over two years of digital forensics research and development on Cellebrite\'s computer forensics team, he joined Volexity\'s Volcano team, where he now works to develop next-generation memory analysis solutions.
\n\nSpeakerBio: Gustavo Moreira, Senior Security Engineer at Volexity
\nGustavo Moreira is a Senior Security Engineer at Volexity. He has significant experience in reverse engineering, incident response handling, embedded systems development and security, Windows and Linux internals, and automation of large scale malware analysis.
\n\n\n\'',NULL,614402),('2_Friday','13','13:00','13:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'If Existing Cyber Vulnerabilities Magically Disappeared Overnight, What Would Be Next?\'','\'Dr. Stefanie Tompkins,Dr. Renee Wegrzyn,Peiter “Mudge” Zatko\'','DC_ed9dcb6248e0a086ed7e715fde3f209e','\'Title: If Existing Cyber Vulnerabilities Magically Disappeared Overnight, What Would Be Next?
\nWhen: Friday, Aug 9, 13:00 - 13:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\nThe DEF CON community challenges the status quo, bringing a diversity of perspectives and ideas to identify hidden problems and solutions. While DARPA lays claim to the origin of the ARPANET/internet, vast communities of people with different interests created its novel components. The DARPA Cyber Grand Challenge helped launch the field of vulnerability detection and remediation and numerous DARPA Cyber Fast Track program performers continue to contribute to DEF CON.
\n\nWhat if current vulnerabilities all magically disappeared overnight and critical infrastructure were “safe and secure” for the time being. What would come next?
\n\nIn this talk, Dr. Stefanie Tompkins will discuss the value of the hacker community and many of the contributions that have come from it, as well as the growth and synergy of the two communities. She’ll also explore the question of what comes next.
\n\nFor a deeper dive into the real-world impacts of DARPA cyber technologies, Dr. Renee Wegrzyn, the inaugural director of the Advanced Research Projects Agency for Health (ARPA-H), will join Stefanie and a moderator. They will discuss efforts that impact DEF CON areas of interest and inform ARPA-H work, from Cyber Fast Track to current work focused on securing and defending hospitals and the health tech ecosystem from cyberattacks.
\n\nSpeakers:Dr. Stefanie Tompkins,Dr. Renee Wegrzyn,Peiter “Mudge” Zatko
\n
\nSpeakerBio: Dr. Stefanie Tompkins, Director at Defense Advanced Research Projects Agency (DARPA)
\nDr. Stefanie Tompkins is the director of the Defense Advanced Research Projects Agency (DARPA). Prior to this assignment, she was the vice president for research and technology transfer at Colorado School of Mines.
\n\nTompkins has spent much of her professional life leading scientists and engineers in developing new technology capabilities. She began her industry career as a senior scientist and later assistant vice-president and line manager at Science Applications International Corporation, where she spent 10 years conducting and managing research projects in planetary mapping, geology, and imaging spectroscopy. As a program manager in DARPA’s Strategic Technology Office, she created and managed programs in ubiquitous GPS-free navigation as well as in optical component manufacturing. Tompkins has also served as the deputy director of DARPA’s Strategic Technology Office, director of DARPA’s Defense Sciences Office – the agency’s most exploratory office in identifying and accelerating breakthrough technologies for national security – as well as the acting DARPA deputy director.
\n\nTompkins received a Bachelor of Arts degree in geology and geophysics from Princeton University and Master of Science and Doctor of Philosophy degrees in geology from Brown University. She has also served as a military intelligence officer in the U.S. Army.
\n\nSpeakerBio: Dr. Renee Wegrzyn, First Director at Advanced Research Projects Agency for Health (ARPA-H)
\nDr. Renee Wegrzyn is the first director of the Advanced Research Projects Agency for Health (ARPA-H). Bringing a wealth of experience from both the private sector and groundbreaking institutions like DARPA and IARPA, her leadership and vision continue to push the boundaries of health research and development. Dr. Wegrzyn\'s illustrious career has earned her numerous accolades, including the prestigious Superior Public Service Medal for her contributions at DARPA. She holds a Ph.D. and a bachelor\'s degree in applied biology from the Georgia Institute of Technology, and she further honed her expertise as an Alexander von Humboldt Fellow in Heidelberg, Germany.
\n\nSpeakerBio: Peiter “Mudge” Zatko, Chief Information Officer at DARPA
\nPeiter “Mudge” Zatko is a distinguished scientist and cybersecurity expert with a career spanning significant roles in both public and private sectors. He returned to DARPA as the agency’s chief information officer in 2024. He previously was a program manager in both the Strategic Technology Office (STO) and Information Innovation Office (I2O). During his tenure in STO, Mudge was pivotal in developing DARPA’s Cyber Analytic Framework, which set a new standard in cybersecurity strategy. He later transitioned to I2O, where he continued to shape DARPA’s cyber initiatives.
\n\nFollowing his impactful career at DARPA, Mudge held key positions in industry, notably serving as corporate vice president of R&D at Motorola Mobility, deputy director at Google’s Advanced Technology and Projects division, and head of security and IT at fintech leader Stripe. Later, Mudge joined the executive team at Twitter, where he oversaw IT, infosec, global platform moderation and services, and corporate security/physical infrastructure.
\n\nMost recently, Mudge returned to the public sector as a Senior Government Executive and Senior Executive Service member, reporting to Director Jen Easterly at the Cybersecurity and Infrastructure Security Agency under the Department of Homeland Security.
\n\nMudge holds a distinguished record of leadership and innovation in cybersecurity and technology, contributing significantly to both national security and private sector advancements.
\n\n\n\'',NULL,614403),('2_Friday','13','13:00','13:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Sshamble: Unexpected Exposures in the Secure Shell\'','\'HD Moore,Rob King\'','DC_9707ef21088bf1cd32abf713d54ee927','\'Title: Sshamble: Unexpected Exposures in the Secure Shell
\nWhen: Friday, Aug 9, 13:00 - 13:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nThe Secure Shell (SSH) has evolved from a remote shell service to a standardized secure transport that is second only to Transport Layer Security (TLS) in terms of exposure and popularity. SSH is no longer just for POSIX operating systems; SSH services can be found in everything from network devices, to source code forges, to Windows-based file transfer tools. While OpenSSH is still the most prominent implementation, it\'s now just one of dozens, and these include a handful of libraries that drive a wide range of applications. This presentation digs deep into SSH, the lesser-known implementations, many of the surprising security issues found along the way, and how to exploit them. As part of this talk, we will release an open source tool, dubbed \"sshamble\", that assists with research and security testing of SSH services.
\n\nSpeakers:HD Moore,Rob King
\n
\nSpeakerBio: HD Moore, CEO and Co-Founder at runZero
\nHD has focused on vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure. HD serves as the CEO and co-founder of runZero, a provider of cutting-edge cyber asset attack surface management (CAASM) software and cloud services. Prior to founding runZero, he held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD\'s professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and breaking into financial institutions. When he\'s not working, he enjoys hacking on weird Go projects, building janky electronics, running in circles, and playing single-player RPGs.
\n\nSpeakerBio: Rob King, Director of Security Research at runZero
\nRob King is the Director of Security Research at runZero. Over his career Rob has served as a senior researcher with KoreLogic, the architect for TippingPoint DVLabs, and helped get several startups off the ground. Rob helped design SC Magazine\'s Data Leakage Prevention Product of the Year for 2010, and was awarded the 3Com Innovator of the Year Award in 2009. He has been invited to speak at BlackHat, Shmoocon, SANS Network Security, and USENIX.
\n\n\n\'',NULL,614404),('2_Friday','13','13:30','14:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Digital Emblems: When markings are required under international law, but you don’t have a rattle-can handy\'','\'Bill Woodcock\'','DC_21bc6a9f97944d72c92e0797a61937a3','\'Title: Digital Emblems: When markings are required under international law, but you don’t have a rattle-can handy
\nWhen: Friday, Aug 9, 13:30 - 14:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nThere are physical markings that are required under hundreds of different international laws, some governing transport of goods across national borders, some offering humanitarian protections on the battlefield, some seeking to protect the environment or genetic diversity… What they all have in common is that they’re currently represented by visual marks applied to objects. Many of these processes are undergoing “digitalization,” and becoming machine-readable, or electronically-signaled. A standards effort currently underway in the IETF seeks to create a common global marking protocol which would allow open-standards-based devices to scan, cryptographically validate, and display the digital versions of these marks. This session will relate the state of the standards effort, the scope of markings that have been considered thus far, and seek input on security or privacy vulnerabilities which may exist in the proposed standard.
\n\nSpeakerBio: Bill Woodcock, Executive Director at Packet Clearing House
\nBill Woodcock is the executive director of Packet Clearing House, the intergovernmental treaty organization that supports the operation of critical Internet infrastructure, including Internet exchange points and the core of the domain name system. Since entering the Internet industry in 1985, Bill has helped establish more than three hundred Internet exchange points. In 1989, Bill developed the anycast routing technique that now protects the domain name system. In 1998 he was one of the principal drivers of California 17538.4, the world’s first anti-spam legislation. Bill was principal author of the Multicast DNS and Operator Requirements of Infrastructure Management Methods IETF drafts. In 2002 he co-founded INOC-DBA, the security-coordination hotline system that interconnects the network operations centers of more than three thousand Internet Service Providers and Security Operations Centers around the world. And in 2007, Bill was one of the two international liaisons deployed by NSP-Sec to the Estonian CERT during the Russian cyber-attack. In 2011, Bill authored the first survey of Internet interconnection agreements, as input to the OECD’s analysis of the Internet economy. Bill served on the Global Commission on the Stability of Cyberspace and on the Commission on Caribbean Communications Resilience. He\'s on the board of directors of the M3AA Foundation, and was on the board of the American Registry for Internet Numbers for fifteen years. Now, Bill’s work focuses principally on the security and economic stability of critical Internet infrastructure.
\n\n\n\'',NULL,614405),('2_Friday','14','13:30','14:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Digital Emblems: When markings are required under international law, but you don’t have a rattle-can handy\'','\'Bill Woodcock\'','DC_21bc6a9f97944d72c92e0797a61937a3','\'\'',NULL,614406),('2_Friday','13','13:30','14:15','N','DC','LVCC West/Floor 3/W322-W327','\'Xiaomi The Money - Our Toronto Pwn2Own Exploit and Behind The Scenes Story\'','\'Ken Gannon,Ilyes Beghdadi\'','DC_7c7b15575eacf6eab6fa4a2620c05e96','\'Title: Xiaomi The Money - Our Toronto Pwn2Own Exploit and Behind The Scenes Story
\nWhen: Friday, Aug 9, 13:30 - 14:15 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nAt Pwn2Own Toronto 2023, NCC Group was one of the two teams that compromised the Xiaomi 13 Pro. The exploit chain involved using a malicious HTML hyperlink and uploading a potentially malicious application to the Xiaomi app store.
\n\nHowever, this talk is not just about the technical details of the exploit. While researching the final exploit, NCC Group discovered how an exploit could work in one region of the world, but not in other regions, and how the researchers had to travel to Canada for a day just to test if the exploit would work in Canada. This talk also discusses just how far Xiaomi is willing to go to make sure their device isn\'t hacked at Pwn2Own, and why only two teams were able to successfully compromise the device during the competition.
\n\nSpeakers:Ken Gannon,Ilyes Beghdadi
\n
\nSpeakerBio: Ken Gannon, Principal Security Consultant at NCC Group
\nKen is a Principal Security Consultant at NCC Group who specializes in mobile security and doing security research on mobile devices. He occasionally complains about Xiaomi and other phone manufacturers.
\n\nSpeakerBio: Ilyes Beghdadi, Senior Application Security Engineer at Census Labs
\nIlyes is a Senior Application Security Engineer at Census Labs. At the time of the Pwn2Own research and entry, he was a Security Consultant at NCC Group who worked on reverse engineering Android malware.
\n\n\n\'',NULL,614407),('2_Friday','14','13:30','14:15','Y','DC','LVCC West/Floor 3/W322-W327','\'Xiaomi The Money - Our Toronto Pwn2Own Exploit and Behind The Scenes Story\'','\'Ken Gannon,Ilyes Beghdadi\'','DC_7c7b15575eacf6eab6fa4a2620c05e96','\'\'',NULL,614408),('2_Friday','14','14:00','14:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'DEF CON Unplugged: Cocktails & Cyber with Jeff & Jen\'','\'Jen Easterly\'','DC_b235a87a57f514959ff4072098f459b3','\'Title: DEF CON Unplugged: Cocktails & Cyber with Jeff & Jen
\nWhen: Friday, Aug 9, 14:00 - 14:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\nJoin DEF CON Founder Jeff Moss for an Ask Me Anything with CISA Director Jen Easterly. REAL WORLD DEF CON: Where hackers stop being polite and start getting real.
\n\nSpeakerBio: Jen Easterly, Director at Cybersecurity and Infrastructure Security Agency (CISA)
\nJen Easterly is the Director of the Cybersecurity and Infrastructure Security Agency (CISA). She was nominated by President Biden in April 2021 and unanimously confirmed by the Senate on July 12, 2021. Before coming to CISA, Jen was Head of Firm Resilience at Morgan Stanley. A two-time recipient of the Bronze Star, Jen retired from the U.S. Army after more than 20 years, including deployments in Haiti, the Balkans, Iraq, and Afghanistan. Responsible for standing up the Army’s first cyber battalion, she was also instrumental in the creation of United States Cyber Command. A graduate of West Point, Jen holds a master’s degree from the University of Oxford, where she studied as a Rhodes Scholar. She is the recipient of numerous honors, including the George C. Marshall Award in Ethical Leadership and the National Defense University Admiral Grace Hopper Award. She is a proud Mom, a mental health advocate, a Rubik’s Cube enthusiast, and an aspiring electric guitarist.
\n\n\n\'',NULL,614409),('2_Friday','14','14:00','14:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Optical Espionage: Using Lasers to Hear Keystrokes Through Glass Windows\'','\'samy kamkar\'','DC_30321d0470644b5a07335f58464eb5ea','\'Title: Optical Espionage: Using Lasers to Hear Keystrokes Through Glass Windows
\nWhen: Friday, Aug 9, 14:00 - 14:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nSashay away from this talk with the knowledge to perform state-of-the-art espionage, no technical background required.
\n\nIn the realm of privilege escalation and data exfiltration, the physical world quietly screams secrets. We\'ll demystify the fascinating physics behind signals and how various forms of energy--infrared, visible, and ultraviolet light, radio, ultrasound, audible sound, mechanical vibration, and temperature--can be interpreted as waves that unintentionally leak information, even in air-gapped (non-networked) systems. We\'ll observe how air is in fact not an effective gap or barrier as radio, light, sound, and vibration excitedly travel through it. We\'ll explore how all electrical signals radiate electromagnetism (light or radio) that can be intercepted and how we can reverse this process, producing electromagnetism to inject desired electrical signals into our target.
\n\nWe\'ll delve into historical and seminal side-channel/TEMPEST attacks from our friends at the NSA, KGB, and past DEF CON pioneers. You\'ll learn about the essential electrical and optical components combined for cutting-edge eavesdropping, including what our target is typing from a distance.
\n\nWhile others believe they\'re obtaining noise, we will extract signal, and you\'ll leave this talk hearing the world in a new light.
\n\n\n- [1985] Electromagnetic radiation from video display units - Wim van Eck
\n- Bunnie link
\n- DEFCON 17: Sniff Keystrokes With Lasers/Voltmeters - Andrea Barisani, Daniele Bianco
\n- DEF CON 23 - Colin Flynn - Dont Whisper my Chips: Sidechannel and Glitching for Fun and Profit
\n- DEF CON 24 - Marc Newlin - MouseJack: Injecting Keystrokes into Wireless Mice
\n- DEF CON 25 - Matt Wixey - See no evil, hear no evil: Hacking invisibly & silently with light & sound
\n- DEF CON 31 - Video Based Cryptanalysis Extracting Keys from Power LEDs - Ben Nassi, Ofek Vayner
\n- Georgi Gerganov - kbd-audio link
\n- Lest We Remember: Cold Boot Attacks on Encryption Keys - Halderman et al link
\n- RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis - Daniel Genkin, Adi Shamir, Eran Tromer link
\n
\n\nSpeakerBio: samy kamkar
\nSamy Kamkar is a security researcher, sometimes known for creating The MySpace Worm, the fastest spreading (non-biological) virus of all time. As a teenager, this led to a raid by the Secret Service and a court-ordered ban from computers, the Internet, and MySpace. After years of virtuous, upstanding behavior and a legal technological reinstatement, he now attempts to develop and illustrate terrifying vulnerabilities with playfulness, where his exploits have been branded:
\n\n“Controversial” -The Wall Street Journal
\n\n“Horrific” -The New York Times
\n\n“Now I want to fill my USB ports up with cement” -Gizmodo
\n\nSamy\'s open source software, hardware, and research highlight insecurities and privacy implications in everyday technologies. From NAT Slipstreaming and Evercookies, which bypass firewalls by simply visiting a web page and produce virtually immutable respawning cookies, to RollJam and SkyJack, a cryptography-agnostic radio-based car exploitation device and drones that wirelessly hijack and autonomously control swarms of other drones within wireless distance.
\n\nHis work has been cited by the NSA, triggered hearings on Capitol Hill, and is the basis for security advancements across nearly all major web browsers, smartphones, and vehicles.
\n\n\n\'',NULL,614410),('2_Friday','14','14:00','14:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'The Way To Android Root: Exploiting Your GPU On Smartphone\'','\'Xiling Gong,Eugene Rodionov,Xuan Xing\'','DC_907162ad5a3b938f755bb1207bd78657','\'Title: The Way To Android Root: Exploiting Your GPU On Smartphone
\nWhen: Friday, Aug 9, 14:00 - 14:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nGPU security is a vital area of mobile security highlighted both by public security research as well as by in-the-wild attacks. Due to the high complexity of the GPU software/firmware along with a widely available attack surface, issues in GPU provide strong exploitation primitives for local privilege escalation attacks by the code running in unprivileged context.
\n\nIn this talk, we will focus our research on the Qualcomm Adreno GPU, which is a very popular GPU implementation in mobile devices. We will do a deep dive into Adreno GPU kernel module implementation focusing on the most recent GPU versions, reveal its complex and new attack surfaces, and discuss vulnerabilities we discovered in this component.
\n\nIn total we identified 9+ exploitable vulnerabilities in Adreno GPU driver leading to kernel code execution and affecting Qualcomm-based devices using the latest GPU models. We will demonstrate the exploitation of one of the race condition issues on a fully-patched widely used Android device to obtain root privileges from zero-permission application with 100% success rate.
\n\nAndroid kernel mitigations such as CFI and W^X create significant hurdles for exploiting vulnerabilities in kernel to achieve code execution. Also race condition usually means unstable, low success rate. We\'ll explain how we overcome these challenges with a novel, generic exploit method that leverages GPU features to achieve arbitrary physical memory read/write. This technique bypasses key mitigations (CFI, W^X) and has broader implications for kernel heap buffer overflows. We will cover the technical details of the exploitation, and especially the novel generic exploit method.
\n\nWe will also discuss the action items that the vendors could take to minimize the impact of this exploit method, as well as general methods to improve the overall security status of the GPU.
\n\nSpeakers:Xiling Gong,Eugene Rodionov,Xuan Xing
\n
\nSpeakerBio: Xiling Gong, Security Researcher, Android Red Team at Google
\nXiling Gong is a Security Researcher at Google on the Android Red Team. Xiling focuses on finding and exploiting vulnerabilities in the low-level components of the Android platform and Pixel devices. Xiling has been a speaker at CanSecWest 2018, Black Hat USA 2019, Def Con 27, Black Hat Asia 2021 and Black Hat USA 2023, Def Con 31.
\n\nSpeakerBio: Eugene Rodionov, Technical Leader, Android Red Team at Google
\nEugene Rodionov, PhD, is the technical leader of the Android Red Team at Google. In his current position, Eugene focuses on finding and exploiting vulnerabilities in the low-level components of the Android platform and Pixel devices. Prior to that, Rodionov performed offensive security research on UEFI firmware for Client Platforms at Intel, and ran internal research projects and performed in-depth analysis of complex threats at ESET. His fields of interest include reverse engineering, vulnerability analysis, firmware security and anti-rootkit technologies. Rodionov is a co-author of the \"Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats\" book and has spoken at security conferences such as Black Hat, REcon, ZeroNights, and CARO.
\n\nSpeakerBio: Xuan Xing, Manager, Android Red Team at Google
\nXuan Xing is the manager of the Android Red Team at Google. For the past years, Xuan focused on finding security vulnerabilities in various low level components of Android/Pixel devices. He is passionate about software fuzzing for security research. In Black Hat USA 2022 Xuan presented the \"Google Reimagined a Phone. It was Our Job to Red Team and Secure it\" talking about Pixel ABL security auditing.
\n\n\n\'',NULL,614411),('2_Friday','14','14:30','15:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Breaching AWS Accounts Through Shadow Resources\'','\'Yakir Kadkoda,Michael Katchinskiy,Ofek Itach\'','DC_cce038fb8dff01b7fa4ade0c1e33b70f','\'Title: Breaching AWS Accounts Through Shadow Resources
\nWhen: Friday, Aug 9, 14:30 - 15:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nThe cloud seems complex, but it\'s what happens behind the scenes that really complicates things. Some services utilize others as resources as part of their logic/operation. Interestingly enough, it turns out that this could lead to catastrophic results if done unsafely.
\n\nThis talk will present six critical vulnerabilities that we found in AWS, along with the stories and methodologies behind them. These vulnerabilities, which were all promptly acknowledged and fixed by AWS, could allow external attackers to breach almost any AWS account. The vulnerabilities range from remote code execution, which could lead to full account takeover, to information disclosure, potentially exposing sensitive data, or causing denial of service. The session will share our story of discovery, how we were able to identify commonalities among them, and how we developed a method to uncover more vulnerabilities and enhance the impact by using common techniques leading to privilege escalation. We will then detail our approach for mapping service external resources and release our Open-Source tool to research service internal API calls. We will also present a method to check if accounts have been vulnerable to this vector in the past.
\n\nWe will conclude our talk with the lessons learned during this research and our future line of research. We will highlight new areas that cloud researchers need to explore when hunting for cloud vulnerabilities and highlight best practices for developers to use in complex environments.
\n\n\n\nSpeakers:Yakir Kadkoda,Michael Katchinskiy,Ofek Itach
\n
\nSpeakerBio: Yakir Kadkoda, Lead Security Researcher, Team Nautilus at Aqua
\nYakir Kadkoda is a Lead Security Researcher at Aqua\'s research team, Team Nautilus. He combines his expertise in vulnerability research with a focus on discovering and analyzing new security threats and attack vectors in cloud native environments, supply chain security, and CI/CD processes. Prior to joining Aqua, Yakir worked as a red teamer. Yakir has shared his cybersecurity insights at major industry events like Black Hat and RSA.
\n\nSpeakerBio: Michael Katchinskiy
\nMichael Katchinskiy is a Security Researcher and a Computer Science student at the Technion. His work focuses on researching and analyzing new attack vectors in cloud-native environments, specializing in Kubernetes and integrating CNAPP data to detect and prevent attacks.
\n\nSpeakerBio: Ofek Itach, Senior Security Researcher at Aqua
\nOfek Itach is a Senior Security Researcher at Aqua, specializing in cloud research. His work centers on identifying and analyzing attack vectors in cloud environments, enhancing security measures for cloud platforms and cloud environments.
\n\n\n\'',NULL,614412),('2_Friday','15','14:30','15:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Breaching AWS Accounts Through Shadow Resources\'','\'Yakir Kadkoda,Michael Katchinskiy,Ofek Itach\'','DC_cce038fb8dff01b7fa4ade0c1e33b70f','\'\'',NULL,614413),('2_Friday','14','14:30','15:15','N','DC','LVCC West/Floor 3/W322-W327','\'Joe and Bruno\'s Guide to Hacking Time: Regenerating Passwords from RoboForm\'s Password Generator\'','\'Joe \"Kingpin\" Grand,Bruno Krauss\'','DC_cbbacfc77fb86075121ef1b56ffa3d25','\'Title: Joe and Bruno\'s Guide to Hacking Time: Regenerating Passwords from RoboForm\'s Password Generator
\nWhen: Friday, Aug 9, 14:30 - 15:15 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nImagine if you could go back in time to precompute all passwords that could have been generated by an off-the-shelf password generator? With RoboForm versions prior to June 2015, you can!
\n\nIn Joe and Bruno\'s Guide to Hacking Time, Joe and Bruno share their story, process, and experiences of reverse engineering RoboForm, finding a weakness in the randomness of the password generation routine, and creating a wrapper to generate all possible passwords that could have been generated within a specific time frame. Their work, using Cheat Engine, Ghidra, x64dbg, and custom code, was done specifically to help someone recover over $3 million of Bitcoin locked in a software wallet, but the attack could be exploited against any account or system protected by a password generated by RoboForm before their 7.9.14 release when this problem was fixed.
\n\n\n- Kung Fury, link
\n- Cheat Engine
\n- Ghidra
\n- x64dbg
\n
\n\nSpeakers:Joe \"Kingpin\" Grand,Bruno Krauss
\n
\nSpeakerBio: Joe \"Kingpin\" Grand
\nJoe Grand, also known as Kingpin, is a computer engineer, hardware hacker, teacher, daddy, honorary doctor, occasional YouTuber, creator of the first electronic badges for DEFCON, member of L0pht Heavy Industries, and former technological juvenile delinquent.
\n\nSpeakerBio: Bruno Krauss
\nBruno Krauss is a software engineer and Bitcoin enthusiast. He demonstrated his knack for password cracking at the age of 13 by bypassing his secondary school\'s IT security to mine BTC on their PCs and now specializes in cryptocurrency recovery.
\n\n\n\'',NULL,614414),('2_Friday','15','14:30','15:15','Y','DC','LVCC West/Floor 3/W322-W327','\'Joe and Bruno\'s Guide to Hacking Time: Regenerating Passwords from RoboForm\'s Password Generator\'','\'Joe \"Kingpin\" Grand,Bruno Krauss\'','DC_cbbacfc77fb86075121ef1b56ffa3d25','\'\'',NULL,614415),('2_Friday','15','15:00','15:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Abusing Windows Hello Without a Severed Hand\'','\'Ceri Coburn,Dirk-jan Mollema\'','DC_269b106fe2c11825f1ea93a2f1f73955','\'Title: Abusing Windows Hello Without a Severed Hand
\nWhen: Friday, Aug 9, 15:00 - 15:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nWindows Hello is touted by Microsoft as the modern de facto authentication scheme on Windows platforms, supporting authentication and encryption backed by biometrics. In a world that is quickly accelerating towards a passwordless existence, what new threats do we face in this complex landscape? We will take a deep dive into the inner working of Windows Hello. Via the release of a new tool, it will be demonstrated how an attacker on a fully compromised Windows host can leverage secrets backed by Windows Hello biometrics without needing the biometric data that protects them. We will also show how the hardware protections of Windows Hello and its accompanying Primary Refresh Tokens can be defeated, making it possible to use Windows Hello for identity persistency and PRT stealing, in some cases even without Administrator access on the host.
\n\n\n\nSpeakers:Ceri Coburn,Dirk-jan Mollema
\n
\nSpeakerBio: Ceri Coburn, Red Team Operator and Offensive Security Dev at Pen Test Partners
\nAfter a 20 year career within the software development space, Ceri was looking for a new challenge and moved into pen testing back in 2019. During that time he has created and contributed to several open source offensive tools such as Rubeus, BOFNET and SweetPotato and on the odd occasion contributed to projects on the defensive side too. After speaking at DEF CON 31 for the first-time last year, he is now back for more. He currently works as a red team operator and offensive security dev at Pen Test Partners.
\n\nSpeakerBio: Dirk-jan Mollema, Security Researcher at Outsider Security
\nDirk-jan Mollema is a hacker and researcher of Active Directory and Microsoft Entra (Azure AD) security. In 2022 he started his own company, Outsider Security, where he performs penetration tests and reviews of enterprise networks and cloud environments. He blogs at dirkjanm.io, where he publishes his research, and shares updates on the many open source security tools he has written over the years. He presented previously at TROOPERS, DEF CON, Black Hat and BlueHat and has been awarded as one of Microsoft\'s Most Valuable Researchers multiple times.
\n\n\n\'',NULL,614416),('2_Friday','15','15:00','15:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?\'','\'Ryan Johnson\'','DC_90ae3a446106860b3d195e27d4bf69ae','\'Title: Android App Usage and Cell Tower Location: Private. Sensitive. Available to Anyone?
\nWhen: Friday, Aug 9, 15:00 - 15:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nDo you consider the list of mobile apps you use and the frequency at which you use them private information? What about the GPS coordinates of the cell towers to which your smartphone connects? The Android framework restricts third-party apps from freely obtaining this information – unless the user explicitly grants the app access. Android is a diverse ecosystem that comes with many benefits, but device vendors can still unintentionally expose app usage and device location in a variety of ways. We uncover privacy leaks of both types of data, where pre-loaded vendor software exposes app usage and location to co-located software. We also explore various local exposures of this data, where it is leaked to resources that do not require any special permissions or privileges to access.
\n\nWe discovered these leakages across several major vendors, including Samsung, Nokia, Transsion brands (i.e., Tecno, Infinix, and Itel), and additional vendors that utilize a pre-installed Qualcomm app for performance monitoring. We cover each of these exposures in detail. App usage reveals the subset of the apps that the user actually interacts with, which can be collected, combined with location data, and analyzed for advertising, profiling, and establishing user pattern-of-life.
\n\n\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n
\n\nSpeakerBio: Ryan Johnson, Senior Director, R&D at Quokka
\nDr. Ryan Johnson is a Senior Director, R&D at Quokka (formerly Kryptowire). His research interests are static and dynamic analysis of Android apps and reverse engineering. He is a co-founder of Quokka and has presented at DEF CON, Black Hat (USA, Asia, & MEA), IT-Defense, and @Hack. His research in Android security has been assigned dozens of CVEs and is responsible for discovering the Adups spyware that affected millions of Android smartphones.
\n\n\n\'',NULL,614417),('2_Friday','15','15:00','15:59','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'DC101 Panel\'','\'Nikita Kronenberg,Drew \"aNullValue\" Stemen,Grifter,AdaZebra\'','DC_aa35b1767cf97c352765dea22d80f74b','\'Title: DC101 Panel
\nWhen: Friday, Aug 9, 15:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\n\n\nSpeakers:Nikita Kronenberg,Drew \"aNullValue\" Stemen,Grifter,AdaZebra
\n
\nSpeakerBio: Nikita Kronenberg, Director of Content and Coordination at DEF CON Communications
\nNo BIO available
\nSpeakerBio: Drew \"aNullValue\" Stemen, Project Manager at Hacker Tracker
\nNo BIO available
\nSpeakerBio: Grifter, Contests & Events Lead at DEF CON 32
\nNo BIO available
\nSpeakerBio: AdaZebra, Head of Hotline at DEF CON 32
\nNo BIO available
\n\n\'',NULL,614418),('2_Friday','15','15:30','16:15','N','DC','LVCC West/Floor 3/W322-W327','\'Social Engineering Like you’re Picard\'','\'Jayson E. Street\'','DC_796f96d7d123efa1e6f92e18ceff5cb8','\'Title: Social Engineering Like you’re Picard
\nWhen: Friday, Aug 9, 15:30 - 16:15 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nAI is transforming social engineering. Using tools like ChatGPT, Gemini, and Copilot, attackers can make phishing and vishing attacks nearly impossible to distinguish from legitimate Interactions. This presentation will demonstrate how virtually anyone with a pulse can now use AI to craft sophisticated phishing sites and conduct vishing operations with unprecedented subtlety and effectiveness. These next-generation techniques are transforming the landscape of social engineering.
\n\nYou will learn how to replicate these advanced techniques to elevate your own social-engineering game. You will learn how criminals can manipulate AI tools to simulate real-world attacks and gain a deeper insight into their tactics. You’ll learn how to use A.I. to enhance how you attack now & ways for it to supplement skills you don’t currently have.
\n\nYou will learn how to leverage these techniques to transform an organization’s, traditional, “security awareness” mentality into a “situational awareness” mindset. Using real-world examples, we demonstrate turning potential threats into teachable moments.
\n\nThis session is essential for anyone looking to harness the power of AI in hacking and Red Teaming. We offer practical skills to engage employees and enhance your approach to social engineering both offensively and defensively. And yes, we do this with a certain theme in mind as I ENGAGE the audience as we boldly go where no Hackers have gone before!
\n\n\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n
\n\nSpeakerBio: Jayson E. Street
\nJayson E. Street referred to in the past as:
\n\nA \"notorious hacker\" by FOX25 Boston, \"World Class Hacker\" by National Geographic Breakthrough Series and described as a \"paunchy hacker\" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.
\n\nHe\'s a Simulated Adversary for hire. The author of the \"Dissecting the hack: Series\" ( Which has been taught in colleges and Jayson also appears in college text books as well). Also, the DEF CON Groups Global Ambassador. He\'s spoken at DEF CON, DEF CON China, GRRCon, DerbyCon and at several other \'CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.
\n\nHe loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once all others he was supposed to)!
\n\nJayson is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far but if they are please note he was proud to be chosen as one of Time\'s persons of the year for 2006.
\n\n\n\'',NULL,614419),('2_Friday','16','15:30','16:15','Y','DC','LVCC West/Floor 3/W322-W327','\'Social Engineering Like you’re Picard\'','\'Jayson E. Street\'','DC_796f96d7d123efa1e6f92e18ceff5cb8','\'\'',NULL,614420),('2_Friday','15','15:30','16:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Taming the Beast: Inside the Llama 3 Red Team Process\'','\'Aaron \"dyn\" Grattafiori,Ivan Evtimov,Joanna Bitton,Maya Pavlova\'','DC_9c09dce51f21695b3cd701a8636d5e2f','\'Title: Taming the Beast: Inside the Llama 3 Red Team Process
\nWhen: Friday, Aug 9, 15:30 - 16:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nIn this presentation, the core AI Red Team at Meta will take you on a journey through the story of Red Teaming the Llama 3 Large Language Model. This talk is perfect for anyone eager to delve into the complexity of advanced model Red Teaming and safety, as well as how to perform their own research to find new attacks should attend this talk. We’ll begin by exploring what AI Red Teaming is truly about, before exploring Meta’s process and approaches on the topic. The team will detail our methodology for discovering new risks within complex AI capabilities, how emergent capabilities may breed emergent risks, what types of attacks we’re looking to perform across different model capabilities and how or why the attacks even work. Moreover, we’ll explore insights into which lessons from decades of security expertise can – and cannot – be applied as we venture into a new era of AI trust and safety.
\n\nThe team will then move on to how we used automation to scale attacks up, our novel approach to multi-turn adversarial AI agents and the systems we built to benchmark safety across a set of different high-risk areas. We also plan to discuss advanced cyber-attacks (both human and automated), Meta’s open benchmark CyberSecEvals and touch on Red Teaming for national security threats presented by state-of-the-art models. For each of these areas we’ll touch on various assessment and measurement challenges, ending on where we see the AI Red Teaming industry gaps, as well as where AI Safety is heading at a rapid pace.
\n\nSpeakers:Aaron \"dyn\" Grattafiori,Ivan Evtimov,Joanna Bitton,Maya Pavlova
\n
\nSpeakerBio: Aaron \"dyn\" Grattafiori, Lead, AI Red Teaming at Meta
\nAaron “dyn” Grattafiori is currently a lead for AI Red Teaming at Meta, leading the fight against the machines. Previously he spent over six years leading the “cyber” Red Team at Meta performing full-scale Operations against a wide array of objectives from insider threats and edge device compromises to simulated supply chain attacks, ransomware, custom rootkits and malware. Before working at Meta, Aaron was a Principal Consultant at NCC Group for many years working on application security assessments for leading software companies across web, mobile, cryptography, virtualization, containers as well as network security assessments. Aaron has spoken on a wide range of topics at security conferences such as BlackHat, DEF CON, Enigma, Toorcon, Source Seattle, Red Team Summit and more. When not hacking the LLM gibson, Aaron can be found on the slopes, the garage working on an old car or hiking the front range in Colorado.
\n\nSpeakerBio: Ivan Evtimov, Red Teaming Research Scientist, Gen AI Trust & Safety at Meta
\nCurrently a red teaming research scientist at Meta Gen AI Trust & Safety. Ivan has been the tech lead for red teaming Llama 3, Code Llama, AudioBox, Seamless and participated as a red teamer in many other model and product releases. Ivan has also carried out AI research on cybersecurity safety, robustness to spurious correlations, and fairness in AI systems. Before Meta, Ivan was a member of the Computer Security and Privacy Lab and the Tech Policy Lab at the University of Washington, carrying out research on adversarial machine learning. He has also been spotted on a bike in the general vicinity of New York City.
\n\nSpeakerBio: Joanna Bitton, Software Engineer, GenAI Trust & Safety at Meta
\nCurrently a software engineer on Meta’s GenAI Trust & Safety, Joanna has been the lead for automation, safety and red teaming across many internal projects at Meta. An original member of the Facebook AI Red Team, she has worked on critical Responsible AI issues for over five years. She is also the author of AugLy, a data augmentation library for audio, image, text, and video to bypass classifiers and perform other attacks with over 5k GitHub stars. Joanna takes red teaming to heart, and can neither confirm nor deny she was raised on a submarine.
\n\nSpeakerBio: Maya Pavlova, Software Engineer, GenAI Trust & Safety at Meta
\nCurrently a software engineer on Meta’s GenAI Trust & Safety, Maya Pavlova’s main work these days has been on understanding how to bridge the gap between manual red teaming processes and automated solutions. Maya originally entered this world from the safety testing lens, previously working on scaling Responsible AI’s fairness evaluation platforms, she has now pivoted to the interesting problem of how to automate AI red teaming attacks to build robust adversarial stress testing platforms.
\n\n\n\'',NULL,614421),('2_Friday','16','15:30','16:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Taming the Beast: Inside the Llama 3 Red Team Process\'','\'Aaron \"dyn\" Grattafiori,Ivan Evtimov,Joanna Bitton,Maya Pavlova\'','DC_9c09dce51f21695b3cd701a8636d5e2f','\'\'',NULL,614422),('2_Friday','16','16:00','16:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Outlook Unleashing RCE Chaos: CVE-2024-30103 & CVE-2024-38021\'','\'Michael Gorelik ,Arnold Osipov\'','DC_0f95ca74b7e43c2c9f62226894ecc611','\'Title: Outlook Unleashing RCE Chaos: CVE-2024-30103 & CVE-2024-38021
\nWhen: Friday, Aug 9, 16:00 - 16:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nDid you ever receive an empty email and immediately think it might be a reconnaissance attack? What if opening such an email in your Outlook client could trigger remote code execution through an invisible form? Yes, all forms are COM objects, and CVE-2024-21378 has flung open the gates to Outlook RCE chaos.
\n\nIn our session, \"Outlook Unleashing RCE Chaos: CVE-2024-30103\" we\'ll dive into how this seemingly innocuous vulnerability can lead to mayhem. This vulnerability paved the way for us to discover a series of new remote code execution vulnerabilities in Outlook, including CVE-2024-30103. But we’re not stopping there.
\n\nAdditionally, we\'ll uncover other vulnerabilities that can cause NTLM leaks from your domain-joined devices.
\n\nSo, how did we get here? Join us as we construct an evolution timeline of this attack surface. From the origins of these exploits to their current incarnations, we\'ll cover it all. And because we believe in building a safer digital world, we\'ll conclude with specific, actionable recommendations on how to minimize these threats.
\n\n\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n
\n\nSpeakers:Michael Gorelik ,Arnold Osipov
\n
\nSpeakerBio: Michael Gorelik , Founder at Morphisec
\nMichael has amassed over twenty years of experience in the cybersecurity industry, with a decade at Morphisec where he pioneered Moving Target Defense within Endpoint Security. Prior to founding Morphisec, he collaborated on numerous security projects with Deutsche Telekom and Ben-Gurion University laboratories. His expertise spans roles as a reverser, malware researcher, penetration tester, and vulnerability researcher. Michael holds more than seven patents and a Master of Science degree in Computer Science from Ben-Gurion University, Israel. He has worked with the FBI on several significant cybersecurity cases and identified critical privilege escalation exploits in various endpoint security vendors. Michael is a seasoned speaker at industry conferences and led his team to uncover one of the largest supply chain attacks, the CCleaner incident.
\n\nSpeakerBio: Arnold Osipov, Distinguished Malware Researcher at Morphisec
\nArnold is a distinguished malware researcher at Morphisec, renowned for discovering new categories of malware, including the Jupyter and Chaos info stealers among others. His groundbreaking work has significantly advanced understanding and mitigation of emerging malware threats. Arnold has presented his findings at various BSides events throughout Europe, establishing himself as a knowledgeable and engaging speaker. His research continues to push the boundaries of cybersecurity, enhancing both Morphisec’s capabilities and the broader security landscape.
\n\n\n\'',NULL,614423),('3_Saturday','14','14:00','14:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'SQL Injection Isn\'t Dead: Smuggling Queries at the Protocol Level\'','\'Paul Gerste\'','DC_5d538b952643182f6efd4b42f5b85e5d','\'Title: SQL Injection Isn\'t Dead: Smuggling Queries at the Protocol Level
\nWhen: Saturday, Aug 10, 14:00 - 14:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\nSQL injections seem to be a solved problem; databases even have built-in support for prepared statements, leaving no room for injections. In this session, we will go a level deeper: instead of attacking the query syntax, we will explore smuggling attacks against database wire protocols, through which remote, unauthenticated attackers can inject entire (No)SQL statements into an application\'s database connection.
\n\nUsing vulnerable database driver libraries as case studies, we will bring the concept of HTTP request smuggling to binary protocols. By corrupting the boundaries between protocol messages, we desynchronize an application and its database, allowing the insertion of malicious messages that lead to authentication bypasses, data leakage, and remote code execution.
\n\nTo put our findings into context, we will explore the real-world applicability of this new concept by comparing how robust various languages and frameworks are against these attacks. We will also discuss how smuggling attacks are not specific to database wire protocols but affect all kinds of binary protocols, from databases over message queues to caching. We will end the session with inspirations for future research to explore the topic further.
\n\n\n\nSpeakerBio: Paul Gerste, Vulnerability Researcher, R&D team at Sonar
\nPaul Gerste is a vulnerability researcher on Sonar\'s R&D team. He has a proven talent for finding security issues, demonstrated by his two successful Pwn2Own participations and discoveries in popular applications like Proton Mail, Visual Studio Code, and Rocket.Chat. When Paul is not at work, he enjoys playing CTFs with team FluxFingers and organizing Hack.lu CTF.
\n\n\n\'',NULL,614424),('2_Friday','11','11:30','11:59','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Atomic Honeypot: A MySQL Honeypot That Drops Shells\'','\'Alexander Rubin,Martin Rakhmanov\'','DC_087cfefb8dfa26b5895c20b709c753f8','\'Title: Atomic Honeypot: A MySQL Honeypot That Drops Shells
\nWhen: Friday, Aug 9, 11:30 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\nMeet an attacking MySQL honepot which can “Attack the attackers”. In 2023 we have found a CVE (CVE-2023-21980) in MySQL that allows a rogue MySQL “server” to attack a client connecting to it; attack meaning RCE on the client side. Since then we were thinking on how to use it for good. One obvious application is to create a honeypot which will attack the attackers. In 2024 we have found another RCE in mysqldump utility (CVE-2024-21096), so we have created a rogue MySQL server and weaponized it with a chain of 3 vulnerabilities: 1/ arbitrary file read 2/ RCE from 2023 (CVE-2023- 21980) 3/ the new RCE (CVE-2024-21096). With this atomic honeypot we were able to discover 2 new attacks against MySQL server. Using arbitrary file read vulnerability in MySQL we were able to download and analyze the attackers\' code and then execute an “attack against attackers” using a chain of exploits.
\n\nCVE-2023-21980\nCVE-2024-21096
\n\nSpeakers:Alexander Rubin,Martin Rakhmanov
\n
\nSpeakerBio: Alexander Rubin, Principal Security Engineer, leading RDS Red Team at Amazon Web Services (AWS)
\nAlexander is a Principal Security Engineer at Amazon Web Services (AWS), leading RDS Red Team. Alexander was working as MySQL principal consultant/architect for over 15 years, started with MySQL AB in 2006 (company behind MySQL database), Sun Microsystems, Oracle and then Percona. His security pentest/red teaming interest started with playing CTFs and performing opensource security research. Alexander is managing RDS (relational database as a service) Red Team at Amazon Web Services.
\n\nSpeakerBio: Martin Rakhmanov, Senior Security Engineer, RDS Red Team at Amazon Web Services (AWS)
\nMartin is a Senior Security Engineer at Amazon Web Services (AWS) RDS Red Team. Prior to that, Martin spent 17 years doing security research of databases and other targets, including servers, desktop applications and hardware. Martin found more than 30 CVEs across various databases and other products.
\n\n\n\'',NULL,614425),('2_Friday','16','16:30','17:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Leveraging private APNs for mobile network traffic analysis\'','\'Aapo Oksman\'','DC_b8433127572b2369b9230a3bdeb2cc40','\'Title: Leveraging private APNs for mobile network traffic analysis
\nWhen: Friday, Aug 9, 16:30 - 17:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nKnowing where and how your mobile and IoT devices communicate on the Internet is essential for ensuring privacy and security.
\n\nIn the past, it has been easy to follow their communication through a WIFI connection that you control. However, your devices are becoming more locked down and utilize mobile networks such as 4G and 5G for communication. As the devices communicate directly through mobile network base stations operated by Internet Service Providers (ISPs), tampering with or even monitoring their communication is outside your reach.
\n\nWhile it is possible to set up a private base station, it requires expensive components and is hard to operate. However, many ISPs have begun offering private Access Point Names (APNs) to allow you to have a private network inside the ISP infrastructure.
\n\nThis talk will show how you can affordably leverage ISP-operated mobile networks and their private APN services to control your mobile devices\' network traffic. This technique lets you inspect, filter, and tamper with your mobile devices\' IP traffic for offensive and defensive cyber security needs, such as penetration testing IoT devices or monitoring mobile device endpoints for malicious traffic.
\n\n\n- link
\n- Janne Taponen - Economizing Mobile Network Warfare: Budget-Friendly Baseband Fuzzing - T2 2024 Conference
\n- XiaoHuiHui - All the 4G Modules Could Be Hacked - DEF CON 27 Conference link
\n
\n\nSpeakerBio: Aapo Oksman, Founder at Juurin Oy
\nAapo Oksman is an entrepreneur and the Founder of Juurin Oy, a boutique company focusing on technical IoT cybersecurity. His background is in electrical engineering, embedded devices, and test automation. Combining his background with a hacking hobby led to a cybersecurity career focusing on industrial IoT.
\n\nBug Bounties and security research keep Aapo motivated and learning. His work in PKI and TLS has resulted in multiple CVEs from vendors like Microsoft, Google, Apple, and Samsung. At DEF CON 31, Aapo released a TLS hacking tool, certmitm, that has proven its worth in finding insecure TLS implementations with new vulnerabilities found constantly.
\n\nOutside work and research, Aapo\'s passion is in the community. He organizes local security meetups and coaches the Finnish national youth CTF team in the yearly European Cybersecurity Challenge competition.
\n\n\n\'',NULL,614426),('2_Friday','17','16:30','17:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Leveraging private APNs for mobile network traffic analysis\'','\'Aapo Oksman\'','DC_b8433127572b2369b9230a3bdeb2cc40','\'\'',NULL,614427),('2_Friday','16','16:30','17:15','N','DC','LVCC West/Floor 3/W322-W327','\'Why are you still, using my server for your internet access.\'','\'Thomas Boejstrup Johansen\'','DC_1fab03faf299e3a4bb2016578549d6a1','\'Title: Why are you still, using my server for your internet access.
\nWhen: Friday, Aug 9, 16:30 - 17:15 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nPawning countries at top level domain by just buying one specific domain name ‘wpad.tld’, come hear about this more the 25+ years old issue and the research from running eight different wpad.tld domains for more than one year that turn into more the 1+ billion DNS request and more then 600+GB of Apache log data with leaked information from the clients.
\n\nThis is the story about how easy it is to just buying one domain and then many hundreds of thousands of Internet clients will get auto pwned without knowing it and start sending traffic to this man-in-the-middle setup there is bypassing encryption and can change content with the ability to get the clients to download harmful content and execute it.
\n\nThe talk will explain the technical behind this issue and showcase why and how clients will be trick into this Man-in-the-middle trap.
\n\n\n- Description of wpad and the function, include listing the security issue. link
\n- Navigator Proxy Auto-Config File Format from March 1996 link
\n- INTERNET-DRAFT 1999 for Web Proxy Auto-Discovery Protocol link
\n- Microsoft Security Bulletin MS99-054 Critical Vulnerability from 1999 link
\n- Description of the wpad PAC javascript format. link
\n- Pentesting tool with function as a WPAD Proxy Server to capture credentials from clients. link
\n- WPAD Name Collision Vulnerability link
\n- WPAD Vulnerability link link
\n- ICANN - Root Cause Analysis - wpad.domain.name link
\n- Windows proxy settings ultimate guide part – WPAD/PAC configuration file\n
\n
\n\nSpeakerBio: Thomas Boejstrup Johansen
\nThomas Boejstrup Johansen aka Tooms has been in professional IT for more than 25+ years, where the first 11+ years were as a system administrator for a large Danish company and the last 14+ years as a security specialist with the work in the field of Reverse Engineering Malware, Incident Response and Forensics but also physical redteam engagements and pentesting for customers.
\n\nThe last many years have been mainly as lead senior forensics investigator and incident response on many incidents including some more well known major incidents like the incident in 2021 there got known around the world as Microsoft Exchange Hafnium vulnerability.
\n\n\n\'',NULL,614428),('2_Friday','17','16:30','17:15','Y','DC','LVCC West/Floor 3/W322-W327','\'Why are you still, using my server for your internet access.\'','\'Thomas Boejstrup Johansen\'','DC_1fab03faf299e3a4bb2016578549d6a1','\'\'',NULL,614429),('2_Friday','17','17:00','17:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Breaking Secure Web Gateways (SWG) for Fun and Profit\'','\'Vivek Ramachandran,Jeswin Mathai\'','DC_e01ff20e028eec9da52df9c21e986fc6','\'Title: Breaking Secure Web Gateways (SWG) for Fun and Profit
\nWhen: Friday, Aug 9, 17:00 - 17:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nSecure Web Gateways (SWGs) are cloud-based SSL-intercepting proxies and an important component of enterprise Secure Access Service Edge (SASE) or Security Service Edge (SSE) solutions. SWGs ensure secure web access for enterprise users by doing malware protection, threat prevention, URL filtering, and content inspection of sensitive data, among other critical security measures.
\n\nOur research indicates that in today\'s world of complex web applications and protocols, SWGs often fail to deliver on their promise. We will demonstrate a new class of attacks: “Last Mile Reassembly Attacks,” which, as of this writing, can bypass every SWG in the Gartner Magic Quadrant for SASE and SSE - this includes the largest public market cybersecurity companies in the world. Additionally, we will release an open-source attack toolkit for researchers and red teams to test these attacks on their security solutions and better understand their security exposure.
\n\nWe aim for our talk to compel SWG vendors to rethink cloud-based client-side web attack detection models, and for enterprises to rethink how they look at securing their users against web threats.
\n\nSecure Web Gateway Basics: link\nSSL Interception and Attacks: link
\n\nSpeakers:Vivek Ramachandran,Jeswin Mathai
\n
\nSpeakerBio: Vivek Ramachandran, Founder at SquareX
\nVivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. Before that, Vivek’s company built an 802.11ac monitoring product sold exclusively to defense agencies. Vivek discovered the Caffe Latte attack, broke WEP Cloaking, conceptualized enterprise Wi-Fi Backdoors, and created Chellam (Wi-Fi Firewall), WiMonitor Enterprise (802.11ac monitoring), Chigula (Wi-Fi traffic analysis via SQL), Deceptacon (IoT Honeypots), among others. He is the author of multiple five-star-rated books in offensive cybersecurity, which have sold thousands of copies worldwide and have been translated into multiple languages. He has been a speaker/trainer at top security conferences such as Blackhat USA, Europe and Abu Dhabi, DEFCON, Nullcon, Brucon, HITB, Hacktivity, and others. Vivek’s work in cybersecurity has been covered in Forbes, TechCrunch, and other popular media outlets. In a past life, he was one of the programmers of the 802.1x protocol and Port Security in Cisco’s 6500 Catalyst series of switches. He was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He has also published multiple research papers in the field of DDoS, ARP Spoofing Detection, and Anomaly-based Intrusion Detection Systems. In 2021, he was awarded an honorary title of Regional Director of Cybersecurity by Microsoft for a period of three years, and in 2024 he joined the BlackHat Arsenal Review Board.
\n\nSpeakerBio: Jeswin Mathai, Chief Architect at SquareX
\nJeswin Mathai serves as the Chief Architect at SquareX, where he leads the design and implementation of the company\'s infrastructure. Before joining SquareX, he was part of Pentester Academy (acquired by INE) where he was responsible for managing the whole lab platform that was used by thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. A seasoned speaker and researcher, Jeswin has showcased his work at prestigious international stages such as DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs at DEFCON. He has also imparted his knowledge globally, training in-classroom sessions at Black Hat US, Asia, HITB, RootCon, and OWASP NZ Day. Jeswin is also the creator of popular open-source projects such as AWSGoat, AzureGoat, and PAToolkit. He holds a Bachelor\'s degree from IIIT Bhubaneswar, where he led the InfoSec Society. In association with CDAC and ISEA, he spearheaded security audits of government portals and orchestrated cybersecurity workshops for government officials. Jeswin\'s professional interests are focused on advancing the fields of Cloud Security, Container Security, and Browser Security.
\n\n\n\'',NULL,614430),('2_Friday','17','17:00','17:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Bricked & Abandoned: How To Keep The IoT From Becoming An Internet of Trash\'','\'Paul Roberts,Chris Wysopal,Cory Doctorow,Tarah Wheeler,Dennis Giese\'','DC_5a95cf9ea6b8b74c94f7be327e653c78','\'Title: Bricked & Abandoned: How To Keep The IoT From Becoming An Internet of Trash
\nWhen: Friday, Aug 9, 17:00 - 17:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\nIn a world where technology and software are intertwined with our daily lives more than ever, a silent threat grows in the shadows.
\n\nEnd-of-life devices—abandoned by manufacturers - power our homes, hospitals, businesses and critical infrastructure. From the depths of the cyber underground, malicious software from cybercriminal and nation-state actors is seizing these forgotten devices and conscripting them into botnets and other malicious infrastructure.
\n\nFor example, Black Lotus Labs revealed a chilling trend: 40,000 small office home office (SOHO) routers compromised and enrolled in the sinister \'Faceless\' botnet - now powered by devices you own and thought were safe.
\n\nAnd it\'s not just routers. Critical medical devices, essential security hardware—smart home appliances. No gadget is safe. And, with the Internet of Things set to double in the next decade, billions of vulnerable devices marketed and sold to connect us risk robbing, dividing and defeating us in the years to come: a process one expert has termed “enshittification.”
\n\nAfter years of warnings from the cybersecurity community, alarms are finally sounding in the halls of power. But more is needed: a clarion call to reset, to redefine ownership and security in an age of smart, connected devices before it\'s too late.
\n\nIn this panel you’ll be enlisted to join the fight. You’ll hear from experts working at the forefront of a fight to challenge the status quo and seek solutions to safeguard our digital futures.Are you ready to stand up for your right to a secure, connected world? The battle for control, for transparency- for a sustainable and resilient digital future begins now!
\n\nSpeakers:Paul Roberts,Chris Wysopal,Cory Doctorow,Tarah Wheeler,Dennis Giese
\n
\nSpeakerBio: Paul Roberts, Publisher and Editor in Chief at The Security Ledger
\nPaul Roberts is the publisher and Editor in Chief of The Security Ledger and the founder of Secure Repairs (securepairs.org) a coalition of cybersecurity and IT pros who support the right to repair.
\n\nSpeakerBio: Chris Wysopal, CTO at Veracode
\nChris Wysopal is the CTO of Veracode, a provider of application security testing technology. Chris began his career as a vulnerability researcher at the renowned hacker think tank, L0pht. In 1998, Chris and 6 of his L0pht colleagues testified before the U.S. Senate on matters of U.S. government cybersecurity.
\n\nSpeakerBio: Cory Doctorow, Author
\nCory Doctorow is a science fiction author, activist and journalist. He is the author of many books, most recently THE BEZZLE and THE LOST CAUSE. In 2020, he was inducted into the Canadian Science Fiction and Fantasy Hall of Fame.
\n\nSpeakerBio: Tarah Wheeler, Senior Fellow in Global Cyber Policy at Council on Foreign Relations
\nTarah Wheeler is the founder and CEO of Red Queen Dynamics; a Senior Fellow in Global Cyber Policy at the Council on Foreign Relations; and a well-known speaker and writer on topics that include cyberwarfare, security best practices, future trends and more.
\n\nSpeakerBio: Dennis Giese
\nDennis Giese is a researcher with the focus on the security and privacy of IoT devices. While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices. His most known projects are the documentation and hacking of various vacuum robots. He calls himself a \"robot collector\" and his current vacuum robot army consists of over 60 different models from various vendors. He talked about his research at the Chaos Communication Congress, REcon BRX, NULLCON, and DEFCON.
\n\n\n\'',NULL,614431),('2_Friday','17','17:00','17:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'One for all and all for WHAD: wireless shenanigans made easy !\'','\'Damien Cauquil,Romain Cayre\'','DC_5509c98b4c2ddc51da2db01fffed5844','\'Title: One for all and all for WHAD: wireless shenanigans made easy !
\nWhen: Friday, Aug 9, 17:00 - 17:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nA lot of security research have recently focused on various wireless communication protocols, targeting smartphones, wireless mice and keyboards and even cars. In order to demonstrate these attacks, researchers developed dedicated tools that for most of them include some specialized firmware of their own but also rely on various unique custom host/device communication protocols. These tools work great but are strongly tied to some specific hardware that at some point will not be available anymore, or require hackers to buy more hardware to carry on to have fun with. Why not making these tools compatible with more hardware ? And why researchers always have to create their own host/device protocol when it comes to using a dedicated hardware ? Why not having one flexible protocol and related tools to rule them all ?
\n\nWe will present in this talk WHAD, a framework that provides an extensible host/device communication protocol, dedicated protocol stacks and way more for hackers who love having fun with wireless protocols. WHAD makes interoperability possible between tools by allowing different hardware devices to be used if they provide the required capabilities, giving the opportunity to create advanced tools without having to care about the hardware and its firmware in most of the cases!
\n\n\n- [Atlas 2012] Atlas. SubGHz or Bust, 2012. Available at link.
\n- [Blu 2019] Bluetooth SIG. Bluetooth Core Specification, 2019.
\n- [Cauquil 2016] Damien Cauquil. BtleJuice: The Bluetooth Smart MiTM framework. In DEF CON, volume 24, 2016.
\n- [Cauquil 2017b] Damien Cauquil. Sniffing BTLE with the Micro:Bit. PoC or GTFO, vol. 17, pages 13–20, 2017.
\n- [Cauquil 2017c] Damien Cauquil. Weaponizing the BBC Micro:Bit. In DEF CON, volume 25, 2017. Available at link.
\n- [Cauquil 2018] Damien Cauquil. You’d better secure your BLE devices or we’ll kick your butts ! In DEF CON, volume 26, 2018. Available at link.
\n- [Cauquil 2019] Damien Cauquil. Defeating Bluetooth Low Energy 5 PRNG for fun and jamming. In DEF CON, volume 27, 2019. Available at link.
\n- [Cayre 2019a] Romain Cayre, Vincent Nicomette, Guillaume Auriol, Eric Alata, Mohamed Kaâniche and Geraldine Marconato. Mirage: towards a Metasploit-like framework for IoT. In 2019 IEEE 30th International Symposium on Software Reliability Engineering (ISSRE), Berlin, Germany, October 2019.
\n- [Cayre 2021b] Romain Cayre, Florent Galtier, Guillaume Auriol, Vincent Nicomette, Mohamed Kaâniche and Géraldine Marconato. InjectaBLE: Injecting malicious traffic into established Bluetooth Low Energy connections. In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021), Taipei (virtual), Taiwan, June 2021.
\n- [Cayre 2021c] Romain Cayre, Florent Galtier, Guillaume Auriol, Vincent Nicomette, Mohamed Kaâniche and Géraldine Marconato. WazaBee: attacking Zigbee networks by diverting Bluetooth Low Energy chips. In IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2021), Taipei (virtual), Taiwan, June 2021.
\n- [Cayre 2021d] Romain Cayre, Géraldine Marconato, Florent Galtier, Mohamed Kaâniche, Vincent Nicomette and Guillaume Auriol. Cross-protocol attacks: weaponizing a smartphone by diverting its Bluetooth controller. In 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Abu Dhabi, United Arab Emirates, June 2021.
\n- [Cayre 2021e] Romain Cayre, Damien Cauquil and Aurélien Francillon. ESPwn32: hacking with ESP32 system-on-chips.In 17th IEEE Workshop on Offensive Technologies (WOOT 2023), co-located with IEEE S&P 2023, San Francisco, United States, May 2023.
\n- [Goodspeed 2011a] Travis Goodspeed. Promiscuity is the nRF24L01+’s Duty. Available at link, 2011.
\n- [IEE 2020] IEEE Standard for Low-Rate Wireless Networks. IEEE Std 802.15.4 2020 (Revision of IEEE Std 802.15.4-2015), pages 1–800, 2020.
\n- [Jasek 2016] Sławomir Jasek. Gattacking Bluetooth Smart Devices. In BlackHat USA, 2016. Available at link.
\n- [LOG 2019] LogiTacker GitHub Repository, 2019. Available at link
\n- [LoR 2017] LoRa Alliance, Inc. LoRaWan Specification, 2017.
\n- [Newlin 2016a] Marc Newlin. MouseJack : White Paper. In DEF CON, volume 24, 2016. Available at link.
\n- [Olawumi 2014] Olayemi Olawumi, Keijo Haataja, Mikko Asikainen, Niko Vidgren and Pekka Toivanen. Three practical attacks against ZigBee security: Attack scenario definitions, practical experiments, countermeasures, and lessons learned. In 2014 14th International Conference on Hybrid Intelligent Systems, pages 199–206, 2014.
\n- [Qasim Khan 2019] Sultan Qasim Khan. Sniffle: A sniffer for Bluetooth 5 (LE), 2019. Available at link.
\n- [Ryan 2013a] Mike Ryan. Bluetooth: With Low Energy Comes Low Security. In 7th USENIX Workshop on Offensive Technologies (WOOT 13), Washington, D.C., August 2013. USENIX Association.
\n- [Vidgren 2013a] N. Vidgren, K. Haataja, J. L. Patiño-Andres, J. J. Ramírez-Sanchis and P. Toivanen. Security Threats in ZigBee-Enabled Systems: Vulnerability Evaluation, Practical Experiments, Countermeasures, and Lessons Learned. In 2013 46th Hawaii International Conference on System Sciences, pages 5132–5138, 2013.
\n- [Wright 2009] Joshua Wright. KillerBee: Practical ZigBee Exploitation Framework, 2009. Available at link.
\n- [Zillner 2015] T. Zillner. ZigBee Exploited: The good , the bad and the ugly. In BlackHat, 2015.
\n
\n\nSpeakers:Damien Cauquil,Romain Cayre
\n
\nSpeakerBio: Damien Cauquil, Security Engineer at Quarkslab
\nDamien Cauquil is security engineer at Quarkslab, France. He loves electronics, embedded devices, wireless protocols and to hack all of these not especially in that order. He authored several Bluetooth Low Energy tools like Btlejuice and Btlejack, discovered a way to hack into an existing Bluetooth Low Energy connection that has later been improved by his co-speaker Romain Cayre, and other tools on a lot of different topics that tickle his mind but not always related to security or wireless protocols.
\n\nSpeakerBio: Romain Cayre, Assistant Professor, Software and System Security (S3) Group at EURECOM
\nRomain Cayre is assistant professor in Software and System Security (S3) group at EURECOM, France. He works on topics related to wireless security, IoT security and embedded systems security. He loves hacking embedded wireless stacks and playing with wireless protocols. In the past, he worked on several research projects related to wireless hacking, like WazaBee (a cross-protocol pivoting attack allowing to receive and transmit arbitrary 802.15.4 packets from a diverted BLE transceiver), InjectaBLE (an attack allowing to inject arbitrary packets into an ongoing Bluetooth Low Energy connection by leveraging a race condition in the Link Layer clock drift compensation mechanism), and OASIS (a defensive framework allowing to generate an embedded detection software and inject it into Bluetooth Low Energy controllers).
\n\nHe is also the main developer of Mirage, an offensive framework for wireless communication protocols (and a draft to the new framework WHAD !)
\n\n\n\'',NULL,614432),('2_Friday','17','17:30','18:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Exploiting Bluetooth - from your car to the bank account$$\'','\'Vladyslav Zubkov,Martin Strohmeier\'','DC_0ef5510d21e93dbd1a8f6930b5c0533d','\'Title: Exploiting Bluetooth - from your car to the bank account$$
\nWhen: Friday, Aug 9, 17:30 - 18:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nOver the past decade, infotainment systems have experienced a growth in functionality, broader adoption, and central incorporation into vehicle architecture. Due to the ever-growing role of wireless protocols such as Bluetooth and a known lack of patches alongside the difficulty of patch installation, this poses a new attack surface and a genuine threat to the users. Meanwhile, the tools and methodologies required for testing are scattered across the Internet, absent and need a rigorous setup.
\n\nIn this talk, we share a comprehensive framework BlueToolkit to test and replay Bluetooth Classic vulnerabilities. Additionally, we release new exploits and a privilege escalation attack vector.
\n\nWe show how we used the toolkit to find 64 new vulnerabilities in 22 modern cars and the Garmin Flight Stream flight management system used in several aircraft types. Our work equips hackers with insights and necessary information on novel vulnerabilities that could be used to steal information from target cars, establish MitM position or escalate privileges to hijack victims’ accounts and MFA codes stealthily.
\n\nOverall, we show vulnerabilities in cars, aircraft and smartphones. We believe our research will be beneficial in finding new vulnerabilities and making Bluetooth research more accessible and reproducible.
\n\nReferences:
\n\n\n- BlueToolkit - Bluetooth Classic vulnerability testing framework link (all exploits will be uploaded after 9th of August)
\n- MapAccountHijack - Tool that allows hijacking services by exploiting widely used Bluetooth Classic functionality link - link (accessible after 9th of August)
\n- D. Antonioli and M. Payer. On the insecurity of vehicles against protocol-level bluetooth threats. In 2022 IEEE Security and Privacy Workshops (SPW), pages 353–362, Los Alamitos, CA, USA, May 2022. IEEE Computer Society.
\n- Cross-Sectional Analysis of the Bluetooth Stack of Modern Cars - (The link will be updated)
\n- Wenjian Xu. Stealthily Access Your Android Phones: Bypass The Bluetooth Authentication. link, 2020.
\n- Tyler Tucker, Hunter Searle, Kevin Butler, and Patrick Traynor. Blue’s clues: Practical discovery of non-discoverable bluetooth devices. In 2023 IEEE Symposium on Security and Privacy (SP), pages 3098–3112, 2023.
\n- Maximilian von Tschirschnitz, Ludwig Peuckert, Fabian Franzen, and Jens Grossklags. Method confusion attack on bluetooth pairing. In 2021 IEEE Symposium on Security and Privacy (SP), pages 1332–1347, 2021.
\n- Daniele Antonioli, Nils Ole Tippenhauer, and Kasper Rasmussen. The KNOB is Broken: Exploiting Low Entropy in the Encryption Key Negotiation of Bluetooth BR/EDR. In USENIX Security Symposium (SEC), August 2019
\n
\n\nSpeakers:Vladyslav Zubkov,Martin Strohmeier
\n
\nSpeakerBio: Vladyslav Zubkov, Bug Bounty Hunter
\nVladyslav Zubkov (aka yso and schwytz) is a bug bounty hunter. He is consistently among the top hackers at live hacking events organized by Meta, Intel, Louis Vuitton, Intigriti and YesWeHack. His interests include vulnerability research, application security, red teaming, bug bounty hunting, developing tools and proactively securing systems.
\n\nSpeakerBio: Martin Strohmeier, Senior Scientist at Cyber Defence Campus
\nMartin Strohmeier is a Senior Scientist at the Swiss Cyber Defence Campus, where he is responsible for vulnerability research programmes into aircraft, satellites and cars. His work was published in all major systems security conferences, totalling more than 100 publications to date. He has also spoken previously at the DEFCON Aerospace Village and co-organized CTFs there.
\n\n\n\'',NULL,614433),('2_Friday','18','17:30','18:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Exploiting Bluetooth - from your car to the bank account$$\'','\'Vladyslav Zubkov,Martin Strohmeier\'','DC_0ef5510d21e93dbd1a8f6930b5c0533d','\'\'',NULL,614434),('2_Friday','17','17:30','17:50','N','DC','LVCC West/Floor 3/W322-W327','\'Stranger in a Changed Land\'','\'Tony Sager\'','DC_48c7049cd0502c1e40c713e3995d920b','\'Title: Stranger in a Changed Land
\nWhen: Friday, Aug 9, 17:30 - 17:50 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nWhat\'s it like to spend a career as a cyberdefender for the DoD and the nation, but homed inside of an intelligence agency? In this talk, I\'ll offer a historical and personal perspective based on 35 years at the National Security Agency as a vulnerability analyst for the defense, from junior analyst to executive manager. The common element across my career was the search for vulnerabilities in the name of defense - finding them, making sense of them, leading organizations to find them, and then translating that knowledge into action to prevent or manage them. I\'ll share lessons learned as cyberdefense evolved from a focus on mathematics and cryptography to systems and software; and from government security to a global internet. And we\'ll focus on the mission, technical, and cultural interplay of cyberdefense and offense/intelligence as it played out at NSA. War stories, culture clashes, bureaucratic mazes? Of course! But in the end, better security for all.
\n\nCommunications Security, Computer Security, Information Security, Information Assurance, Defensive Information Operations, and several more - I\'m very lucky to have ridden the World-Wide Wave we now call cybersecurity.
\n\nAnd I am very proud to have spent 35 years in Federal Service at the National Security Agency as part of the Information Assurance mission. The common element across my career was the search for vulnerabilities in the name of defense - finding vulnerabilities, making sense of them, leading organizations to find them, and then translating that knowledge into action to prevent or manage them.
\n\nThat final challenge consumed the last third of my government career. How can we translate what we learn through product testing, Red Teams, Blue Teams, systems analysis, etc. into operational guidance, best practices, requirements, training, and security improvements? How can we bridge the gap between telling people what they are doing wrong, and helping them do what\'s right? This led to projects like the release of NSA Security Guides to the public (www.nsa.gov), involvement in open standards for security automation and information sharing, and an activity now known as the Critical Security Controls.
\n\nSince retirement in 2012, I have been able to continue to serve the cause of cyber defense through our work at the non-profit Center for Internet Security, and the Council on CyberSecurity before that. And I am very active in more volunteer cybersecurity causes than I can recall.
\n\nSpeakerBio: Tony Sager, Senior VP & Chief Evangelist at Center for Internet Security (CIS)
\nTony is currently Senior VP & Chief Evangelist for the Center for Internet Security (CIS), leading a wide variety of strategic, partnership, and outreach activities. He led the work which later became known as the CIS Critical Security Controls – an independent, volunteer-developed, cyber defense best practices program which is used throughout the industry. Tony has led numerous other activities to develop, share, scale, and sustain effective defensive cyber practices for worldwide adoption.
\n\nIn addition to his duties at CIS, Tony is a volunteer in numerous cyber community service activities: inaugural member of the DHS/CISA Cyber Safety Review Board; Advisor to the Minnesota Cyber Security Summit; Advisory Boards for several local schools and colleges; formerly a member of the National Academy of Sciences Cyber Resilience Forum; and service on numerous national-level study groups and advisory panels.
\n\nTony retired from the National Security Agency in 2012 after 34 years as a mathematician, computer scientist, and executive manager. As one of the Agency’s first Software Vulnerability Analysts, he helped create and led two premier NSA cyber defense organizations (the System and Network Attack Center, and the Vulnerability Analysis and Operations Group). In 2001, he led the release of NSA security guidance to the public and expanded NSA’s role in the development of open standards for security.
\n\nIn 2023, Tony was inducted into the Cybersecurity Hall of Fame.
\n\n\n\'',NULL,614435),('3_Saturday','10','10:00','11:45','N','DC','LVCC West/Floor 3/W322-W327','\'CULT OF THE DEAD COW & Friends Present: Prime Cuts from Hacker History - 40 Years of 31337\'','\'Deth Veggie,Walter J. Scheirer,Patrick “Lord Digital” Kroupa,John Threat,Emmanuel Goldstein,X,TommydCat\'','DC_4bd005c0ca2591f70351601a08ab6437','\'Title: CULT OF THE DEAD COW & Friends Present: Prime Cuts from Hacker History - 40 Years of 31337
\nWhen: Saturday, Aug 10, 10:00 - 11:45 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nThe year is 1984… Ronald Reagan is President, it is a “New Mourning in America.” In Texas, a small cabal of malcontents meet in an abandoned slaughterhouse, decorated with heavy metal band posters, satanic iconography, and, most ominously, the skull of a DEAD COW… As pirated copies of speedmetal and punk music play in the background, these erstwhile revolutionaries speak of their disillusion with The Way Things Are, and their obsession with their new computers. All over America, teens were waking to not just the typical dissatisfaction of adolescence, but the awareness that via these new modes of communication and interaction, they could meet like-minded others, have some illicit fun, and maybe, just maybe, change the goddamn world.
\n\n1984 wasn’t the beginning of hacking, but brought perhaps the first real blossoming of the culture. The spread of the personal computer, and the modem, brought the birth of not just cDc, but the Legion of Doom, and 2600 Magazine. 1985 would bring Phrack Magazine, and a true explosion in the written culture, with t-files becoming the currency of the Truly Elite. In this session, members of cDc, 2600, LoD, MoD, and r00t will talk about what made them hackers and phreaks, swap stories, and answer questions posed by Prof. Walter Scheirer of the University of Notre Dame and audience Q&A.
\n\nSpeakers:Deth Veggie,Walter J. Scheirer,Patrick “Lord Digital” Kroupa,John Threat,Emmanuel Goldstein,X,TommydCat
\n
\nSpeakerBio: Deth Veggie
\ncDc Minister of Propaganda, Archaeologist, Gadabout. Cultee since 1990, r00t since 1995, K-rad since birth.
\n\nSpeakerBio: Walter J. Scheirer
\nDennis O. Doughty Collegiate Professor of Engineering at the University of Notre Dame. Author of A History of Fake Things on the Internet (Stanford University Press, 2023)
\n\nSpeakerBio: Patrick “Lord Digital” Kroupa
\nMember Legion of Doom (LoD) & cDc, Co-founder Mindvox
\n\nSpeakerBio: John Threat
\nworld renowned hacker, futurist, security advisor, artist, professor, and writer/director. Wired Magazine Cover, 60 Minutes, MoD, 8lgm, & r00t
\n\nSpeakerBio: Emmanuel Goldstein
\nEditor & Publisher 2600 Magazine, HOPE Conference coordinator, host of WBAI\'s \"Off The Hook”
\n\nSpeakerBio: X
\nHacker/Vulnerability Archivist, r00t, creator of one of the earliest and longest running vulnerability databases in the World.
\n\nSpeakerBio: TommydCat
\nTechnology Generalist and Oldskool Denizen of the Computer Underground, from the 80s onward, TdC’s ridden the wave from the days of dumping G-PHilez on AEs to dumping DBs in S3s.
\n\n\n\'',NULL,614436),('3_Saturday','11','10:00','11:45','Y','DC','LVCC West/Floor 3/W322-W327','\'CULT OF THE DEAD COW & Friends Present: Prime Cuts from Hacker History - 40 Years of 31337\'','\'Deth Veggie,Walter J. Scheirer,Patrick “Lord Digital” Kroupa,John Threat,Emmanuel Goldstein,X,TommydCat\'','DC_4bd005c0ca2591f70351601a08ab6437','\'\'',NULL,614437),('3_Saturday','10','10:00','10:20','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Laundering Money\'','\'Michael Orlitzky\'','DC_d725c80a6d0aa01f8aeba5518af095c6','\'Title: Laundering Money
\nWhen: Saturday, Aug 10, 10:00 - 10:20 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nCSC ServiceWorks is a large vendor of pay-to-play laundry machines in apartments and condomiums. Most are Speed Queens, but newer CSC-branded machines use an app for payment and have custom circuitry inside. Many however accept quarters as well. We show that, when all else fails, you can always physically bypass the coin slot to run the machines for free.
\n\n\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n
\n\nSpeakerBio: Michael Orlitzky
\nMichael is a programmer, linux developer, network administrator, security consultant, lockpicker, bike messenger, and mathematician from Baltimore. The only thing he hates more than computers is computers inside of other things.
\n\n\n\'',NULL,614438),('3_Saturday','10','10:00','10:20','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Mutual authentication is optional\'','\'Xavier Zhang\'','DC_7d7c566167827cbd22cbec52e70d8c54','\'Title: Mutual authentication is optional
\nWhen: Saturday, Aug 10, 10:00 - 10:20 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nPhysical access control systems are often exploited in a number of ways. It could be weaknesses found within the credential itself, the antiquated communication protocol, the hardware itself, or the firmware it is running. But more often than not, it is a combination of factors that allow a variety of attacks from multiple dimensions. Some are extremely trivial and require little to no skill to perform, whereas some attacks require a bit more setup and knowledge of how the underlying technology works. We will go into detail on how these systems work, why verifying mutual authentication is important for physical access control systems and the exploits that can be accomplished, as well as ways to mitigate these exploits to make your facility more secure. This talk will include interactive demos involving official HID readers and hardware, proxmark3, and the flipper zero.
\n\n\n\nSpeakerBio: Xavier Zhang
\nXavier Zhang is a physical security consultant and security researcher working with RFID enabled technologies and physical access control systems. He is the author of numerous pieces of documentation in Iceman’s proxmark3 repo such as the HID credential downgrade guide and an avid bug hunter in the proxmark3 community.\n \n Aside of physical security consulting, Xavier loves everything to do with DRM and reverse engineering how various forms of DRM are implemented in RFID tags. Currently Xavier is working on decoding the DRM used in a license violating closed source app based on the proxmark3 source, and all of the RFID tags it uses to help keep open source, open source.
\n\n\n\'',NULL,614439),('3_Saturday','10','10:00','10:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Reverse Engineering MicroPython Frozen Modules: Data Structures, Reconstruction, and Reading Bytecode\'','\'Wesley McGrew\'','DC_32d1a177d248fcc17da8d66facecbb2f','\'Title: Reverse Engineering MicroPython Frozen Modules: Data Structures, Reconstruction, and Reading Bytecode
\nWhen: Saturday, Aug 10, 10:00 - 10:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nMicroPython is a firmware environment for quickly developing and deploying software onto microcontroller systems. It is used in a variety of industrial and scientific applications, as well as (most importantly) in some DEF CON #badgelife projects. It\'s easy to learn and use for rapid prototyping.
\n\nFor hackers interested in reverse engineering compiled or obfuscated MicroPython code, there are some obstacles. MicroPython is an implementation of CPython, not a port, so it has its own compiled bytecode language that existing reverse engineering tools aren\'t designed to parse. Also, modules can be \"frozen\", compiled directly into the microcontroller firmware, and may be difficult to locate and parse when microcontroller firmware is extracted and analyzed.
\n\nIn this talk, Wesley will walk the audience through the process of identifying \"frozen\"/compiled modules in a firmware image without debug symbols using the Ghidra disassembler. The relevant module, string, object, and raw code data structures will be detailed, so that everything required to rebuild a non-frozen module can recovered. Once a compiled module is reconstructed, Wesley will present a detailed example of reading and understanding MicroPython compiled bytecode, for the purpose of reverse engineering the purpose and implementation of the module.
\n\n\n- Micropython source code
\n- Official documentation, including:\n
\n- .mpy files: link
\n- Micropython internals: link
\n
\n- \"Securing a MicroPython System\" link
\n- The collected Raspberry Pi Pico documentation for my test environment link
\n- Andrew Leech - \"Profiling Pathogens with (micro) Python\" link
\n- Kevin McAleer - \"Securing Passwords with MicroPython\" link
\n- C. Spindler - \"MicroPython used in industrial applications\" link
\n- \"MicroPython and the European Space Agency\" link
\n
\n\nSpeakerBio: Wesley McGrew, Senior Cybersecurity Fellow at MartinFederal
\nDr. Wesley McGrew directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and malware analysis at DEF CON and Black Hat USA and taught a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.
\n\n\n\'',NULL,614440),('3_Saturday','10','10:00','10:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'The Pwnie Awards\'','\'\'','DC_863f4a0495de1b9541de83c415e38d6b','\'Title: The Pwnie Awards
\nWhen: Saturday, Aug 10, 10:00 - 10:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\nThe Pwnies are an annual awards ceremony celebrating and making fun of the achievements and failures of security researchers and the wider security community. Every year, members of the infosec community nominate the best research and exploits they’ve seen. The Pwnie Award nominations are judged by a panel of respected security researchers and former pwnie award recipients – the closest to a jury of peers a hacker is likely to ever get. At this event DEF CON attendees will get a first person look at some of the most groundbreaking research and hacks in the cyber security community of the past year, and the winners get some well deserved recognition from the broader community for the great work they’ve done.
\n\n\'',NULL,614441),('3_Saturday','10','10:30','11:15','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Gotta Cache ‘em all: bending the rules of web cache exploitation\'','\'Martin Doyhenard\'','DC_7ed89f6c55612d3cdc34a2fe88dcdc0e','\'Title: Gotta Cache ‘em all: bending the rules of web cache exploitation
\nWhen: Saturday, Aug 10, 10:30 - 11:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nIn recent years, web cache attacks have become a popular way to steal sensitive data, deface websites, and deliver exploits. We\'ve also seen parser inconsistencies causing critical vulnerabilities like HTTP Request Smuggling. This raises the question: what happens if we attack web caches\' URL-parsers?
\n\nIn this session, I\'ll introduce two powerful new techniques that exploit RFC ambiguities to bypass the limitations of web cache deception and poisoning attacks.
\n\nFirst, I\'ll introduce Static Path Deception, a novel technique to completely compromise the confidentiality of an application. I’ll illustrate this with a case study showing how such a breach can be replicated in environments like Nginx behind Cloudflare.
\n\nNext, I\'ll present Cache Key Confusion, and show how to exploit URL parsing inconsistencies in major platforms, including Microsoft Azure Cloud. I’ll then show how to achieve arbitrary cache poisoning and full denial of service.
\n\nFinally, I\'ll reveal how to supercharge these vulnerabilities with a live demo that blends Cache Key Confusion with a “non-exploitable” open redirect to execute arbitrary JS code for complete site takeover.
\n\nAttendees will depart armed with a set of innovative techniques, along with a definitive methodology to find and exploit these and other URL or HTTP discrepancies.
\n\nWeb Cache Deception Attack - Omer Gil\nlink
\n\nThis is the first time Web Cache Deception attacks were introduced and worked as a starting point for my research.
\n\nWeb Cache Entanglement: Novel Pathways to Poisoning - James Kettle\nlink
\n\nThis research worked as an inspiration to develop the cache poisoning techniques. I also used this paper to outline the state of the art in web cache exploitation and create a different approach using parser discrepancies.
\n\nCached and confused: Web cache deception in the wild - Seyed Ali Mirheidari, Sajjad Arshad, Kaan Onarlioglu, Bruno Crispo, Engin Kirda and William Robertson.\nlink
\n\nThe web cache deception techniques using delimiters for path confusion were inspired by the 2020 USENIX presentation “Cached and confused: Web cache deception in the wild”. In that presentation, they briefly describe some variations of path confusion using four encoded characters. Although the objective of their paper was to show a large-scale study of web cache deception vulnerabilities in the wild, it also introduced the use of delimiters for path confusion. In my presentation I\'ll expand on this concept, providing a methodology to find all the delimiters used by a URL parser and explaining how to use them in new exploitation techniques.
\n\nChatGPT Account Takeover - Wildcard Web Cache Deception - Harel Security Research\nlink
\n\nAlso, during the time this research was being conducted, a vulnerability using a single variation of one of the techniques (Static Path Confusion) was published as a write up.
\n\nSpeakerBio: Martin Doyhenard, Security Researcher at Portswigger
\nMartin Doyhenard is a Security Researcher at Portswigger, known for exploiting HTTP servers and web applications. Over the past few years he has presented his findings in multiple top security conferences including BlackHat, DEFCON, RSA, EkoParty, Hack in The Box and Troopers.
\n\nHis latest work includes discovering HTTP Response Smuggling techniques and exploiting SAP’s Inter-Process Communication service - compromising more than 200 thousand companies in the world.He’s also passionate about low level reverse engineering and testing his skills in online CTFs.
\n\n\n\'',NULL,614442),('3_Saturday','11','10:30','11:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Gotta Cache ‘em all: bending the rules of web cache exploitation\'','\'Martin Doyhenard\'','DC_7ed89f6c55612d3cdc34a2fe88dcdc0e','\'\'',NULL,614443),('3_Saturday','10','10:30','11:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Smishing Smackdown: Unraveling the Threads of USPS Smishing and Fighting Back\'','\'S1nn3r\'','DC_244b9c91f7125251601e4f40cd04745d','\'Title: Smishing Smackdown: Unraveling the Threads of USPS Smishing and Fighting Back
\nWhen: Saturday, Aug 10, 10:30 - 11:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nIt\'s the holiday season and all through the air,
\n\nMessages arrive, not with joy, but despair.
\n\nA sinister plot unfolds, a digital dance,
\n\nSmishing scammers striking, a threat to enhance.
\n\nThis past holiday season saw a dramatic rise in SMS phishing (smishing) messages, specifically targeting people pretending to be the USPS. Almost everyone in the United States received one of these messages using a kit sold by the ‘Smishing Triad’. While many of us knew these were scams many more did not, including someone close to me.
\n\nI knew I had to do something about it once I started receiving these texts myself. With my focus in web application testing, I immediately took interest in these smishing kits and how I could exploit them. After a thorough review, some collaboration with other researchers, and a little reverse engineering I was able to find two vulnerabilities in the scammer’s kits allowing me to login to the admin panels.
\n\nUsing this I have been able to recover over 390k distinct credit cards that the scammers had gathered using over 40 admin panels and well over 900 unique domains. Along with this was info on the scammers themselves like login IPs, usernames, and some cracked passwords they use.
\n\nThis talk will cover the technical details of how I reverse engineered this kit, found these vulnerabilities, and collected the victim and admin data for each of these sites.
\n\nMy Blog:
\n\nlink\nlink
\n\nSpeakerBio: S1nn3r
\nS1nn3r is a recent college graduate. He holds the OSCP, GCIH, eCPPT, Sec+, and some more alphabet soup. He has interned with multiple DoD agencies and now will work in the private sector doing red teaming. During his internships he has worked in exploit development, red teaming, and threat analysis. During his time at school, he has been elected president of the Cybersecurity Club, led multiple CTF teams, organized CTFs, discovered a CVE, and has been awarded over $10k from bug bounty programs.
\n\n\n\'',NULL,614444),('3_Saturday','11','10:30','11:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Smishing Smackdown: Unraveling the Threads of USPS Smishing and Fighting Back\'','\'S1nn3r\'','DC_244b9c91f7125251601e4f40cd04745d','\'\'',NULL,614445),('3_Saturday','11','11:00','11:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'SHIM me what you got - Manipulating Shim and Office for Code Injection\'','\'Ron Ben-Yizhak,David Shandalov\'','DC_21906409011b2e7c7b87c931b99ad4fb','\'Title: SHIM me what you got - Manipulating Shim and Office for Code Injection
\nWhen: Saturday, Aug 10, 11:00 - 11:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nThis talk brings back from the dead an attack surface that security vendors believed they had addressed a long time ago.
\n\nWe will introduce a novel and stealthy technique to apply malicious shims on a process that does not require registry modification or SDB files and leaves no traces on the disk.
\n\nThe reverse engineering of the shim infrastructure will be shown while focusing on undocumented API and the kernel driver of the infrastructure.
\n\nThe various operations offered by the infrastructure will be analyzed from an offensive point of view, and the course we took to achieve this unique technique will be presented.
\n\nIn addition, we will unveil an attack surface research that resulted in a noteworthy attack that manipulates 2 different OS components into performing DLL injection and privilege escalation.
\n\nResearching the undocumented RPC interfaces of the service OfficeClickToRun.exe uncovered a method that can inject a DLL into another process running as “NT AUTHORITY\\SYSTEM”, which achieves privilege escalation. For this to work, specific conditions had to be met.
\n\nThe conditions we tailored will be displayed as we abuse the Opportunistic Lock and App Compatibility (shim) mechanisms.
\n\n\n- link
\n- link
\n- link
\n- link
\n
\n\nSpeakers:Ron Ben-Yizhak,David Shandalov
\n
\nSpeakerBio: Ron Ben-Yizhak, Security Researcher at Deep Instinct
\nRon Ben-Yizhak is a security researcher at Deep Instinct.
\n\nHe is responsible for research of malware campaigns, attack surfaces and vectors and evasion techniques.
\n\nHis findings are used for developing new analysis, detection, and mitigation capabilities.
\n\nRon joined Deep Instinct in 2019 after serving as a security researcher and forensics specialist in one of the IDF\'s elite cyber units.
\n\nSpeakerBio: David Shandalov, Security Researcher at Deep Instinct
\nDavid Shandalov works as a security researcher at Deep Instinct.
\n\nHis role involves researching and identifying new cyber threats and vulnerabilities, and developing tools for threat detection and analysis.
\n\nDavid began his journey in cybersecurity as a Malware Researcher at Checkpoint and, prior to that, served in the IDF\'s intelligence corps.
\n\nOutside of research, David enjoys flying and is currently working on obtaining his Private Pilot License.
\n\n\n\'',NULL,614446),('3_Saturday','11','11:00','11:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'The Rise and Fall of Binary Exploitation\'','\'Stephen Sims\'','DC_1329e4c1881c8c23d4e4c449ac112c90','\'Title: The Rise and Fall of Binary Exploitation
\nWhen: Saturday, Aug 10, 11:00 - 11:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\nFor the past 20+ years binary exploitation has been seen as the ultimate challenge and prize, when exploiting large applications and operating systems. During this period, the question of \"How much longer will we be able to do this?\" has been asked countless times, and with good reason. Memory safety and corruption issues with low-level languages have been an enormous challenge for OS and application developers. There are certainly efforts to move to \"safer\" languages such as Rust, but those languages need to mature a bit longer before they\'re able to stand up to the capabilities of a language like C++.
\n\nThanks to exploit mitigations and memory protections, a large number of these vulnerabilities are not exploitable. There are the mature mitigations, such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR), and then newer ones such as Control-flow Enforcement Technology (CET) and Virtualization Based Security (VBS). A large number of these mitigations are not enabled by default on the Windows OS, due to the fact that many need to be tested to ensure they do not break production applications. In this presentation, we will take a technical dive into the state of binary exploitation and the effectiveness of the many available mitigations, by looking at the way they\'re enforced.
\n\nSpeakerBio: Stephen Sims, Fellow Instructor at SANS Institute
\nStephen Sims is an experienced vulnerability researcher and exploit developer, having discovered and privately disclosed many vulnerabilities affecting well-known browsers and OS kernels. He is co-author of the popular Gray Hat Hacking book series through McGraw-Hill, now in its 6th edition. He is a Fellow Instructor with the SANS Institute and author of some of their most advanced content covering exploit development and other offensive operations and security related topics. Stephen also runs the Off By One Security channel on YouTube, where he teaches offensive-related material, bringing on a wide variety of experts on to provide free training to the community.
\n\n\n\'',NULL,614447),('3_Saturday','11','11:30','12:15','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'QuickShell: Sharing is caring about an RCE attack chain on Quick Share\'','\'Or Yair,Shmuel Cohen\'','DC_a74826f34bf9727bfc2aeafa7d589184','\'Title: QuickShell: Sharing is caring about an RCE attack chain on Quick Share
\nWhen: Saturday, Aug 10, 11:30 - 12:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nQuick Share (formerly Nearby Share) has enabled file sharing on Android for 4 years and expanded to Windows a year ago.
\n\nGoogle\'s promotion of Quick Share for preinstallation on Windows, alongside the limited recent research, ignited our curiosity about its safety, leading to an investigation that uncovered more than we had imagined.
\n\nWe studied its Protobuf-based protocol using hooks, built tools to communicate with Quick Share devices, and a fuzzer that found non-exploitable crashes in the Windows app. We then diverted to search for logical vulnerabilities, and boy oh boy, we regretted we hadn’t done it sooner.
\n\nWe found 10 vulnerabilities both in Windows & Android allowing us to remotely write files into devices without approval, force the Windows app to crash in additional ways, redirect its traffic to our WiFi AP, traverse paths to the user’s folder, and more. However, we desired the holy grail, an RCE. Thus, we returned to the drawing board, where we realized that the RCE is already in our possession in a form of a complex chain.
\n\nIn this talk, we’ll introduce QuickShell - An RCE attack chain on Windows combining 5 out of 10 vulnerabilities in Quick Share. We’ll provide an overview about Quick Share’s protocol, present our fuzzer, the found vulnerabilities, a new HTTPS MITM technique, and finally the RCE chain.
\n\nReference link
\n\nSpeakers:Or Yair,Shmuel Cohen
\n
\nSpeakerBio: Or Yair, Security Research Team Lead at SafeBreach
\nOr Yair is a security research professional with six years of experience, currently serving as the Security Research Team Lead at SafeBreach. His primary focus lies in vulnerabilities in the Windows operating system’s components, though his past work also included research of Linux kernel components and some Android components. Or has already presented his vulnerability and security research discoveries internationally at conferences he spoke at such as Black Hat USA 2023, Black Hat Asia 2024, Black Hat Europe 2022, SecTor 2023, RSAC 2023, Security Fest 2023, CONFidence 2023 & 2024 and more
\n\nSpeakerBio: Shmuel Cohen, Senior Security Researcher at SafeBreach
\nShmuel Cohen is a cybersecurity professional, who has a diverse background. After he pursued a Bachelor of Science degree in Computer Science, he had the privilege of working at CheckPoint, where he spent 1.5 years developing software and another 1.5 years working as a malware security researcher. As his interest grew in vulnerability research, he decided to join SafeBreach, where he has been able to focus his energies on exploring and addressing vulnerabilities in cybersecurity. Shmuel has previously spoken at BlackHat USA 2023, twice at Black Hat Asia 2024, and twice at CONFidence 2024.
\n\n\n\'',NULL,614448),('3_Saturday','12','11:30','12:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 2','\'QuickShell: Sharing is caring about an RCE attack chain on Quick Share\'','\'Or Yair,Shmuel Cohen\'','DC_a74826f34bf9727bfc2aeafa7d589184','\'\'',NULL,614449),('3_Saturday','11','11:30','12:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Sudos and Sudon’ts - Peering inside Sudo for Windows\'','\'Michael \"mtu\" Torres\'','DC_b498e51c046b15de98f9b3c2e6953749','\'Title: Sudos and Sudon’ts - Peering inside Sudo for Windows
\nWhen: Saturday, Aug 10, 11:30 - 12:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nIn February 2024, Microsoft announced the release of Sudo for Windows for Windows 11 Insider Preview[1]. Like the Unix sudo utility, it provides a method for users to run commands with elevated permissions. This talk will share the results of an analysis of Sudo for Windows, starting with a summary of the information provided by Microsoft. From there, we will explore the architecture used to coordinate the elevation of the specified process, the ALPC service used to communicate between elevated and non-elevated processes, how Rust interoperates with Windows APIs, and the path resolution process for files and relative paths. As part of that journey, we will discuss a few discovered security issues.
\n\nThis presentation will be valuable to anyone with an interest in Windows reverse engineering or Rust memory safety. A conceptual understanding of Windows Inter-Process Communication (IPC) and heap allocation may make parts of the talk more approachable, but the main ideas will be accessible to anyone with a high-level understanding of process memory layout (stack vs heap).
\n\n\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n
\n\nSpeakerBio: Michael \"mtu\" Torres, Senior Security Engineer, Network Infrastructure Security at Google
\nmtu, otherwise known as Michael Torres, is a Senior Security Engineer in the Network Infrastructure Security team at Google, where his primary focus is on Operational Technology systems. Michael is also a Staff Sergeant in the United States Marine Corps Reserve, where he has been responsible for planning and conducting both offensive and defensive cyber operations. He is passionate about sharing knowledge to benefit others, and is an active volunteer for VetSec (veteransec.org), a charity focused on helping military veterans have successful careers in cybersecurity.
\n\n\n\'',NULL,614450),('3_Saturday','12','11:30','12:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Sudos and Sudon’ts - Peering inside Sudo for Windows\'','\'Michael \"mtu\" Torres\'','DC_b498e51c046b15de98f9b3c2e6953749','\'\'',NULL,614451),('4_Sunday','11','11:00','11:45','N','DC','LVCC West/Floor 3/W322-W327','\'Deception & Counter Deception – Defending Yourself in a World Full of Lies\'','\'Tom \"Decius\" Cross,Greg Conti\'','DC_f7843c4d83aaa7f1a44b1bdc77d1fbe3','\'Title: Deception & Counter Deception – Defending Yourself in a World Full of Lies
\nWhen: Sunday, Aug 11, 11:00 - 11:45 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nThe Internet was supposed to give us access to the world\'s information, so that people, everywhere, would be able to know the truth. But that’s not how things worked out. Instead, we have a digital deception engine of global proportions. Nothing that comes through the screen can be trusted, and even the things that are technically true have been selected, massaged, and amplified in support of someone’s messaging strategy.
\n\nDeception isn’t just about narratives - we see deception at every layer of the network stack, from spoofed electromagnetic signatures, to false flags in malware, to phony personas used to access networks and spread influence. They hide in our blindspots, exploit our biases, and fill our egos while manipulating our perceptions.
\n\nHow do we decide what is real? This talk examines time-tested maxims that teach the craft of effective deception, and then inverts those offensive principles to provide defensive strategies. We’ll explore ways to counter biases, triangulate information sources, detect narratives, and how hackers can build tools that can change the game.
\n\nAt their best, hackers lift their heads up above the masses to see how the world actually works, not how it purports to work, and then take action to make the world a better place. You’ll leave this talk with practical skills to do just that.
\n\nSpeakers:Tom \"Decius\" Cross,Greg Conti
\n
\nSpeakerBio: Tom \"Decius\" Cross, Principal at Kopidion
\nTom Cross (aka Decius) is a security researcher known for delivering late night rants at hacker cons. In the early 1990’s, he ran BBSs and listservs for the hacker community in the southeast US. He attended the first Defcon in 1993. He is a Principal at Kopidion, and creator of FeedSeer, a news reader for Mastodon. Past security industry roles include cofounder and CTO of Drawbridge Networks, Research Director at Lancope, and Manager of IBM X-Force Advanced Research. He has spoken at numerous conferences, including Black Hat, DEF CON, Phreaknic, HOPE, and B-Sides. He has a BSCMPE from Georgia Tech.
\n\nSpeakerBio: Greg Conti, Principal at Kopidion
\nGreg Conti is a hacker, maker, and computer scientist. He is Principal at Kopidion, a cyber security training and professional services firm. Greg is a long-time Black Hat trainer where he co-created the Information Operations course. He will also be teaching a new course on Adversarial Thinking at DEF CON Training this year. Formerly he served on the West Point faculty for 16 years and has published approximately 100 articles and papers covering hacking, online privacy, usable security, cyber conflict, and security visualization. Greg is a graduate of West Point, Johns Hopkins, and Georgia Tech
\n\n\n\'',NULL,614452),('3_Saturday','12','12:00','12:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Disenshittify or die! How hackers can seize the means of computation and build a new, good internet that is hardened against our asshole bosses\' insatiable horniness for enshittification.\'','\'Cory Doctorow\'','DC_76263bdd5b1edfa52a9d9a7b704a6f18','\'Title: Disenshittify or die! How hackers can seize the means of computation and build a new, good internet that is hardened against our asshole bosses\' insatiable horniness for enshittification.
\nWhen: Saturday, Aug 10, 12:00 - 12:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\nThe enshittification of the internet wasn\'t inevitable. The old, good internet gave way to the enshitternet because we let our bosses enshittify it. We took away the constraints of competition, regulation, interop and tech worker power, and so when our bosses yanked on the big enshittification lever in the c-suite, it started to budge further and further, toward total enshittification. A new, good internet is possible - and necessary - and it needs you.
\n\nSpeakerBio: Cory Doctorow, Author
\nCory Doctorow is a science fiction author, activist and journalist. He is the author of many books, most recently THE BEZZLE and THE LOST CAUSE. In 2020, he was inducted into the Canadian Science Fiction and Fantasy Hall of Fame.
\n\n\n\'',NULL,614453),('3_Saturday','12','12:00','12:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Grand Theft Actions: Abusing Self-Hosted GitHub Runners at Scale\'','\'Adnan Khan,John Stawinski\'','DC_dc75470554598040b690857e6e71d44c','\'Title: Grand Theft Actions: Abusing Self-Hosted GitHub Runners at Scale
\nWhen: Saturday, Aug 10, 12:00 - 12:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nGitHub Actions is quickly becoming the de facto CI/CD provider for open-source projects, startups, and enterprises. At the same time, GitHub’s security model is full of insecure defaults. This makes it easy for their customers to expose themselves to critical attacks from the public internet. The end result? A systemic vulnerability class that won’t go away.
\n\nDuring our research, we identified GitHub Actions misconfigurations at scale that would allow threat actors to backdoor major open-source projects. An example of this is our attack on PyTorch, a prominent ML framework used by companies and researchers around the world.
\n\nThrough this attack, we could contribute code directly to the main branch of the PyTorch repository, upload malicious releases, backdoor other PyTorch projects, and more. These attacks began by compromising self-hosted runners, which are machines that execute jobs in a GitHub Actions workflow. From there, we leveraged misconfigurations and GitHub “features” to elevate our privileges within GitHub Actions workflows.
\n\nOur research campaign included dozens of reports, over $250,000 in bug bounties, and endless war stories. Tune in for a deep dive into the TTPs that allow turning a trivial runner compromise into a full supply chain attack.
\n\n\n- link
\n- link
\n- link
\n
\n\nSpeakers:Adnan Khan,John Stawinski
\n
\nSpeakerBio: Adnan Khan, Red Team Security Engineer
\nAdnan is a Red Team Security Engineer and researcher who has recently been focusing on supply chain and CI/CD attacks. He has identified, demonstrated, and reported vulnerabilities impacting GitHub repositories belonging to organizations like Microsoft, Nvidia, GitHub, Google, and more. Additionally, he has spoken at conferences such as ShmooCon 2023 and BSides SF 2023 on the topic of GitHub Actions security.
\n\nSpeakerBio: John Stawinski
\nJohn is an offensive security engineer, vulnerability researcher, and writer, specializing in Red Team operations and CICD security. John established himself as a member of the broader security community in 2023 through a series of CI/CD attacks on prominent open-source repositories. Embracing a nomadic lifestyle, John thrives on adventure sports and welcomes new experiences.
\n\n\n\'',NULL,614454),('3_Saturday','12','12:30','13:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'AMD Sinkclose: Universal Ring -2 Privilege Escalation\'','\'Enrique Nissim,Krzysztof Okupski\'','DC_34679954dfd1116f61631f7292f3406b','\'Title: AMD Sinkclose: Universal Ring -2 Privilege Escalation
\nWhen: Saturday, Aug 10, 12:30 - 13:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nSystem Management Mode (SMM) is one of the most powerful execution modes in the x86 architecture and code at this level is invisible to the Hypervisor and OS-level protections, including anti-cheat engines and anti-virus systems. While the BIOS ecosystem\'s complexity has led to a multitude of vulnerabilities in firmware over time, vendors are now making strides in delivering patches with greater speed and efficiency. Unfortunately, these efforts are not enough in the presence of a CPU vulnerability.
\n\nWhen researching the AMD processor, our team noticed a flaw in one of the critical components required for securing SMM. This silicon-level issue appears to have remained undetected for nearly two decades.
\n\nThis presentation starts by providing an introduction to SMM and the security mechanisms that the AMD processor provides to support it. Subsequently, it delves into the CPU design flaw and the complete methodology and engineering used to create a universal ring -2 privilege escalation exploit.
\n\nSpeakers:Enrique Nissim,Krzysztof Okupski
\n
\nSpeakerBio: Enrique Nissim, Principal Security Consultant at IOActive
\nEnrique Nissim is a security engineer with over a decade of professional experience working on vulnerability research. As a Principal Security Consultant at IOActive, he is mainly involved in projects requiring a deep understanding of operating systems, CPU architectures, embedded firmware and software development. Over his career, Enrique has delivered multiple presentations at several leading events including Black Hat USA, CansecWest, Ekoparty, ZeroNights and Hardwear.io.
\n\nSpeakerBio: Krzysztof Okupski, Associate Principal Security Consultant at IOActive
\nKrzysztof Okupski is an Associate Principal Security Consultant with IOActive where he specialises in embedded security. While he enjoys hacking various targets, he is particularly interested in the nitty-gritty details of platform security where small misconfigurations can lead to critical issues.
\n\n\n\'',NULL,614455),('3_Saturday','13','12:30','13:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'AMD Sinkclose: Universal Ring -2 Privilege Escalation\'','\'Enrique Nissim,Krzysztof Okupski\'','DC_34679954dfd1116f61631f7292f3406b','\'\'',NULL,614456),('3_Saturday','12','12:30','13:15','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'The Secret Life of a Rogue Device - Lost IT Assets on the Public Marketplace\'','\'Matthew \"mandatory\" Bryant\'','DC_894bc17bc472a8229052dd12f78194fb','\'Title: The Secret Life of a Rogue Device - Lost IT Assets on the Public Marketplace
\nWhen: Saturday, Aug 10, 12:30 - 13:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nAn ex-employee\'s work laptop, a secret hardware prototype, the company backup server, and classified government computers. What do these things have in common? They should never end up on the public market. Ask any IT department and they\'ll tell you that \"it happens\", but how serious is the problem and what\'s really at stake? This talk explores the interesting journey of a research project to learn the surprising answers to these questions.
\n\nAlong the way we\'ll scrape over 150 million images from online listings in Western and Eastern second hand markets, hack together an OCR cluster out of old iPhones, reverse engineer well-obfuscated Chinese apps, and converse with secretive underground groups of collectors.
\n\nSpeakerBio: Matthew \"mandatory\" Bryant, Red Team Lead at Snapchat
\nmandatory (Mathew Bryant) is a passionate hacker currently leading the red team effort at Snapchat. In his personal time he’s published a variety of tools such as XSS Hunter, CursedChrome, and tarnish. His security research has been recognized in publications such as Forbes, The Washington Post, CBS News, Techcrunch, and The Huffington Post. He has previously presented at DEF CON, Blackhat, RSA, Kiwicon, Derbycon, and Grrcon. Previous gigs include Google, Uber, and Bishop Fox.
\n\n\n\'',NULL,614457),('3_Saturday','13','12:30','13:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 2','\'The Secret Life of a Rogue Device - Lost IT Assets on the Public Marketplace\'','\'Matthew \"mandatory\" Bryant\'','DC_894bc17bc472a8229052dd12f78194fb','\'\'',NULL,614458),('3_Saturday','13','13:00','13:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Fireside Chat with Jay Healey and National Cyber Director Harry Coker, Jr.\'','\'Harry Coker Jr.,Jay Healey\'','DC_cef259a7d2d3a2280b768f9c05c10318','\'Title: Fireside Chat with Jay Healey and National Cyber Director Harry Coker, Jr.
\nWhen: Saturday, Aug 10, 13:00 - 13:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\nThe world increasingly appreciates how much we rely on space systems for our personal, economic, and national security needs. However, the nation-state cyber threat to government and commercial systems continues to grow at a time when the current landscape of cybersecurity policies and frameworks aren’t readily applicable for space systems.
\n\nIn this fireside chat, ONCD will have the opportunity to introduce our 2nd National Cyber Director to the research community and discuss some of his priorities, such as space cybersecurity. We will discuss how the White House has been working to tackle hard problems and challenges. In the instance of space cybersecurity, ONCD has been collaborating with federal space operators and the space industry to develop policy solutions, including by answering a tasking from the Vice President to develop minimum cybersecurity requirements for U.S. space systems.
\n\nSpeakers:Harry Coker Jr.,Jay Healey
\n
\nSpeakerBio: Harry Coker Jr., National Cyber Director at White House Office of the National Cyber Director (ONCD)
\nHarry Coker, Jr. was confirmed by the Senate on December 12, 2023 as the second National Cyber Director in the White House Office of the National Cyber Director. Director Coker is a retired Central Intelligence Agency (CIA) senior executive and career Naval Officer, is a graduate of the US Naval Academy, the Naval Postgraduate School, and Georgetown University Law Center.
\n\nPreviously, Coker served as Executive Director of the National Security Agency (NSACoker’s service to the Nation and NSA was recognized with the awarding of the National Intelligence Distinguished Service Medal, the NSA Director’s Distinguished Service Medal, and the IC EEOD Outstanding Leadership Award.
\n\nDuring the first seventeen years of his service with the CIA, Coker was assigned to leadership positions in the Directorate of Digital Innovation; the Directorate of Science & Technology; and the Director’s Area. Key assignments included service as Director of the Open Source Enterprise, which is responsible for leveraging publicly available information; and as Deputy Director of CIA’s Office of Public Affairs. Coker’s leadership and contributions earned him the Presidential Rank Award and CIA’s prestigious Don Cryer Award for Diversity & Inclusion.
\n\nSpeakerBio: Jay Healey
\nNo BIO available
\n\n\'',NULL,614459),('3_Saturday','13','13:00','13:45','N','DC','LVCC West/Floor 3/W322-W327','\'Inside the FBI’s Secret Encrypted Phone Company ‘Anom’\'','\'Joseph Cox\'','DC_d6fdf658b3a1db62341760b33e6f29ed','\'Title: Inside the FBI’s Secret Encrypted Phone Company ‘Anom’
\nWhen: Saturday, Aug 10, 13:00 - 13:45 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nIn 2018, a secure communications app called Anom started to gain popularity among organized criminals. Soon, top tier drug traffickers were using it all over the world. Because they thought their messages were secure, smugglers and hitmen coordinated high stakes crimes across the platform. But Anom had a secret: it was secretly run by the FBI.
\n\nFor years Joseph Cox has investigated the inside story of Anom, speaking to people who coded the app, those who sold it, criminals who chatted across it, and the FBI agents who surreptitiously managed it. This new talk, building on details from his recent book DARK WIRE, will include never-before-published technical details on how the Anom network functioned, how the backdoor itself worked, and how Anom grew to such a size that the FBI started to lose control of its own creation.
\n\nIt will also reflect on how police have entered a new phase of compromising entire encrypted phone networks, with little to no debate from the public, and provide critical insight on what really happens when authorities introduce a backdoor into a telecommunications product.
\n\nDARK WIRE: The Incredible True Story of the Largest Sting Operation Ever, June 4th, 2024: link
\n\nSpeakerBio: Joseph Cox, Co-Founder at 404 Media
\nJoseph Cox is an investigative journalist and author of DARK WIRE, the inside story of how the FBI secretly ran its own encrypted phone company called Anom to wiretap the world. He produced a series of exclusive articles on Anom for VICE’s Motherboard, and is now a co-founder of 404 Media.
\n\n\n\'',NULL,614460),('3_Saturday','13','13:00','13:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'OH-MY-DC: Abusing OIDC all the way to your cloud\'','\'Aviad Hahami\'','DC_1c3933da1c6e1214e2ba9a46dd172dd0','\'Title: OH-MY-DC: Abusing OIDC all the way to your cloud
\nWhen: Saturday, Aug 10, 13:00 - 13:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nAs DevOps and developers are slowly shifting away from storing long-lived static credentials to the more secure, still kinda-new, OIDC alternative - the underlying logic, mechanisms and implementations tend to feel like complicated magic and are mostly overlooked.
\n\nIn this talk, we\'ll begin by recapping what OIDC is, who are the interacting entities when OIDC is used, and how OIDC is taking place to securely access one\'s cloud using CI/CD flows.
\n\nOnce covered, we will be able to alternate our point-of-view between the entities in play and demonstrate potential vulnerabilities in various setups.
\n\nStarting with the user PoV, we will show what \"under-configurations\" look like, and continue by demonstrating how new OIDC configuration options can actually be misconfigurations that can result with a compromise.
\n\nWe will then see another attack vector where leaking an OIDC token from a single repository in an organization can allow an attacker to abuse under-configurations and access private clouds.
\n\nAfter that, we will shift our PoV to be of the Identity Provider (IdP) so that we can look into what happens if an IdP is misconfigured, and disclose a real-world security vulnerability found in one of the most popular CI vendors that allowed us to access any of their customers\' cloud environments.
\n\nI\'ll refer to this talk by the Tinder Security team link where they show how they could \"claim\" in the name of other identities due to under-configured WIFs.
\n\nSpeakerBio: Aviad Hahami, Palo Alto Networks
\nSecurity researcher and experienced software engineer with a great passion for algorithms (graph-theory specifically), security research (vulnerability research, bug bounties), chaos engineering (YES!), frontends, backends, web services, systems architecture, infras, clouds(making them rain), and more :)
\n\nToday, researching at Palo Alto Networks.
\n\nOh yea I also DJ
\n\n\n\'',NULL,614461),('3_Saturday','13','13:30','14:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Behind Enemy Lines: Engaging and Disrupting Ransomware Web Panels\'','\'Vangelis Stykas\'','DC_3afd6453b6c90ac9ac7665d453f8019a','\'Title: Behind Enemy Lines: Engaging and Disrupting Ransomware Web Panels
\nWhen: Saturday, Aug 10, 13:30 - 14:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nRansomware groups have become notably proficient at wreaking havoc across various sectors , but we can turn the tables. However, a less explored avenue in the fight against these digital adversaries lies in the proactive offense against their web panels. In this presentation, I will delve into the strategies and methodologies for infiltrating and commandeering the web panels used by ransomware groups to manage their malicious operations or the APIs used during their initial exfiltration of data.
\n\nI will demonstrate how to leverage these vulnerabilities to gain unauthorized access to the ransomware groups\' web panels. This access not only disrupts their operations but also opens a window to gather intelligence and potentially identify the operators behind those APTs. Let’s explore the frontiers of cyber offense, targeting the very command and control (C2) centers ransomware groups rely on, turning the tables in our ongoing battle against cyber threats,it’s our turn to wreak havoc.
\n\n\n\nSpeakerBio: Vangelis Stykas, Chief Technology Officer at Atropos
\nVangelis began as a developer from Greece. Six years ago he realized that only his dog didn’t have an API, so he decided to steer his focus towards security.
\n\nThat led him to pursue a PhD in Web Application Security with an extra focus on machine learning. He’s still actively pursuing it.
\n\nHe currently applies his skills as a Chief Technology Officer at Atropos, and during his free time, Vangelis is helping start-ups secure themselves on the internet and get a leg up in security terms.
\n\nHis love of a simplistic approach to hacking by exploiting vulnerable APIs led him to publish research regarding API controlling ships, smart locks, IP cameras, car alarms, EV chargers, and many other IoT devices. Since our lives are nowadays extremely cyber-dependent, his goal is to convince all companies to never neglect their API security as rush-to-market mentality is almost certain to lead to catastrophic security failure.
\n\n\n\'',NULL,614462),('3_Saturday','14','13:30','14:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Behind Enemy Lines: Engaging and Disrupting Ransomware Web Panels\'','\'Vangelis Stykas\'','DC_3afd6453b6c90ac9ac7665d453f8019a','\'\'',NULL,614463),('3_Saturday','13','13:30','14:15','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'NTLM - The Last Ride\'','\'Jim Rush,Tomais Williamson\'','DC_bb889a2d33a9ae1f70c2816f1341d362','\'Title: NTLM - The Last Ride
\nWhen: Saturday, Aug 10, 13:30 - 14:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nMicrosoft is planning to kill off NTLM (New Technology Lan Manager) authentication in Windows 11 and above. Let\'s speedrun coercing hashes out of a few more things before it fades into obscurity over the next twenty five years or so.
\n\nThere will be a deep dive on several new bugs we disclosed to Microsoft (including bypassing a fix to an existing CVE), some interesting and useful techniques, combining techniques from multiple bug classes resulting in some unexpected discoveries and some absolutely cooked bugs. We’ll also uncover some defaults that simply shouldn\'t exist in sensible libraries or applications as well as some glaring gaps in some of the Microsoft NTLM related security controls.
\n\n\n- link
\n- link
\n- link
\n- link
\n- Varonis Threat Labs discovered a new Outlook exploit and three new ways to access NTLM v2 hashed passwords. link
\n
\n\nSpeakers:Jim Rush,Tomais Williamson
\n
\nSpeakerBio: Jim Rush
\nI\'m a former software developer who has somehow ended up hacking things for a living, which is infinitely more fun as most of you know. I\'m an active security researcher with several CVEs, including Blackboard, Moodle, Nuget, MS-Office and Kramer products.
\n\nSpeakerBio: Tomais Williamson
\nI\'m an enthusiastic hacker who enjoys CTFs and have competed at an international level in the ICC CTF as well as being part of the CursedCTF 2024 winning team. I\'m also an active security researcher with a bunch of CVEs and countless other bugs for a bunch of \'solved problems\' in security.
\n\n\n\'',NULL,614464),('3_Saturday','14','13:30','14:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 2','\'NTLM - The Last Ride\'','\'Jim Rush,Tomais Williamson\'','DC_bb889a2d33a9ae1f70c2816f1341d362','\'\'',NULL,614465),('3_Saturday','14','14:00','14:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Discovering and exploiting local attacks against the 1Password MacOS desktop application\'','\'Jeffrey Hofmann,Colby Morgan\'','DC_037c1a8e30f8f19790a753879e2ef8fc','\'Title: Discovering and exploiting local attacks against the 1Password MacOS desktop application
\nWhen: Saturday, Aug 10, 14:00 - 14:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nPassword managers are routinely granted a massive level of trust from users, by nature of managing some of their most sensitive credentials. For any noteworthy password manager, the encryption standards for user data are well understood and highly scrutinized. What is less understood is the attack surface of the software itself. This presentation explores the local security of the 1Password MacOS desktop application and answers the question of “how safe are my passwords if my computer is infected or otherwise compromised?”.
\n\nThis talk will cover the outcome of our research into 1Password, presenting several different attacks to dump local 1Password vaults. This includes describing multiple application vulnerabilities and security weaknesses we identified in the 1Password MacOS desktop application, as well as discussing the inherent limitations in its usage of IPC mechanisms and open source software. Additionally, we will discuss novel vulnerabilities found in Google Chrome that aided our exploitation of the 1Password browser extension.
\n\nDarthNull’s work around decrypting 1Password vaults: link
\n\nSpeakers:Jeffrey Hofmann,Colby Morgan
\n
\nSpeakerBio: Jeffrey Hofmann, Senior Offensive Security Engineer
\nJeffrey Hofmann is a Senior Offensive Security Engineer with a history of vulnerability research and exploit development. He recreated NSO’s 0 click iOS exploit FORCEDENTRY and discovered pre-auth RCEs in the MDM KACE SMA.
\n\nSpeakerBio: Colby Morgan, Leads, Pentest Team at Robinhood
\nColby Morgan is a Staff Offensive Security Engineer with extensive application and infrastructure security experience. Colby currently leads the pentest team at Robinhood.
\n\n\n\'',NULL,614466),('2_Friday','16','16:00','16:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Eradicating Hepatitis C With BioTerrorism\'','\'Mixæl Swan Laufer\'','DC_a72dc63cd909f96cfb7967bb65b9ddd0','\'Title: Eradicating Hepatitis C With BioTerrorism
\nWhen: Friday, Aug 9, 16:00 - 16:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nA quarter of a million people die from Hepatitis C every year. Fifty million people are currently infected, and a million more are infected each year. But for the first time in history there is a cure (not just a treatment) for a virus, and it is for Hepatitis C. Take one 400mg pill of Sofosbuvir every day for twelve weeks, and you will be free of the virus. The catch? Those pills are one thousand US dollars apiece because the molecule is the \"Intellectual Property\" of Gilead Pharmaceuticals, and they refuse to share. So if you have $84,000 USD, Hep C is not your problem. But for everyone else, The Four Thieves Vinegar Collective has developed a way to make the entire course of treatment for $300 USD. This methodology also applies to other diseases. Like any science, the method of manufacture of drugs can be replicated, and we are going to give you all the necessary tools and show you the process top-to-bottom. Watch it happen live, participate, and learn to do it yourself: Use our digital research assistant to help you navigate the scientific literature, feed your medicine of choice into ChemHacktica to get a chemical synthesis pathway, put that procedure into the Recipe Press to generate code for the new version of the MicroLab to run, and watch the medicine form in the reaction chamber. Finally come on stage, press some tablets, and make your own thousand-dollar pill for four dollars in materials. The feds say saving a life this way is bioterrorism. We say: So Be It.
\n\nSpeakerBio: Mixæl Swan Laufer, Chief Spokesperson at Four Thieves Vinegar Collective
\nMixæl Swan Laufer worked in mathematics and high energy physics until he decided to use his background in science to tackle problems of global health and human rights. He now is the chief spokesperson for the Four Thieves Vinegar Collective which works to make it possible for people to manufacture their own medications and medical devices at home by creating public access to tools, ideas, and information.
\n\n\n\'',NULL,614467),('3_Saturday','14','14:00','14:45','N','DC','LVCC West/Floor 3/W322-W327','\'Hacking Millions of Modems (and Investigating Who Hacked My Modem)\'','\'Sam Curry\'','DC_7d87419500443120cc41986cd1df8584','\'Title: Hacking Millions of Modems (and Investigating Who Hacked My Modem)
\nWhen: Saturday, Aug 10, 14:00 - 14:45 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nOn December 25th, 2021, I discovered that my modem had been hacked after a strange IP address replayed my traffic. I began researching who they were, how it happened, and eventually discovered a vulnerability which allowed me to passively monitor, change configurations, and execute commands on millions of devices. This talk details 3 years of intermittent web research on ISP security and how broadband equipment is becoming scarily centralized.
\n\n\n- N. Mavrakis, \"Vulnerabilities of ISPs,\" in IEEE Potentials, vol. 22, no. 4, pp. 9-15, Oct.-Nov. 2003, doi: 10.1109/MP.2003.1238687
\n- I Hunt TR-069 Admins: Pwning ISPs Like a Boss (Shahar Tal, August 2014, link)
\n- TR-069 Wikipedia link
\n- Cox Communications VDP link
\n
\n\nSpeakerBio: Sam Curry, Founder at Palisade
\nSam Curry is a web security researcher, bug bounty hunter, and the founder of Palisade, a security consultancy.
\n\n\n\'',NULL,614468),('3_Saturday','14','14:30','15:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'ACE up the Sleeve: From getting JTAG on the iPhone 15 to hacking into Apple\'s new USB-C Controller\'','\'Thomas \"stacksmashing\" Roth\'','DC_76b8d1f937998f4e0091af63e0b59412','\'Title: ACE up the Sleeve: From getting JTAG on the iPhone 15 to hacking into Apple\'s new USB-C Controller
\nWhen: Saturday, Aug 10, 14:30 - 15:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nWith the iPhone 15 & iPhone 15 Pro Apple switched their iPhone to USB-C - and introduced a new proprietary USB-C controller: The ACE3.
\n\nBut the ACE3 does more than just handle USB power delivery: It\'s a full microcontroller running a full USB stack connected to some of the internal busses of the device, and we even managed to access JTAG on the iPhone 15 through it. It also provides access to UART, the internal SPMI bus, etc. Previous variants of the ACE, namely the ACE2 found in MacBooks, could easily be dumped and analyzed using SWD - and even be persistently backdoored through a software vulnerability we found.
\n\nOn the ACE3 however, Apple upped their game: Firmware updates are personalized, debug interfaces seem to be disabled, and the external flash is validated and does not contain all the firmware. However using a combination of reverse-engineering, RF side-channel analysis and electro-magnetic fault-injection it was possible to gain code-execution on the ACE3 - allowing dumping of the ROM, and analysis of the functionality.
\n\nThis talk will show how to use a combination of hardware, firmware, reverse-engineering, side-channel analysis and fault-injection to gain code-execution on a completely custom chip, enabling further security research on an under-explored but security relevant part of Apple devices.
\n\n\n- AsahiLinux USB-PD Documentaiton - link
\n- AsahiLinux macvdmtool - link
\n- ACE Controller Secrets (for ACE/ACE2) - link
\n- Marc Zyngier\'s Central Scrutinizer - link
\n
\n\nSpeakerBio: Thomas \"stacksmashing\" Roth
\nThomas Roth aka stacksmashing is a security researcher mostly focused on hardware and firmware. His work includes hardware attacks on processors, microcontrollers and cryptocurrency wallets, building cheap JTAG tooling for the iPhone, and attacking a wide variety of embedded devices. He also runs a YouTube channel called stacksmashing about security, reverse engineering and hardware hacking.
\n\n\n\'',NULL,614469),('3_Saturday','15','14:30','15:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'ACE up the Sleeve: From getting JTAG on the iPhone 15 to hacking into Apple\'s new USB-C Controller\'','\'Thomas \"stacksmashing\" Roth\'','DC_76b8d1f937998f4e0091af63e0b59412','\'\'',NULL,614470),('3_Saturday','14','14:30','15:15','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Troll Trapping Through TAS Tools - Exposing Speedrunning Cheaters\'','\'Allan \"dwangoAC\" Cecil\'','DC_5bc82e4fb885f4bd7e2a737bf2e07d53','\'Title: Troll Trapping Through TAS Tools - Exposing Speedrunning Cheaters
\nWhen: Saturday, Aug 10, 14:30 - 15:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nTrolls cheating in video games by passing Tool-Assisted Speedruns off as human effort break leaderboards and stifle speedrunners. Why do they do it when they could make a cool game hack or TAS to show off their work, and how do you trap these trolls? The answer is to use their own tools against them, often with popcorn bucket worthy results like taking down Guinness World Records. From a TASVideos member taking on 1980\'s Dragster cheat Todd Rogers, a passing mention of Billy Mitchell, and the TASBot team investigating Super Mario Maker shenanigans, this talk covers several notable cheating incidents and concludes with a systematic takedown of a troll that chilled the Diablo speedrunning community for more than a decade.
\n\nThis talk includes several investigations I have been a part of in some capacity and will ultimately include additional references in the coming months; I\'ve broken the references out by game, presented in Markdown format like the rest of this document:
\n\nDragster
\n\n\n\nSuper Mario Maker
\n\n\n\nDiablo
\n\n\n\nSpeakerBio: Allan \"dwangoAC\" Cecil, Founder and Leader at TASBot Online Community
\ndwangoAC (Allan Cecil) is the founder and leader of the TASBot online community and Senior Ambassador on staff of TASVideos.org. He is a published journal author, patent holder, and unflappable presenter with talks at DEF CON, GeekPwn, Thotcon, May Contain Hackers, and other hacker conferences. dwangoAC uses his combined hacking interests for good at charity events like Games Done Quick to entertain viewers with never-before-seen glitches in games, with event content he\'s led raising more than $1.5m for various charities.
\n\n\n\'',NULL,614471),('3_Saturday','15','14:30','15:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 2','\'Troll Trapping Through TAS Tools - Exposing Speedrunning Cheaters\'','\'Allan \"dwangoAC\" Cecil\'','DC_5bc82e4fb885f4bd7e2a737bf2e07d53','\'\'',NULL,614472),('3_Saturday','15','15:00','15:45','N','DC','LVCC West/Floor 3/W322-W327','\'A Shadow Librarian in Broad Daylight: Fighting back against ever encroaching capitalism\'','\'Daniel Messer\'','DC_c46b131bf3c7247bc9635a367a154d7e','\'Title: A Shadow Librarian in Broad Daylight: Fighting back against ever encroaching capitalism
\nWhen: Saturday, Aug 10, 15:00 - 15:45 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nThe public library is under attack. Calls for book banning are at an all time high. Some states have passed laws that hold librarians legally accountable for offering \"unacceptable\" materials to minors. But before this fire started, another one was already burning. In an era of digital content, from eBooks to streaming movies, public libraries have been forced to accept draconian terms of service at the expense of their patrons and to the benefit of corporations. Grossly inflated eBook prices and licensing, unobtainable materials that went out of print due to artificial scarcity, exorbitant fees for access to academic research; these are just a few of the myriad of ways that libraries have been forced to bow before capitalism, all because of a desire to serve the public. But we can fight back...
\n\nAnd no one says we need to fight fairly.
\n\nI’d like to tell you some real life stories of a public librarian with a quasi-legal, dark grey skillset. And I’d love to share some ideas about what you can do to help others. If I can do this, you can. And anyone can be a shadow librarian.
\n\n\n- Bodó, Balázs, Dániel Antal, and Zoltán Puha. “Can Scholarly Pirate Libraries Bridge the Knowledge Access Gap? An Empirical Study on the Structural Conditions of Book Piracy in Global and European Academia.” Edited by Sergi Lozano. PLOS ONE 15, no. 12 (December 3, 2020): e0242509. link.
\n- Böök, Mikael. “Herding the Wind,” 2020. link.
\n- Brown, Elizabeth Nolon. “You Can’t Stop Pirate Libraries.” Reason, 2022. link.
\n- Complutense, Francisco Segado-Bo, Juan Martín-Quevedo, and Juan-José Prieto-Gutiérrez. “Jumping over the Paywall: Strategies and Motivations for Scholarly Piracy and Other Alternatives.” Accessed January 4, 2024. link.
\n- Gardner, Gabriel J, Stephen R McLaughlin, and Andrew D Asher. “Shadow Libraries and You: Sci-Hub Usage and the Future of ILL.” ACRL 2017, Baltimore, Maryland, March 22 - 25, 2017. [Conference Paper], 2017. link.
\n- Yesberg, Helen. “Libraries, Piracy and the Grey Area In-Between: Free Digital Media during the COVID-19 Pandemic.” Reinvention: An International Journal of Undergraduate Research 15, no. 1 (April 29, 2022). link.
\n
\n\nSpeakerBio: Daniel Messer
\nDan is a systems librarian and SQL hacker living in Alvaton and Louisville, Kentucky. After almost 30 years of library work, he’s cultivated a broad background in public library circulation methodology, library technology and automation, training and instruction, and library databases. A shadow librarian for ten years, he’s provided cataloguing and scanning for various shadow libraries and online digital collections. And he’s called upon his work in shadow libraries to help patrons as a traditional public librarian.
\n\nBeyond the library, he’s an author, podcaster, musician, and coder.
\n\n\n\'',NULL,614473),('3_Saturday','15','15:00','15:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Exploiting the Unexploitable: Insights from the Kibana Bug Bounty\'','\'Mikhail Shcherbakov\'','DC_f52c77323d7268fe8d9a70716f150f14','\'Title: Exploiting the Unexploitable: Insights from the Kibana Bug Bounty
\nWhen: Saturday, Aug 10, 15:00 - 15:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\naWe explore case studies of exploiting vulnerabilities in modern JavaScript and TypeScript applications, drawing on experiences from participating in the Kibana Bug Bounty Program. It\'s not uncommon to encounter a vulnerability that appears unexploitable at first glance, or to be told by a triage team that the behavior is \"by design.\" So, what options does a security researcher have in such situations? And what primitives can be utilized to construct an exploitation chain with significant impact?
\n\nOur study involves breaking out of properly isolated containers in scenarios where there is RCE-by-design. We will examine several Prototype Pollutions that crash an application in less than one second after exploitation and explore how these vulnerabilities can ultimately lead to critical RCEs. Furthermore, we introduce new primitives and gadgets that enable the achievement of RCE from Prototype Pollutions previously deemed unexploitable beyond DoS attacks.
\n\nBy highlighting these methods, the talk aims to equip attendees with advanced techniques for exploiting complex vulnerability chains in JavaScript applications, as well as recommendations for proper defense and mitigations against them.
\n\n\n- Mikhail Shcherbakov, Musard Balliu and Cristian-Alexandru Staicu \"Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js\"
\n- \"Collection of Server-Side Prototype Pollution gadgets\" link
\n- Olivier Arteau \"JavaScript prototype pollution attack in NodeJS\"
\n- Nir Chako \"Attacking Kubernetes Clusters Through Your Network Plumbing\" link
\n
\n\nSpeakerBio: Mikhail Shcherbakov
\nMikhail Shcherbakov came to security from enterprise app development. The tendency is to push it as far as you can… He is now doing a Ph.D. in Language-Based Security after 10+ years of experience in the industry. He participated in Microsoft, GitHub, and open-source bug bounty programs, found vulnerabilities in popular products, and helped to fix them. Before starting a Ph.D. program, he focused on .NET and web security, gave talks at conferences, organized IT meetups, and got the Microsoft MVP Award in 2016 – 2018. Mikhail is an author of commercial static analysis tools and continues research in program analysis.
\n\n\n\'',NULL,614474),('3_Saturday','15','15:00','15:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Measuring the Tor Network\'','\'Silvia Puglisi,Roger Dingledine\'','DC_c71eb7ba684f8cd868dc3f4ed05d80d3','\'Title: Measuring the Tor Network
\nWhen: Saturday, Aug 10, 15:00 - 15:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nMillions of people around the world use Tor every day to protect themselves from surveillance and censorship. While the Tor Browser and its protocol are widely known, the backbone of the Tor ecosystem, its extensive network of volunteer relays, is often subject to speculation and misinformation. The Tor Project is dedicated to supporting this network and fostering a vibrant, diverse community of relay operators.
\n\nThis talk will focus on our efforts to maintain a healthy network and community, and detect and mitigate attacks -- all with the help of metrics and analysis of usage patterns. By illustrating how we collect safe-enough metrics for an anonymity network, we will offer insights into how we identify unusual activity and other noteworthy events on the network. We will also discuss our ongoing strategies for addressing current and future network health challenges.
\n\nIf you are interested in understanding the inner workings of the Tor network and its relay community and how we keep this vital ecosystem running, this talk is for you.
\n\n\n- Network Health Team wiki: link
\n- Two blog posts on Tor network health: link link
\n- Collector (where we archive all network data sets): link
\n- Paper by Rob Jansen et al. on incentives schemes for relays on the Tor network, \"Recruiting New Tor Relays with BRAIDS\": link
\n- Broader blog post about research papers on incentive for Tor relays: link
\n- Research paper by NRL proposing how to measure relay performance in a way that resists attempts to lie about relay speed: link
\n- Our plan to change how we collect, store and serve Tor network data (discussion from our bug tracker): link
\n- Performance measurements over the Tor Network: link
\n- Onionperf is the tool we use to measure performances from different locations across the globe: link
\n- The number of relays on the network by relay flags: link
\n- Documentation about reproducible metrics: link
\n
\n\nSpeakers:Silvia Puglisi,Roger Dingledine
\n
\nSpeakerBio: Silvia Puglisi, Lead, Network Health at Tor Project
\nSilvia Puglisi is a Systems Engineer and Privacy Researcher based in Barcelona, EU. She currently leads the network health team at the Tor Project, focusing on maintaining the stability, performance, and security of the Tor network. Silvia is also an O\'Reilly author and previously worked at Google for several years. She was part of the Information Security Group at the Department of Telematics Engineering, Universitat Politècnica de Catalunya (UPC), where she earned her Ph.D. Additionally, she has served as an adjunct professor at the Universitat Oberta de Catalunya (UOC).
\n\nSpeakerBio: Roger Dingledine, Co-Founder and Original Developer at Tor Project
\nRoger Dingledine is co-founder and original developer of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online. Roger works with journalists and activists on many continents to help them understand and defend against the threats they face, and he is a lead researcher in the online anonymity field. EFF picked him for a Pioneer Award, and Foreign Policy magazine chose him as one of its top 100 global thinkers.
\n\n\n\'',NULL,614475),('3_Saturday','15','15:30','16:15','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'HookChain: A new perspective for Bypassing EDR Solutions\'','\'Helvio Carvalho Junior\'','DC_fe0d71799111c7780ee8869f1bb0b854','\'Title: HookChain: A new perspective for Bypassing EDR Solutions
\nWhen: Saturday, Aug 10, 15:30 - 16:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nIn the current digital security ecosystem, where threats evolve rapidly and with complexity, companies developing Endpoint Detection and Response (EDR) solutions are in constant search for innovations that not only keep up but also anticipate emerging attack vectors. In this context, this article introduces the HookChain, a look from another perspective at widely known techniques, which when combined, provide an additional layer of sophisticated evasion against traditional EDR systems.
\n\nThrough a precise combination of IAT Hooking techniques, dynamic SSN resolution, and indirect system calls, HookChain redirects the execution flow of Windows subsystems in a way that remains invisible to the vigilant eyes of EDRs that only act on Ntdll.dll, without requiring changes to the source code of the applications and malwares involved.
\n\nThis work not only challenges current conventions in cybersecurity but also sheds light on a promising path for future protection strategies, leveraging the understanding that continuous evolution is key to the effectiveness of digital security.
\n\nBy developing and exploring the HookChain technique, this study significantly contributes to the body of knowledge in endpoint security, stimulating the development of more robust and adaptive solutions that can effectively address the ever-changing dynamics of digital threats. This work aspires to inspire deep reflection and advancement in the research and development of security technologies that are always several steps ahead of adversaries.
\n\nSpeakerBio: Helvio Carvalho Junior, CEO at Sec4US
\nHelvio is the CEO of Sec4US, a leading company in Cyber Security, and stands out as a renowned researcher in the field. He made history by being the first in Latin America to achieve the prestigious OSCE3 certification, a milestone that reflects his deep knowledge and technical skill. With over 23 years of experience across various segments of Information Technology, Helvio currently focuses on research in bypass techniques for Endpoint Detection and Antivirus solutions, as well as specializing in offensive information security (RedTeam). His passion for creating exploits and malware is well-known and significantly contributes to the advancement of cybersecurity.
\n\n\n\'',NULL,614476),('3_Saturday','16','15:30','16:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 2','\'HookChain: A new perspective for Bypassing EDR Solutions\'','\'Helvio Carvalho Junior\'','DC_fe0d71799111c7780ee8869f1bb0b854','\'\'',NULL,614477),('3_Saturday','15','15:30','16:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Unsaflok: Hacking millions of hotel locks\'','\'Lennert Wouters,Ian Carroll\'','DC_9c1837b5d92c176bcc16d5db9b3ed0d2','\'Title: Unsaflok: Hacking millions of hotel locks
\nWhen: Saturday, Aug 10, 15:30 - 16:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nElectronic hotel locks have been in use for over three decades, and have become an integral part of the hospitality sector. Las Vegas has over 150.000 hotel rooms, many of which use an RFID based electronic lock for access control. Most hotel guests rely on these locks to safeguard personal belongings and to protect their personal safety. However, some of these long-deployed locks have never been publicly scrutinized by the research community.
\n\nThis presentation covers the discovery of vulnerabilities affecting three million dormakaba Saflok locks. The Saflok system relied on a proprietary key derivation function for its MIFARE Classic cards and a proprietary encryption algorithm for the card contents. Reverse engineering the Saflok system allowed us to forge valid keycards. After reading a single, low privilege, guest card we are able to create a pair of forged key cards that allow us to deactivate the deadbolt and open any room at the property.
\n\nWe reported these vulnerabilities to dormakaba in September of 2022, as part of this presentation we will discuss the responsible disclosure and mitigation processes. Additionally, we will demonstrate how you can determine if your own hotel room has been patched to help ensure your personal safety.
\n\n\n- My Arduino can beat up your hotel room lock - Onity locks - Cody Brocious - Blackhat 2012
\n- Ghost In The Locks: Owning Electronic Locks Without Leaving A Trace - Vingcard locks - Tomi Tuominen and Timo Hirvonen - HITBGSEC 2018
\n
\n\nSpeakers:Lennert Wouters,Ian Carroll
\n
\nSpeakerBio: Lennert Wouters, Security Researcher, Computer Security and Industrial Cryptography (COSIC) at KU Leuven University
\nLennert Wouters is a security researcher at the Computer Security and Industrial Cryptography (COSIC) research group at the KU Leuven University in Belgium. Lennert\'s main research interests cover hardware security for embedded systems and physical attacks.
\n\nSpeakerBio: Ian Carroll, Independent Security Researcher
\nIan Carroll is an independent security research and founder of Seats.aero. Ian\'s main research interests involve application security, especially in the travel industry.
\n\n\n\'',NULL,614478),('3_Saturday','16','15:30','16:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Unsaflok: Hacking millions of hotel locks\'','\'Lennert Wouters,Ian Carroll\'','DC_9c1837b5d92c176bcc16d5db9b3ed0d2','\'\'',NULL,614479),('3_Saturday','16','16:00','16:20','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Compromising an Electronic Logging Device and Creating a Truck2Truck Worm\'','\'Jake Jepson,Rik Chatterjee\'','DC_88939364b8c8014b362cebf2717f79f6','\'Title: Compromising an Electronic Logging Device and Creating a Truck2Truck Worm
\nWhen: Saturday, Aug 10, 16:00 - 16:20 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\nPresented by Jake Jepson and Rik Chatterjee, two Systems Engineering Master\'s students at Colorado State University, this talk delves into the critical security implications within the trucking industry, particularly focusing on Electronic Logging Devices (ELDs). These devices, integral to compliance with Hours of Service regulations, present unique cyber-physical threats due to their networked nature and lack of standardized security protocols.
\n\nThe presentation will walk through examining potential remote exploits via wireless ELD compromise, leading to cyber physical control payloads and even wormable scenarios. Key vulnerabilities identified include insecure defaults and poor security practices shown on a commercially available ELD. These vulnerabilities not only expose truck networks to potential unauthorized control but also highlight systemic issues in device certification and security oversight.
\n\nThe talk will cover their journey from acquiring and reverse engineering ELDs, discovering their common architectures and weaknesses, to demonstrating proof of concept attacks that underline the urgent need for industry-wide security reforms. Notably, Jepson will discuss his first CVE, detailing the coordinated disclosure process and subsequent manufacturer response.
\n\nThis session is semi-technical, ideal for cybersecurity professionals and amateurs alike, interested in vehicle network protocols, and embedded systems security. Prior knowledge of network protocols such as CAN and J1939, along with an understanding of firmware reverse engineering, will enhance the learning experience, but is not required. Tools and techniques used include network scanners, reverse engineering platforms like Ghidra, and various wireless communication methods.
\n\nBy attending this presentation, participants will not only understand the specific security flaws affecting heavy vehicles but also appreciate the broader implications for embedded systems security in transportation. This talk is a call to action for improving security practices and regulatory standards in an increasingly interconnected world.
\n\n\n- Bureau of Transportation Statistics, United States Department of Transportation. \"National Transportation Statistics (NTS).\" Accessed December 19, 2023. link. doi:10.21949/1503663
\n- “Economics and Industry Data.” American Trucking Associations. [Online]. Available: link
\n- Technology, Syrma Sgs. “Automotive ECU: The Core Component for Connected Cars.” Electronic Manufacturing Services - Syrma SGS Technology, 15 July 2021, link. Picture: “M156 ECU Upgrade.” DYNE Performance, link. Accessed 22 Apr. 2022.
\n- “J1939-13.” SAE International.
\n- “Moving Ahead for Progress in the 21st Century Act (MAP-21).” U.S. Department of Transportation. [Online]. Available: Moving Ahead for Progress in the 21st Century Act (MAP-21)
\n- “ELD List.” FMCSA. [Online]. Available: link
\n- link
\n- link
\n- link
\n- link
\n
\n\nSpeakers:Jake Jepson,Rik Chatterjee
\n
\nSpeakerBio: Jake Jepson, Graduate Research Assistant, Department of Systems Engineering at Colorado State University
\nCurrently, Jake serves as a graduate research assistant in the Department of Systems Engineering, working under the guidance of Dr. Jeremy Daily. His role involves collaborating with a team of skilled professionals to conduct research on cybersecurity and digital forensics within the heavy vehicle industry. Jake\'s academic journey has emphasized the significance of pursuing a career he is passionate about, and this position has further solidified his love for collaborative problem-solving.
\n\nSpeakerBio: Rik Chatterjee, Graduate Research Assistant, Department of Systems Engineering at Colorado State University
\nCurrently, Rik serves as a graduate research assistant in the Department of Systems Engineering at Colorado State University, working under Dr. Jeremy Daily. His role involves research on security of protocol implementations and cybersecurity in the domain of commercial heavy and medium duty vehicles. Driven by a passion for securing embedded systems, Rik\'s work emphasizes the importance of robust security measures in protecting critical transportation infrastructure against emerging cyber threats.
\n\n\n\'',NULL,614480),('3_Saturday','16','16:00','16:45','N','DC','LVCC West/Floor 3/W322-W327','\'Encrypted newspaper ads in the 19th century - The world\'s first worldwide secure communication system\'','\'Elonka Dunin,Klaus Schmeh\'','DC_2494f6b5f8bbe27052940781bddc3e9f','\'Title: Encrypted newspaper ads in the 19th century - The world\'s first worldwide secure communication system
\nWhen: Saturday, Aug 10, 16:00 - 16:45 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nBetween 1850 and 1855, the London-based newspaper The Times published over 50 encrypted advertisements apparently intended for the same recipient. As we know today, the ads in that series were meant for the sea captain Richard Collinson, who at the time was on a mission in the Canadian Arctic trying to solve a captivating mystery: What happened to the lost John Franklin expedition? While Collinson never reached his goal, he established a secure worldwide communication system, which was unique for its time.
\n\nBefore his departure, Collinson\'s family was taught how to encrypt brief reports about what was going on at home and to publish these messages as mysterious ads in “The Times” once a month. The cipher used was a modified version of a system based on a signal-book of the Royal Navy. As the circulation of The Times stretched far beyond the UK, Collinson would have the chance to get his hands on a copy even at the remotest of ports.
\n\nOver a century later, the Collinson ads were finally broken in the 1990s. Over the last two years, the lecturers of this talk continued this work, with a goal of decrypting all of the ads and placing them in their appropriate geographic and cultural context.
\n\n\nArticle in “Mental Floss” (this was written based on one of our earlier talks)
\n\n\n- Ellen Gutoskey: How Victorian Explorers and Pining Lovers Used Coded Newspaper Ads to Communicate. Aug 10, 2022
\n- link
\n
1992 Research paper in Cryptologia:
\n\n\n- John Rabson: All are Well at Boldon a mid-Victorian Code System. Cryptologia 16(2): 127-135 (1992)
\n
Book about encrypted newspaper advertisements:
\n\n\n- Jean Palmer: The Agony Column Codes & Ciphers. New Generation Publishing, London 2006
\n
Naval codebooks:
\n\n\n- 10th edition (1847): link
\n- 11th edition (1851): link
\n- 12th edition (1854): link
\n
Collinson’s logbooks (by his brother):
\n\n\n- Thomas Bernard Collinson: Cypher Notices in the ‘Times’. In: Journal of H.M.S. Enterprise, on the Expedition in Search of Sir John Franklin\'s Ships by Behring Strait. 1850-55. Sampson Low, Marston, Searle, & Rivington. London: 1889 link
\n
Article from the 1940s:
\n\n\n- Richard J. Cyriax: The Collinson Cryptograms in \"The Times\". Notes and Queries 26 July, 1947: 322-323
\n
\n\nSpeakers:Elonka Dunin,Klaus Schmeh
\n
\nSpeakerBio: Elonka Dunin, Crypto Expert
\nElonka Dunin is a crypto expert and co-leader of a group that is working to crack the final cipher on the Kryptos sculpture at CIA Headquarters. She maintains a website of the World’s most famous unsolved codes, and bestselling author Dan Brown named his character “Nola Kaye”, a scrambled form of “Elonka”, in his novel The Lost Symbol, after her.
\n\nElonka was a member of the Board of Directors for the National Cryptologic Museum Foundation, and General Manager and Executive Producer at Simutronics, making award-winning online and mobile games.
\n\nIn 2006, Elonka published The Mammoth Book of Secret Codes and Cryptograms, and with Klaus she co-wrote the book Codebreaking: A Practical Guide, with editions in 2020 and 2023.
\n\nSpeakerBio: Klaus Schmeh, Crypto Expert at Eviden
\nKlaus Schmeh has written 15 books (mostly in German) about cryptography, as well as over 250 articles, 25 scientific papers, and 1500 blog posts. Klaus’s main fields of interest are codebreaking and the history of encryption.
\n\nKlaus is a popular speaker, known for his entertaining presentation style involving self-drawn cartoons, self-composed songs, and Lego models. He has lectured at hundreds of conferences, including the NSA Crypto History Symposium, DEF CON, and the RSA Conference.
\n\nIn his day job, Klaus works as a crypto expert for the global IT security company Eviden.
\n\n\n\'',NULL,614481),('3_Saturday','16','16:00','16:45','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Secrets and Shadows: Leveraging Big Data for Vulnerability Discovery at Scale\'','\'Bill Demirkapi\'','DC_e67a6719b9aa15b12d8002835bd97ec1','\'Title: Secrets and Shadows: Leveraging Big Data for Vulnerability Discovery at Scale
\nWhen: Saturday, Aug 10, 16:00 - 16:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nWhen we consider the conventional approaches to vulnerability discovery, be it in software or websites, we tend to confine ourselves to a specific target or platform. In the case of software, we might reverse engineer an application\'s attack surfaces for untrusted input, aiming to trigger edge cases. For websites, we might enumerate a domain for related assets and seek out unpatched, less defended, or occasionally abandoned resources.
\n\nThis presentation explores the untapped potential of scaling security research by leveraging unconventional data sources. We\'ll walk through design flaws that enable two examples: forgotten cloud assets and leaked secrets. Instead of starting with a target and finding vulnerabilities, we\'ll find vulnerabilities and relate them to our targets. We won\'t just stop at discovery. We\'ll also discuss the incentives that create them and how to solve the ecosystem issues as an industry.
\n\nWhile you can\'t easily scale every issue, this project has led to tens of thousands of highly significant yet seemingly trivial weaknesses in some of the world\'s largest organizations. Prepare to shift your perspective on vulnerability discovery, learn scalable approaches to address commonly overlooked bugs, and understand how even the simplest misconfiguration can have a devastating impact.
\n\n\n- Toomey, Patrick. “Behind the Scenes of Github Token Scanning.” The GitHub Blog, 17 Oct. 2018, link.
\n- Meli, Michael, et al. “How Bad Can It Git? Characterizing Secret Leakage in Public Github Repositories.” Proceedings 2019 Network and Distributed System Security Symposium, 19 Feb. 2019, link.
\n- Awslabs. “Awslabs/Git-Secrets: Prevents You from Committing Secrets and Credentials into Git Repositories.” GitHub, 2015, link.
\n- Rice, Zachary. “Zricethezav/Gitleaks: Scan Git Repos (or Files) for Secrets Using Regex and Entropy.” GitHub, 2018, link.
\n- Ballenthin, Willi, and Moritz Raabe. “Mandiant/Flare-Floss: Flare Obfuscated String Solver - Automatically Extract Obfuscated Strings from Malware.” GitHub, 2016, link.
\n- Squarcina, Marco, et al. “Can I Take Your Subdomain? Exploring Same-Site Attacks in the Modern Web.” USENIX Security Symposium, vol. 30, Aug. 2021, pp. 2917–2934.
\n- MDN contributors. “Subdomain Takeovers - Web Security | MDN.” Developer.mozilla.org, 14 Oct. 2021, link.
\n- “Prevent Subdomain Takeovers with Azure DNS Alias Records and Azure App Service’s Custom Domain Verification.” Learn.microsoft.com, Microsoft, 16 June 2020, link.
\n- Shah, Shubham. “Eliminating Dangling Elastic IP Takeovers with Ghostbuster.” Assetnote, 13 Feb. 2022, link.
\n- Claudius, Jonathan. “‘Deep Thoughts’ on Subdomain Takeover Vulnerabilities.” Claudijd.github.io, 3 Feb. 2017, link.
\n- Victor Le Pochat, Tom Van Goethem, Samaneh Tajalizadehkhoob, Maciej Korczyński, and Wouter Joosen. 2019. \"Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation,\" Proceedings of the 26th Annual Network and Distributed System Security Symposium (NDSS 2019). link
\n- Hallam-Baker, Phillip, et al. “RFC 8659 - DNS Certification Authority Authorization (CAA) Resource Record.” Datatracker.ietf.org, IETF, Nov. 2019, link.
\n
\n\nSpeakerBio: Bill Demirkapi, Independent Security Researcher
\nBill is an independent security researcher with a passion for finding bugs at scale. His interests include reverse engineering and vulnerability research, ranging from low-level memory corruption to systemic flaws with catastrophic consequences. He started his journey in high school and has since published his work at internationally-recognized conferences like DEF CON and Black Hat USA. In his pursuit to make the world a better place, Bill constantly looks for the next significant vulnerability, following the motto \"break anything and everything\".
\n\n\n\'',NULL,614482),('3_Saturday','16','16:30','17:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Breaking the Beam: Exploiting VSAT Satellite Modems from the Earth\'s Surface\'','\'Vincent Lenders,Johannes Willbold,Robin Bisping\'','DC_e2476e5951cdc5a3f477e62d0efcd2c2','\'Title: Breaking the Beam: Exploiting VSAT Satellite Modems from the Earth\'s Surface
\nWhen: Saturday, Aug 10, 16:30 - 17:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nVSAT satellite communication systems are widely used to provide two-way data and voice communications to remote areas, including maritime environments, crisis regions, and other locations where terrestrial communication infrastructure is limited or unavailable. In this presentation, we report on our security findings from our reverse-engineering efforts to exploit VSAT satellite modems from the Earth. We will focus on the Newtec MDM2200 from iDirect as an example. First, we explain how we reverse-engineered the software stack running on the modem device to find 0-day vulnerabilities. Then, we show how we reverse-engineered the network stack to devise attacks that can be launched by injecting wireless signals through the antenna dish of a VSAT terminal. Finally, we demonstrate our software-defined radio end-to-end attacks to inject bogus firmware updates and to gain a remote root shell access on the modem. To the best of knowledge, this represents the first successful demonstration of signal injection attacks on VSAT modems using software-defined radios from the Earth, while previous attacks on VSAT systems such as the ViaSat hack in 2022 were based on exploiting the operator’s network through Internet VPN connections. Our work therefore enlarges significantly the attack surface of VSAT systems.
\n\nOur presentation at DEF CON is part of a project that has three parts.
\n\nIn the first part, we focus on the inherent security issues in current VSAT system practices. This work will be appear in May at ACM WiSec 2024.
\n\nVSAsTer: Uncovering Inherent Security Issues in Current VSAT System Practices, Johannes Willbold, Moritz Schloegel, Robin Bisping, Martin Strohmeier, Thorsten Holz, Vincent Lenders, 17th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), Seoul, Korea, May 2024.
\n\nThe second part deals with the systematic evaluation of wireless signal injection attacks using a software-defined radio. This work will appear in August at Usenix Security 2024:
\n\nWireless Signal Injection Attacks on VSAT Satellite Modems, Robin Bisping, Johannes Willbold, Martin Strohmeier, and Vincent Lenders, 33rd USENIX Security Symposium (USENIX Security), Philadelphia PA, USA, August 2024.
\n\nThe third part of the project deals with reverse-engineering of the software and network stack of satellite modems and the development of exploits that can be injected over the air through the antenna dish of a VSAT terminal from the ground. This part shall be presented at DEF CON this year.
\n\nSpeakers:Vincent Lenders,Johannes Willbold,Robin Bisping
\n
\nSpeakerBio: Vincent Lenders, Cybersecurity Researcher and Head at Cyber-Defence Campus
\nVincent Lenders is a cybersecurity researcher from Switzerland where he acts as the Head of the Cyber-Defence Campus. He has a Master and PhD degree from ETH Zurich in electrical engineering. He has over 15 years of practical experience in cybersecurity with a strong focus on the security of wireless networks. He is the co-founder of the OpenSky Network and has published over 150 scientific papers and two books, and presents regularly at cybersecurity conferences including Usenix Secuirty, DEFCON, IEEE S&P, NDSS, ACM CCS.
\n\nSpeakerBio: Johannes Willbold, PhD Student at Ruhr University Bochum
\nJohannes Willbold is a PhD student at the Ruhr University Bochum and researches the software security of space and satellite systems. In 2023, he published at the IEEE S&P, and presented on venues, including Black Hat US, REcon and TyphoonCon. He organizes the yearly SpaceSec workshop (co-located with NDSS) and participated in the Hack-a-Sat 2 & 4 finals.
\n\nSpeakerBio: Robin Bisping, Security Engineer at Cyber-Defence Campus
\nRobin Bisping is a security engineer and former student of ETH Zurich and the Cyber-Defence Campus, where his research focused on the security of wireless networks and satellite communication systems.
\n\n\n\'',NULL,614483),('3_Saturday','17','16:30','17:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Breaking the Beam: Exploiting VSAT Satellite Modems from the Earth\'s Surface\'','\'Vincent Lenders,Johannes Willbold,Robin Bisping\'','DC_e2476e5951cdc5a3f477e62d0efcd2c2','\'\'',NULL,614484),('3_Saturday','16','16:30','17:15','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'DEF CON Academy: Cultivating M4D SK1LLZ In the DEF CON Community\'','\'Yan \"Zardus\" Shoshitaishvili,Perri Adams\'','DC_eb45234d3e4c78db7412254b9eea6fa8','\'Title: DEF CON Academy: Cultivating M4D SK1LLZ In the DEF CON Community
\nWhen: Saturday, Aug 10, 16:30 - 17:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nDEF CON is a siren song for the hacker mind. Clever people around the world hear it and are pulled, every year, to Las Vegas. They mass by the tens of thousands, streaming through the halls of DEF CON to watch talks given by absolute legends about incredible escapades, to gaze in wonder as true wizards bend bytes to their will in the CTF room, and to dream about one day reaching to those heights themselves.
\n\nSome have the critical combination of grit, perseverance, raw talent, and (let\'s face it) privilege to push through to those dreams of greatness. But among even the clever and the motivated, it is rare for n00bs to rise to l33tness without support. Some find this support in inspiring classes in college. Others, among friends or mentors. But many don\'t find it at all, and remain in the hallways, dreaming.
\n\nDo you want to leave the hallways and hack the planet? We are hackers, educators, and learners who are creating DEF CON Academy, a concerted effort to maximize hacker potential by providing open, clear, approachable, and inclusive practical resources for budding hackers to transcend and rule cyberspace. Through extensive DEF CON event presence and year-round hacking resources, we will pro up the noobs of the world and bring the community, at scale, to the next level of skill.
\n\nCome, listen, and learn how we can help!
\n\n\n- link
\n- Connor Nelson, Yan Shoshitaishvili. DOJO: Applied Cybersecurity Education In The Browser. ACM SIGCSE 2024. link
\n- Connor Nelson, Yan Shoshitaishvili. PWN The Learning Curve: Education-First CTF Challenges. ACM SIGCSE 2024. link
\n- link
\n- link
\n
\n\nSpeakers:Yan \"Zardus\" Shoshitaishvili,Perri Adams
\n
\nSpeakerBio: Yan \"Zardus\" Shoshitaishvili, Associate Professor at Arizona State University
\nZardus (Yan Shoshitaishvili) is an Associate Professor at Arizona State University, where he pursues passions of cybersecurity research (focusing on binary analysis and exploitation) and education. Zardus has competed in CTFs for over 15 years, hosted DEF CON CTF, and led Shellphish’s participation in the DARPA Cyber Grand Challengge.
\n\nIn order to inspire students to pursue cybersecurity (and, ultimately, compete at DEF CON!), Yan created pwn.college, an open practice-makes-perfect learning platform that is revolutionizing cybersecurity education for aspiring hackers around the world.
\n\nSpeakerBio: Perri Adams, Special Assistant to the Director at Defense Advanced Research Projects Agency (DARPA)
\nMs. Perri Adams is a special assistant to the director at DARPA, where she advises stakeholders at the agency and across the U.S. government on the next generation of AI and cybersecurity technology.
\n\nPrior to this role, Adams was a program manager within DARPA’s Information Innovation Office (I2O), where, among other programs, she created the AI Cyber Challenge (AIxCC).
\n\nAdams has been an avid participant in cybersecurity CTF competitions and was one of the organizers of the DEF CON CTF. She holds a bachelor’s degree in computer science from Rensselaer Polytechnic Institute and is a proud alumna of the computer security club, RPISEC.
\n\n\n\'',NULL,614485),('3_Saturday','17','16:30','17:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 2','\'DEF CON Academy: Cultivating M4D SK1LLZ In the DEF CON Community\'','\'Yan \"Zardus\" Shoshitaishvili,Perri Adams\'','DC_eb45234d3e4c78db7412254b9eea6fa8','\'\'',NULL,614486),('3_Saturday','16','16:30','17:15','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Watchers being watched: Exploiting the Surveillance System and its supply chain\'','\'Chanin Kim,Myeonghun Pak,Myeongjin Shin\'','DC_e45178f86758e50a0e06a294095b9fdd','\'Title: Watchers being watched: Exploiting the Surveillance System and its supply chain
\nWhen: Saturday, Aug 10, 16:30 - 17:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\nWith the development of artificial intelligence and image processing technology, the video industry such as CCTV is developing greatly. However, CCTV video may infringe on an individual\'s privacy, and personal information may be leaked due to hacking or illegal video collection. As such, Surveillance System\'s Security issues are also increasing, the importance of the video surveillance industry is becoming more prominent.
\n\nIn order to prevent hacking or illegal video collection, research on camera security is being conducted. However, there is a lack of awareness of NVR (Network Video Recorder), a device that actually watches videos recorded by cameras, and research on this is also insufficient.
\n\nWe selected Hikvision and Dahua, which have a high NVR market share, as target vendors, and also selected Synology\'s NVR-related package, Surveillance Station, as targets. Before proceeding with vulnerability analysis, several problems occurred during the file system extraction process, but U-Boot mitigation was successfully bypassed through various methods. Afterwards, various types of vulnerabilities were discovered through analysis, and OEM verification was also conducted to increase impact. We present exploit scenarios for surveillance devices through vulnerability linkage and present supply chain security issues in the Surveillance System.
\n\n\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n
\n\nSpeakers:Chanin Kim,Myeonghun Pak,Myeongjin Shin
\n
\nSpeakerBio: Chanin Kim, Offensive Researcher at S2W Inc
\nChanin Kim has previously conducted offensive research and has experience discovering vulnerabilities in various places, including Windows, Rust, and OpenVPN. Chan In-Kim is also currently working as an Offensive Researcher at S2W Inc in Korea and is conducting various offensive research.
\n\nSpeakerBio: Myeonghun Pak, Researcher at KITRI
\nMyeonghun Pak is currently a university student and is working on offensive research. He enjoys analyzing embedded vulnerabilities.
\n\nSpeakerBio: Myeongjin Shin, Student at Chonnam National University
\nMyeongjin Shin is currently a student at Chonnam National University and belong to SRC lab. He is interested in vulnerability analysis and research.
\n\n\n\'',NULL,614487),('3_Saturday','17','16:30','17:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Watchers being watched: Exploiting the Surveillance System and its supply chain\'','\'Chanin Kim,Myeonghun Pak,Myeongjin Shin\'','DC_e45178f86758e50a0e06a294095b9fdd','\'\'',NULL,614488),('3_Saturday','17','17:00','17:45','N','DC','LVCC West/Floor 3/W322-W327','\'A Treasure Trove of Failures: What History’s Greatest Heist Can Teach Us About Defense In Depth\'','\'Pete Stegemeyer\'','DC_350d465156c77a3714aeaf0817caf7c9','\'Title: A Treasure Trove of Failures: What History’s Greatest Heist Can Teach Us About Defense In Depth
\nWhen: Saturday, Aug 10, 17:00 - 17:45 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nWhat’s the real life equivalent of hacking a Gibson? Probably stealing hundreds of millions of dollars in diamonds, gold, and cash from one of the world\'s most formidable vaults. In 2003, a team of thieves did just that. Armed with hairspray, double sided tape, and nerves of steel, these thieves defeated layer after layer of security to pull off the haul of a lifetime.
\n\nHowever, as much as this is a story of skilled criminals, it is every bit as much a story of security failures and the parallels between protecting diamonds and data. In this presentation we’ll dive deep into what went right, what went wrong, and how to properly apply defense in depth to make your security program look like a hundred million bucks.
\n\n\n- Davis, J. (2009, March 12). The untold story of the World’s biggest Diamond Heist. Wired. link
\n- Selby, S. A., & Campbell, G. (2012). Flawless: Inside the largest diamond heist in history. Sterling.
\n- Stegemeyer, P. (2021). Heist: An inside look at the world’s 100 Greatest Heists, cons, and capers: From burglaries to bank jobs and everything in between. Whalen Book Works.
\n
\n\nSpeakerBio: Pete Stegemeyer, Host at “I Can Steal That!” Podcast
\nPete Stegemeyer is both a Senior Security Engineer and one of the world’s leading heist experts. Pete has served as a consultant for Vice, National Geographic, and was a featured expert on the History Channel’s series “History’s Greatest Heists.” He is the author of the best selling book Heist: An Inside Look at the World’s 100 Greatest Heists, Cons and Capers and hosts of the popular podcast “I Can Steal That!”
\n\n\n\'',NULL,614489),('3_Saturday','17','17:00','17:20','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Techniques for Creating Process Injection Attacks with Advanced Return-Oriented Programming\'','\'Bramwell Brizendine,Shiva Shashank Kusuma\'','DC_5499ee625513b48fae0e1d3744ff2d05','\'Title: Techniques for Creating Process Injection Attacks with Advanced Return-Oriented Programming
\nWhen: Saturday, Aug 10, 17:00 - 17:20 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nThis talk showcases techniques for process injection using advanced return-oriented programming (ROP). Process injection via ROP introduces significant hurdles, requiring many WinAPIs to be chained together, each with complex parameters and return values. We give practical details on how to best manage this. One seemingly insurmountable challenge is in identifying the target binary, as string comparison can be extremely difficult in ROP, as needed ROP gadgets may be lacking. We unveil a unique, universal solution, giving a reliable means of string comparison via ROP, which works all the time, allowing a specific process to be pinpointed and injected into via ROP.
\n\nWe created numerous patterns for different WinAPIs, allowing for as many as a dozen ways of preparing a specific WinAPI via ROP, if using an approach centered around the PUSHAD instruction. With some WinAPIs, there are zero patterns for PUSHAD, forcing us to rely upon the much lauded “sniper” approach. We document all such variations of patterns for the WinAPIs in our demonstrated process injection. This research is not intended to demo a one-off example of process injection via ROP, but to provide a methodology that can be used time and time again, providing unique templates for others to use the same WinAPIs when attempting process injection via ROP.
\n\n\n- Anonymous.(2019.) Cobalt Strike’s Process Injection: The Details. link
\n- Hosseini, Ashkan. (2017). Ten Process Injection Techniques: A Technical Survey of Common and Trending Process Injection Techniques. link
\n- Klein, A., & Kotler, I. (2019). Windows process injection in 2019. Black Hat USA, 2019.
\n- Landau, Gabriel. (2021). What you need to know about Process Ghosting, a new executable image tampering attack. link
\n- Mundbrod, N., Grambow, G., Kolb, J., & Reichert, M. (2015). Context-aware process injection: enhancing process flexibility by late extension of process instances. In On the Move to Meaningful Internet Systems: OTM 2015 Conferences: Confederated International Conferences: CoopIS, ODBASE, and C&TC 2015, Rhodes, Greece, October 26-30, 2015. Proceedings (pp. 127-145). Springer International Publishing.
\n- Process Injection. MITRE ATT&CK. link
\n- Process Injection. link
\n- Unal, Ozan. (2020). Process Injection Techniques. link
\n
\n\nSpeakers:Bramwell Brizendine,Shiva Shashank Kusuma
\n
\nSpeakerBio: Bramwell Brizendine, Assistant Professor at University of Alabama in Huntsville
\nDr. Bramwell Brizendine completed his Ph.D. in Cyber Operations. A security researcher, currently Bramwell is an Assistant Professor at the University of Alabama in Huntsville, and he is the founding Director of the Vulnerability and Exploitation Research for Offensive and Novel Attacks (VERONA Lab). A cybersecurity expert, Bramwell has taught numerous undergraduate, graduate, and doctoral level courses in reverse engineering, software exploitation, advanced software exploitation, malware analysis, and offensive security. Additionally, Bramwell has authored several important cybersecurity tools, including JOP ROCKET, SHAREM, ShellWasp, and ROP ROCKET, which are open source and freely available. Bramwell was a PI on a $300,000 NSA research grant to develop a shellcode analysis framework, SHAREM. Bramwell has been a speaker at many top security conferences across the globe, including different regional variations of Black Hat, DEFCON, Hack in the Box, and more.
\n\nSpeakerBio: Shiva Shashank Kusuma, Computer Science Master\'s Student at University of Alabama in Huntsville
\nShiva Shashank Kusuma, a Computer Science Master\'s student at the University of Alabama in Huntsville, has a deep interest in software engineering and cybersecurity. When not at work, Shiva enjoys reading about Blockchain, Web3, and AI.
\n\n\n\'',NULL,614490),('3_Saturday','17','17:30','18:15','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Iconv, set the charset to RCE: exploiting the glibc to hack the PHP engine\'','\'Charles \"cfreal\" Fol\'','DC_9658da9a122f30827c5f5d3c05c6f250','\'Title: Iconv, set the charset to RCE: exploiting the glibc to hack the PHP engine
\nWhen: Saturday, Aug 10, 17:30 - 18:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nUpon its discovery, CVE-2024-2961, a very old buffer overflow in the glibc, seemed like a terrible bug. Within the prism of the PHP engine, however, the vulnerability shone, and provided both a new remote code execution vector and a few 0-days.
\n\nThis talk will first walk you through the discovery of the bug and its limitations, before describing the conception of remote binary PHP exploits using this bug, and through them offer unique insight in the internal of the engine of the web language, and the difficulties one faces when exploiting it.
\n\nAfter this, it will reveal the impact on PHP\'s ecosystem, from well-known functions to unsuspected sinks, by showcasing the vulnerability on several popular libraries and applications.
\n\nSpeakerBio: Charles \"cfreal\" Fol, Security Researcher at LEXFO / AMBIONICS
\nCharles Fol, also known as cfreal, is a security researcher at LEXFO / AMBIONICS. He has discovered remote code execution vulnerabilities targeting renowned CMS and frameworks such as Drupal, Magento, Symfony or Laravel, but also enjoys binary exploitation, to escalate privileges (Apache, PHP-FPM) or compromise security solutions (DataDog’s Sqreen, Fortinet SSL VPN, Watchguard). He is the creator for PHPGGC, the go-to tool to exploit PHP deserialization, and an expert in PHP internals.
\n\n\n\'',NULL,614491),('3_Saturday','18','17:30','18:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Iconv, set the charset to RCE: exploiting the glibc to hack the PHP engine\'','\'Charles \"cfreal\" Fol\'','DC_9658da9a122f30827c5f5d3c05c6f250','\'\'',NULL,614492),('3_Saturday','17','17:30','18:15','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Nano-Enigma: Uncovering the Secrets Within eFuse Memories\'','\'Michal Grygarek,Martin Petran,Hayyan Ali\'','DC_2d3647e71613cca228e93db7b6580018','\'Title: Nano-Enigma: Uncovering the Secrets Within eFuse Memories
\nWhen: Saturday, Aug 10, 17:30 - 18:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nFor years, eFuse-based memories were used to store sensitive information such as encryption keys, passwords, and other potentially confidential pieces of information. This practice was encouraged by several vendors who leverage such memory types for protecting the debugging interfaces using a password or for official way to store encryption keys for external flash memories.
\n\nHowever, with the advances in technology and threat actors’ creativity, eFuse-based memories may take a hard hit on their confidentiality assurance as their physical properties could allow for a relatively easy extraction of the stored information.
\n\nIn this talk we will walk you through the journey of revealing one such data storage from decapsulating the chip itself, delayering it using common household items all the way to using advanced tools such as Scanning Electron Microscope (SEM) to read value of an encryption key and thus break the confidentiality of the encrypted flash memory.
\n\n\n- \"Solving Chip Security\'s Weakest Link.\" Design & Reuse, April 1, 2023, link
\n- Laurie, Adam. \"Fun with Masked ROMs - Atmel MARC4.\" Adams Blog, rfidiot.org, 1 Jan. 2013, link
\n- Hoover, William. \"Looking Inside a 1970s PROM Chip That Could Change Computing.\" RightO, 19 July 2019, link
\n- Chen, Nick. \"The Benefits of Antifuse OTP.\" Semiconductor Engineering, 19 Dec. 2016, link
\n
\n\nSpeakers:Michal Grygarek,Martin Petran,Hayyan Ali
\n
\nSpeakerBio: Michal Grygarek, Security Architect at Accenture
\nMichal has 20+ years of experience in the development of electronic systems and radio engineering. He specializes in cyber security of embedded systems, especially with relation to nanometer scale attack. His key expertise includes the methodology of decapsulation, delayering of silicon chips and their subsequent analysis using optical and electron microscopy.
\n\nSpeakerBio: Martin Petran, Embedded Systems Security Engineer at Accenture
\nMartin is an embedded systems security engineer with 9+ years of professional experience working at Accenture in Prague, Czech Republic. His main areas of focus are reverse engineering, fuzzing and exploit development. Throughout his career, he has created/contributed to several open-source projects and presented at security focused conferences.
\n\nSpeakerBio: Hayyan Ali, Security Delivery Senior Analyst at Accenture
\nHayyan Ali brings over a decade of expertise in mobile communication, radio planning, and optimization to the forefront of cutting-edge technological advancements. Currently pursuing a Ph.D. at the Czech Technical University in Prague, Hayyan\'s research focuses on the integration of Machine Learning within mobile networks\' radio interfaces. In addition to his academic pursuits, Hayyan serves as a Security Delivery Senior Analyst at Accenture, where he spearheads initiatives to fortify mobile communication infrastructures. Leveraging his extensive knowledge, he specializes in detecting vulnerabilities within radio interface protocols, conducting penetration testing on wireless interfaces in IoT devices, and deploying Machine Learning algorithms to automate pen testing processes.
\n\n\n\'',NULL,614493),('3_Saturday','18','17:30','18:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Nano-Enigma: Uncovering the Secrets Within eFuse Memories\'','\'Michal Grygarek,Martin Petran,Hayyan Ali\'','DC_2d3647e71613cca228e93db7b6580018','\'\'',NULL,614494),('3_Saturday','20','20:00','21:59','N','CON','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'Hacker Jeopardy\'','\'\'','CON_0e78bac0722bf6d710c64d77a1c86662','\'Title: Hacker Jeopardy
\nWhen: Saturday, Aug 10, 20:00 - 21:59 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Tracks 1-2 - Map
\n
\nDescription:
\n\n\n\'',NULL,614495),('3_Saturday','21','20:00','21:59','Y','CON','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'Hacker Jeopardy\'','\'\'','CON_0e78bac0722bf6d710c64d77a1c86662','\'\'',NULL,614496),('2_Friday','20','20:00','21:59','N','CON','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'Hacker Jeopardy\'','\'\'','CON_5e21ed07cd175d3ee43019daff9a2bf3','\'Title: Hacker Jeopardy
\nWhen: Friday, Aug 9, 20:00 - 21:59 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Tracks 1-2 - Map
\n
\nDescription:
\n\n\n\'',NULL,614497),('2_Friday','21','20:00','21:59','Y','CON','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'Hacker Jeopardy\'','\'\'','CON_5e21ed07cd175d3ee43019daff9a2bf3','\'\'',NULL,614498),('4_Sunday','10','10:00','10:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'AWS CloudQuarry: Digging for secrets in public AMIs\'','\'Eduard Agavriloae,Matei Josephs\'','DC_6105d979a3d4b93ea226903ef4a5153d','\'Title: AWS CloudQuarry: Digging for secrets in public AMIs
\nWhen: Sunday, Aug 11, 10:00 - 10:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nJoin us as we unravel another story of public resources from AWS, digging in 3.1 million AMIs for secrets. Beyond the findings, we\'ll delve into the ominous connection between exfiltrated AWS access credentials from these AMIs and the heightened risk of AWS account takeover. This talk will highlight key methodologies, tools, and lessons learned, emphasizing the critical need for robust security measures in the cloud to prevent both data exposure and potential account compromise.
\n\nWe started and developed this research without references of existing work. However, here are two links that can be viewed as related/previous work:
\n\nThis article shows a research on a subset of public AMIs from a single region in AWS\nlink
\n\nThis research shows a similar issue where public EBS are scanned. However, this technique does not work for most public AMIs\nlink
\n\nSpeakers:Eduard Agavriloae,Matei Josephs
\n
\nSpeakerBio: Eduard Agavriloae, AWS Offensive Expert and Pentester
\nEduard focuses on cloud and offensive security. He’s an experienced penetration tester and in the last years he started doing novel research, writing articles, developing tools like EC2StepShell and presenting at security conferences.
\n\nSpeakerBio: Matei Josephs, Senior Penetration Tester
\nMatei is a Senior Penetration Tester who loves exploring the internet for vulnerabilities. Matei has discovered several CVEs and has the OSCP, CRTO, eWPT and a few other certifications alongside a Master\'s degree in Cybercrime and Intelligence. Although his daily job requires him to conduct thorough tests across a limited scope, after work, Matei enjoys doing simple tests across the whole internet.
\n\n\n\'',NULL,614499),('4_Sunday','10','10:00','10:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'Splitting the email atom: exploiting parsers to bypass access controls\'','\'Gareth Heyes\'','DC_998ba3e98fa20ce6054e5aef6d6cda17','\'Title: Splitting the email atom: exploiting parsers to bypass access controls
\nWhen: Sunday, Aug 11, 10:00 - 10:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\nWebsites often parse users\' email addresses to identify their organisation. Unfortunately, parsing emails is far from straightforward thanks to a collection of ancient RFCs that everyone knows are crazy. You can probably see where this is going…
\n\nIn this session, I\'ll introduce techniques for crafting RFC-compliant email addresses that bypass virtually all defences leading to broken assumptions, parser discrepancies and emails being routed to wildly unexpected destinations. I\'ll show you how to exploit multiple applications and libraries to spoof email domains, access internal systems protected by \'Zero Trust\', and bypass employee-only registration barriers.
\n\nThen I\'ll introduce another class of attack - harmless-looking input transformed into malicious payloads by unwitting libraries, leading to yet more misrouted emails, and blind CSS injection on a well-known target.
\n\nI\'ll leave you with a full methodology and toolkit to identify and exploit your own targets, plus a CTF to develop your new skillset.
\n\n\nEmail parsing:
\n\nCSS Exfiltration:
\n\nUnicode:
\n\n
\n\nSpeakerBio: Gareth Heyes, Researcher at PortSwigger
\nPortSwigger researcher Gareth Heyes is probably best known for smashing the AngularJS sandbox to pieces and creating super-elegant XSS vectors. He is the author of JavaScript for hackers. In his daily life at PortSwigger, Gareth can often be found creating new XSS vectors, and researching new techniques to attack web applications. He has a keen interest in hacking CSS to do wonderful, unexpected things and can often be seen experimenting with 3D pure CSS rooms, games and taking markup languages to the limit on his website. He\'s also the author of PortSwigger\'s XSS Cheat Sheet. In his spare time, he loves writing new BApp extensions such as Hackvertor.
\n\n\n\'',NULL,614500),('4_Sunday','10','10:00','10:45','N','DC','LVCC West/Floor 3/W322-W327','\'The not-so-silent type: Breaking network crypto in almost every popular Chinese keyboard app\'','\'Jeffrey Knockel,Mona Wang\'','DC_2116869cee3938780e58032d6d8b524b','\'Title: The not-so-silent type: Breaking network crypto in almost every popular Chinese keyboard app
\nWhen: Sunday, Aug 11, 10:00 - 10:45 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nPeople who don’t type Chinese might be surprised to learn that popular Chinese Input Method Editor (IME) keyboards can act as keyloggers; they transmit your keystrokes over the Internet to enable “cloud-based” support features to improve character prediction when typing.
\n\nEveryone might be surprised to learn that these keyloggers, which were already collecting everything you type into your device, were doing it insecurely.
\n\nIn this talk, we will describe how we systematically exploited every single popular Chinese IME keyboard vendor’s home-rolled network encryption protocol. Namely, we show how any network eavesdropper can read the keystrokes of what users of these vendors’ keyboards are typing. The affected keyboards include the three most popular Chinese IME keyboards, Sogou IME, Baidu IME, and iFlytek IME, collectively used by almost 800 million users, as well as default and pre-installed keyboards on basically every popular Android mobile device except for Huawei’s. We also discuss how we got here, re-affirm the age-old adage, “Don’t roll your own crypto!”, and call on hackers around the world to help us move towards HTTPS everywhere in understudied app ecosystems.
\n\nlink
\n\nlink
\n\nSpeakers:Jeffrey Knockel,Mona Wang
\n
\nSpeakerBio: Jeffrey Knockel, Senior Research Associate at Citizen Lab
\nJeffrey Knockel is a Senior Research Associate at the Citizen Lab. In his research, he seeks to bring transparency to censorship, surveillance, and other harmful software behavior.
\n\nSpeakerBio: Mona Wang, PhD candidate in Computer Science at Princeton University
\nMona Wang is a PhD candidate in Computer Science at Princeton University specializing in network security and privacy. As an Open Technology Fellow at the Citizen Lab, she studied various proprietary encryption protocols used by popular Chinese mobile applications.
\n\n\n\'',NULL,614501),('4_Sunday','10','10:00','10:20','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Unlocking the Gates: Hacking a secure Industrial Remote Access Solution\'','\'Moritz Abrell\'','DC_239cd9d7942eae3010f7d1e92a084c37','\'Title: Unlocking the Gates: Hacking a secure Industrial Remote Access Solution
\nWhen: Sunday, Aug 11, 10:00 - 10:20 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nIndustrial VPN gateways play a crucial role in operational technology by enabling secure remote access to systems within industrial networks. However, their importance goes hand in hand with increased security risks, as their architecture makes them lucrative targets for threat actors. Over the years, we have seen such devices being used in various industrial environments, which underlines their widespread use in critical infrastructures.
\n\nThis talk is about a security analysis of a widely used industrial remote access solution. We will dive deep into and expose various vulnerabilities. This includes rooting the device, bypassing hardware-based security mechanisms such as the use of a hardware security module, and reverse engineering software and firmware. Ultimately, we will show how various identified vulnerabilities allowed us to hijack remote access sessions, creating significant security risks.
\n\nSpeakerBio: Moritz Abrell, Senior IT Security Consultant and Penetration Tester at SySS GmbH
\nMoritz Abrell is an experienced IT security expert who has been passionate about the field since his early days.
\n\nAs a Senior IT Security Consultant and Penetration Tester for the Germany-based pentest company SySS GmbH, he specializes in the practical exploitation of vulnerabilities and advises clients on how to remediate them.
\n\nIn addition, he regularly conducts security research and has a keen interest in delving deep into soft-, hard- and firmware. His research has been presented at various national and international IT security conferences such as DEFCON, BlackHat USA, HackCon, NoHat, Hacktivity, etc.
\n\n\n\'',NULL,614502),('4_Sunday','10','10:00','10:45','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Windows Downdate: Downgrade Attacks Using Windows Updates\'','\'Alon Leviev\'','DC_08349de125e6df2e700bd4c313d9554c','\'Title: Windows Downdate: Downgrade Attacks Using Windows Updates
\nWhen: Sunday, Aug 11, 10:00 - 10:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nDowngrade attacks force software to revert to an older, vulnerable version. In 2023, BlackLotus emerged, downgrading the boot manager to bypass Secure Boot. Microsoft addressed the threat, but was Secure Boot the only component vulnerable to downgrades?
\n\nBy examining Windows Updates, we found a flaw enabling us to take full control over it and craft downgrading updates, bypassing all verification steps.
\n\nWe then managed to downgrade DLLs, drivers, and even the kernel. Afterwards, the OS reported it’s fully updated, unable to install future updates, with recovery tools unable to detect issues.
\n\nWe aimed higher and found that the virtualization stack is at risk too. We successfully downgraded Hyper-V’s hypervisor, Secure Kernel, and Credential Guard to expose privilege escalations.
\n\nWe also discovered several ways to disable VBS, including its Credential Guard and HVCI features, despite its enforced UEFI locks. This is the first known bypass of VBS\'s UEFI locks.
\n\nLastly, we found another vulnerability in a Windows Update restoration scenario, making the findings accessible to unprivileged attackers!
\n\nIn this talk, we’ll introduce \"Windows Downdate\", a tool that takes over Windows Updates to craft downgrades and expose dozens of vulnerabilities. It makes the term “fully patched” meaningless across any Windows machine worldwide.
\n\nSpeakerBio: Alon Leviev
\nAlon Leviev (@_0xDeku) is self-taught security researcher with a diverse background. Alon started his professional career as a blue team operator, where he focused on the defensive side of cyber security. As his passion grew towards research, Alon joined SafeBreach as a security researcher. His main focus include operating system internals, reverse engineering, and vulnerability research. Alon spoke at various security conferences such as Black Hat EU 2023, CanSecWest 2024 and CONFidence 2024. Before joining the cyber security field, Alon was a professional Brazilian jiu-jitsu athlete, where he won several world and european titles.
\n\n\n\'',NULL,614503),('4_Sunday','10','10:30','11:15','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Changing Global Threat Landscape with Rob Joyce and Dark Tangent\'','\'Rob Joyce,Jeff \"The Dark Tangent\" Moss\'','DC_554d72680e6d79887541bdf4a8b8877e','\'Title: Changing Global Threat Landscape with Rob Joyce and Dark Tangent
\nWhen: Sunday, Aug 11, 10:30 - 11:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nRob Joyce, former NSA and White House cyber official, will engage with Dark Tangent to analyze the evolving state of global cyber threats. Their discussion will explore the impact and potential of artificial intelligence, assessing how AI is reshaping the cybersecurity landscape and what it means for the future of global security.
\n\nSpeakers:Rob Joyce,Jeff \"The Dark Tangent\" Moss
\n
\nSpeakerBio: Rob Joyce
\nRob served over 34 years at the NSA, where he held roles including the head of Tailored Access Operations (TAO), the NSA hackers running operations to produce foreign intelligence. He spent his final years as the head of the Agency’s cybersecurity directorate. He also served on the White House National Security Council as a Special Assistant to the President and Cybersecurity Coordinator, as well as Acting Homeland Security Advisor. Throughout his career, he led operations pursuing the most sophisticated hackers and innovated technologies to protect vital national assets — including the the US classified networks and nuclear authorization codes. He remains dedicated to upholding our national security in the cyber realm.
\n\nSpeakerBio: Jeff \"The Dark Tangent\" Moss, DEF CON Communications
\nNo BIO available
\n\n\'',NULL,614504),('4_Sunday','11','10:30','11:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Changing Global Threat Landscape with Rob Joyce and Dark Tangent\'','\'Rob Joyce,Jeff \"The Dark Tangent\" Moss\'','DC_554d72680e6d79887541bdf4a8b8877e','\'\'',NULL,614505),('4_Sunday','11','11:00','11:45','N','DC','LVCC West/Floor 1/Hall 1/Track 1','\'(|(MaLDAPtive:¯\\_(LDAP)_/¯=ObFUsc8t10n) (De-Obfuscation &:=De*te)(!c=tion))\'','\'Daniel Bohannon,Sabajete Elezaj\'','DC_cf9349e1a19b49bc21499feee24ff8db','\'Title: (|(MaLDAPtive:¯\\_(LDAP)_/¯=ObFUsc8t10n) (De-Obfuscation &:=De*te)(!c=tion))
\nWhen: Sunday, Aug 11, 11:00 - 11:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 1 - Map
\n
\nDescription:
\nLDAP is no stranger to the security spotlight. While LDAP is a protocol (Lightweight Directory Access Protocol) and Active Directory is the most popular directory services system that supports a subset of LDAP, the terms “LDAP” and “AD” are tightly coupled when discussing the execution, detection and prevention of attacks targeting directory services data.
\n\nIn the last decade the widespread offensive value of querying AD data via LDAP was cemented with the release of open-source tools such as BloodHound and PingCastle. However, proper visibility of LDAP queries mostly remains a privileged asset for those organizations with deep pockets, and the commercial security tools providing this visibility are often woefully fixated on simple signature-based detections.
\n\nMaLDAPtive is the 2,000-hour (and counting) quest of offensive and defensive LDAP exploration and tool-building. This research includes mind-bending depths of obfuscation across all elements of LDAP queries (many undocumented and most never seen in the wild), all baked into an obfuscation/de-obfuscation/detection framework built upon our ground-up custom LDAP search filter tokenizer and syntax tree parser.
\n\nCome witness the release of our MaLDAPtive research and open-source framework: transforming LDAP from “lightweight” to “heavyweight.”
\n\n\nGeneral LDAP information:
\n\nLDAP-Related RFCs:
\n\nOfficial Documentation for Active Directory LDAP Attributes: link
Blogs Highlighting Offensive LDAP Usage:
\n\nOpen-Source Tooling Using LDAP:
\n\n
\n\nSpeakers:Daniel Bohannon,Sabajete Elezaj
\n
\nSpeakerBio: Daniel Bohannon, Principal Threat Researcher, P0 Labs team at Permiso Security
\nDaniel Bohannon is a Principal Threat Researcher on Permiso Security\'s P0 Labs team with over 14 years of information security experience, including incident response consulting at MANDIANT, security research at FireEye and threat hunting at Microsoft.
\n\nHe is the author of the Invoke-Obfuscation, Invoke-CradleCrafter and Invoke-DOSfuscation open-source obfuscation frameworks and co-author of Revoke-Obfuscation and Cloud Console Cartographer.
\n\nMr. Bohannon received a Master of Science in Information Security from the Georgia Institute of Technology (2013) and a Bachelor of Science in Computer Science from The University of Georgia (2010).
\n\nSpeakerBio: Sabajete Elezaj, Senior Cyber Security Engineer at Solaris SE
\nSabajete Elezaj is a Senior Cyber Security Engineer at Solaris SE with a background in cybersecurity extending over 6 years. Her expertise spans incident response, threat hunting and blue team operations. Her work focuses on enhancing cyber defense strategies.
\n\nMrs. Elezaj holds a Master of Science in Information Security from the University of Tirana. She has also shared her expertise at cybersecurity conferences, including BSides Tirana.
\n\n\n\'',NULL,614506),('4_Sunday','11','11:00','11:45','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Dragon SlayingGuide: Bug Hunting In VMware Device Virtualization\'','\'JiaQing Huang,Hao Zheng,Yue Liu\'','DC_c07d364f064ed2bddda7e67846b0e70c','\'Title: Dragon SlayingGuide: Bug Hunting In VMware Device Virtualization
\nWhen: Sunday, Aug 11, 11:00 - 11:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nIn this presentation, we will unveil a new attack surface: Device Virtualization in VMKernel. This isan unknown territory that has not been explored by security researchers to date. During the reverse engineering of the VMware Hypervisor, we discovered 8 vulnerabilities related to device virtualization, 3 of them have been assigned CVE number (some vulnerabilities have even been successfully exploited in Tianfu Cup), and the remaining 5 of our vulnerabilities have been officially confirmed by VMware.
\n\nFirstly we will delve into the loading process of vmm, the implementation of data sharing between vmm and vmx, and VMware\'s UserRPC, which facilitates communication between the Hypervisor and the Host. These mechanisms are crucial in virtual device emulation.
\n\nThen We will explain security issues in various parts of the USB system, including the host controller, VUsb middleware, and VUsb backend devices, based on the vulnerabilities we have unearthed.
\n\nIn the end, We will primarily discuss the similarities and differences in SCSI-related device emulation in the virtual disk system between VMware Workstation and ESXi Additionally, we will cover design flaws related to disk device emulation that we discovered in VMKernel.
\n\n\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link conferences, including Usenix 2021, ACM CCS 2022, EuroS&P 2022, HITBSecConf2022, BlackHat Asia 2024.
\n
\n\nSpeakers:JiaQing Huang,Hao Zheng,Yue Liu
\n
\nSpeakerBio: JiaQing Huang, Security Researcher, TianGong Team of Legendsec at QI-ANXIN Group
\nJiaQing Huang is a security researcher at TianGong Team of Legendsec at QI-ANXIN Group. He is currently focused on IoT and Virtualization security, having submitted multiple security vulnerabilities to VMware. In 2023, he and his teammate successfully escaped the Parallels Desktop at GeekCon2023.
\n\nSpeakerBio: Hao Zheng, Security Researcher, TianGong Team of Legendsec at QI-ANXIN Group
\nHao Zheng is a security researcher at TianGong Team of Legendsec at QI-ANXIN Group. His focus is on Virtualization Security, having submitted multiple security vulnerabilities to VMware. In 2023, he and his teammate successfully escaped the Parallels Desktop at GeekCon2023.
\n\nSpeakerBio: Yue Liu, Security Researcher at QI-ANXIN Group
\nYue Liu is a Security Researcher at QI-ANXIN Group, and the team leader of QI-ANXIN TianGong Team. He and his team has found lots of bugs in Windows/Android/ChromeOS/IoT Devices and cracked multiple targets in Tianfu Cup 2019/2020, GeekPwn 2020/2021/2022, GeekCon 2023. He has published his work in various conferences, including Usenix 2021, ACM CCS 2022, EuroS&P 2022, HITBSecConf2022, BlackHat Asia 2024.
\n\n\n\'',NULL,614507),('4_Sunday','11','11:00','11:45','N','DC','LVCC West/Floor 1/Hall 1/Track 2','\'The hack, the crash and two smoking barrels. (And all the times I (almost) killed an engineer.)\'','\'Thomas \"Cr0wTom\" Sermpinis\'','DC_a8376b7c67abfe5d03288f4924f556ab','\'Title: The hack, the crash and two smoking barrels. (And all the times I (almost) killed an engineer.)
\nWhen: Sunday, Aug 11, 11:00 - 11:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 2 - Map
\n
\nDescription:
\nThis is not a talk in which I will demonstrate exploit chains obtained from the underworld after signing with blood. It’s about sharing meaningful stories from said underworld. The automotive underworld of huge corporations, short deadlines and lukewarm engineers. The one where companies fight for packing more and more functionality inside your computer on wheels, without paying attention to one of the things that our life actually depends on right now, cybersecurity.
\n\nWhile others talk about extremely significant remote vulnerabilities, I will focus on a high-level view of architecture and design of vehicles and where security fits in these processes. I will go through a journey of exploitation, from discovering 0days, to persuading engineers for the significance of a finding, by putting him in the driving seat and engaging the breaks mid-journey.
\n\nI will conclude, trying to understand why this is happening, why this behavior towards security still exists in the automotive industry, and how a small manufacturer managed to create one of the most secure embedded systems I faced in my career. All this, with a series of demos in real targets, and a real ECU on stage.
\n\nOur ultimate goal is to help people understand the state of the industry, spark the interest which can come out of hacking a computer on wheels, and try to raise awareness with a bit of hack, a bit of crash and two smoking barrels.
\n\n\n- Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., ... & Savage, S. (2010, May). Experimental security analysis of a modern automobile. In 2010 IEEE symposium on security and privacy (pp. 447-462). IEEE.
\n- Miller, C., & Valasek, C. (2015). Remote exploitation of an unaltered passenger vehicle. Black Hat USA, 2015(S 91), 1-91.
\n- Cai, Z., Wang, A., Zhang, W., Gruffke, M., & Schweppe, H. (2019). 0-days & mitigations: roadways to exploit and secure connected BMW cars. Black Hat USA, 2019(39), 6.
\n- Tencent. Tencent Keen Security Lab: Experimental Security Assessment on Lexus Cars.
\n- link
\n- UNECE, G. W. (2021). UN Regulation No. 155—Cyber Security and Cyber Security Management System. Technical Report. United Nations.
\n- ISO. (2013). ISO 14229: Road vehicles — Unified Diagnostic Services (UDS).
\n
\n\nSpeakerBio: Thomas \"Cr0wTom\" Sermpinis, Technical Director at Auxilium Pentest Labs
\nThomas Sermpinis (a.k.a. Cr0wTom) is the Technical Director of Auxilium Pentest Labs and independent security researcher with main topics of interest in the automotive, industrial control, embedded device, and cryptography sectors. During his research, he published several academic papers, 0days and tools with the ultimate goal of making the world a safer place, but also helped almost 200 OEMs and Tier 1 automotive suppliers to achieve better security and develop more secure products.
\n\nAdditionally, he spoke in several highly technical security conferences, presenting his research and trying to create safer streets for drivers, passengers, pedestrians, and everyone in the street, including Zer0Con, TyphoonCon, TROOPERS, DeepSec and others.
\n\n\n\'',NULL,614508),('3_Saturday','12','12:00','12:45','N','DC','LVCC West/Floor 3/W322-W327','\'automobiles, alcohol, blood, sweat, and creative reversing of an obfuscated Car-Modding tool\'','\'atlas\'','DC_4cd89110a7fc92361cc14127a902b65a','\'Title: automobiles, alcohol, blood, sweat, and creative reversing of an obfuscated Car-Modding tool
\nWhen: Saturday, Aug 10, 12:00 - 12:45 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nreversing can feel uber powerful... like you hold God\'s honest truth within your hands... most humans don\'t understand what you can see and comprehend.
\n\nuntil someone tries to hide the truth from you... limit your knowledge... keep you from your glorious purpose!
\n\nobfuscated code can be a real downer.
\n\nthis talk focuses on the story of how i took on an interesting obfuscated target (an automotive modder\'s tool with ability to flash firmware and tweak engines), in fun and exciting ways.
\n\nwe\'ll discuss several problems with obfuscated code, an approach i took (and tooling), playing in the guts of machine code, and customizations to binary analysis tools that came out of the journey...
\n\nthere will be much hex, disassembly, green on black, total carnage.
\n\nyou will walk away with powerful ideas and new tools to help you in your pursuit of truth. you will be entertained, enriched, educated, and hopefully inspired. instead of thinking that \"atlas is smart\" my goal is you feeling, and being, more powerful.
\n\ncome with Vivisect installed to follow along!
\n\n\n\nSpeakerBio: atlas
\natlas is a doer of things. with nearly 20 years of experience binary reverse-engineering, exploiting, and bringing friends along, he\'s as likely to talk about RF signals as to discuss converting machine language bits into assembly instructions, intermediate languages, and decompilers. driven by the \"truth\", and desire to write tools to make finding truth easier, his talks always engage, embrace, and baffle.
\n\n\n\'',NULL,614509),('4_Sunday','12','12:00','12:45','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'DriverJack: Turning NTFS and Emulated Read-only Filesystems in an Infection and Persistence Vector\'','\'Alessandro Magnosi\'','DC_992e07929d988780e11ce7c3d65946fb','\'Title: DriverJack: Turning NTFS and Emulated Read-only Filesystems in an Infection and Persistence Vector
\nWhen: Sunday, Aug 11, 12:00 - 12:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nThis article reassesses complex cyberattack tactics, focusing specifically on existing security measures and emerging weaknesses. We begin our investigation by examining initial methods of deployment in contemporary attacks, including those that focus on simulated read-only filesystems and NTFS vulnerabilities. Since the improvements made to the Windows security architecture in 2011, which include the enforcement of Driver Signature Enforcement (DSE) and Hypervisor-protected Code Integrity (HVCI), the nature of cyber threats has changed, requiring new ways to carry out attacks.
\n\nOur research presents a new method that takes advantage of previously uncovered weaknesses in emulated filesystems, allowing attackers to covertly install and maintain harmful programs. In addition, we uncover new NTFS vulnerabilities that enable attackers to conceal their presence and sustain persistence within victim systems. The study also investigates alternate methods for delivering and executing malware in usermode. In addition, we discuss several Indicators of Compromise (IOCs) to identify and detect these tactics.
\n\n\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n
\n\nSpeakerBio: Alessandro Magnosi, Managing Consultant and R&D Lead at BSI
\nI am a Managing Consultant with more than 10 years of experience in the IT field. Currently, I am part of the Security Testing Team at BSI, which is the UK national standards body, and a Global certification, training and cybersecurity firm. On top of my normal work, I work as an independent researcher for Synack RT and Cobalt, and an independent OSS developer in my spare time.
\n\n\n\'',NULL,614510),('4_Sunday','12','12:00','12:20','N','DC','LVCC West/Floor 3/W322-W327','\'Solving the \"Lover, Stalker, Killer\" Murder with strings, grep, and Perl\'','\'Anthony Kava\'','DC_f78beafe6e557c3fa2a09a532b155ac0','\'Title: Solving the \"Lover, Stalker, Killer\" Murder with strings, grep, and Perl
\nWhen: Sunday, Aug 11, 12:00 - 12:20 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nCari Farver did not disappear off the face of the Earth. She was murdered in cold blood, and her killer went on to impersonate her online, for over three years. The suspect hid their tracks with VPNs, proxies, and anonymizing apps. This talk will go behind the scenes of Netflix\'s \"Lover, Stalker, Killer\" to detail the open source software and bespoke methods used to prove a no-body homicide case based almost entirely on digital evidence.
\n\nDateline NBC, S26E1 \"Scorned\" (2017)\nRule, Leslie. \"A Tangled Web: A Cyberstalker, a Deadly Obsession, and the Twisting Path to Justice\". Citadel Press, 2020.\nNetflix, \"Lover, Stalker, Killer\" (2024)
\n\nSpeakerBio: Anthony Kava
\nAnthony Kava is a hacker and carries a badge. Got his start breaking Apple IIs then moved, somehow, to breaking baddies. Works as a cyber crime investigator and digital forensics examiner with a penchant for infosec. Kava is a recognized Soylent drinker, scourge to software vendors, and has been portrayed by a Canadian in a Lifetime movie. Dreams in Perl. Enjoys long walks on the dark web.
\n\n\n\'',NULL,614511),('4_Sunday','12','12:30','13:15','N','DC','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'AIxCC Closing Ceremonies\'','\'Andrew Carney,Perri Adams\'','DC_34da79fb828273c261cec2eb45b98442','\'Title: AIxCC Closing Ceremonies
\nWhen: Sunday, Aug 11, 12:30 - 13:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Tracks 1-2 - Map
\n
\nDescription:
\nDARPA and ARPA-H joined forces for the AI Cyber Challenge (AIxCC), a two-year competition aimed at revolutionizing cybersecurity through AI-driven solutions. AIxCC asks the nation’s top talent in AI and cybersecurity to develop Cyber Reasoning Systems capable of automatically finding and fixing software vulnerabilities to secure critical software. In this talk, we are excited to announce the results of the Semifinals event. We will conduct a brief examination of the AI systems developed by the top teams by analyzing their strategies, discuss key innovations and methodologies employed, and discuss the overall impact of the competition on the cybersecurity landscape. The top-ranking teams will be eligible to win one of the $2 million in semifinal prizes, as well as a spot in the Finals competition at DEF CON 33.
\n\nSpeakers:Andrew Carney,Perri Adams
\n
\nSpeakerBio: Andrew Carney, Program Manager at Advanced Research Projects Agency for Health (ARPA-H)
\nAndrew Carney joined ARPA-H in July 2023 from HSBC’s Cybersecurity Science and Analytics group, where he worked as a principal researcher. He has over 15 years of experience in software and hardware vulnerability research, technical education and training, and management of research and development teams.
\n\nIn addition to his role as program manager with ARPA-H, Carney holds a joint program manager appointment with the Defense Advanced Research Projects Agency (DARPA) for the AI Cyber Challenge (AIxCC), a competition focused on securing software in critical infrastructure. Before HSBC, Carney was a technical advisor and contractor for the Defense Advanced Research Projects Agency (DARPA). At DARPA, he supported research efforts focused on reverse engineering, program analysis, human-machine teaming, and automated program repair. Throughout his career, Carney has been involved in competitive hacking (called Capture the Flag, or CTF) as both a player and a competition organizer. He holds a master’s degree in computer science from The Johns Hopkins University.
\n\nSpeakerBio: Perri Adams, Special Assistant to the Director at Defense Advanced Research Projects Agency (DARPA)
\nMs. Perri Adams is a special assistant to the director at DARPA, where she advises stakeholders at the agency and across the U.S. government on the next generation of AI and cybersecurity technology.
\n\nPrior to this role, Adams was a program manager within DARPA’s Information Innovation Office (I2O), where, among other programs, she created the AI Cyber Challenge (AIxCC).
\n\nAdams has been an avid participant in cybersecurity CTF competitions and was one of the organizers of the DEF CON CTF. She holds a bachelor’s degree in computer science from Rensselaer Polytechnic Institute and is a proud alumna of the computer security club, RPISEC.
\n\n\n\'',NULL,614512),('4_Sunday','13','12:30','13:15','Y','DC','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'AIxCC Closing Ceremonies\'','\'Andrew Carney,Perri Adams\'','DC_34da79fb828273c261cec2eb45b98442','\'\'',NULL,614513),('4_Sunday','12','12:30','13:15','N','DC','LVCC West/Floor 3/W322-W327','\'Clash, Burn, and Exploit: Manipulate Filters to Pwn kernelCTF\'','\'Kuan-Ting \"HexRabbit\" Chen\'','DC_15cda7bc3b88895074ffdf2873f8d28c','\'Title: Clash, Burn, and Exploit: Manipulate Filters to Pwn kernelCTF
\nWhen: Sunday, Aug 11, 12:30 - 13:15 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nAs the successor to the iptables, nftables stands as a crucial network component within the Linux kernel, managing packet filtering and other network-related functionalities. With continuous development and changes, features designed to increase its efficiency, such as batch commit, anonymous chains/sets, and asynchronous garbage collection, have been implemented, which in turn has significantly increased its complexity and made it an attractive target for attackers in recent years.
\n\nSince the announcement of the kernelCTF bug bounty, multiple nftables 0-day vulnerabilities have been reported and patched to enhance its security. However, if not careful enough, the security patch may not only mitigate the bug but also introduce new security issues unintentionally. By researching the structural changes in the nftables codebase, we successfully uncover new vulnerabilities despite the intense competition in kernelCTF. Also, we managed to speedrun the exploitation just before Google removed nftables from LTS instance, becoming the last LTS nftables exploitation.
\n\nIn this presentation, we will share three nftables vulnerabilities we discovered in a storytelling fashion. We start with a brief introduction on how nftables works under the hood to familiarize attendees with the basics. After that, we dive into nftables internals and dissect three vulnerabilities discovered during our journey, two of which involved utilizing hard-to-exploit race conditions to pwn the flag. Alongside details of the exploitation, we will also share the roller-coaster story of kernelCTF experiences, filled with dramatic highs and lows, making it a tense and exhilarating journey.
\n\n\n\nSpeakerBio: Kuan-Ting \"HexRabbit\" Chen, Security Researcher at DEVCORE
\nKuan-Ting Chen, also recognized as HexRabbit, is a Security Researcher at DEVCORE and a member of the Balsn CTF team. Specializing in low-level exploitation, he is curious about how things work and enjoys the challenge of unraveling the complexities of modern computing systems.
\n\nCurrently, he focused on the topic of Linux kernel exploitation, his work includes discovering multiple 0-day vulnerabilities in key Linux components like io_uring, ksmbd (an in-kernel SMB server), and the nftables submodule.
\n\n\n\'',NULL,614514),('4_Sunday','13','12:30','13:15','Y','DC','LVCC West/Floor 3/W322-W327','\'Clash, Burn, and Exploit: Manipulate Filters to Pwn kernelCTF\'','\'Kuan-Ting \"HexRabbit\" Chen\'','DC_15cda7bc3b88895074ffdf2873f8d28c','\'\'',NULL,614515),('4_Sunday','12','12:30','13:15','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Redefining V2G - How to use your vehicle as a game controller\'','\'Timm Lauser,Jannis Hamborg\'','DC_ce82ccd704d4b48ed6812aaf3ab5e775','\'Title: Redefining V2G - How to use your vehicle as a game controller
\nWhen: Sunday, Aug 11, 12:30 - 13:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nModern cars are a complex networks of computers put on four wheels. For security research, it is important to understand the car\'s internal network and exposed interfaces. But what else could you use this knowledge for? You probably guessed it from the title 🙂. So we developed a tool to turn our research car into a game controller.
\n\nIn this talk, we present Vehicle-to-Game (V2G), a Python-based project that enables the usage of cars as game controllers. V2G can run either directly on a laptop or turn a Raspberry Pi Zero WH into a Bluetooth gamepad. In addition, V2G can either be used over the OBD2-diagnostic port or by directly accessing the internal CAN-busses of the car.
\n\nOur project can be a great starting point if you always wanted to tinker around with your car or want to learn about the CAN bus or diagnostic communication (UDS). To make V2G work with your car, some reverse engineering of CAN messages or diagnostic communication will be required (as well as additional hardware to connect to the CAN bus). Otherwise, if you can get this running, you can be sure that you own a more expensive game controller than your neighbors.
\n\nTools and hardware:\n1. General introduction into the CAN-bus and UDS: link\n2. Tool for designing PCBs: link\n3. Tool for making CAN messages readable: link\n4. Hardware for accessing CAN-bus and OBD: link\n5. CAN utils: link\n6. CAN hat for Raspberry Pi: link
\n\nUsed libraries:\n1. link Many thanks for providing this great library and documentation for utilizing the Raspberry Pi as a Bluetooth device!\n2. link\n3. link
\n\nMisc:\n1. Tesla DBC files: link\n2. ACSD website: link\n3. V2G Repository on GitHub (private until start of DEF CON): link
\n\nSpeakers:Timm Lauser,Jannis Hamborg
\n
\nSpeakerBio: Timm Lauser, PhD Student at Darmstadt University of Applied Sciences
\nTimm Lauser received his masters degree in computers science from Karlsruhe Institute of Technology, Germany in 2020. Since then, he is a PhD student at Darmstadt University of Applied Sciences, Germany. There, he is researching in the field of automotive cyber security with a focus on communication protocols and their formal verification in the symbolic model.
\n\nSpeakerBio: Jannis Hamborg, PhD Student at Darmstadt University of Applied Sciences
\nJannis Hamborg received his masters degree in computer science with focus on IT-security from Technical University Darmstadt, Germany in 2023. For his master thesis he researched about resilient and self-recovering reputation based networks. During the time of master he worked as assistant researcher at Darmstadt University of Applied Sciences, Germany on different topics of automotive security research. Since end of 2023, he started his PhD on the design and integration of resilient risk-driven networks with focus on internal automotive networks.
\n\n\n\'',NULL,614516),('4_Sunday','13','12:30','13:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Redefining V2G - How to use your vehicle as a game controller\'','\'Timm Lauser,Jannis Hamborg\'','DC_ce82ccd704d4b48ed6812aaf3ab5e775','\'\'',NULL,614517),('4_Sunday','13','13:00','13:45','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Your AI Assistant has a Big Mouth: A New Side-Channel Attack\'','\'Yisroel Mirsky,Roy Weiss,Daniel Ayzenshteyn,Guy Amit\'','DC_16ee5e8ade12b55c27aa742347b70808','\'Title: Your AI Assistant has a Big Mouth: A New Side-Channel Attack
\nWhen: Sunday, Aug 11, 13:00 - 13:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nAI assistants like ChatGPT are changing how we interact with technology. But what if someone could read your confidential chats? Imagine awkwardly asking your AI about a strange rash, or to edit an email, only to have that conversation exposed to someone on the net. In this talk we\'ll unveil a novel side-channel vulnerability in popular AI assistants and demonstrate how it can be used to read encrypted messages sent from AI Assistants.
\n\nBefore our disclosure, major players like OpenAI, Microsoft, Cloudflare, Quora, and Notion were at risk. We\'ll reveal the technical details of this exploit and show real-world examples of intercepted conversations. This talk isn\'t just about the problem – learn how to identify this vulnerability in other AI assistants as well! We\'ll dissect network traffic, discuss attack models, and explore the far-reaching consequences of this discovery.
\n\nReferences:\n1. Samuel Addington. Chatgpt: Cyber security threats and countermeasures. Available at SSRN 4425678, 2023.\n2. Benjamin Harsha, Robert Morton, Jeremiah Blocki, John Springer, and Melissa Dark. Bicycle attacks con- sidered harmful: Quantifying the damage of widespread password length leakage. Computers & Security, 100:102068, 2021.\n3. John V Monaco. What are you searching for? a remote keylogging attack on search engine autocomplete. In 28th USENIX Security Symposium (USENIX Security 19), pages 959–976, 2019.
\n\nSpeakers:Yisroel Mirsky,Roy Weiss,Daniel Ayzenshteyn,Guy Amit
\n
\nSpeakerBio: Yisroel Mirsky, Tenure-Track Lecturer and Zuckerman Faculty Scholar, Department of Software and Information Systems Engineering at Ben-Gurion University
\nDr. Yisroel Mirsky is a tenure-track lecturer and Zuckerman Faculty Scholar in the Department of Software and Information Systems Engineering at Ben-Gurion University and the head of the Offensive AI Research Lab there. His main research interests include deepfakes, adversarial machine learning, anomaly detection, and intrusion detection. Dr. Mirsky has published his work in some of the best security venues: USENIX, CCS, NDSS, Euro S&P, Black Hat, DEFCON AI Village, RSA, CSF, AISec, etc. His research has also been featured in many well-known media outlets: Popular Science, Scientific American, Wired, The Wall Street Journal, Forbes, and BBC. Some of his works include the exposure of vulnerabilities in the US 911 emergency services and research into the threat of deepfakes in medical scans, both featured in The Washington Post.
\n\nSpeakerBio: Roy Weiss, Researcher and Master\'s Degree Student, Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev
\nRoy Weiss is a researcher and a master\'s degree student in the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev. His research interests include Cyber Security, Network Security and Deep Learning.
\n\nSpeakerBio: Daniel Ayzenshteyn, Researcher and Master\'s Degree Student, Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev
\nDaniel Ayzenshteyn is a researcher and master\'s degree student in the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev. His research interests span Network Security, Cyber Security and Network Modeling.
\n\nSpeakerBio: Guy Amit, PhD Candidate Student, Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev
\nGuy Amit works at IBM Research and is a PhD candidate student in the Department of Software and Information Systems Engineering at Ben-Gurion University of the Negev. His research interests include machine learning, adversarial learning, and IoT cyber security.
\n\n\n\'',NULL,614518),('4_Sunday','13','13:30','14:15','N','DC','LVCC West/Floor 3/W322-W327','\'Bringing Down North Korea\'','\'Alejandro Caceres\'','DC_1c34ec115e6dedcd7774e96be7e1af70','\'Title: Bringing Down North Korea
\nWhen: Sunday, Aug 11, 13:30 - 14:15 PDT
\nWhere: LVCC West/Floor 3/W322-W327 - Map
\n
\nDescription:
\nIn January 2021, I discovered that North Korean state-backed agents were targeting security researchers. A few people got hit, including me. They didn\'t get anything, but I was very frustrated by the inaction of law enforcement, intelligence agencies, and DoD. I decided I was going to see what I could do. Armed with my computer and a bunch of Takis I got to work mapping out NK\'s infrastructure. This talk will detail the methods and tools I used to bring down North Korea\'s internet for 9 days along with the architectural and other vulnerabilities I found that allowed for the attack. This presentation will cover the technical aspects of the attack, criticisms of the DoD and Intel Community, praise from the DoD and Intel Community and the implications of a small team of hackers, or just one dude, causing real-world impact. Attendees will gain insights into create methodologies for network exploitation and the ethical, practical, and resistance from the government to cyber guerrilla warfare, demonstrating the need for agile and responsive cyber capabilities in the modern world.
\n\n\n- Greenberg, Andy. \"The Hacker Who Took Down North Korea\'s Internet.\" Wired. link.
\n- Greenberg, Andy. \"North Korea Hacker Internet Outage.\" Wired. link.
\n- DEF CON 21 Talk: \"Conducting massive attacks with open source distributed computing\" link
\n- DEF CON 29 Talk: \"WTF happened to that tool that was like Shodan but for web app vulns?\" link
\n- DEF CON 21 Talk: \"The Dawn of Web 3.0: Website Mapping and Vulnerability Scanning\" link.
\n- The Register: link
\n
\n\nSpeakerBio: Alejandro Caceres, Owner at Hyperion Gray
\nAlex is the dude that took down North Korea\'s Internet routing for 9 days. He owns Hyperion Gray and creates a bunch of open source software.
\n\n\n\'',NULL,614519),('4_Sunday','14','13:30','14:15','Y','DC','LVCC West/Floor 3/W322-W327','\'Bringing Down North Korea\'','\'Alejandro Caceres\'','DC_1c34ec115e6dedcd7774e96be7e1af70','\'\'',NULL,614520),('4_Sunday','13','13:30','14:45','N','DC','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'Contest Closing Ceremonies and Awards\'','\'\'','DC_f5e98510d411fcd3f389f6490893e795','\'Title: Contest Closing Ceremonies and Awards
\nWhen: Sunday, Aug 11, 13:30 - 14:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Tracks 1-2 - Map
\n
\nDescription:
\n\n\n\'',NULL,614521),('4_Sunday','14','13:30','14:45','Y','DC','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'Contest Closing Ceremonies and Awards\'','\'\'','DC_f5e98510d411fcd3f389f6490893e795','\'\'',NULL,614522),('4_Sunday','13','13:30','14:15','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs\'','\'Suha Sabi Hussain\'','DC_10103d74d4668b2d03b3bf83dbb379aa','\'Title: Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs
\nWhen: Sunday, Aug 11, 13:30 - 14:15 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nMachine learning (ML) pipelines are vulnerable to model backdoors that compromise the integrity of the underlying system. Although many backdoor attacks limit the attack surface to the model, ML models are not standalone objects. Instead, they are artifacts built using a wide range of tools and embedded into pipelines with many interacting components.
\n\nIn this talk, we introduce incubated ML exploits in which attackers inject model backdoors into ML pipelines using input-handling bugs in ML tools. Using a language-theoretic security (LangSec) framework, we systematically exploited ML model serialization bugs in popular tools to construct backdoors. In the process, we developed malicious artifacts such as polyglot and ambiguous files using ML model files. We also contributed to Fickling, a pickle security tool tailored for ML use cases. Finally, we formulated a set of guidelines for security researchers and ML practitioners. By chaining system security issues and model vulnerabilities, incubated ML exploits emerge as a new class of exploits that highlight the importance of a holistic approach to ML security.
\n\n\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n
\n\nSpeakerBio: Suha Sabi Hussain, Security Engineer, Machine Learning Assurance Team at Trail of Bits
\nSuha Sabi Hussain is a security engineer on the machine learning assurance team at Trail of Bits. She has worked on projects such as the Hugging Face Safetensors security audit and Fickling. She received her BS in Computer Science from Georgia Tech where she also conducted research at the Institute for Information Security and Privacy. She previously worked at the NYU Center for Cybersecurity and Vengo Labs. She’s also a member of the Hack Manhattan makerspace, a practitioner of Brazilian Jiu-Jitsu, and an appreciator of NYC restaurants.
\n\n\n\'',NULL,614523),('4_Sunday','14','13:30','14:15','Y','DC','LVCC West/Floor 1/Hall 1/Track 4','\'Incubated Machine Learning Exploits: Backdooring ML Pipelines Using Input-Handling Bugs\'','\'Suha Sabi Hussain\'','DC_10103d74d4668b2d03b3bf83dbb379aa','\'\'',NULL,614524),('4_Sunday','14','14:00','14:45','N','DC','LVCC West/Floor 1/Hall 1/Track 3','\'Abusing legacy railroad signaling systems\'','\'David Meléndez,Gabriela (Gabs) Garcia\'','DC_2658f8982f4de1104b1f4022e386a0a2','\'Title: Abusing legacy railroad signaling systems
\nWhen: Sunday, Aug 11, 14:00 - 14:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 3 - Map
\n
\nDescription:
\nIn this study, we delve into the darker aspects of railway technology, revealing how easily accessible domestic hardware tools can compromise the seemingly infallible robustness of signaling systems. We demonstrate how these accessible technologies can be utilized to devise strategies that potentially threaten train circulation in Spain. Our research presents a critical analysis of the vulnerabilities present in the railway signaling systems, highlighting the ease with which these systems can be tampered with, using tools that are readily available to the general public. Through a combination of theoretical insights and practical demonstrations, we offer a comprehensive overview of the risks associated with such vulnerabilities.
\n\nOur findings aim to raise awareness among stakeholders in the railway industry, prompting a reevaluation of current security measures and encouraging the adoption of more stringent protections against such threats. This paper contributes to the ongoing discussion in the cybersecurity community, offering valuable insights into the potential risks facing modern transportation infrastructures and suggesting avenues for future research and development in railway system security.
\n\nWe consider this work to be innovative on a type of system that has been present for over half a century in railway infrastructures. Therefore, the references provided are primarily about the operation of the systems and relevant news concerning them.
\n\n\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n- link
\n
\n\nSpeakers:David Meléndez,Gabriela (Gabs) Garcia
\n
\nSpeakerBio: David Meléndez, R&D Enginner and Red Team Member, Innotec Security at Accenture
\nDavid Melendez is an R&D Enginner and Red Team member at Innotec Security Part of Accenture, with over twelve years of experience in cybersecurity and hardware hacking. He has a proven track record of presenting his groundbreaking investigations at prestigious conferences around the world, including DEF CON, BLACKHAT, and ROOTEDCON.
\n\nDavid is also a drone creator and author of the book \"Hacking with Drones,\" which showcases his innovative use of drones in cybersecurity research. With his passion for pushing the boundaries of technology, David is constantly seeking new ways to improve the security and functionality of embedded systems.
\n\nSpeakerBio: Gabriela (Gabs) Garcia
\nGabriela (Gabs) García is a university professor and mentor, Secure Software Developer and coding and cybersecurity instructor for organizations such as LinkedIn, Cyber Hunter Academy and Kschool. She teaches, whether that\'s in a lecture hall or over the internet, about software development, with a keen eye for secure practices. She is a speakers in several hacking CONs like DEF CON USA, ROOTEDCON etc.
\n\nGabriela is also an active member in hacker communities such as HackMadrid%27 and Hack%27, both at home in Spain and across the world. And as an independent professional, she gets to work with a wide variety of clients, crafting custom cybersecurity solutions to fit their specific needs.
\n\n\n\'',NULL,614525),('4_Sunday','15','15:00','17:45','N','DC','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'DEF CON Closing Ceremonies & Awards\'','\'Jeff \"The Dark Tangent\" Moss\'','DC_06175f75642c563d56c1236c3306af13','\'Title: DEF CON Closing Ceremonies & Awards
\nWhen: Sunday, Aug 11, 15:00 - 17:45 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Tracks 1-2 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Jeff \"The Dark Tangent\" Moss, DEF CON Communications
\nNo BIO available
\n\n\'',NULL,614526),('4_Sunday','16','15:00','17:45','Y','DC','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'DEF CON Closing Ceremonies & Awards\'','\'Jeff \"The Dark Tangent\" Moss\'','DC_06175f75642c563d56c1236c3306af13','\'\'',NULL,614527),('4_Sunday','17','15:00','17:45','Y','DC','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'DEF CON Closing Ceremonies & Awards\'','\'Jeff \"The Dark Tangent\" Moss\'','DC_06175f75642c563d56c1236c3306af13','\'\'',NULL,614528),('2_Friday','18','18:30','19:30','N','CON','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'Whose Slide Is It Anyway?\'','\'\'','CON_0e46c86f0a2151ae8cb3646446bc98f7','\'Title: Whose Slide Is It Anyway?
\nWhen: Friday, Aug 9, 18:30 - 19:30 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Tracks 1-2 - Map
\n
\nDescription:
\nIf someone had told us this silly contest would be in its 8th year there\'s no way we would have believed it. Even when we thought \"hey, the gag is getting old, maybe it\'s time to hang it up\" that turned out to be the year we\'d gotten the most accolades from con goers during and after the contest. That was enough to recharge us and decide we\'ll do this until DC no longer exists. Proud isn\'t a grand enough word to describe how we feel to still be here and still making people laugh/feel better about themselves not being as stupid as us.
\n\nBut to answer Why Us? WSIIA has always been about community. Whether you killed your deck or went down in a spectacular blaze of flames, this game is nothing without the people who play it and the audience who watches it. And if we\'re not doing it for the community, why the fuck are we even here? We\'ll remain here as long as you\'ll have us, riding on a wing, a prayer, and airplane bottles of Malort all the way to Year 10. Now on to the boilerplate pitch:
\n\nWe\'re an unholy union of improv comedy, hacking and slide deck sado-masochism.
\n\nOur team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.
\n\nWhether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, it’s a night of schadenfreude for the whole family.
\n\n\'',NULL,614529),('2_Friday','19','18:30','19:30','Y','CON','LVCC West/Floor 1/Hall 1/Tracks 1-2','\'Whose Slide Is It Anyway?\'','\'\'','CON_0e46c86f0a2151ae8cb3646446bc98f7','\'\'',NULL,614530),('2_Friday','10','10:00','10:59','N','CPV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Differential privacy beyond algorithms: Challenges for successful deployment\'','\'Rachel Cummings\'','CPV_db28f200de5daaebd1e1bcf1659abbb3','\'Title: Differential privacy beyond algorithms: Challenges for successful deployment
\nWhen: Friday, Aug 9, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nDifferential privacy (DP) has been hailed as the gold standard of privacy-preserving data analysis, by providing strong privacy guarantees while still enabling use of potentially sensitive data. Formally, DP gives a mathematically rigorous worst-case bound on the maximum amount of information that can be learned about an individual\'s data from the output of a computation. In the past two decades, the privacy community has developed DP algorithms that satisfy this privacy guarantee and allow for accurate data analysis for a wide variety of computational problems and application domains. We have also begun to see a number of high-profile deployments of DP systems in practice, both at large technology companies and government entities. Despite the promise and success of DP thus far, there are a number of critical challenges left to be addressed before DP can be easily deployed in practice, including: mapping the mathematical privacy guarantees onto protection against real-world threats, developing explanations of its guarantees and tradeoffs for non-technical users, integration with other privacy & security tools, preventing misuse, and more.
\n\nSpeakerBio: Rachel Cummings, Associate Professor of Industrial Engineering and Operations Research at Columbia University
\nDr. Rachel Cummings is an Associate Professor of Industrial Engineering and Operations Research and (by courtesy) Computer Science at Columbia University, where she is also a member of the Data Science Institute and co-chairs the Cybersecurity Research Center. She is also a Fellow at the Center for Democracy & Technology. Before joining Columbia, she was an Assistant Professor of Industrial and Systems Engineering and (by courtesy) Computer Science at the Georgia Institute of Technology, and she previously received her Ph.D. in Computing and Mathematical Sciences at the California Institute of Technology. Her research interests lie primarily in data privacy, with connections to machine learning, algorithmic economics, optimization, statistics, and public policy. Dr. Cummings is the recipient of numerous awards including an NSF CAREER award, a DARPA Young Faculty Award, a DARPA Director\'s Fellowship, an Early Career Impact Award, multiple industry research awards, a Provost’s Teaching Award, two doctoral dissertation awards, and Best Paper Awards at DISC 2014, CCS 2021, and SaTML 2023. Dr. Cummings also serves on the ACM U.S. Technology Policy Committee, the IEEE Standards Association, and the Future of Privacy Forum\'s Advisory Board.
\n\n\n\'',NULL,614531),('2_Friday','10','10:00','10:30','N','ICSV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Does the World Need Another Threat Model, the Road to EMB3D\'','\'Niyo Little Thunder Pearson,Jack Cyprus,Wyatt Ford\'','ICSV_2f49c993a3c8f757be128ed4ab441acc','\'Title: Does the World Need Another Threat Model, the Road to EMB3D
\nWhen: Friday, Aug 9, 10:00 - 10:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nWith all the various threat model frameworks available, STRIDE, Trike, PASTA, VAST, etc., does the world need another one?
\n\nThat was the question that shaped the creation of EMB3D, a threat model framework built around embedded systems (specifically in critical infrastructure) that addresses all phases of a threat to them: from the theorical/academic, proof of concept and exploit, to observed adversarial behavior.
\n\nBut the goal was greater than just the threat framework, it was to bring a common language to the global community to discuss weaknesses and threats while striving to bring transparency to what are considered “black box” electronic systems.
\n\nIn this presentation, we take you on the journey of how we went from venting about needing more transparency and accountability in the OT/ICS space to developing a new global threat model for embedded systems.
\n\nSpeakers:Niyo Little Thunder Pearson,Jack Cyprus,Wyatt Ford
\n
\nSpeakerBio: Niyo Little Thunder Pearson
\nNo BIO available
\nSpeakerBio: Jack Cyprus
\nNo BIO available
\nSpeakerBio: Wyatt Ford, Senior Software Engineer and Engineering Manager at Red Balloon Security
\nWyatt Ford (@whyitfor) is a senior software engineer and engineering manager at Red Balloon Security and a core maintainer of OFRAK.
\n\n\n\'',NULL,614532),('2_Friday','10','10:00','10:59','N','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'Practical Exploitation of DoS in Bug Bounty\'','\'Roni \"Lupin\" Carta\'','BBV_382ab3e824b2c8f39fdf2ed1321bce51','\'Title: Practical Exploitation of DoS in Bug Bounty
\nWhen: Friday, Aug 9, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nThe talk \"Practical Exploitation of DoS in Bug Bounty\" explains methods for identifying and exploiting Denial of Service (DoS) vulnerabilities in bug bounty programs. Starting with an overview of DoS attacks and their impact, we will highlight how these attacks disrupt services by overwhelming resources or exploiting flaws. The talk covers various DoS attack types, including N+1 errors, in-depth GraphQL crashing, and Cache Poisoning, with real-world examples demonstrating their effects.
\n\nWe will then detail practical techniques for discovering DoS vulnerabilities. This includes automated scanning tools, manual testing methods, and understanding the target system\'s architecture.
\n\nN+1 errors occur when an application makes redundant database queries, significantly impacting performance. Attackers can exploit this by triggering numerous unnecessary queries, causing severe slowdowns or crashes. GraphQL, a query language for APIs, can be vulnerable to complex queries that consume excessive resources, leading to server crashes. We will show how to craft such queries and the resulting impact. Cache Poisoning involves manipulating cached data to serve malicious or incorrect content, which can disrupt services or degrade performance. We will explore techniques to poison caches and demonstrate the potential consequences.
\n\nAdditionally, the talk emphasizes the importance of responsibly reporting discovered vulnerabilities to bug bounty programs. Best practices are shared for effectively communicating findings and ensuring timely mitigation. Of course, there are some fails during this path, and those are going to be covered too.
\n\nThe session wraps up by stressing the need for continuous learning and staying updated on the latest trends in DoS attack vectors and mitigation strategies
\n\nSpeakerBio: Roni \"Lupin\" Carta, Co-Founder at Lupin & Holmes
\nRoni Carta, a.k.a @Lupin, is a 22 years old ethical hacker. He left school and his virtual classes to devote himself full-time to hacking. He credits Maurice Leblanc\'s book \"Arsène Lupin\" with immersing him into the culture and mindset of ethical hacking.
\n\nRoni co-founded with his brother Lupin & Holmes, an offensive security Research & Development company
\n\n\n\'',NULL,614533),('2_Friday','10','10:00','10:59','N','XRV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Pwning through the Metaverse - Quest Headset Vulnerability Research\'','\'Luke McLaren\'','XRV_1514e5d0dc44dcb41084cb81a0982af2','\'Title: Pwning through the Metaverse - Quest Headset Vulnerability Research
\nWhen: Friday, Aug 9, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nThis talk covers how to approach vulnerability research against Meta Quest headsets and VR applications.
\n\nWe explore how to approach discovering bugs in the Meta Quest through the third-party app attack surface. This emulates what potentially malicious apps could achieve once installed and the unique attacks available in comparison to general mobile malware. This research culminates in a demonstration of triggering a novel vulnerability discovered in the OpenXR client implementation of the Quest.
\n\nBeyond this, we cover the unique remote attack surface exposed via the Horizons and first-party social app of the Quest - in particular we focus on attacking the rendering of user avatars. These bugs are possible to be triggered whenever within the same virtual space as a malicious user and represent a new attack surface not previously available. This research culminates in triggering a novel vulnerability in libovravatar2p.so which allows remote memory corruption and represents the building blocks for RCE across the metaverse.
\n\nSpeakerBio: Luke McLaren, Founder at Signal 11 Research Ltd
\nLuke McLaren is the founder of Signal 11 Research Ltd., a cybersecurity company specializing in mobile security research and training. With an impressive track record, Luke has claimed bug bounties from tech giants like Amazon, Meta, and Match.com. His expertise extends to virtual reality security, particularly with the Quest device series which he has worked with Meta to secure.
\n\n\n\'',NULL,614534),('2_Friday','10','10:30','10:59','N','ICSV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Attack and Defence in OT - Simulating attacks against hydroelectric power plants leveraging ICS Firing Ranges\'','\'Julia Dewitz-Würzelberger,Bernhard Sedlmayer,Sarah Mader\'','ICSV_817d010d61bdcaf4e8916e87557e1963','\'Title: Attack and Defence in OT - Simulating attacks against hydroelectric power plants leveraging ICS Firing Ranges
\nWhen: Friday, Aug 9, 10:30 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nIn this talk we will present the ICS firing range we built and hacked to simulate an actual attack against a hydroelectric power plant and create a DFIR training from the evidence left behind. The talk aims to emphasize the importance of attack simulation in the context of critical infrastructure and the potential benefit that firing ranges can provide to such assessments.
\n\nFirst we will examine the motivation behind the construction and usage of a firing range, covering various aspects including:\n- the threats operators of critical infrastructure face,\n- how security assessments are conducted in an OT context and\n- how an ICS firing range can be utilized to support them.
\n\nNext we will discuss the intended use cases of the firing range and the scenario it was made to display, the flooding of a hydroelectric power plant. As a result, the relevant components and production processes of the plant will be outlined.\nThen we will present and go into detail about the design & architecture of the firing range:\n- individual physical and virtual networks and components,\n- separate Active Directory environments,\n- implemented security measures\n- specific vulnerabilities intentionally left behind.
\n\nPicking up this last bullet-point, we continue with how we hacked the firing range and performed a Red Team assessment against it, simulating an actual attack. Starting with the C2 infrastructure we set up for the attack, we will guide the audience through the kill chain in chronological order and highlight the most important and relevant steps of the attack.
\n\nOnce the offensive part of the talk concludes, a shift of perspective takes place and the attack is evaluated from the defence\'s point-of-view: we\'ll show how we identified, secured and analyzed indicators of compromise left behind by the attack. This includes the analysis of network captures, Windows event logs, memory dumps and more.
\n\nThis talk will be presented by not only people from NVISO as the IT security service provider who built the firing range and performed to attack against it, but also by people from VERBUND\'s IT security team who actively use the firing range for training. This way we can involve both the attacker\'s and the defence\'s point-of-view.
\n\nSpeakers:Julia Dewitz-Würzelberger,Bernhard Sedlmayer,Sarah Mader
\n
\nSpeakerBio: Julia Dewitz-Würzelberger, Project Manager, OT Cyber Security at VERBUND
\nJulia Dewitz-Würzelberger is a project manager in the area of OT cyber security at VERBUND, Austria\'s largest energy supplier. Since 2023, she has been Head of the OT Cyber Security Lab, where she designs and implements concepts for innovative OT projects.
\n\nHer projects cover a broad spectrum, ranging from creating deception technology systems and the emulation of OT components to the operation of a quantum cryptography test setup.
\n\nAs she can be interested in almost anything, she also completed a degree in anthropology and educational science before moving into IT/OT security.
\n\nSpeakerBio: Bernhard Sedlmayer
\nBernhard Sedlmayer is a Security Engineer and Lego enthusiast. He is responsible for the OT security of the ICS/SCADA Systems at Austria\'s largest electricity provider with around 130 hydropower plants. He has 20 years of experience in the energy supply industry and supports many innovative and fundamental projects in operational technology as an OT security specialist. Red Teaming and pentesting on Windows and Linux Systems is also one part of his daily to-do\'s.
\n\nSpeakerBio: Sarah Mader, Senior Consultant at NVISO
\nSarah is a Senior Consultant at NVISO, with a focus on Red Team Assessments. Complementing her cybersecurity experience, she has developed proficiency in Operational Technology (OT) assessments and continues to specialize further in this area.
\n\nShe possesses a Master\'s degree in Applied IT Security, which has been enriched by her diverse experiences in cybersecurity roles across various companies.
\n\nIn addition to her professional work, Sarah is dedicated to contributing to the community by leading workshops and delivering presentations at industry conferences.
\n\n\n\'',NULL,614535),('2_Friday','11','11:00','11:30','N','XRV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'National Labs Use of XR\'','\'Martin Pratt\'','XRV_aa220d696e9e5591b40594ed7fbaae27','\'Title: National Labs Use of XR
\nWhen: Friday, Aug 9, 11:00 - 11:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nThe DOE National Lab mission space includes exploring the use of disruptive technology to enable increasing efficiency and abilities of operations critical to national security, infrastructure, communication, and many other fields. The XR field has become a new area of active research and implementation at many national labs across the US, integrating with cutting edge hardware and software to enable users with increased capabilities. At the Pacific Northwest National Lab (PNNL), we have been using immersive XR platforms to enable a variety of government and external sponsors with novel approaches to their field. These include creating new 3D virtual twins to enable remote engagements as if remote users had access to one-of-a-kind lab equipment, creating simulation environments of hazardous environments or dangerous situations that can’t be recreated in the real world, and outreach and communication projects to engage both sponsors and the public with critical information about current security threats. During this presentation I will touch on a few case studies of projects taken on at PNNL to make the best use of XR platforms, and where we see future development with this capability.
\n\nSpeakerBio: Martin Pratt, Lead, Immersive Computing Development Team at Pacific Northwest National Lab
\nMartin Pratt (AR/VR, software development, mobile & web app development, data visualization, subsurface geophysics): Software engineer. At the Pacific Northwest National Lab, Pratt leads the Immersive Computing development team, supporting efforts across a range of government agency mission spaces. He has worked on a number AR/VR projects including training simulations, data visualization, and educational games. He has developed software and subsurface 3D data visualizations that run on multiple platforms that include several public-facing applications.
\n\n\n\'',NULL,614536),('2_Friday','11','11:00','11:59','N','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'From Easy Wins to Epic Challenges: Bounty Hunter Edition\'','\'Daniel \"Blaklis\" Le Gall\'','BBV_92e15c04932ed6a7b6ae20b2920071f2','\'Title: From Easy Wins to Epic Challenges: Bounty Hunter Edition
\nWhen: Friday, Aug 9, 11:00 - 11:59 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nStep into the mind of a bug bounty hunter as I take you on a journey through my own adventures in vulnerability hunting. In this presentation, I’ll share some of the most intriguing bugs I\'ve discovered, from the shockingly/stupidly simple to the mind-bendingly complex.
\n\nWe\'ll start with the surprising simplicity of some bugs, but as the hunt isn’t always so simple, I’ll also reveal some complex bug chains that required advanced knowledge, lot of work and probably some hacker\'s intuition to know it was worth pushing further.
\n\nIf you want to know how a coffee break gave me the opportunity to get infinite money, or how a vulnerable CAPTCHA helped me to break the encryption of a sensitive application - you\'re in the right place!
\n\nSpeakerBio: Daniel \"Blaklis\" Le Gall
\nBlaklis is a bug bounty hunter that started seven years ago, as a hobby. He co-founded a company that was doing, as one of the main activities, bug bounty hunting, and decided to get back to freelance again two years ago, to be free again.
\n\n\n\'',NULL,614537),('2_Friday','11','11:00','11:30','N','CPV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Travel Better: Expedient Digital Defense\'','\'Grey Fox\'','CPV_18a7496d4a7e29e0dacb43f15213ad28','\'Title: Travel Better: Expedient Digital Defense
\nWhen: Friday, Aug 9, 11:00 - 11:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nExpedient Digital Defense focuses on using free and readily available applications, or recommending paid-for commercial apps and tools that have proven records of credibility, to make our devices and online presence less harmful to us. We will follow a typical traveler in the United States, with some experiences drawn from overseas travel.
\n\nThe talk stresses the value of Operational Security (OPSEC), and the mindset of seeing every piece of communication through the eyes of your adversary. The intent is to make people think twice before revealing anything considered sensitive, even if using the latest and greatest encryption. The surveillance economy and ever-present data collection in our modern world demand better awareness of how our digital world works. We’ll discuss examples like invasive social media collection, foreign influence on public perception, data insecurity putting users in danger, and advertising models based on location and click tracking.
\n\nFinally, the take-away is knowing the tools and tech available, and being able to select those which fit your needs, if at all. Most of the time, one mitigation isn\'t enough, and several need to be emplaced to achieve proper defense in depth, in case one solution fails. Even if no technical solutions are put in place, the user will have that \"red team\" mindset and awareness that calibrates better judgment over technical solutions, and promotes OPSEC and rational thinking for security rather than blindly depending on apps and gadgets.
\n\nSpeakerBio: Grey Fox
\nGrey Fox, the callsign assigned to him by a DHS colleague, recently retired from the U.S. military after 20 years of service as an intelligence analyst, language analyst, digital network intelligence targeter, cyberspace mission leader, and digital defense education program leader. Having deployed eight times supporting front line combat teams, his experience ranges from offensive cyberspace operations planning and execution to military information support operations. Along the way, Grey Fox acquired multiple creds, including GCTI, GASF, GAWN, and CWNA. He currently instructs Digital OPSEC at the U.S. Army Security Cooperation Officer course and the U.S. Air Force Research Lab, as well as SDR foundations and Wi-Fi hacking at the U.S. Army Signal School.
\n\n\n\'',NULL,614538),('2_Friday','11','11:30','12:30','N','DC','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Custom, cheap, easy, and safe badges - without starting from scratch\'','\'Joe \"securelyfitz\" FitzPatrick\'','DC_552a67ef0cada7746b16d496fd2419a3','\'Title: Custom, cheap, easy, and safe badges - without starting from scratch
\nWhen: Friday, Aug 9, 11:30 - 12:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nElectronic conference badges are cool and everything, but they\'re A LOT of time, money, and effort including but not limited to hardware, software and art design, testing, manufacturing, testing, provisioning, and repairing.
\n\nI\'ll share OpenTaxus, a relatively simple, cheap, mass-producible, and open-source badge design. We\'ll start out by looking at and understanding the design and implementation, highlighting the areas worth customizing (and which to leave as-s). I\'ll do a walkthrough of a few changes to customize the design - in KiCAD for hardware changes, and in CircuitPython for software changes.
\n\nWe\'ll wrap up with some discussion of how to handle cost reduction to fit in a certain budget, manage badge logistics for events of different sizes, and warn about some of the many pitfalls that electronic badges suffer. You should walk away with the ability to customize a badge to be mass produced for your own event.
\n\nSpeakerBio: Joe \"securelyfitz\" FitzPatrick, Instructor and Researcher at SecuringHardware.com
\nJoe FitzPatrick (@securelyfitz) is an Instructor and Researcher at SecuringHardware.com. Joe started his career working on low-level silicon debug, security validation, and penetration testing of CPUS, SOCs, and microcontrollers. He founded SecuringHardware.com and has spent decades developing and leading hardware security-related training, instructing hundreds of security researchers, pen-testers, hardware validators worldwide. When not teaching classes on applied physical attacks, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.
\n\n\n\'',NULL,614539),('2_Friday','12','11:30','12:30','Y','DC','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Custom, cheap, easy, and safe badges - without starting from scratch\'','\'Joe \"securelyfitz\" FitzPatrick\'','DC_552a67ef0cada7746b16d496fd2419a3','\'\'',NULL,614540),('3_Saturday','10','10:00','10:30','N','ADV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Sneaky Extensions: The MV3 Escape Artists\'','\'Vivek Ramachandran,Shourya Pratap Singh\'','ADV_bf09128f2f11e1c8c907077525d72c54','\'Title: Sneaky Extensions: The MV3 Escape Artists
\nWhen: Saturday, Aug 10, 10:00 - 10:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nEver since the pandemic and the rising popularity of work-from-home and hybrid models, there has been an increase in the usage of browsers, particularly video conferencing and collaboration applications. While some extensions enhance the user experience, some can gravely affect users\' privacy and security.
\n\nOver the past few years, extensions have gained recognition for nefarious activities, from simple color picker extensions to productivity-first AI extensions. And now more than ever, attackers are leveraging malicious extensions to steal user data, promote ads, affiliate marketing, and more. Realizing the abuse, Google pivoted from the MV2 model to the latest MV3, providing better security and locking down the extension from running rampant. While some security measures have been introduced in MV3, it is far from safe. In this talk, we will be demonstrating a suite of attacks, while requiring the least amount of permissions, which 95% of extensions on the Chrome store have. We will showcase stealth stealing of webcam feed, audio streams, clipboard data, and stealing credentials from other extensions like password managers.
\n\nMV3 also introduced security measures to block the usage of functions like eval and new Function that allowed arbitrary code execution. We’ll showcase how an extension can still do arbitrary code execution effectively bypassing the MV3 restrictions.
\n\nIn this talk, we will also propose changes to the extension security model to prevent the lurking loopholes. We will also be demonstrating how malicious extensions can interfere with other extensions and steal sensitive information such as Credit card, passwords, OTP, etc, from other extensions.
\n\nSpeakers:Vivek Ramachandran,Shourya Pratap Singh
\n
\nSpeakerBio: Vivek Ramachandran, Founder at SquareX
\nVivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. Before that, Vivek’s company built an 802.11ac monitoring product sold exclusively to defense agencies. Vivek discovered the Caffe Latte attack, broke WEP Cloaking, conceptualized enterprise Wi-Fi Backdoors, and created Chellam (Wi-Fi Firewall), WiMonitor Enterprise (802.11ac monitoring), Chigula (Wi-Fi traffic analysis via SQL), Deceptacon (IoT Honeypots), among others. He is the author of multiple five-star-rated books in offensive cybersecurity, which have sold thousands of copies worldwide and have been translated into multiple languages. He has been a speaker/trainer at top security conferences such as Blackhat USA, Europe and Abu Dhabi, DEFCON, Nullcon, Brucon, HITB, Hacktivity, and others. Vivek’s work in cybersecurity has been covered in Forbes, TechCrunch, and other popular media outlets. In a past life, he was one of the programmers of the 802.1x protocol and Port Security in Cisco’s 6500 Catalyst series of switches. He was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He has also published multiple research papers in the field of DDoS, ARP Spoofing Detection, and Anomaly-based Intrusion Detection Systems. In 2021, he was awarded an honorary title of Regional Director of Cybersecurity by Microsoft for a period of three years, and in 2024 he joined the BlackHat Arsenal Review Board.
\n\nSpeakerBio: Shourya Pratap Singh, Principal Software Engineer at SquareX
\nShourya Pratap Singh is a Principal Software Engineer at SquareX. He is responsible for building SquareX\'s security-focused extension and works on researching methods to counteract web security risks. He has conducted a workshop at the Texas Cyber Summit and published work at Blackhat Arsenal EU. He has a bachelor\'s degree from IIIT Bhubaneswar and holds a patent. His area of interest includes browser extensions and web application security.
\n\n\n\'',NULL,614541),('2_Friday','12','12:00','12:59','N','LPV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Safecracking for Everyone\'','\'Jared Dygert\'','LPV_dce03f977e8c93aef31d4294e81d49f3','\'Title: Safecracking for Everyone
\nWhen: Friday, Aug 9, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nLearn the inner workings and vulnerabilities of mechanical combination safe locks! Safe manipulation is an underrated aspect of locksport and this talk will guide you through the ins and outs of how to do it.
\n\nSpeakerBio: Jared Dygert
\nJared is a long time lock sport enthusiast and an instructor at a locksmithing school on safe manipulation and lockpicking. He has been opening locks and breaking security for roughly 15 years. His other hobbies include rock climbing and 3D printing.
\n\n\n\'',NULL,614542),('3_Saturday','10','10:30','10:59','N','ADV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Tough Adversary? Don’t Blame Sun Tzu\'','\'Gregory Carpenter\'','ADV_cd9444ff332d3e4cf7f4cf28c3ac3103','\'Title: Tough Adversary? Don’t Blame Sun Tzu
\nWhen: Saturday, Aug 10, 10:30 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nYears ago, when I started working at the NSA, I said to myself, now I can see what’s really happening and what needs to be done to address our adversaries and put an end to cybercrime. Well, I was sure wrong. I worked in a few different offices and participated in hundreds of operations, only to find frustration time and time again. What happened? What was it that we just couldn’t put our finger on? Yes, we were successful in addressing criminal activity. Yes, we could successfully negotiate the contested cyberspace domain. But adversarial activity kept popping up on our radar. It was Whack-A-Mole 2.0.
\n\nWas it the technologies we used? No, we had state-of-the-art capabilities. Was there a lack of technical training amongst operators? No, again, taxpayers coughed up plenty, and they got their money’s worth. I concluded that it was strategy; it was philosophy. Sure, we had all the technical capabilities in the world, but we were using everything wrong.
\n\nI was in the Information Warfare Support Center. We were supposed to know what to do and how to do it! So, I started studying not only traditional but contemporary philosophy as well. I gained access to curricula in China, Russia, and the USA. This presentation informs the attendees of the adversarial philosophy taught in the military academies in China and Russia, which is taken from their curricula and papers published in various journals and practice today.
\n\nSpeakerBio: Gregory Carpenter, CSO at KnowledgeBridge International
\nGregory Carpenter is the CSO of KnowledgeBridge International, a Fellow of the Royal Society for the Arts, and the National Security Agency’s Operations Officer of the Year. He serves on the Board of Directors for ATNA Systems, is a Senior Advisor for ARIC, Inc., and is a Special Operations Medical Association and Military Cyber Professionals Association member. He is a former member of the Board of Advisors for EC-Council University and the International Board of Advisors for the Mackenzie Institute.
\n\nHe has held various senior military and civilian positions, including COO, VP for Cyber Operations, Chief of Security Testing, Counterintelligence Division Chief, Chief of Special Space Operations, and Functional Team Lead for Electronic Warfare. He has been an epidemiological primary investigator.
\n\nGregory is a retired army officer of 27 years, he holds a Doctorate in Public Health. He is a Certified Information Security Manager, Lean Six-Sigma Black Belt, and ISO-9000 lead auditor.
\n\n\n\'',NULL,614543),('4_Sunday','12','12:00','12:59','N','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'Winning the Game of Active Directory\'','\'Brandon Colley\'','PHV_79073ce56a51c486105eb46a60a57328','\'Title: Winning the Game of Active Directory
\nWhen: Sunday, Aug 11, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nThe Game Of Active Directory (GOAD) is a prebuilt vulnerable Active Directory (AD) environment primarily created for pentesters. Touting over 30 methods of attack, GOAD offers multiple paths to full AD takeover. But is that really how you win the game? Regardless of color, as security professions our goal should be to better secure environments. This talk walks through AD attack strategies, exploiting misconfigurations that ultimately pwn AD. Mitigations for these attacks are discussed and implemented, showcasing how they stop common attacks. Implementing these protections in your environment is truly how you win the Game Of Active Directory.
\n\nSpeakerBio: Brandon Colley, Senior Security Consultant at Trimarc
\nBrandon Colley has over fifteen years of experience administering and securing Active Directory (AD) and Windows environments. Brandon is a Senior Security Consultant for Trimarc specializing in providing reality-based AD and Entra ID security assessments. He served as a systems administrator for multiple organizations before shifting career focus to information security. He has published multiple articles through Quest, Practical 365 and Trimarc Hub. Brandon enjoys speaking engagements and has previously presented at BsidesKC, Hackers Teaching Hackers, and PancakesCon. He co-hosts a weekly podcast, interviewing infosec professionals and has appeared on multiple broadcasts, including the Phillip Wylie Show. Brandon delivers material in a humorous, yet effective manner with a focus on content built for a Blue Team through a Red lens.
\n\n\n\'',NULL,614544),('2_Friday','12','12:30','12:59','N','ADV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'MFT: Malicious Fungible Tokens\'','\'Cybelle Oliveira ,Mauro Eldritch\'','ADV_2696eb541e57fe97dea738e95ced4580','\'Title: MFT: Malicious Fungible Tokens
\nWhen: Friday, Aug 9, 12:30 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nIn this technical talk, we will uncover a new aspect of NFTs: using them as attack vectors to relay C2 commands. Fingerprinting a system? Exfiltrating information? Encrypting and wiping data? Executing arbitrary commands? Of course! But with a dark twist: deployed NFTs are blockchain-backed assets immune to takedowns. Imagine having your own “immortal” C2 Server for less than $10 dollars in $ETH.
\n\nFor this, we will introduce “mFT” an open-source tool that automates the creation of malicious payloads and provide sample harmless NFTs, allowing attendees to explore this novel attack vector on their own machines safely. This talk is the spiritual successor of \"Everything is a C2 if you\'re brave enough\".
\n\nSpeakers:Cybelle Oliveira ,Mauro Eldritch
\n
\nSpeakerBio: Cybelle Oliveira , CTI Malwarelandia
\nCybelle Oliveira is a Cybersecurity Consultant, postgraduate in Cyber Threat Intelligence and Master\'s student in Cyber intelligence at the International Cybersecurity Campus of the University of Murcia, Spain. She has been involved in privacy and security activism for over 10 years and has presented talks at events around the world, including BSides LV, BSides SP, Girls Hack Village (DefCon), 8.8 Chile, Internet Freedom Festival, Radical Networks, Mozilla Festival, Roadsec, Cryptorave, among others. Cybelle is part of the Mozilla community and is the director of the Casa Hacker organization.
\n\nCybelle Oliveira es Consultora de Ciberseguridad, postgraduada en Cyber Threat Intelligence y estudiante de Máster en Ciberinteligencia en el Campus Internacional de Ciberseguridad de la Universidad de Murcia, España. Ha estado involucrada en activismo de privacidad y seguridad durante más de 10 años y ha presentado charlas en eventos por todo el mundo, como BSides LV, BSides SP, Girls Hack Village (DefCon), 8.8 Chile, Internet Freedom Festival, Radical Networks, Mozilla Festival, Roadsec, Cryptorave, entre otros. Cybelle forma parte de la comunidad Mozilla y es directora de la organización Casa Hacker.
\n\nSpeakerBio: Mauro Eldritch, Founder at Birmingham Cyber Arms LTD
\nMauro Eldritch is an Argentine hacker, founder of Birmingham Cyber Arms LTD and DC5411 (Argentina / Uruguay). He has spoken at various events, including DEF CON (10 times). He is passionate about Threat Intelligence and Biohacking.
\n\nMauro Eldritch es un hacker argentino, fundador de Birmingham Cyber Arms LTD y DC5411 (Argentina / Uruguay). Habló en diferentes eventos incluyendo DEF CON (10 veces). Le apasiona la Inteligencia de Amenazas y el Biohacking.
\n\n\n\'',NULL,614545),('2_Friday','12','12:30','12:59','N','PSV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'RFID 101\'','\'Andrew M,Ege Feyzioglu\'','PSV_ffd7983f3fa1d3cc0a854194d5d3d2fb','\'Title: RFID 101
\nWhen: Friday, Aug 9, 12:30 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nYou know the sound of beep... Click when using a badge to enter a door to a building, but how does this work and how can you hack it? This talk will explain the basics of what’s inside the readers and the badges, and how they communicate wirelessly. You will learn about the common tools available (Proxmark, Flipper, Keysy), how to get one and how to use it. We’ll talk about techniques to clone badges, and brute force systems to get access you never had in the first place.
\n\nSpeakers:Andrew M,Ege Feyzioglu
\n
\nSpeakerBio: Andrew M
\nAndrew M. is a security researcher with a background in the telecommunications industry. His career began at the Blackberry RF test lab, where he honed his expertise in RF testing and wireless protocols. Andrew has continued to expand his skills at a major Satellite Telecom company while moonlighting as a security researcher with an interest in RFID technology and wireless security, consistently expanding his knowledge and skills. He actively contributes to the cybersecurity field through the Physical Security Village educating the public on RFID security best practices and hands-on experimentation, leveraging his extensive experience to drive advancements in wireless security.
\n\nSpeakerBio: Ege Feyzioglu, Physical Security Analyst at GGR Security
\nEge is a security researcher specialising in access control systems and electronics. She is currently pursuing a degree in Electrical Engineering and works part-time for GGR Security as a Physical Security Analyst
\n\n\n\'',NULL,614546),('2_Friday','13','13:00','13:59','N','PSV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Bypass 101\'','\'Karen Ng,Sam Mayers\'','PSV_e4b85b0fe1b04365104bb51687b728af','\'Title: Bypass 101
\nWhen: Friday, Aug 9, 13:00 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nThere are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn how to do these attacks in this talk!
\n\nSpeakers:Karen Ng,Sam Mayers
\n
\nSpeakerBio: Karen Ng, Risk Analyst at GGR Security
\nKaren is a Risk Analyst at GGR Security, and is one of GGR\'s entry team for physical penetration tests. She has a strong interest in physical security, delivering trainings on physical security vulnerabilities to a wide range of audiences. Karen comes from a background in engineering and has extensive experience in major event logistics. She is one of the Village Leads at the Physical Security Village, and works with the rest of the PSV team to teach how to recognize and fix security exploits to the community. Graphic design is her passion.
\n\nSpeakerBio: Sam Mayers, Security Researcher at Beazley Security
\nSam is a Security Researcher at Beazley Security with a focus on threat intelligence and cybercrime. She is a board member for non-profits such as Physical Security Village and clearsear.ch. Within Physical Security Village she focuses on discovering and teaching new physical security issues to members and attendees during village events.
\n\n\n\'',NULL,614547),('2_Friday','13','13:00','13:30','N','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'MoWireless MoProblems: Modular Wireless Survey Systems and the Data Analytics That Love Them\'','\'Geoff Horvath,Winson Tam\'','PHV_00b2ab12dcfa441294668549425dd9eb','\'Title: MoWireless MoProblems: Modular Wireless Survey Systems and the Data Analytics That Love Them
\nWhen: Friday, Aug 9, 13:00 - 13:30 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nOften there are times to collect #allTheWireless, but with that comes some planning, we\'ve created a modular survey system and developed an Elastic-based analytic platform named PacketGlass to visualize and explore the terabytes of information collected over multiple surveys. Our system collects all data types supported by Kismet plus raw PCAP data, ingests the data, and displays tens of millions of devices in an easy to query and display manner. Using different parsing techniques, We plan to show how to build one of these survey platforms and discuss the methodology used to transform Elastic into a robust analytical platform.
\n\nSpeakers:Geoff Horvath,Winson Tam
\n
\nSpeakerBio: Geoff Horvath, Founder at Alsatian Consulting, LLC
\nGeoff Horvath is the founder of Alsatian Consulting, LLC. He has 13 years experience in the US Army as an intelligence officer specializing in signals intelligence. After leaving the military in 2021, he began researching and providing digital security assessments and recommendations. He currently advises private individuals, companies, and others in matters of privacy, security, and technology. He also once got kicked out of NSA Headquarters while looking for the gift shop.
\n\nSpeakerBio: Winson Tam
\nWinson Tam is a cybersecurity expert with over eight years of experience across government and private sectors. His work encompasses attacking, defending, and designing secure systems, notably for the US government, and a significant consulting career within the financial and industrial spaces. Tam\'s contributions in these areas have consistently resulted in tangible value and high customer satisfaction.
\n\n\n\'',NULL,614548),('2_Friday','13','13:00','13:30','N','IOTV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Preparing for the Future: A Discussion of our Rapidly Evolving Threat Landscape\'','\'Jamie Hardy,Rachael Tubbs,Steve McGregory ,Ted Harrington\'','IOTV_62717aff283342c524b65e66e76e1cda','\'Title: Preparing for the Future: A Discussion of our Rapidly Evolving Threat Landscape
\nWhen: Friday, Aug 9, 13:00 - 13:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nSeems like the world has completely changed in the last 12-24 months:
\n\n\n- Multiple Global Conflicts
\n- Launch of ChatGPT
\n- CISO’s being held personally accountable for security breaches
\n- Government Regulations on security
\n- Economic Uncertainties (interest rates, layoffs)
\n
\n\nAll of these changes have played a major role in reshaping the security landscape. From adversaries with political motivations to another just trying to provide for his/her family. Security is no longer just your job, but you could actually be held personally liable. Oh and don’t forget that an adversary now has the ability to rewrite vulnerabilities with the click of a button, or can create deep fakes so real that a zoom call with multiple “people” was undetectable by a real person.
\n\nSpeakers:Jamie Hardy,Rachael Tubbs,Steve McGregory ,Ted Harrington
\n
\nSpeakerBio: Jamie Hardy, Principal Product Manager at Intuit
\nJamie Hardy is a Principal Product Manager at Intuit responsible for Adversary Management. He\'s spent 14 years in the industry with a background as a software and cyber security engineer. He\'s worked in fintech, government, and semiconductor spaces making the transition from engineering to Product Management when taking on IoT security at Qualcomm. He likes to break things, build things, and is passionate about bringing new products to reality, which makes him a swiss army knife for cybersecurity product management. You may catch him on the slopes, at the links, or leading security conferences. He enjoys family time with his wife, young baby son, two vizslas, all while rocking Hawaiian shirts.
\n\nSpeakerBio: Rachael Tubbs
\nRachael Tubbs is the village lead of IoT Village. She is currently working on her PhD in Forensic Psychology where she is studying the world of ethical hacking and the mindset of hackers. She has presented at Hack the Capitol and RSA Conference.
\n\nSpeakerBio: Steve McGregory , Senior Director of the Cybersecurity Center of Excellence (COE) at Keysight Technologies
\nSteve McGregory is Senior Director of the Cybersecurity Center of Excellence(COE) at Keysight Technologies. The Cybersecurity COE researches cyber threats and gathers actionable intelligence. Steve has over three decades of experience working in computer and network security. Steve\'s work experience has covered all aspects of cybersecurity, from operational security practices such as defending an Internet Service Provider business, building security controls at TippingPoint(now Trend Micro), and, most recently, building cybersecurity test solutions at Keysight Technologies. Steve is passionate about cybersecurity and focuses his professional work on educating people about and protecting them from cyber-attacks.
\n\nSpeakerBio: Ted Harrington, Executive Partner at Independent Security Evaluators
\nTed Harrington is the Executive Partner at Independent Security Evaluators and the number one bestselling author of Hackable. He’s helped hundreds of companies fix tens of thousands of security vulnerabilities, including Google, Amazon, and Netflix. Ted has been featured in more than 100 media outlets, including The Wall Street Journal, Financial Times, and Forbes.
\n\n\n\'',NULL,614549),('2_Friday','13','13:00','13:30','N','CHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'V2GEvil: Ghost in the wires\'','\'Pavel Khunt,Thomas \"Cr0wTom\" Sermpinis\'','CHV_b921a6ca45728fb31d2e7013358ac0f6','\'Title: V2GEvil: Ghost in the wires
\nWhen: Friday, Aug 9, 13:00 - 13:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nThis research aims to enhance electric vehicle cybersecurity by uncovering vulnerabilities in the Electric Vehicle Communication Controller (EVCC), crucial for charging communication. We\'ve developed a specialized security tool after examining electric vehicle charging ports and On-Board Charging (OBC) protocols, with a focus on ISO 15118 standards.
\n\nSpeakers:Pavel Khunt,Thomas \"Cr0wTom\" Sermpinis
\n
\nSpeakerBio: Pavel Khunt, Automotive Security Researcher and Penetration Tester at Auxilium Pentest Labs
\nPavel Khunt is an Automotive Security Researcher and Penetration Tester at Auxilium Pentest Labs. With a background in engineering, Pavel graduated from FIT CTU, where his master’s thesis focused on V2G (Vehicle-to-Grid) communication during the charging of Electric Vehicles (EVs). Passionate about ensuring the safety and security of automotive technologies.
\n\nSpeakerBio: Thomas \"Cr0wTom\" Sermpinis, Technical Director at Auxilium Pentest Labs
\nThomas Sermpinis (a.k.a. Cr0wTom) is the Technical Director of Auxilium Pentest Labs and independent security researcher with main topics of interest in the automotive, industrial control, embedded device, and cryptography sectors. During his research, he published several academic papers, 0days and tools with the ultimate goal of making the world a safer place, but also helped almost 200 OEMs and Tier 1 automotive suppliers to achieve better security and develop more secure products.
\n\nAdditionally, he spoke in several highly technical security conferences, presenting his research and trying to create safer streets for drivers, passengers, pedestrians, and everyone in the street, including Zer0Con, TyphoonCon, TROOPERS, DeepSec and others.
\n\n\n\'',NULL,614550),('2_Friday','13','13:30','13:59','N','CHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Building a secure and resilient nationwide EV charging network: the role of hackers in the clean energy revolution \'','\'Harry Krejsa,Sarah Hipel\'','CHV_a91d6a0c348a69b0044a1c8f4bb4bdfb','\'Title: Building a secure and resilient nationwide EV charging network: the role of hackers in the clean energy revolution
\nWhen: Friday, Aug 9, 13:30 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nUnprecedented investments in vehicle electrification are creating new pathways for hackers to exploit EVs and EV chargers. Many of these risks are theoretical and have not been demonstrated in the wild…yet. Policymakers are racing to better understand systemic cyber risks present in this new EV ecosystem—particularly those which might impact the electric grid—so we can devise effective mitigations now. This talk offers a White House policymaker’s perspective on the changing EV landscape, new policy measures under consideration to identify and reduce the impact of vulnerabilities, and the critical role that hackers can play in focusing our work.
\n\nSpeakers:Harry Krejsa,Sarah Hipel
\n
\nSpeakerBio: Harry Krejsa, Assistant National Cyber Director for Strategy at ONCD
\nHarry Krejsa is the Assistant National Cyber Director for Strategy. He leads the office’s development of cyber and technology strategy for domestic and international policy, including co-directing the drafting, interagency approval, and rollout of President Joe Biden’s National Cybersecurity Strategy. Prior to joining the Office of the National Cyber Director, Harry oversaw strategy and U.S.-China competition for the Department of Defense’s cyber policy office. He drafted the 2018 DoD Cyber Strategy and inaugural Cyber Posture Review, which provided guidance for using new offensive military authorities to deter and disrupt adversary cyber campaigns, and negotiated numerous “Hunt Forward” joint operations with foreign militaries to root out adversary malware on strategic systems. Upon leaving DoD he was awarded the Office of the Secretary of Defense Medal for Exceptional Public Service. From 2019-2020 Harry was detailed to serve as Director of the Integration Cell at the U.S. Cyberspace Solarium Commission, where he led research on emerging technology trends and their implications for U.S. government policy. He oversaw the Commission’s strategy and policy development on norms and values in technology design, artificial intelligence, election cybersecurity, and China’s influence over strategic technologies. Before joining government, Harry was a Fellow at the Center for a New American Security where he researched U.S.-China economic and technology competition, broader Indo-Pacific security strategy, and the intersection of foreign and domestic policy in the United States. Harry also worked as a professional staff member for the Congressional Joint Economic Committee, served as a researcher at the Center for the Study of Chinese Military Affairs at National Defense University, led field analysis on political transition in Myanmar, piloted anti-terror training programs in South Asia, and completed a Fulbright Fellowship in Taiwan. Harry’s policy writings have appeared in Foreign Affairs, Politico, War on the Rocks, Fortune, and a number of regional American newspapers. His analysis has been featured in outlets like CBS News and Bloomberg, and he has given televised Chinese-language commentary to Voice of America. He is a Lecturer of International Affairs at George Washington University on defense and technology policy.
\n\nSpeakerBio: Sarah Hipel, Standards and Reliability Program Manager at ONCD
\nNo BIO available
\n\n\'',NULL,614551),('2_Friday','13','13:30','13:59','N','LPV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Doors, Cameras, & Mantraps: Oh my!\'','\'Dylan \"The Magician\" Baklor\'','LPV_eef434de245b5da75d7f8fae965eebe9','\'Title: Doors, Cameras, & Mantraps: Oh my!
\nWhen: Friday, Aug 9, 13:30 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nThis is an entry level talk about the practical parts of Physical Security Assessment, and how to talk to clients.
\n\nSpeakerBio: Dylan \"The Magician\" Baklor, Web Application Pentester and Network Security Pentester at Macy\'s
\nDylan Baklor, known by the handle \"The Magician,\" is a seasoned security professional with extensive experience in both physical and network security. With 1.5 years dedicated to Physical Penetration Testing at Goldsky Security, Dylan developed and implemented comprehensive Physical Security testing Policies and Procedures, conducted rigorous testing, and provided actionable remediation recommendations. Notable, albeit unconventional, achievements include discovering network racks in restrooms and breaching a satellite manufacturing facility with compressed air. Holding certifications such as Pentest+, Security+, Network+, and CISSP, Dylan is continuously expanding their expertise. Currently, Dylan works at Macy\'s as a Web Application Pentester and Network Security Pentester, with a particular passion for wireless technologies including RFID, Bluetooth, and WiFi. Known for teaching clients how to identify and rectify their own security vulnerabilities, Dylan emphasizes practical knowledge and hands-on interaction. An engaging speaker on the fundamentals of physical security, Dylan is also a Cyborg, please ask him about it!
\n\n\n\'',NULL,614552),('2_Friday','13','13:30','14:30','N','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'Signature-Based Detection Using Network Timing\'','\'Josh Pyorre\'','PHV_b7d2da46769c3ff2923611472d963b1b','\'Title: Signature-Based Detection Using Network Timing
\nWhen: Friday, Aug 9, 13:30 - 14:30 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nMalware traffic is commonly identified using signatures based off its code, strings, and associated network infrastructure. However, it\'s also possible to build signatures from the timing between network transactions. This presentation will explore using network captures of known malicious network activity to find similar behavior in random traffic. The talk is technical as it involves processing packets with Python and a some data science, but will be presented in a way that anyone should be able to understand and enjoy.
\n\nSpeakerBio: Josh Pyorre, Security Researcher at Cisco Talos
\nJosh Pyorre is a Security Researcher with Cisco Talos. He\'s been in security since 2000 with NASA, Mandiant, and other organizations. Josh has presented at many conferences, such as DEFCON, B-Sides, Derbycon, DeepSec, Qubit, and others. His professional interests involve network, computer and data security with a goal of maintaining and improving the security of as many systems and networks as possible. He\'s writes dark electronic music under the name Die Vortex.
\n\n\n\'',NULL,614553),('2_Friday','14','13:30','14:30','Y','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'Signature-Based Detection Using Network Timing\'','\'Josh Pyorre\'','PHV_b7d2da46769c3ff2923611472d963b1b','\'\'',NULL,614554),('2_Friday','14','14:00','14:30','N','PSV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Physical Security Assessment Basics for Internal Employees\'','\'Billy Graydon\'','PSV_29c9da63e72f273dfd0e212fe7d06d74','\'Title: Physical Security Assessment Basics for Internal Employees
\nWhen: Friday, Aug 9, 14:00 - 14:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nIf you have an interest in physical security and want to help your employer secure their buildings, this talk is for you! We\'ll cover common flaws in locks, alarms, surveillance systems and employee training, and how to test for them and suggest remediations to company leadership. Learn methods of lock bypass, alarm bypass, forcible entry, social engineering and other common vulnerabilities!
\n\nThis talk is aimed at employees whose primary job function does not involve physical security - that often includes cybersecurity teams though, so we\'ll make lots of analogies to infosec concepts, but the talk is accessible to everyone.
\n\nSpeakerBio: Billy Graydon, Principal at GGR Security
\nBill Graydon is a principal at GGR Security, where he hacks everything from locks and alarms to critical infrastructure; this has given him some very fine-tuned skills for breaking stuff. He’s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running the Physical Security Village at various cons. He’s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in physical and cyber security, anti-money laundering, and infectious disease detection.
\n\n\n\'',NULL,614555),('2_Friday','14','14:00','14:30','N','ICSV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'The Risk and Reward of Distributed Industrial Control\'','\'Joe Slowik\'','ICSV_21cd4b6b7eef14d2359b38daccfda4f2','\'Title: The Risk and Reward of Distributed Industrial Control
\nWhen: Friday, Aug 9, 14:00 - 14:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nEconomic efficiency and increasing automation mean that many industrial assets are remotely monitored and controlled. While some assets, such as oil production platforms, remain manned in isolated conditions, the ecosystem of renewable energy and distributed energy resources (DERs), pipelines, and other assets are increasingly unmanned with control extending over common information links. While this has been a boon for cost, it has also resulted in a radical extension of attack surface for cyber operations.
\n\nIn this discussion, we will explore the nature of distributed industrial asset operation and the opportunities this presents for adversaries to infiltrate and potentially disrupt critical infrastructure operations. To make this point, we will review examples of adversary activity, from the 2022 ViaSat incident through historical pipeline intrusions (NOT Colonial!), showing how adversaries intentionally or inadvertently prey on brittle communication links for industrial disruption. We will conclude with a discussion of how these risks can be mitigated in a way that is sensible and economical, because wind farm operators won\'t lay their own dedicated fiber anytime soon.
\n\nSpeakerBio: Joe Slowik
\nJoe Slowik has over 15 years of experience across multiple cyber domains and problem sets. Currently Joe leads CTI functions for the MITRE ATT&CK project while also conducting critical infrastructure threat research and analysis. Previously Joe has worked in multiple roles spanning CTI, detection engineering, and threat hunting at organizations such as Dragos, Huntress, DomainTools, and Gigamon. Joe started his infosec journey with the US Navy and at Los Alamos National Laboratory.
\n\n\n\'',NULL,614556),('2_Friday','14','14:00','14:30','N','CHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'UDSonCAN Attacks: Discovering Safety-Critical Risks by Fuzzing\'','\'Jonghyuk Song,Seunghee Han,Soohwan Oh\'','CHV_1586d9087a88ea7a6aa016d348a52fcc','\'Title: UDSonCAN Attacks: Discovering Safety-Critical Risks by Fuzzing
\nWhen: Friday, Aug 9, 14:00 - 14:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nSome diagnostic services in UDSonCAN that could affect driving should be disabled while driving and protected by authentication mechanisms such as SecurityAccess. However, without these security measures, attackers can cause a serious safety risk to the driver using only diagnostic messages. In this talk, we introduce UDSonCAN attacks discovered through fuzzing and describe their countermeasures. These attacks can cause a moving car to suddenly stop or a stationary car to suddenly acceleration with just simple diagnostic messages. We discovered these vulnerabilities in the latest electric vehicle model and have prepared a demo.
\n\nSpeakers:Jonghyuk Song,Seunghee Han,Soohwan Oh
\n
\nSpeakerBio: Jonghyuk Song
\nNo BIO available
\nSpeakerBio: Seunghee Han, Automotive Engineer and Security Tester at Autocrypt Engineering
\nSeunghee Han is an automotive engineer and security tester at Autocrypt Engineering team. She is mainly working on fuzzing test and issue analysis on the in-vehicle networks, such as CAN/CAN-FD, UDSonCAN, and Automotive Ethernet. Also, she has designed the requirements of automotive security test solutions.
\n\nSpeakerBio: Soohwan Oh
\nNo BIO available
\n\n\'',NULL,614557),('2_Friday','14','14:30','15:30','N','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Exploration of Cellular Based IoT Technology\'','\'Carlota Bindner,Deral Heiland\'','IOTV_9113b38a82e6397306d407b5463b360c','\'Title: Exploration of Cellular Based IoT Technology
\nWhen: Friday, Aug 9, 14:30 - 15:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nAs cellular technologies continue to become more integrated into IoT devices, there has been a noticeable lag in comprehending potential security implications associated with cellular hardware technologies. Furthermore, the development of effective hardware testing methodologies has also fallen behind. Given the highly regulated nature of cellular communication and the prevalent use of encryption, it is imperative for security researchers to deepen their understanding of circuit design and the integration of cellular modems into IoT devices. In this presentation, I will introduce a wide-ranging testing and analysis methodology aimed at enhancing our understanding and evaluation of the security of IoT devices that currently rely on cellular communications. This methodology will encompass an examination of various cellular modem modules in use, their integration into circuit design, and hardware hacking techniques for interacting with communication circuits to control cellular modules, all for the purpose of security testing and analysis.
\n\nSpeakers:Carlota Bindner,Deral Heiland
\n
\nSpeakerBio: Carlota Bindner, Lead Product Security Researcher at Thermo Fisher Scientific
\nCarlota Bindner is a security professional with over six years of experience and has worked in penetration testing, incident response, and advisory services. In her current role as Lead Product Security Researcher at Thermo Fisher Scientific, she performs penetration tests against IoT and embedded devices, mobile apps, web applications, and thick clients, with a specialized focus on healthcare and scientific technologies. She has previously presented at RSAC and created hands-on IoT hacking labs for conferences, including RSAC and the DEF CON. Outside of work, she enjoys investigating the security of IoT and embedded systems and has recently become a member of the RF Village staff.
\n\nSpeakerBio: Deral Heiland, Principal Security Researcher (IoT) at Rapid7
\nDeral Heiland CISSP, serves as a Principal Security Researcher (IoT) for Rapid7. Deral has over 25 years of experience in the Information Technology field and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst. Over the last 15+ years Deral’s career has focused on security research, security assessments, penetration testing, and consulting for corporations and government agencies. Deral also has conducted security research on numerous technical subjects, releasing white papers, Blogs, security advisories, and has presented the information at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, RSAC, Hack in Paris. Deral has been interviewed by and quoted by multiple media outlets and publications including ABC World News Tonight, Cheddar TV, BBC, Consumer Reports, MIT Technical Review, SC Magazine, Dark Reading, Threat Post and Infosecurity Magazine.
\n\n\n\'',NULL,614558),('2_Friday','15','14:30','15:30','Y','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Exploration of Cellular Based IoT Technology\'','\'Carlota Bindner,Deral Heiland\'','IOTV_9113b38a82e6397306d407b5463b360c','\'\'',NULL,614559),('2_Friday','14','14:30','15:15','N','PLV','LVCC West/Floor 2/W222-Creator Stage 4','\'Human Dignity in AI and Tech Policy\'','\'Jan Trzaskowski\'','PLV_b13559477d173ed4fcbf5dfe96b3d123','\'Title: Human Dignity in AI and Tech Policy
\nWhen: Friday, Aug 9, 14:30 - 15:15 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nSocial media have been a decade-long dress rehearsal in online manipulation. AI can create information, make predictions and take decisions that will affect human behaviour, including our behaviours as citizens, workers and consumers. Safeguards are needed, since generative AI will only exacerbate the personal, social and societal harms already caused by data-driven business models.
\n\nWe examine the centrality of human dignity in tech law and policy and how our mindsets and legal frameworks must be informed by psychological, technological and societal perspectives. Based on insights from market dynamics, marketing techniques, design strategies, and human frailties we demonstrate how information asymmetries have reduced individual agency and the ability to create transparency.
\n\nHuman dignity is a core value in liberal democracies that must also be reflected in tech policy. Protections are required when businesses interfere with our rights to freedom, property, privacy and non-discrimination. With the digitalisation of the human experience, users have become programmable objects. We cannot rely on regulation alone and need to discuss how we can act to reclaim our dignity.
\n\nSpeakerBio: Jan Trzaskowski, Law Professor at Aalborg University and Copenhagen Business School
\nJan Trzaskowski, PhD, is Law Professor at Aalborg University and Copenhagen Business School and author of the important and successful book Your Privacy Is Important to Us! – Restoring Human Dignity in Data-Driven Marketing [as well as many other books, chapters and articles]. Since the mid-1990s, he has dealt with legal and regulatory aspects of information technology, and his research focuses on the protection of consumers and fundamental rights, including privacy. He has a keen interest in human decision-making (psychology and marketing) and the role of persuasive technology. Currently, he focuses on the regulation of AI and data-driven business models, including the role of human dignity and fundamental rights impact assessments. He was Head of the Danish delegation negotiating the 2000 E-Commerce Directive, and as a kid he wrote Commodore 64 assembly language routines that were published in Danish computer magazine IC RUN.
\n\n\n\'',NULL,614560),('2_Friday','15','14:30','15:15','Y','PLV','LVCC West/Floor 2/W222-Creator Stage 4','\'Human Dignity in AI and Tech Policy\'','\'Jan Trzaskowski\'','PLV_b13559477d173ed4fcbf5dfe96b3d123','\'\'',NULL,614561),('2_Friday','14','14:30','14:59','N','ICSV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Mapping the Landscape: Top 10 Cybersecurity Trends in Critical Infrastructure for 2024\'','\'Mars Cheng\'','ICSV_a563ef5178bcd75c7bf225f3d72b830b','\'Title: Mapping the Landscape: Top 10 Cybersecurity Trends in Critical Infrastructure for 2024
\nWhen: Friday, Aug 9, 14:30 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nIn recent years, we have witnessed a surge in attacks aimed at critical infrastructure, varying widely in scope and impact depending on the region. While the definition of critical infrastructure differs by country, it typically encompasses essential sectors such as oil, natural gas, water, power, and manufacturing. The ramifications of these attacks are complex and often unpredictable.
\n\nTo gain a clearer understanding of the state of critical infrastructure globally, starting in 2023, we will annually survey 300 CISOs or security directors across different countries in this sector. We will share the data-driven insights to offer a detailed examination of the current conditions and challenges faced by these crucial systems. By comparing trends across different years, countries, and industries, our goal is to enhance the security and resilience of critical infrastructures worldwide.
\n\nSpeakerBio: Mars Cheng, Threat Research Manager, PSIRT and Threat Research at TXOne Networks Inc
\nMars Cheng (@marscheng_) leads TXOne Networks\' PSIRT and Threat Research Team as Threat Research Manager, coordinating product security initiatives and threat research efforts. He is also the Executive Director for the Association of Hackers in Taiwan (HIT/HITCON) and General Coordinator of HITCON CISO Summit 2024, facilitating collaboration between enterprises and the government to bolster the cybersecurity landscape. Mars is a frequent speaker and trainer at numerous prestigious international cybersecurity conferences and has presented over 50 times, including Black Hat USA/Europe/MEA, RSA Conference, DEF CON, CODE BLUE, FIRST, HITB, HITCON, Troopers, NOHAT, SecTor, SINCON, ROOTCON, ICS Cyber Security Conference Asia and USA, CYBERSEC, CLOUDSEC, VXCON, and many others. His expertise spans ICS/SCADA systems, malware analysis, threat intelligence and hunting, and enterprise security. Mars has made significant contributions to the cybersecurity community, including authoring more than ten CVE-IDs and publishing in three SCI journals on applied cryptography. Mars has successfully organized several past HITCON events, including HITCON CISO Summit 2023, HITCON PEACE 2022, HITCON 2021, and HITCON 2020.
\n\n\n\'',NULL,614562),('4_Sunday','10','10:00','10:59','N','RTV','LVCC West/Floor 2/W222-Creator Stage 4','\'The Village Peoples\' Panel - What Really Goes On in a Village?\'','\'Justin,Matt Mayes,muteki,Nina Alli,Savannah \"lazzslayer\" Lazzara,Tom VanNorman,Jeff \"The Dark Tangent\" Moss\'','RTV_c51a0bfb2fabe41619040918c9eb2740','\'Title: The Village Peoples\' Panel - What Really Goes On in a Village?
\nWhen: Sunday, Aug 11, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nThe Villages are a key part of the DEFCON experience - join this panel of staff members of the DEFCON Villages to get an inside scoop on all the intricacies of organizing a village. Topics from finding sponsors to setting up equipment to making sure everyone gets to take a break during the event - there\'s a whole lot that goes on behind the scenes at DEFCON villages!
\n\nSpeakers:Justin,Matt Mayes,muteki,Nina Alli,Savannah \"lazzslayer\" Lazzara,Tom VanNorman,Jeff \"The Dark Tangent\" Moss
\n
\nSpeakerBio: Justin, Car Hacking Village
\nNo BIO available
\nSpeakerBio: Matt Mayes, Aerospace Village
\nNo BIO available
\nSpeakerBio: muteki, Director at Blue Team Village
\nNo BIO available
\nSpeakerBio: Nina Alli, Biohacking Village
\nNo BIO available
\nSpeakerBio: Savannah \"lazzslayer\" Lazzara
\nNo BIO available
\nSpeakerBio: Tom VanNorman, ICS Village
\nNo BIO available
\nSpeakerBio: Jeff \"The Dark Tangent\" Moss, DEF CON Communications
\nNo BIO available
\n\n\'',NULL,614563),('2_Friday','15','15:00','15:30','N','BHV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Breaking Boundaries: Popping Shells in the Airgap with $10 and a Dash of Arduino Magic\'','\'Daniel Beard\'','BHV_c901727c7813497da9827ba63ce2e7dd','\'Title: Breaking Boundaries: Popping Shells in the Airgap with $10 and a Dash of Arduino Magic
\nWhen: Friday, Aug 9, 15:00 - 15:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nMany medical devices are “not connected to a network”, so let’s bring our own! This talk will teach you how to create a BadUSB device that can wirelessly execute payloads on “airgapped” systems like medical devices that aren’t connected to the internet. WIth only $10 of off-the-shelf hardware and some basic arduino code you too can start popping shells in the device lab.
\n\nSpeakerBio: Daniel Beard
\nDaniel is a software engineer and entrepreneur specializing in medical device cybersecurity. He founded MedISAO and Cyberprotek, both acquired by MedCrypt in 2020. His expertise includes vulnerability management, and designing secure devices in a regulated environment.
\n\n\n\'',NULL,614564),('2_Friday','15','15:15','15:59','N','PLV','LVCC West/Floor 2/W222-Creator Stage 4','\'Open Source Hacker Vs. Government Lawyer: Clashing Views on Fixing Tech in the DoD\r\n\'','\'Eddie Zaneski,Rebecca Lively\'','PLV_c1d5c0d104c1108174c9f5a915f62dde','\'Title: Open Source Hacker Vs. Government Lawyer: Clashing Views on Fixing Tech in the DoD\r\n
\nWhen: Friday, Aug 9, 15:15 - 15:59 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\n“What do you mean I can’t bring my car keys into this building?”
\n\n“No internet?? But how do I download things from GitHub?”
\n\nJoin a recovering government attorney and an open-source hacker for a fiery debate that dives into the world of DoD cybersecurity inefficiencies. Rebecca, a former DoD lawyer, pairs her intricate understanding of perplexing government policies with Eddie’s fresh, critical (and dare we say naive?) insights from the private sector. This session will explore the frustrating “how” behind the government’s “why,” from slow booting government laptops to the realities of “military-grade technology.” Together, they will challenge the status quo, proposing innovative, open-source inspired solutions to streamline and secure DoD operations. Expect a dynamic exchange filled with real-world frustrations, enlightening explanations, and a hacker’s touch on how to fix what’s broken.
\n\nSpeakers:Eddie Zaneski,Rebecca Lively
\n
\nSpeakerBio: Eddie Zaneski, Open Source Tech Lead at Defense Unicorns
\nEddie Zaneski lives in Denver, CO with his wife and dog. He loves open source and helps lead the Kubernetes project. His day job is building OSS for the US Government. When not hacking on random things you\'ll most likely find him climbing rocks somewhere.
\n\nSpeakerBio: Rebecca Lively, Polymath at Defense Unicorns
\nRebecca K. Lively began her career as an attorney focusing on legal and policy issues relating to software development, acquisition, intellectual property, and cyberspace operations. In 2020 she went all-in on software development, co-founding Shadow’s Edge Software, Air Force Cyber’s Software Factory. As a product strategist at Defense Unicorns, Rebecca leverages her diverse background to build solutions to streamline software delivery and cybersecurity in highly regulated environments. Rebecca lives in Texas with her spouse and a handful of children. She does not consider herself responsible enough for pet ownership.
\n\n\n\'',NULL,614565),('2_Friday','15','15:30','15:59','N','BHV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Dysfunctional Unity: The Road to Nowhere\'','\'Michael \"v3ga\" Aguilar\'','BHV_2541277a78a0bb5be025ec64285c3004','\'Title: Dysfunctional Unity: The Road to Nowhere
\nWhen: Friday, Aug 9, 15:30 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nYears progress, time passes, and medical devices are still vulnerable, with Hospital computer and network security being a hot topic on the minds of citizens and CISA/FDA/etc. If we do not get better now, things will get much worse in the future. My talk will cover some general mistakes observed within the Medical device topography, misnomers about SBOM and what it is and what it accomplishes, ideas for roadmaps for more secure devices and environments and discussions around CVEs relating to the medical device topography.
\n\nSpeakerBio: Michael \"v3ga\" Aguilar, Principle Consultant at Secureworks Adversary Group
\nMichael Aguilar (v3ga) is a Principle Consultant for Secureworks Adversary Group. He runs Adversary Simulation operations, Physical Security and Network/Web based assessments as well as Adversarial Medical Device Tests. When not doing computer things, he reads a lot and likes to run to de-stress. He is also an avid fan of playing guitar really fast and screaming at people.
\n\n\n\'',NULL,614566),('2_Friday','15','15:30','15:59','N','ASV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Ground Control to Major Threat - Hacking the Space Link Extension Protocol\'','\'Andrzej Olchawa\'','ASV_dc70b9fe81c407783d8224ee40d250d5','\'Title: Ground Control to Major Threat - Hacking the Space Link Extension Protocol
\nWhen: Friday, Aug 9, 15:30 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nSpace missions have increasingly been the subject in the context of security breaches and satellite hacks. The majority of discussions revolve around direct communication and access to spacecraft through means such as Software Defined Radio. However, the reality is that this approach isn\'t practical for most adversaries, as it requires substantial resources and is easily detectable due to the power and radio frequencies required to command a spacecraft. Instead, adversaries might shift their focus away from the Space Segment and opt for a more practical approach, such as accessing and exploiting the Ground Segment vulnerabilities and flaws in order to gain control over spacecraft. Every space mission comprises custom-made hardware and software components, which interact with each other utilizing dedicated protocols and standards designed and developed for this sole purpose. Numerous potential failure points can adversely impact a space mission, many of which persist on the ground. Considering the essential services they facilitate and the extent to which contemporary society relies on space technology, each component utilized in space missions should be regarded as integral to critical infrastructure and treated as such, particularly from a security standpoint. This study centers on the Space Link Extension (SLE) protocol, which is employed as a standard for communication between mission data systems and ground stations by various space agencies and organizations, including NASA and ESA. We will address the security concerns inherent in the SLE protocol. At the same time, we demonstrate methods and techniques malicious actors can employ to conduct a Denial of Service (DoS) or tap into the ground station communications, gaining control over an actual spacecraft. We will conclude this publication by presenting the reader with a possible mitigation strategy that we believe should be employed at the SLE protocol level. Additionally, we will outline a forecast for future work, detailing both planned endeavors and those already in progress, to further expand on this research.
\n\nSpeakerBio: Andrzej Olchawa
\nAndy Olchawa is an experienced Information Security Professional with over 15 years in the space industry, working as a Software Engineer and Technical Project Manager. For the past few years, he has focused on offensive security, specializing in vulnerability research, exploit development, and red team operations. He holds OSCP, OSWA, and OSWP certifications, and has been credited with several CVEs.
\n\n\n\'',NULL,614567),('2_Friday','15','15:50','16:30','N','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Where’s the Money: Defeating ATM Disk Encryption\'','\'Matt Burch\'','IOTV_49897db11d7b1eb6350c2d05e2f7275f','\'Title: Where’s the Money: Defeating ATM Disk Encryption
\nWhen: Friday, Aug 9, 15:50 - 16:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nHolding upwards of $400,000, ATMs continue to be a target of opportunity and have seen over a 600% increase in crime in just the last few years. During this time, I led security research with another colleague into the enterprise ATM industry resulting in the discovery of 6 zero-day vulnerabilities affecting Diebold Nixdorf’s Vynamic Security Suite (VSS), the most prolific ATM security solution in the market. 10 minutes or less is all that a malicious actor would need to gain full control of any system running VSS via offline code injection and decryption of the primary Windows OS. Diebold Nixdorf is one of three major North American enterprise class ATM manufacturers with a global presence in the financial, casino/gaming, and point-of-sale markets. Similar attack surfaces are currently being used in the wild and impact millions of systems across the globe. Furthermore, VSS is known to be present throughout the US gaming industry, including most of the ATM/cash-out systems across Vegas.
\n\nIn this session, I will walk through my research, review the discovery process, and dive into the technical intricacies of each vulnerability. The Full Disk Encryption module of VSS conducts a complex integrity validation process to ensure a trusted system state, performed as a layered approach during system initialization. Examination of this workflow will highlight various deficiencies that I will demonstrate through PoC exploitation.
\n\nEach vulnerability presented in this session has been observed to have a recursive impact across all major versions of VSS and represents a systemic ongoing risk. We will explore the root-cause, vendor remediation steps, and short-comings thereof – perpetuating the attack narrative. In conclusion, proper mitigation techniques and procedures will be covered, providing valuable insights into defending against potential compromise.
\n\nSpeakerBio: Matt Burch, Independent Vulnerability Researcher
\nMatt Burch is an independent vulnerability researcher with 20 years of experience in the information security industry and 15 years of focus in adversarial testing and simulation. He specializes in ATM, IoT, mobile application, and IP based vulnerability research. With this diverse background, he has successfully identified unique deficiencies in high-security products – awarding him numerous CVE accreditations.
\n\n\n\'',NULL,614568),('2_Friday','16','15:50','16:30','Y','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Where’s the Money: Defeating ATM Disk Encryption\'','\'Matt Burch\'','IOTV_49897db11d7b1eb6350c2d05e2f7275f','\'\'',NULL,614569),('2_Friday','16','16:00','16:30','N','ASV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Analyzing the Security of Satellite-Based Air Traffic Control\'','\'Martin Strohmeier\'','ASV_767cbf152daeec6c14308e499fa3971c','\'Title: Analyzing the Security of Satellite-Based Air Traffic Control
\nWhen: Friday, Aug 9, 16:00 - 16:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nAutomatic Dependent Surveillance – Contract (ADS-C) is a satellite-based aviation datalink application used to monitor aircraft in remote regions. It is a crucial method for air traffic control to track aircraft where other protocols such as ADS-B lack connectivity. Even though it has been conceived more than 30 years ago, and other legacy communication protocols in aviation have shown to be vulnerable, ADS-C’s security has not been investigated so far in the literature. We conduct a first investigation to close this gap. First, we compile a comprehensive overview of the history, impact, and technical details of ADS-C and its lower layers. Second, we build two software-defined radio receivers in order to analyze over 120’000 real-world ADS-C messages. We further illustrate ADS-C’s lack of authentication by implementing an ADS-C transmitter, which is capable of generating and sending arbitrary ADS-C messages. Finally, we use the channel control offered through a software-defined ADS-C receiver and transmitter as a basis for an in-depth analysis of the protocol weaknesses of the ADS-C system. The found vulnerabilities range from passively tracking aircraft to actively altering the position of actual aircraft through attacks on the downlink and the uplink. We assess the difficulty and impact of these attacks and discuss potential countermeasures.
\n\nWe will further look at satellite-based ADS-B receivers and discuss their security and how they relate to ADS-C.
\n\nSpeakerBio: Martin Strohmeier, Senior Scientist at Cyber Defence Campus
\nMartin Strohmeier is a Senior Scientist at the Swiss Cyber Defence Campus, where he is responsible for vulnerability research programmes into aircraft, satellites and cars. His work was published in all major systems security conferences, totalling more than 100 publications to date. He has also spoken previously at the DEFCON Aerospace Village and co-organized CTFs there.
\n\n\n\'',NULL,614570),('2_Friday','16','16:00','16:30','N','PLV','LVCC West/Floor 2/W222-Creator Stage 4','\'Cybersecurity Schoolhouse Rock\'','\'Avi McGrady\'','PLV_b69bc80938db0b15907bd49d2d5af963','\'Title: Cybersecurity Schoolhouse Rock
\nWhen: Friday, Aug 9, 16:00 - 16:30 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nAlmost since the internet was made widely available to the general public, average technology users have fallen prey to threats from malicious spam, malware, phishing, smishing, scams, fraud, and ransomware. In most of the US, primary and secondary education (in the US, comprising kindergarten through 12th grade) now incorporate computing technology as an integral part of the classroom, and some families introduce computing platforms to children in their toddler and preschool years. Despite our society\'s growing dependence on computing technology in the world of education, there remain no national standards or curricula for the teaching of data privacy or information security principles. This disconnect sets future generations up for failure, and a continuation of a cycle of ignorance that perpetuates cybercrime victimization. This presentation makes the case that schools must adopt and incorporate concepts of data privacy, information security, defense against fraud and phishing, and internet safety, in age-appropriate ways, into lesson plans at all grade levels. Further, school districts and independent schools must take steps to protect themselves from the threat of ransomware, data breaches, and other forms of criminal activity.
\n\nSpeakerBio: Avi McGrady
\nAvi McGrady is a recently graduated student of New Vista High School in Boulder, Colorado. He prepared the research and work for this presentation as a part of a culminating project in his senior year, and presented a report to the Boulder Valley School District board as part of this work toward his graduation requirements. Avi is an enthusiastic student of computer science and information security and hopes to work in the field after he graduates. He will attend Rensselaer Polytechnic Institute as an undergraduate freshman in the fall of 2024. His passion has led him to attend and volunteer for two infosec conferences, RMISC and Bsides in Boulder, and he will be leaning further into his outreach as he begins college and starting his career.
\n\n\n\'',NULL,614571),('2_Friday','16','16:00','16:59','N','CPV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Data On Demand: The challenges of building a privacy focused AI Device\'','\'Matt Domko\'','CPV_b6b4078b1aac9bc0d247c084cdb0c69c','\'Title: Data On Demand: The challenges of building a privacy focused AI Device
\nWhen: Friday, Aug 9, 16:00 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nBuilding an AI product for the everyday person is challenging - doing it in a privacy focused way is nearly impossible without support from the right people. I\'ll walk through the techniques we\'re using at Rabbit to secure customer data and provide people a choice as to where their data goes.
\n\nWe\'ll cover the pipelines that\n- Collect and Manage customer identity after they login to a site\n- Log, Anonymize, and Process customer voice interactions\n- Provide \"just in time\" access to customer data for personalized RAG-like models
\n\nAs a community, I think we\'re well within our rights to demand control over the data we provide to companies. This talk aims to provide engineers with a list of ideas on \"what right could look like\", and general attendees a list of things that are possible, so they know its ok to ask for them.
\n\nSpeakerBio: Matt Domko, Head of Security at (in)famous AI Walkie Talkie Manufacturer
\nMatt Domko is the Head of Security at a (in)famous AI Walkie Talkie Manufacturer. Ex-This, Ex-That, he spends most of his free time tinkering with his lasercutter or 3d printers.
\n\n\n\'',NULL,614572),('2_Friday','16','16:30','16:59','N','ICSV','LVCC West/Floor 2/W222-Creator Stage 4','\'ICS 101\'','\'Bryson Bort ,Tom VanNorman\'','ICSV_12624d6c0ac65aa29f091fac8c2652dd','\'Title: ICS 101
\nWhen: Friday, Aug 9, 16:30 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nIntroduction to industrial control systems:
\n- What is ICS
\n- Purdue model
\n- How ICS is architected
\n- Attacker view of ICS architecture
\n- How to build your own ICS lab
\n- Equipment
\n- How to learn / conduct vulnerability research
\n\n\n\nSpeakers:Bryson Bort ,Tom VanNorman
\n
\nSpeakerBio: Bryson Bort
\nNo BIO available
\nSpeakerBio: Tom VanNorman, ICS Village
\nNo BIO available
\n\n\'',NULL,614573),('2_Friday','16','16:30','16:59','N','ADV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Master Splinter’s initial physical access dojo: Storytelling of a complex adversarial attack\'','\'Daniel Isler\'','ADV_2677cd3c1b391a92c79bde6ecc0062a8','\'Title: Master Splinter’s initial physical access dojo: Storytelling of a complex adversarial attack
\nWhen: Friday, Aug 9, 16:30 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nStorytelling of a highly complex Red Team with multiple initial accesses only with Social Engineering. could anyone do it? Yes.
\n\nUnder the format of Storytelling this presentation aims to take attendees first person through a RedTeam service with multiple initial accesses with 100% Social Engineering. How to present critical vulnerabilities in a public way without exposing the target company? This live comic will show us how, through one of its protagonists and with practical examples made with the attendees themselves. How does a professional Social Engineering unit work? What are the roles and tasks? How to emulate the reach of a cybercriminal gang in less than three weeks? This dojo aims to show the methodologies and techniques applied in the field to obtain relevant findings, even reaching critical infrastructure without raising alerts and in an extremely limited time. From the first meeting with the client, information gathering, vector selection, exploitation, pretexting to the physical intrusion, even reaching the datacenter. We will demonstrate how luck is no longer an element to consider when your work is SE from Monday to Friday and you have to perform this type of service every month.
\n\nSpeakerBio: Daniel Isler, Team Leader, Fr1endly RATs at Dreamlab Technologies Chile
\nDaniel has a bachelor’s in arts of Representation. With certifications in Social Engineering, Red Team and OSINT. Team Leader of Fr1endly RATs, the Social Engineering unit at Dreamlab Technologies Chile. Specializing and developing techniques and methodologies for simulations of Phishing attacks, Vishing, Pretexting, Physical Intrusions and Red Team.
\n\n\n\'',NULL,614574),('2_Friday','16','16:30','17:30','N','MISC','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'So you wanna know how to make badges\'','\'c0ldbru\'','MISC_d4f6f15c41db7524c6206e368e263d44','\'Title: So you wanna know how to make badges
\nWhen: Friday, Aug 9, 16:30 - 17:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nTaking attendees through the full badge making process from ideation to ordering and producing at scale
\n\nSpeakerBio: c0ldbru
\nNo BIO available
\n\n\'',NULL,614575),('2_Friday','17','16:30','17:30','Y','MISC','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'So you wanna know how to make badges\'','\'c0ldbru\'','MISC_d4f6f15c41db7524c6206e368e263d44','\'\'',NULL,614576),('2_Friday','17','17:00','17:59','N','XRV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Be the Ghost in the Shell Barrier Mazes FTW\'','\'David \"Icer\" Maynor\'','XRV_6a6fa5227e78fa8610391306cd918921','\'Title: Be the Ghost in the Shell Barrier Mazes FTW
\nWhen: Friday, Aug 9, 17:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nUsing AI to pre-generate gamifie CTFs so hard even the admins won\'t know the answers. Exploring the visionary concept of using gamified, AI-generated barrier mazes for futuristic authentication and encryption inspired by manga. But in the great words of your Mom and mine, if we aren\'t breaking into something, then what is David Maynor even doing there?
\n\nSpeakerBio: David \"Icer\" Maynor, Secret Keeper at ThreatHunter.ai
\nDavid “Icer” Maynor, Secret Keeper at ThreatHunter.ai, has over 20 years of experience in information security with deep technical expertise in threat intelligence, reverse engineering, exploit development, and offensive security testing. Results-driven research, analysis, and solutions leveraging partnerships and cross-disciplinary teams, to strengthen customer and business security posture and capabilities. Served as founder, executive, and advisor within the information security startup space. Author of and contributor to several popular open-source tools, presenter and instructor, and subject matter expert contributor for print, television, and online media.
\n\n\n\'',NULL,614577),('2_Friday','17','17:00','17:30','N','IOTV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Beyond Sunset: Exposing the Occultations Lurking in Large-Scale Off-Grid Solar Systems\'','\'Alexandru Lazar,Dan Berte\'','IOTV_4ad364f14cf46a2bb6bc96d775773db3','\'Title: Beyond Sunset: Exposing the Occultations Lurking in Large-Scale Off-Grid Solar Systems
\nWhen: Friday, Aug 9, 17:00 - 17:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nThis talk reveals stunning vulnerability findings in leading solar manufacturers that, when exploited, the stake is the grid. We\'ll explore three massive vulns in the management platform and discuss how they can be weaponized to become chilling nation security risks.
\n\nSpeakers:Alexandru Lazar,Dan Berte
\n
\nSpeakerBio: Alexandru Lazar, Security Researcher at Bitdefender
\nAlexandru Lazar is a Security Researcher at Bitdefender. He has red team and penetration testing experience and specializes in IoT and embedded systems with a focus on reverse engineering vulnerability assessment and exploitation. He has disclosed vulnerabilities to vendors such as Amazon Bosch LG with his research being covered by several media publications.
\n\nSpeakerBio: Dan Berte, Manager, IoT Vulnerability Research Program at Bitdefender
\nDan manages the Bitdefender IoT vulnerability research program. He previously lead the design and product experience at Bitdefender. His team designed and built Bitdefender BOX, a revolutionary device that protects connected devices in smart homes.
\n\n\n\'',NULL,614578),('2_Friday','17','17:00','17:59','N','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'Reflections on a Decade in Bug Bounties: Experiences and Major Takeaways\'','\'Charles Waterhouse,Nikhil \"niks\" Shrivastava\'','BBV_04cb942f640f97d76b752b524307cb81','\'Title: Reflections on a Decade in Bug Bounties: Experiences and Major Takeaways
\nWhen: Friday, Aug 9, 17:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nIn this talk, I will share my journey from a novice to a seasoned hunter. I will explore how I used to report low-impact, informative bugs when I first started, and how I progressively improved by learning from the community, embracing failures/duplicates, and incorporating feedback from triage teams and clients. This journey of continuous learning and adaptation led me from reporting low vulnerabilities to effectively chaining and converting them into critical impacts.
\n\nThis session is designed for both aspiring and experienced bug bounty hunters. By reflecting on a decade of lessons learned, I will aim to provide valuable takeaways that can help others navigate their own paths in bug bounty hunting and enhance their skills.
\n\nAdditionally, one Synack triage team member will join me on this talk to help differentiate triage thinking from bug bounty hunters\' thinking, providing valuable insights into the collaborative process of vulnerability reporting to acceptance.
\n\nSpeakers:Charles Waterhouse,Nikhil \"niks\" Shrivastava
\n
\nSpeakerBio: Charles Waterhouse
\nAfter spending over 2 decades in the airline industry, I changed careers into cybersecurity. I have helped manage over 2400 engagements with teams of over 1000 researchers across all verticals in commercialand government. I regularly consult with executives in many Global 500 organizations and government to developsecurity and testing plans.
\n\nI have helped develop products around OWASP, NIST, OSINT, API and AI testing. I speak regularly at conferences and help train developers and blue teams to help defend some of the most critical networks worldwide.
\n\nSpeakerBio: Nikhil \"niks\" Shrivastava
\nMy Name is Nikhil Shrivastava AKA niksthehacker. I am an ethical hacker and bug bounty hunter. I have helped over 300 companies to uncover 1500+ Security Vulnerabilities such as Google, Microsoft, Tesla, Mozilla, Salesforce, eBay, Federal Agencies, and many more. I am the #1 hacker in India at Synack Red Team. I was awarded \"Synack Legend Hacker\" Status in 2021. I have also been interviewed by Defcon Red Team Village, Synack, and Indian media such as the Times of India, Economic Times, Indian Express, etc. I was also MSRC (Microsoft Security Response Center) Top 100 Hackers in 2016. I am the founder of Security BSides Ahmedabad, an international hacking conference hosted each year in Ahmedabad, India.
\n\n\n\'',NULL,614579),('2_Friday','17','17:30','17:59','N','CPV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Fool us Once, fool us twice... Hacking Norwegian Banks\'','\'Cecilie Wian,Per Thorsheim\'','CPV_f2e91d90b5867674128f9e7fc9a25093','\'Title: Fool us Once, fool us twice... Hacking Norwegian Banks
\nWhen: Friday, Aug 9, 17:30 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nIn 2021 we could get access to all personal bank accounts at the largest bank in Norway by using a single page paper form sent by snailmail. In addition to stealing all their money, we could also see all account transactions for the last 10 years, with details. In 2024 we have done the same thing to another bank. Why didn\'t the banks learn the first time? In this talk we\'ll explain what we did, lessons learned and why paper ID still is relevant and important to us all.
\n\nSpeakers:Cecilie Wian,Per Thorsheim
\n
\nSpeakerBio: Cecilie Wian
\nCecilie works as a consultant within security, privacy & AI technologies. She is a recognized expert in software testing with a specialization in abusability testing. With over 10 years of experience in the IT industry, Cecilie has developed into an authority in identifying and evaluating potential abuse scenarios and security vulnerabilities in various software products.
\n\nSpeakerBio: Per Thorsheim, Founder & Organizer at PasswordsCon
\nPer is the founder & organizer of PasswordsCon. He revealed the Linkedin breach in 2012 & got heavily involved in the Ashley Madison breach in 2015. He is featured alongside Brian Krebs & Troy Hunt in the 3-part documentary \"The Ashley Madison Affair\" on Hulu.
\n\n\n\'',NULL,614580),('2_Friday','17','17:30','17:59','N','IOTV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Inside Dash Cam: Custom Protocols and Discovered 0-days\'','\'Hyo Jin Lee,Hanryeol Park\'','IOTV_8af9cf2d6d102634c1dec91e08468ad9','\'Title: Inside Dash Cam: Custom Protocols and Discovered 0-days
\nWhen: Friday, Aug 9, 17:30 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nIn recent years, the use of dash cams has surged, making them an essential component of modern vehicles. To enhance user convenience, many dash cams are now equipped with network connectivity. This growth in the dash cam market has heightened the importance of vehicle and personal data security. However, network-connected dash cams pose potential security risks to their availability and key functionalities. In this presentation, we will comprehensively analyze dash cams from various countries, including South Korea, the USA, Germany, and China, as well as built-in dash cams. During our analysis, we discovered numerous zero-day vulnerabilities (such as OS Command Injection, Logical Bugs, and insufficient authentication) that pose significant security threats. Vulnerabilities were primarily found during the dash cam boot process, configuration changes, and communications via custom protocols.
\n\nWe will detail the dash cam analysis process in the following sequence:\n- [Analysis Process]\n - Acquiring firmware through official websites or apps\n - Extracting the file system to analyze the initial boot logic\n - Analyzing the boot logic to identify vulnerabilities or debugging ports to gain shell access\n - Utilizing the obtained shell for remote debugging of the main system
\n\nInterestingly, our analysis of 10 different dash cams revealed that 4 devices used the same OEM board from a common manufacturer. These 4 devices shared similar vulnerabilities, and exploiting a vulnerability found in one device allowed us to successfully exploit all of them. Our research uncovered common security vulnerabilities across multiple dash cams, and we will discuss measures to prevent these vulnerabilities. We will particularly focus on analyzing the custom protocols used by dash cams and the security risks associated with them. This presentation aims to raise awareness of potential security threats in dash cams and encourage manufacturers to produce more secure products. We hope to drive industry standards and best practices to ensure the safety and security of these increasingly critical devices. By sharing our findings, we aim to highlight the importance of dash cam security and provide insights that can lead to more secure designs and implementations.
\n\nSpeakers:Hyo Jin Lee,Hanryeol Park
\n
\nSpeakerBio: Hyo Jin Lee, Senior Researcher, R&D Team at ZIEN
\nSenior Researcher HYOJIN LEE, R&D Team, IoT Security Company ZIEN
\n\n\n- Helped hundreds of companies fix security vulnerabilities, including LG, EY, Korea Investment & Securities, KOREA ELECTRONICS ASSOCIATION, etc
\n- Operated booth and presented at the Korea Security Conference SECON (2024)
\n- Operated booth at RSAC (2024)
\n- First place in the Korea Home IoT Challenge (Cyber Security Challenge 2022)
\n- Fourth place in the Korea Smart City Challenge (Cyber Security Challenge 2023)
\n- Recipient of the \"Excellence in Cybersecurity Award\" from the Ministry of SMEs and Startups (MSS) at the Korea Security Conference WACON 2023
\n- Holder of five Korean patents, including one related to IoT collection modules.
\n
\n\nSpeakerBio: Hanryeol Park, Senior Researcher at ZIEN Lab
\nNo BIO available
\n\n\'',NULL,614581),('3_Saturday','10','10:00','10:59','N','BHV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Bridging Space and Medicine\'','\'Fernando De La Peña Llaca\'','BHV_d6df7d5a9d305b57a9f47af0b8a36844','\'Title: Bridging Space and Medicine
\nWhen: Saturday, Aug 10, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nIn the vast expanse of space, holographic teleportation—a futuristic blend of holography and teleportation—has revolutionized astronaut communication. Imagine beaming a lifelike 3D image of yourself across light-years. Now, consider its potential in medicine: remote surgeries, expert consultations, and training—where distance dissolves, and expertise transcends borders. Buckle up; holoconnect is our cosmic ticket to healing!
\n\nSpeakerBio: Fernando De La Peña Llaca, Aexa Aerospace
\nFor 28 years, Fernando De La Peña Llaca has steered Aexa Aerospace with unwavering leadership. His passion for space exploration, combined with Aexa\'s cutting-edge expertise, has propelled the company to remarkable heights. Here\'s how his visionary leadership transformed Aexa into a Federal Contractor for prestigious entities:
\n\n\nNASA Collaboration:
\n\n\n- Aexa\'s journey began with a shared vision for space. Fernando\'s commitment to NASA\'s mission led to strategic partnerships.
\n- As an undergraduate, he patented a groundbreaking spacecraft engine fueled by anti-matter—an innovation that caught NASA\'s attention.
\n
Defense and Industry Giants:
\n\n\n- Aexa\'s portfolio expanded to include the US Department of Defense. Fernando\'s leadership secured contracts with industry titans:
\n- Lockheed Martin: Collaborating on cutting-edge aerospace projects.
\n- Aerojet Rocketdyne: Advancing propulsion technologies.
\n- Teledyne Brown, KBR, and Thales Defense: Key partners in space exploration.
\n
Influential Roles:
\n\n\n- As former President of the National Contract Management Association (NCMA) Space City Houston chapter at NASA JSC, Fernando shaped contract management practices.
\n- His chairmanship of the Johnson Space Center Small Business Council fostered collaboration and growth.
\n
Community Engagement:
\n\n\n- Fernando\'s impact extends beyond contracts. He serves on the Bay Area Houston Economic Partnership Board of Directors (BAHEP), driving regional space initiatives.
\n- As aerospace liaison for the Clear Lake Chamber of Commerce, he bridges industry and community interests.
\n
Defense Industrial Base Leadership:
\n\n\n- Fernando\'s role as Chief of the Infragard Defense Industrial Base SIG underscores his commitment to national security.
\n- The Defense Industrial Base Sector, vital for military readiness, benefits from his expertise.
\n
Awards and Recognition:
\n\n\n- The Small Business Champion of the Year Award from the Small Business Administration celebrates his impact.
\n- NASA\'s Innovation of the Year Group Award 2022 further validates Aexa\'s contributions.
\n
\n\nFernando De La Peña Llaca\'s legacy is etched in the stars—a testament to visionary leadership and unwavering dedication to space exploration.
\n\n\n\'',NULL,614582),('2_Friday','11','11:30','12:30','N','ADV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Formidable Adversaries: Responding to Breaches, Ransomware, and State-Sponsored Threat Actors\'','\'Abhijith “Abx” B R,Adam \"_whatshisface\" Pennington,Ken Kato,Nikhil Mittal,Stryker\'','ADV_c7225c747f5e7a86488b21f84d4bc0d2','\'Title: Formidable Adversaries: Responding to Breaches, Ransomware, and State-Sponsored Threat Actors
\nWhen: Friday, Aug 9, 11:30 - 12:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nFor the past few years, we have had multiple instances of sophisticated cyber attacks ranging from ransomware attacks to attacks propagated by state sponsored threat actors; targeting elections, organizations, critical infrastructure etc. Organizations have had to step up and compensate with additional security controls and resources. We are living in a phase where even the most secure organizations are not immune to targeted cyber threats, the landscape of cyber security is in the state of constant evolution, with everybody playing to catch up.
\n\nThis panel has been structured to delve into the complex and evolving nature of cyber adversaries. Beginning with an overview of recent cyber-attacks, breaches, and targeted ransomware incidents. We will also examine the rising wave of state sponsored threat actors, while focusing on their sophisticated adversary tactics, techniques and procedures.
\n\nThis panel will focus on why organizations with even the most advanced cyber defense tooling and more than capable resources are still affected by breaches and threat actors. Our panel of experts will discuss the reasons behind these incidents and provide Insights into effective response and contentment strategies. Conversation will explore the critical components of how efficiently respond to threats, contain, and remediate them.
\n\nAdditionally, the panel will also touch upon how threat intel assisted adversarial attack simulation, offensive cyber security operations could be used as proactive measures in enhancing an organization’s defense posture, offering valuable insights into the mindset and methodologies of potential attackers.
\n\nSpeakers:Abhijith “Abx” B R,Adam \"_whatshisface\" Pennington,Ken Kato,Nikhil Mittal,Stryker
\n
\nSpeakerBio: Abhijith “Abx” B R
\nAbhijith B R, also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry. Currently he is involved with multiple organizations as a consulting specialist, to help them build offensive security operations programs, improve their current security posture, assess cyber defense systems, and bridge the gap between business leadership and cyber security professionals. Abhijith’s professional exposure is stretched across multiple industries and various other sectors.
\n\nAs the founder of Adversary Village, Abhijith spearheads a community driven initiative exclusively focused on adversary simulation, adversary tactics, purple teaming, threat-actor/ransomware research-emulation, and offensive security-adversary tradecraft.
\n\nSpeakerBio: Adam \"_whatshisface\" Pennington, Lead, ATT&CK at The MITRE Corporation
\nAdam Pennington leads ATT&CK® at The MITRE Corporation and collected much of the intelligence leveraged in creating ATT&CK\'s initial techniques.
\n\nAdam is a member of the core ATT&CK® team and the editor in chief for the ATT&CK® Blog. He has spent over a decade with MITRE studying and preaching the use of deception for intelligence gathering. Adam has presented and published several venues, including FIRST CTI, USENIX Security, and ACM Transactions on Information and System Security.
\n\nBefore joining MITRE, Adam was a researcher at Carnegie Mellon\'s Parallel Data Lab and earned his B.S. and M.S degrees in computer science and electrical and computer engineering and the 2017 Alumni Service Award from Carnegie Mellon University.
\n\nSpeakerBio: Ken Kato, VP at Omni Federal
\nBreaking up bureaucracy since 2008, Ken Kato is a leader in large-scale digital transformation for highly regulated industries. It’s his belief that success comes from changing how teams work with each other toward a common goal. Whether it’s an austere data center with bare-metal servers, global-scale cloud deployments, or terrestrial networking in the far reaches of space, it always comes back to the people.
\n\nKen’s recent accomplishments include: being a founding member of USAF Kessel Run, the first federal software factory; building Black Pearl, the Navy’s premiere DevSecOeps platform; and working with the White House to secure and scale critical cyber-infrastructure. \nBut technology alone can’t solve complex problems. With this in mind, Ken balances his years of experience with industry data to develop sustainable strategies for organizational growth and predict how decisions made today will be survivable in the years ahead.
\n\nSpeakerBio: Nikhil Mittal, Founder and Director at Altered Security
\nNikhil Mittal is a hacker, infosec researcher, speaker and enthusiast.
\n\nHis area of interest includes red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 13+ years of experience in red teaming. He specializes in assessing security risks at secure environments that require novel attack vectors and \"out of the box\" approach. He has worked extensively on Azure, Active Directory attacks, defense and bypassing detection mechanisms. Nikhil has held trainings and boot camps for various corporate clients (in US, Europe and SE Asia), and at the world\'s top information security conferences. He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more. He is the founder of Altered Security a company focusing on hands-on enterprise security learning.
\n\nSpeakerBio: Stryker, Head of Security Communications and Planning at Adversary Pursuit Group (APG)
\nStryker is the Head of Security Communications and Planning for the Adversary Pursuit Group (APG), where she translates technical research and qualitative intelligence into the \"so what?\" and \"what now?\" solutions that keep more people safe and secure. Stryker\'s 2023 original cybersecurity research series \"Press Reset\" won multiple industry awards, including best use of original research and best data insights. You can find her on LinkedIn, Mastodon, or in the Lonely Hackers Club (LHC) Telegram chat, where she once (in)famously ranted about how commercial gun safes do not make for secure off-site data storage options. Stryker lives in the Baltimore-DC area, renovating a townhouse with her ancient beagle-hound mix and growing parsley for swallowtail butterfly caterpillars.
\n\n\n\'',NULL,614583),('2_Friday','12','11:30','12:30','Y','ADV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Formidable Adversaries: Responding to Breaches, Ransomware, and State-Sponsored Threat Actors\'','\'Abhijith “Abx” B R,Adam \"_whatshisface\" Pennington,Ken Kato,Nikhil Mittal,Stryker\'','ADV_c7225c747f5e7a86488b21f84d4bc0d2','\'\'',NULL,614584),('3_Saturday','10','10:00','10:30','N','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'SBOMs the Hard Way: Hacking Bob the Minion\'','\'Larry Pesce\'','IOTV_6818391c8fa4fd9186b69dcb06f8ef78','\'Title: SBOMs the Hard Way: Hacking Bob the Minion
\nWhen: Saturday, Aug 10, 10:00 - 10:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nThis presentation delves into the intricate process of generating a Software Bill of Materials (SBOM) for the Bob the Minions WiFi router by Davolink—a device whose firmware isn\'t publicly available. Traditional SBOM creation methods rely on readily accessible firmware, but Davolink\'s restricted release policies necessitated an unconventional approach. This talk covers the step-by-step journey of hardware disassembly, firmware extraction via SPI flash and JTAG/SWD interfaces, and the tools and techniques employed. Finally, we\'ll demonstrate how the recovered firmware is used to generate a comprehensive SBOM, highlighting any security vulnerabilities discovered and reported to the vendor. This session aims to provide attendees with practical insights into overcoming SBOM generation challenges in the IoT domain through hands-on hardware hacking, and leveraging the firmware and SBOMs for vulnerability discovery, as well as security improvement.
\n\nSpeakerBio: Larry Pesce, Co-Founder and Co-Host at \"Paul\'s Security Weekly\" podcast
\nA self-professed, lifelong \"tinkerer and explorer,\" Larry always wanted to know how things work. \"I found myself getting to engage in deep dives of technology from an early age: My dad built the family television from a kit, and I helped. It caught fire. Twice. I helped fix it both times.” The help and advice received from the infosec community throughout his career inspired him to share what he had learned to help others secure their networks and improve their craft. Part of that ongoing sharing has been as the co-founder and co-host of the international award winning Paul\'s Security Weekly podcast for more than 17 years. Larry has spent the last 15 years as a penetration tester, spending lots of time focused on Healthcare, ICS/OT, Wireless, and IoT/IIoT/Embedded Devices, but now focuses his efforts on securing the software supply chain at Finite State.
\n\n\n\'',NULL,614585),('3_Saturday','10','10:00','10:59','N','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'Using AI Computer Vision in Your OSINT Data Analysis\'','\'Mike Raggo\'','PHV_feaac96f62ab8ce7be7d364f6a10d591','\'Title: Using AI Computer Vision in Your OSINT Data Analysis
\nWhen: Saturday, Aug 10, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nOSINT is a great mechanism for the collection of data, but what do you do with all of it once it’s collected? It can take significant time with the human eye to analyze each image or video. Furthermore, you may miss important artifacts in the foreground or background. Computer vision can churn through the plethora of data to pull out the relevant evidence at lightning speed. For the last 5 years we’ve been exploring the use of Azure and AWS for computer vision to rapidly process large sets of image and video data acquisitions for forensic evidence.Through the use of AI we have analyzed thousands of images and videos to perform object detection, facial recognition, OCR, voice to text analysis, and more. In this session we’ll explore the use of cloud platforms to exponentially increase your analysis of uncovering key artifacts to your case using demos and real world examples. We then apply chronolocation analysis to allow an investigator to paint a true-life narrative, for example an individual with a weapon at a location at a particular time. We’ll provide live demos of common scenarios to reveal benefits to processing your data collections in a rapid, efficient, comprehensive, and accurate manner. We’ll then wrap-up the presentation with additional AI computer vision recommendations and resources.
\n\nSpeakerBio: Mike Raggo
\nMichael T. Raggo has over 30 years of security research experience. During this time, he has uncovered and ethically disclosed vulnerabilities in products including Samsung, Checkpoint, and Netgear. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” for Syngress Book. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, SANS. He was also awarded the Pentagon’s Certificate of Appreciation.
\n\n\n\'',NULL,614586),('3_Saturday','10','10:30','11:15','N','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Psychic Paper: Making eink access badges accessible for anyone\'','\'Joshua Herman\'','IOTV_74cbfca63f1dd233b87178aae7082ec0','\'Title: Psychic Paper: Making eink access badges accessible for anyone
\nWhen: Saturday, Aug 10, 10:30 - 11:15 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nTo make RFID access badges vendors in China have created eink badges where instead of printing a badge out you instead program the eink portion of the badge with an smartphone app and then program the RFID portion. At this time the ones that are sold are either black and white or black and white and red. There is no security implemented so all you need to do is download the app to reprogram the front of the badge. This makes anyone able to reprogram both the front and back of the badge.
\n\nSpeakerBio: Joshua Herman
\nMy day job is that I am a release engineer specializing in compliance of various vendors at a large bank. Hacking, LLMs, and open source development are hobbies that I have. I have many given many talks such as at Defcon 31 about a natural language security scanner, Thotcon about of large scale social engineering, pyOhio about making chatbots using Blenderbot from Facebook, and at the Chicago Python User group about Cellular Automata I found in college (Snowlife). I have eleven years of software engineering experence with experience with message queues and trade compression debuggering by making a desktop app using Python and React I have a decade of professional experience in various industries such as insurance, CRM, Trade Show registration, recommender systems and cryptocurrency. I also have contributions to open source projects such as CPython documentation, triaging of issues and porting of features from Facebook’s fork of Python.
\n\n\n\'',NULL,614587),('3_Saturday','11','10:30','11:15','Y','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Psychic Paper: Making eink access badges accessible for anyone\'','\'Joshua Herman\'','IOTV_74cbfca63f1dd233b87178aae7082ec0','\'\'',NULL,614588),('3_Saturday','11','11:00','11:59','N','BHV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Eradicating Hepatitis C With BioTerrorism\'','\'Mixæl Swan Laufer\'','BHV_ab561664a2382b92717f7904c2dd4848','\'Title: Eradicating Hepatitis C With BioTerrorism
\nWhen: Saturday, Aug 10, 11:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nA quarter million people die from Hepatitis C yearly, and it\'s getting worse. But for the first time in history there is a cure (not just a treatment) for a virus, and it is for Hepatitis C. Take one 400mg pill of Sofosbuvir every day for twelve weeks, and you will be free of the virus. The catch? Those pills are $1,000 USD apiece because the molecule is the so-called \"Intellectual Property\" of Gilead Pharmaceuticals, and they refuse to share. If you have $84,000 USD, Hep C is not your problem. We have developed a way to make the entire course of treatment for $300 USD. This methodology also applies to other diseases. Like any science, the method of manufacture of drugs can be replicated, and we are going to give you all the necessary tools and show you the process top-to-bottom. Watch it happen live, participate, and learn to do it yourself: Use our digital research assistant to help you navigate the scientific literature, get a chemical synthesis pathway, generate code for the the MicroLab to run, and watch the medicine form in the reaction chamber. Finally, press some tablets. The feds say saving a life this way is BioTerrorism. We say: So Be It.
\n\nSpeakerBio: Mixæl Swan Laufer, Chief Spokesperson at Four Thieves Vinegar Collective
\nMixæl Swan Laufer worked in mathematics and high energy physics until he decided to use his background in science to tackle problems of global health and human rights. He now is the chief spokesperson for the Four Thieves Vinegar Collective which works to make it possible for people to manufacture their own medications and medical devices at home by creating public access to tools, ideas, and information.
\n\n\n\'',NULL,614589),('3_Saturday','11','11:00','11:30','N','ADV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Evading Modern Defenses When Phishing with Pixels\'','\'Melvin Langvik\'','ADV_85212c23e21175c8d4c943ccc8abce20','\'Title: Evading Modern Defenses When Phishing with Pixels
\nWhen: Saturday, Aug 10, 11:00 - 11:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nDive into the art of phishing with QR codes! We\'ll cover the fundamentals of QR code phishing, revealing how these innocuous-looking images are used to deceive users into a false sense of legitimacy. After touching upon the basics, we\'ll explore creative tactics for obfuscating and hiding QR codes to ensure they reach their intended targets. As a sidetrack, we\'ll delve into how emails are rendered within the Outlook Mail Application and showcase some neat tricks that exploit its limitations for hiding QR codes from modern defensive solutions. Overall, the talk is intended to help testers up their QR code phishing game!
\n\nSpeakerBio: Melvin Langvik, Offensive Security Team Lead at Kovert AS
\nMelvin Langvik is an accomplished professional with a diverse background in technology. He started his career as a developer and integration consultant, where he gained practical experience in developing and distributing critical backend infrastructure for an international customer base.
\n\nMelvin\'s passion for cybersecurity later led him to transition into offensive security. He previously worked for TrustedSec, an internationally recognized security company. Melvin was a part of TrustedSec\'s targeted operations team, tasked with performing targeted cyber attacks against some of the most mature and often largest companies in the world. Today, Melvin is the Offensive Security Team Lead at Kovert AS.
\n\n\n\'',NULL,614590),('3_Saturday','11','11:00','11:30','N','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'Introduction to IPv6\'','\'Denis Smajlović\'','PHV_eb14ff685ffc70b4eb9de4be9f896f16','\'Title: Introduction to IPv6
\nWhen: Saturday, Aug 10, 11:00 - 11:30 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nMost of the Internet today is running on a legacy version of the Internet Protocol: IPv4. Despite of this, the number of engineers, especially in security, who know how to use IPv6 is relatively low. In this talk we take you through why today’s Internet does not live up to its original vision, take you back to the past to show you what the IPv4 Internet used to look like, and, through this, reveal the secrets that will allow you finally understand IPv6.
\n\n\n\nSpeakerBio: Denis Smajlović, Nova
\nWith a background in security consulting, having worked for some of the largest financial institutions in Scandinavia, and biggest tech companies in the Bay Area, Denis started Nova to provide web application, network penetration testing, and bug bounty triage services at a scale that enables a greater focus on the specific needs of each individual client.
\n\n\n\'',NULL,614591),('3_Saturday','11','11:15','11:59','N','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'What To Expect When You’re Exploiting: Attacking and Discovering Zero-Days in Baby Monitors and Wi-Fi Cameras\'','\'Eric Forte,Mark Mager\'','IOTV_323cd1b2660554706854b69cc144ce32','\'Title: What To Expect When You’re Exploiting: Attacking and Discovering Zero-Days in Baby Monitors and Wi-Fi Cameras
\nWhen: Saturday, Aug 10, 11:15 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nHome surveillance technology is a modern convenience that has been made accessible to the masses through the rise of IoT devices, namely cloud-connected Wi-Fi cameras. From parents monitoring their infants to homeowners watching their entryways, these cameras provide users with access to instant, high definition video from the convenience of a mobile phone, tablet, or PC. However, the affordability of these devices and relative ease of cloud access generally correlates to flawed security, putting users at risk. We set out to explore the attack surface of various Wi-Fi camera models to gain a deeper understanding of how these devices are being exploited. In the end, we devised methods to gain local root access, uncovered user privacy issues, discovered a zero-day vulnerability within a prominent IoT device management platform that allows attackers to gain remote control of millions of cameras worldwide and access sensitive user data, and revealed how these devices may be vulnerable to remote code execution attacks through completely unauthenticated means thanks to an inherently flawed implementation of their underlying peer to peer networking protocol. Along with demonstrating our exploits against live cameras, we will highlight the methods used to obtain our most significant findings and provide guidance on remediating the issues we encountered so these devices can be used safely in your household. We will also invite audience members to probe and attack a camera during our talk and earn a prize in the process!
\n\nSpeakers:Eric Forte,Mark Mager
\n
\nSpeakerBio: Eric Forte, Security Research Engineer at Elastic
\nEric Forte is a Security Research Engineer at Elastic with a background in embedded systems and streaming data analysis. He has worked in technical leadership roles in engineering Low Size Weight and Power (SWaP) capabilities and network security solutions. As part of this work, he managed an IoT research and reverse engineering lab to help in the development of these different capabilities for various organizations across the United States.
\n\nSpeakerBio: Mark Mager, Lead, Endpoint Protections Team at Elastic
\nMark Mager leads the Endpoint Protections Team at Elastic. He has served in prominent technical leadership roles in the research and development of advanced computer network operations tools and has provided malware analysis and reverse engineering subject matter expertise to government and commercial clients in the Washington, D.C. metropolitan area.
\n\n\n\'',NULL,614592),('3_Saturday','11','11:30','12:30','N','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'Hunters and Gatherers: A Deep Dive into the World of Bug Bounties\'','\'Johnathan Kuskos,Katie Trimble-Noble,Sam (erbbysam) Erb,Jeff Guerra,Logan MacLaren\'','BBV_dea491da620f47241f009063cf16f5d6','\'Title: Hunters and Gatherers: A Deep Dive into the World of Bug Bounties
\nWhen: Saturday, Aug 10, 11:30 - 12:30 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nJoin us for an insightful panel discussion where we bring together seasoned Bug Bounty Program Managers and adept bug bounty hunters. This panel aims to address pressing questions and share diverse perspectives on the evolving landscape of bug bounties. We will dive into the challenges faced by both hunters and managers, discuss strategies to enhance the impact of submissions, and explore the future of bug bounties in the face of emerging technologies, evolving trends, and threats. We will also highlight the importance of bug bounties in the current cybersecurity landscape and share the top elements that contribute to a successful bug bounty program. Lastly, we will provide recommendations for organizations looking to mature their bug bounty programs but are hesitant about expanding. This panel promises to be a valuable opportunity for learning, sharing, and networking for anyone involved or interested in the world of bug bounties.
\n\nSpeakers:Johnathan Kuskos,Katie Trimble-Noble,Sam (erbbysam) Erb,Jeff Guerra,Logan MacLaren
\n
\nSpeakerBio: Johnathan Kuskos, Founder at Chaotic Good Information Security (CGIS)
\nThere\'s no place Kuskos would rather be than somewhere with a cool breeze, lightning-fast bandwidth, a decent brew, and a list of servers to target . He discovered his passion for offensive security nearly 13 years ago and quickly became obsessed with the art of finding overlooked vulnerabilities, understanding why they\'re missed, and enhancing tools and methodologies for comprehensive coverage. Kuskos is the founder of Chaotic Good Information Security, a labor of love boutique penetration testing firm.
\n\nSpeakerBio: Katie Trimble-Noble, Director PSIRT & Bounty
\nDirector, PSIRT and Bug Bounty at a Fortune 50 tech Company. Katie serves as a CVE Program Board, Bug Bounty Community of Interest Board, and Hacking Policy Council member. She is a passionate defensive cybersecurity community activist, she is regularly involved is community driven projects and is most happy when she is able to effect positive progress in cyber defense. Prior to joining private sector, Katie spent over 15 years in the US Government. Most recently as the Section Chief of Vulnerability Management and Coordination at the Department of Homeland Security, Cyber and Infrastructure Security Agency (CISA).
\n\nSpeakerBio: Sam (erbbysam) Erb, Security Engineer at Google
\nSam is a security engineer at Google who helps run the Google and Alphabet Vulnerability Reward Program. He holds two DEFCON black badges and numerous bug bounty live hacking event awards. He has presented previously on the DEFCON main stage and in the Packet Hacking Village. Outside of hacking, you will likely find Sam in a climbing gym or on the side of a mountain.
\n\nSpeakerBio: Jeff Guerra, Sr. Product Security Engineer at GitHub
\nJeff Guerra is a Sr. Product Security Engineer at GitHub who enjoys bounties, application security, and much more. He is an avid advocate for vulnerability disclosure/bug bounty programs and the effectiveness and community engagement that comes with it. He\'s a curious and passionate security professional who loves to talk all things security. He loves watching and playing soccer and has recently began his journey into time-attack track events. He\'s a huge car enthusiast and recently began learning to modify cars for the track and daily use.
\n\nSpeakerBio: Logan MacLaren, Senior Product Security Engineer at GitHub
\nLogan is a Senior Product Security Engineer at GitHub where he focuses on the success of their Bug Bounty program. When not hacking on GitHub itself, Logan can be found doing security research focused on open source projects, or learning and refining new skills with CTF challenges!
\n\n\n\'',NULL,614593),('3_Saturday','12','11:30','12:30','Y','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'Hunters and Gatherers: A Deep Dive into the World of Bug Bounties\'','\'Johnathan Kuskos,Katie Trimble-Noble,Sam (erbbysam) Erb,Jeff Guerra,Logan MacLaren\'','BBV_dea491da620f47241f009063cf16f5d6','\'\'',NULL,614594),('3_Saturday','11','11:30','11:59','N','XRV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Student Engagement Doesn\'t Have to Suck\'','\'Dr. Muhsinah Morris\'','XRV_b08b69600426a2a9e28ebf17bb8ca663','\'Title: Student Engagement Doesn\'t Have to Suck
\nWhen: Saturday, Aug 10, 11:30 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nHacking Education for better outcomes / teaching in the metaverse
\n\nSpeakerBio: Dr. Muhsinah Morris, Founder at Metaverse United, LLC
\nMeet the first ever Metaversity Director, Dr. Muhsinah Lateefah Morris. A BS graduate of the HBCU CAU. She obtained an MS & PhD from the Harvard of the South, Emory University in Biomolecular Chemistry. Dr. Morris has been part of and leading Morehouse’s Metaversity project since the Spring of 2021. She’s won awards for Teaching Excellence, Best Emerging Technology and Innovation, and First Place Unconventional Innovation in Industry. She resides in McDonough GA with her husband and five sons. One of her sons has autism and she advocates for the entire autism community. She’s a VR pioneer in education and is transforming learning globally. She is affectionately known as Dr. M.O.M. (Molder of Minds) by all her students. She continues to mold the minds of educators and students globally in the Metaverse. Her future is authentic transformation of the educational system for our future leaders using immersive technologies in the Metaverse. More recently, she founded Metaverse United, LLC where she helps people find where they belong in the embodiment of the internet called the Metaverse. Learn more at UnitetheMetaverse.
\n\n\n\'',NULL,614595),('3_Saturday','12','12:00','12:30','N','ICSV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'I am still the Captain now!\'','\'Paul Brownridge\'','ICSV_716ccb8d66dc47a30887cd912cf707cd','\'Title: I am still the Captain now!
\nWhen: Saturday, Aug 10, 12:00 - 12:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nFresh from his DEFCON 31 marsec village talk, \'I am the Captain now\', Paul has another year\'s experience at sea from which to share stories of taking control of vessels.
\n\nAs it\'s timely, he will look at why the MV Dali incident wasn\'t a hack, dispelling ill-informed opinions from the wave of armchair experts that suddenly emerged, but more interestingly, ways that it so easily could have been a cyber event.
\n\nFinally, maritime cyber regulation is starting to catch up, but so many operators and technology providers are likely to be caught out by IACS UR E26 & 27
\n\nSpeakerBio: Paul Brownridge
\nNo BIO available
\n\n\'',NULL,614596),('3_Saturday','12','12:00','12:59','N','DC','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'The wild and wonderful world of early Microprocessors (with a focus on the 6502)\'','\'Michael Brown\'','DC_2e1ff77db553f16ab290b77b6445ae36','\'Title: The wild and wonderful world of early Microprocessors (with a focus on the 6502)
\nWhen: Saturday, Aug 10, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nThis presentation will be a combination of history lesson, technical introduction, and some demonstration. The target audience are those who may never had a chance to experience early microcomputers but want to get an introduction to the world of “retro computing.
\n\nToday everyone\'s laptop or smartphone either run an Intel, AMD, or ARM processor. And most probably can\'t tell you exactly what they have or know any details of them. It’s all a black box to most. But back in the 70s and 80s, computer hobbyists & hackers knew they had a Z80, 6502, 6809, 68000 or other processor, and often knew the details and could and did program them in assembly. But while the industry has moved past the Apple II, Atari 400/800/XL/XE, Commodore 64 et al, there are still many who continue to use and enjoy these computers. Even to build and create new and exciting items for them as well as brand new systems using this old tech.
\n\nIn this presentation, we will delve into microprocessor history of the 8-bit and early 16-bit systems, with a particular focus on the MOS 6502, one of the most popular microprocessors. We will touch a little on the systems that used the 6502, and take a quick look into how to program the 6502, even showing a couple of 6502-based systems. Importantly for many, we will delve into some of the resources available for those wishing to enter this world also.
\n\nSpeakerBio: Michael Brown, Security and Compliance Director at FRG Systems
\nMichael Brown is an information security professional and leader with years of experience in IT and information security/cybersecurity. While a security consultant advisor, he worked with clients in the healthcare, financial, manufacturing, and other sectors to assess their security programs and work with them to improve and mature their security posture. He is now Security and Compliance Director for FRG Systems, ensuring their HITRUST and SOC compliance. He is experienced with a variety of security regulations, frameworks, and standards. A seasoned speaker and presenter, he has presented at SFISSA, BSides Tampa, St Pete, and Orlando, HackMiamiCon, and ISSA International. He is an ISSA Fellow and Secretary and past president of the South Florida Chapter of ISSA and is a member of ISACA, ISC2, Infragard, and IAPP.
\n\nMy first video game system was the Atari 2600, my first computer was an Atari 800XL, and second was an Atari 1040STfm. Which I still have.
\n\n\n\'',NULL,614597),('3_Saturday','12','12:00','12:30','N','XRV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'XR for All: Accessibility and Privacy for Disabled Users\'','\'Dylan Fox\'','XRV_7c495ce4b0c970148f1502a7db8c74b9','\'Title: XR for All: Accessibility and Privacy for Disabled Users
\nWhen: Saturday, Aug 10, 12:00 - 12:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nExtended Reality (XR) technologies offer tremendous new possibilities for socializing, entertainment, training, and more. Unfortunately, many disabled users find themselves excluded from XR entirely or exposed to severe privacy risks for using it. In this talk, Dylan Fox, Director of Operations for the XR Access Initiative at Cornell Tech, will discuss the core challenges disabled people face in using XR, the tensions between privacy and assistive capabilities, and the open-source efforts happening now to ensure XR is accessible to everyone.
\n\nSpeakerBio: Dylan Fox, Director of Operations, XR Access Initiative at Cornell Tech
\nI\'m a designer, manager, and researcher specializing in accessibility for emerging technologies, particularly VR and AR. I aim to bring together user needs, technological capabilities, and stakeholder requirements to create accessible products.
\n\n\n\'',NULL,614598),('3_Saturday','12','12:30','12:59','N','ASV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'GPS spoofing: it\'s about time, not just position\'','\'Ken Munro\'','ASV_da0b444d3dff75d27eeb1f0967e394a1','\'Title: GPS spoofing: it\'s about time, not just position
\nWhen: Saturday, Aug 10, 12:30 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nTalking to pilots and operators, an important aspect of GPS spoofing and jamming is being missed from the narrative in the media. We know about position spoofing, that\'s a given. What doesn\'t appear to be getting much attention is the effect of time spoofing.
\n\nThe most significant of these is an incident where time was spoofed a significant period into the future. This caused all digital certificates on board an aircraft to become invalid and caused all electronic communications to fail. As GPS clocks have protection against time being rolled backwards, but not forward, the aircraft was grounded for several weeks for systems to be reflashed and the clocks to be reset,
\n\nCoarse time spoofing could therefore ground entire fleets. We\'ll discuss this and potential mitigations. If time allows, we could touch on conventional RF navaids and their exposure to similar attacks.
\n\nSpeakerBio: Ken Munro, Partner and Founder at Pen Test Partners
\nKen Munro is Partner and Founder of Pen Test Partners, a firm of ethical hackers. He and colleagues hold private pilot’s licenses and have been interested in aviation security for many years. They also publish and blog about their research into aviation cyber security, covering topics from airborne connectivity, the potential risks of publicly available avionics component information, and even the entire attack surface of the modern airport. Ken and Pen Test Partners have also been invited to speak at various aviation industry events, and on aviation at specialist security events such as DEF CON’s Aerospace Village, the Global Connected Aircraft Summit, and the Aviation ISAC Summit among others.
\n\n\n\'',NULL,614599),('3_Saturday','12','12:30','12:59','N','ICSV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Manufacturing- Lessons Learned, Lessons Taught\'','\'Tim Chase\'','ICSV_92d225615e36bf45a9704beee5bc63a9','\'Title: Manufacturing- Lessons Learned, Lessons Taught
\nWhen: Saturday, Aug 10, 12:30 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nManufacturing continues to be a top targeted sector by cyber threat actors, especially by ransomware. Dragos 2023 Year In Review showed that 70% of all ransomware victims were manufacturers. The Global Resilience Federation Ransomware Report shows very similar figures. There are some specific elements that make manufacturing a particularly attractive target for ransomware such as the lack of network security and segmentation, IT compromise that often leads to operational disruption (even if there is not OT network intrusion), manufacturing having tight margins, a lack of a compliance regime, and organizational size all contributing. Manufacturing continues to be a top targeted sector by cyber threat actors, especially by ransomware. Dragos 2023 Year In Review showed that 70% of all ransomware victims were manufacturers. The Global Resilience Federation Ransomware Report shows very similar figures. There are some specific elements that make manufacturing a particularly attractive target for ransomware such as the lack of network security and segmentation, IT compromise that often leads to operational disruption (even if there is not OT network intrusion), manufacturing having tight margins, a lack of a compliance regime, and organizational size all contributing.
\n\nWhile manufacturing as a whole lags many other critical infrastructure sectors in aspects of cyber security there is a category that manufacturing has consistently led other industry verticals in, automation and device connectivity in the operational technology domain. Manufacturer’s OT network environments increasingly are set up as a network or hyper connected IIoT devices, where all data goes to the cloud and often comes back from the cloud to offer changes, and all participants have access into the OT network domain allowing manufacturing to push the boundaries of what products are technically possible, what production efficiencies are possible, and how OT environments can scale as never before.
\n\nThis has obviously come with downside risks that manufacturers are only now beginning to grapple with and to make meaningful changes to better protect their networks and the gains they have made. Their growing pains can serve as roadmap of what to do and what not to do as many other OT intensive industry verticals are moving very quickly into similar use cases.
\n\nSpeakerBio: Tim Chase, Program Director at Global Resilience Federation (GRF)
\nTim Chase is a Program Director with the Global Resilience Federation (GRF), he brings nearly a decade of collective defense and intelligence analysis experience to the communities he leads. He has worked across various critical infrastructure sectors in several information sharing communities. He leads the Manufacturing Information Sharing and Analysis Center (MFG-ISAC) where he engages members to facilitate cyber security success for manufacturers and their support ecosystem. The MFG-ISAC facilitates the exchange of cyber threat intelligence, vulnerabilities, and mitigation strategies while fostering member collaboration with other key sectors and government agencies to respond and prevent critical threats and incidents.
\n\n\n\'',NULL,614600),('3_Saturday','12','12:30','13:15','N','PLV','LVCC West/Floor 2/W222-Creator Stage 4','\'Pick Your Poison: Navigating a secure clean energy transition\'','\'Emma Stewart\'','PLV_cc974c418dd7ff35b8ec5ebc4c49dac1','\'Title: Pick Your Poison: Navigating a secure clean energy transition
\nWhen: Saturday, Aug 10, 12:30 - 13:15 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nClean Energy technology, while essential for the energy transition, often utilizes components sourced from adversarial countries, potentially increasing cyber vulnerabilities, especially in systems managed by smaller utilities with limited cybersecurity expertise. The previous approaches of \'rip and replace\' to eliminate foreign components have proved inadequate and if applied to clean energy, may be economically and technically destabilizing.
\n\nThis policy session will also delve into the broader implications of a digitalized supply chain, where simplistic views of cybersecurity do not suffice. Instead, a nuanced understanding of the operational and physical realities of energy systems is essential. By discussing how to balance immediate economic pressures against long-term sustainability and security, the session aims to foster a more informed and effective policy discourse.
\n\nIn summary, as the energy sector evolves to include diverse infrastructure systems—ranging from hospitals to military installations—the need for a robust, informed, and agile policy approach to cybersecurity becomes increasingly critical. This session will provide a platform for critical discourse to ensure that the transition to renewable energy is both secure and sustainable, aligning climate goals with national security imperatives
\n\nSpeakerBio: Emma Stewart, Chief Power Grid Scientist at Idaho National Labs
\nEmma M. Stewart, Ph.D., is a respected power systems security specialist with expertise in power distribution and operational cybersecurity. Emma is currently the Chief Power Grid Scientist at Idaho National Labs and the Director of the Center for Securing the Digital Energy Transition.
\n\nFrom 2021 to 2023, Dr. Stewart served as the Chief Scientist at the National Rural Electric Cooperative Association (NRECA), where she led NRECA Research and the Co-Op Cyber Program. Her responsibilities included providing electric cooperatives with education, training, information sharing, incident support, technology integration, and R&D services.\nAt Lawrence Livermore National Laboratory, she served as the Associate Program Leader for Cyber and Infrastructure Resilience, managing research on prevention and response to high consequence grid events such as wildfire and cyber attack. At Lawrence Berkeley National Laboratory, she was the Deputy Group Leader in the Grid Integration Group and played a major role in developing the first micro-synchrophasor network in the US enabling the data to be used to prevent wildfire and equipment failure.
\n\nBefore joining national laboratories, Dr. Stewart worked as a Senior Engineer at BEW Engineering, where she led distribution planning, modeling, and analysis consulting for large utility customers in Hawaii and California. Dr. Stewart has made significant contributions to the field of security of power systems, receiving patents for innovations in power distribution systems and data analytics, and is one of the few who truly works at the center of the clean energy, energy security and cybersecurity venn diagram.
\n\n\n\'',NULL,614601),('3_Saturday','13','12:30','13:15','Y','PLV','LVCC West/Floor 2/W222-Creator Stage 4','\'Pick Your Poison: Navigating a secure clean energy transition\'','\'Emma Stewart\'','PLV_cc974c418dd7ff35b8ec5ebc4c49dac1','\'\'',NULL,614602),('3_Saturday','13','13:00','13:59','N','DC','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'All Your Keyboards Are Belong to US!\'','\'Federico Lucifredi\'','DC_4b2c155065bd83f0ae1abbe320781960','\'Title: All Your Keyboards Are Belong to US!
\nWhen: Saturday, Aug 10, 13:00 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nThis is a live tutorial of hacking against keyboards of all forms. Attacking the keyboard is the ultimate strategy to hijack a session before it is encrypted, capturing plaintext at the source and (often) in much simpler ways than those required to attack network protocols.
\n\nIn this session we explore available attack vectors against traditional keyboards, starting with plain old keyloggers. We then advance to \"Van Eck Phreaking\" style attacks against individual keystroke emanations as well as RF wireless connections, and we finally graduate to the new hotness: acoustic attacks by eavesdropping on the sound of you typing!
\n\nUse your newfound knowledge for good, with great power comes great responsibility!
\n\nA subset of signal leak attacks focusing on keyboards. This talk is compiled with open sources, no classified material will be discussed.
\n\nSpeakerBio: Federico Lucifredi, Product Management Director, Ceph Storage at IBM and Red Hat
\nFederico Lucifredi is the Product Management Director for Ceph Storage at IBM and Red Hat and a co-author of O\'Reilly\'s \"Peccary Book\" on AWS System Administration. Previously, he was the Ubuntu Server product manager at Canonical, where he oversaw a broad portfolio and the rise of Ubuntu Server to the rank of most popular OS on Amazon AWS. A software engineer-turned-manager at the Novell corporation, he was part of the SUSE Linux team, overseeing the update lifecycle and delivery stack of a $150 million maintenance business. A CIO and a network software architect at advanced technology and embedded Linux startups, Federico was also a lecturer for over 200 students in Boston University\'s graduate and undergraduate programs, and simultaneously a consultant for MIT implementing fluid-dynamics simulations in Java.
\n\n\n\'',NULL,614603),('3_Saturday','13','13:00','13:30','N','ASV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Fly Catcher - How I Developed a Low-Cost Raspberry Pi Based Device for ADS-B Spoof\'','\'Angelina Tsuboi\'','ASV_d5b3d0da7acedef3a13155b39148902f','\'Title: Fly Catcher - How I Developed a Low-Cost Raspberry Pi Based Device for ADS-B Spoof
\nWhen: Saturday, Aug 10, 13:00 - 13:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nAs a pilot and cybersecurity researcher, I am very interested of the nexus between aviation and security. To explore this interest, I developed a device called Fly Catcher - a device that detects for aircraft spoofing by monitoring for malicious ADS-B signals in the 1090MHz frequency. The device consists of a 1090 MHz antenna, a Flight Aware RTL SDR, a custom 3D printed case, a portable battery charger, and a MicroUSB cable.
\n\nThe device receives ADS-B information from the antenna and the software-defined radio, which is then passed into a Convolutional Neural Network written with Python to detect whether or not the aircraft is spoofed. I trained the neural network on a dataset of valid ADS-B signals as well as a generated spoofed set of aircraft signals, to teach Fly Catcher how to detect and flag any suspicious ADS-B signals. It does this by checking for discrepancies in the signal\'s characteristics, such as its location, velocity, and identification.
\n\nThe result outputted by the neural network is then displayed onto a radar screen allowing users to detect spoofed aircraft near them. To test the device, I brought it with me for an hour-long flight to scan for a wide variety of aircraft enroute. After the flight, the data was fed into the Neural Network to analyze any spoofed aircraft I might have encountered.
\n\nSpeakerBio: Angelina Tsuboi
\nAngelina Tsuboi is a pilot and an aerospace cybersecurity instructor with over a decade of development experience. In addition to being a scientific researcher for NASA, she has been involved in various CubeSat initiatives and enjoys tinkering with microcontrollers.
\n\n\n\'',NULL,614604),('3_Saturday','13','13:00','13:30','N','LPV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Locksport Competitions: Compete in the Olympics of Locks \'','\'Matt Burrough\'','LPV_782fd0b855860c36294908367f446eef','\'Title: Locksport Competitions: Compete in the Olympics of Locks
\nWhen: Saturday, Aug 10, 13:00 - 13:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nPicking locks is fun, but what if you want more? Ever considered competing against other lock enthusiasts? In this talk we\'ll discuss the exciting lock-related competitions that take place around the world, how to find them, and what it takes to compete and win.
\n\nSpeakerBio: Matt Burrough
\nMatt Burrough is a devoted locksport hobbyist who has competed in a variety of international lockpicking tournaments. He also co-leads the Seattle Locksport group. During the day, Matt manages a professional red team. He is the author of Pentesting Azure Applications (No Starch Press, 2018) and co-author of Locksport (No Starch Press, 2024).
\n\n\n\'',NULL,614605),('3_Saturday','13','13:15','13:59','N','PLV','LVCC West/Floor 2/W222-Creator Stage 4','\'Hacker vs AI: perspectives from an ex-spy\'','\'Harriet Farlow\'','PLV_ec29f8ca1803501f7aef8d531bdea9bf','\'Title: Hacker vs AI: perspectives from an ex-spy
\nWhen: Saturday, Aug 10, 13:15 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nThe convergence of Artificial Intelligence (AI) and national security not only fuels international discourse but also inspires narratives within popular culture. Harriet is no stranger to these myths, as an ex-intelligence professional who specialized in applying machine learning to cyber security. In fact, she likes to lean into them. This makes her previous bosses nervous, so she uses pop culture as the lens through which to communicate her insights - and in this talk she utilizes the worlds of Ghost in the Shell, Neuromancer and Mission Impossible.
\n\nThrough these stories, as well as her own decade of experience working at the intersection of artificial intelligence and cyber security, Harriet discusses the extent to which fears surrounding AI systems are applicable to real life national security settings. From cyber warfare to AI-driven surveillance, she unravels the interplay between hackers, AI, and government agencies. This session is interactive, with demos of how these AI systems actually work under the hood, as well as discussion time. Blur the lines between human and machine, and understand how you can contribute your skills to prevent our own modern day Puppet Master.
\n\nSpeakerBio: Harriet Farlow, CEO at Mileva Security Labs
\nHarriet Farlow is the CEO of AI Security company Mileva Security Labs, a PhD Candidate in Machine Learning Security, and creative mind behind the YouTube channel HarrietHacks. She missed the boat on computer hacking so now she hacks AI and Machine Learning models instead. Her career has spanned consulting, academia, a start-up and Government, but don’t judge her for that one. She also has a Bachelor in Physics and a Master in Cyber Security. She calls Australia home but has lived in the UK and the US. Her ultimate hack was in founding her own AI Security company but if Skynet takes over she will deny everything and pretend the AI stood for Artificial Insemination, like her Mum thinks it does. (Sorry Mum but I’m not really a Medical Doctor).
\n\n\n\'',NULL,614606),('3_Saturday','13','13:30','14:15','N','MISC','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'How we built our REDACTED THING this year, 5n4ck3y, && AMA Panel on Making Badges\'','\'AND!XOR \'','MISC_cb1c448bd9405f53c7d68d1e539b2bcb','\'Title: How we built our REDACTED THING this year, 5n4ck3y, && AMA Panel on Making Badges
\nWhen: Saturday, Aug 10, 13:30 - 14:15 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nSee talk title, kids these days dont read more than a sentence anyway. Seriously though, we get asked a lot of random custom electronics, hardware hacking, and badge questions, here\'s your chance to throw them at us while we drink a beer and pretend to know the right answer
\n\nSpeakerBio: AND!XOR
\nAND!XOR is a hacker group of engineers who make electronic badges, retrofit snack machines, shenanigans, and other useful tech such as the wireless microwave oven sensor.
\n\n\n\'',NULL,614607),('3_Saturday','14','13:30','14:15','Y','MISC','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'How we built our REDACTED THING this year, 5n4ck3y, && AMA Panel on Making Badges\'','\'AND!XOR \'','MISC_cb1c448bd9405f53c7d68d1e539b2bcb','\'\'',NULL,614608),('3_Saturday','13','13:30','13:59','N','ASV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Small Satellite Modeling and Defender Software\'','\'Kyle Murbach\'','ASV_57b339313a250bb826bb384d10724f13','\'Title: Small Satellite Modeling and Defender Software
\nWhen: Saturday, Aug 10, 13:30 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nThe proliferation of ride-share rocket launches and decrease in the overall cost of sending payloads to space due to recent successes in the private space industry has made small satellite systems a cost effective and time-efficient method to put research vehicles in space.
\n\nThe University of Alabama in Huntsville’s Center for Cybersecurity Research and Education (CCRE) has been funded by the U.S. Army Space and Missile Defense Command (SMDC) over the last several years to investigate the overall cybersecurity posture of small satellite systems. Numerous iterations of student teams led by CCRE and SMDC staff members have managed to accomplish notable research milestones.
\n\nThis talk is meant to inform the next generation in aerospace cybersecurity by discussing our major research milestones, relevant findings, lessons learned, and areas of concern relating to the overall cybersecurity posture of small satellite systems.
\n\nRelevant items to be covered in this talk include what it took to build a working small satellite system model as close to real-world as possible (Raspberry Pis vs PyCubed boards vs other contenders), implementation of small satellite functions (payload camera, radio communications, positioning/sensor array, orbital simulation, battery/solar charging, etc.), performing vulnerability analysis against the implemented model, creating different attack scenarios (MitM, DoS, spoofing, hardware attacks), implementing defensive mitigations (hardening scripts, command validation, health checks), and the development of a lightweight software solution named “Small Satellite Defender” (SSD) designed to protect satellites from potential threat vectors.
\n\nSpeakerBio: Kyle Murbach, Principal Research Engineer, Center for Cybersecurity Research and Education (UAH/CCRE) at University of Alabama in Huntsville
\nDr. Kyle Murbach is a Principal Research Engineer at the University of Alabama in Huntsville’s Center for Cybersecurity Research and Education (UAH/CCRE). With over 9 years of experience as a cybersecurity researcher and software reverse engineer with industry and government, he is responsible for leading numerous cybersecurity related projects as PI, Co-PI, and Subject Matter Expert in various topic areas related to malware analysis, tool development, reverse engineering, vulnerability analysis, and computer network operations.
\n\nAt UAH/CCRE, Dr. Murbach is the technical director for the Space Testing and Resiliency Simulation (STARS) Team where he has led numerous students in the design and development of a small satellite testbed and vulnerability analysis of small satellite systems over the last four years. Dr. Murbach has also led technical development efforts to create an automated malware analysis platform which integrates open-source tools to create high confidence summary information of potential malicious activity in binary files. He also played a key role in the development of a testbed for analysis of malware on non-x86 architectures using emulation and integrated open-source tools to collect comprehensive system data during execution and create visualizations that display potential indicators of compromise to the user. He has worked with private industry partners to assess, reverse engineer, and identify any potential vulnerabilities in a custom cryptographic software.
\n\nDr. Murbach is CISSP certified, he holds his PhD in Cyber Operations from Dakota State University (2019) and BS/MS degrees in Computing Security from Rochester Institute of Technology (2016) as a CyberCorps Scholarship for Service graduate. He has also taught software reverse engineering as an adjunct lecturer for the University of Colorado at Boulder for the last three years.
\n\n\n\'',NULL,614609),('3_Saturday','14','14:00','14:59','N','MISC','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Color Blasted Badge Making: How Hard Could It Be ?\'','\'Abhinav Panda,Bradán Lane,Hamster\'','MISC_7a471b952ba5382a683976276f2140d8','\'Title: Color Blasted Badge Making: How Hard Could It Be ?
\nWhen: Saturday, Aug 10, 14:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nWithout plan or intent, three Makers took three paths to achieve colorful badges and none were smart enough to turn back. Join our panel discussion to learn our different approaches, the strengths and weaknesses of each, and ask your probing questions. Perhaps you too will be foolish enough to venture into the technicolor labyrinth.
\n\nSpeakers:Abhinav Panda,Bradán Lane,Hamster
\n
\nSpeakerBio: Abhinav Panda
\nAbhinav\'s artistry comes from the times he used to sneakily paint drawings made by his sister. His hacking career began as a toddler, disassembling his toys but never put them back together. His entrepreneurial roots come from selling snacks at a school fair and making a loss of $10. Having learned how not to make money, he launched Hackerware.io and the rest, as they say, is history.
\n\nSpeakerBio: Bradán Lane
\nBradán graduated third grade with a degree in crayon. This, combined with his unwavering belief in \"how difficult could it be\", makes him eminently qualified to speak on the nuances of color theory in electronics design.
\n\nSpeakerBio: Hamster
\nHamster is an engineer who watched too much MacGyver as a kid and is now doomed to invent more and more complicated ways to make the Angry Pixies dance.
\n\n\n\'',NULL,614610),('3_Saturday','14','14:00','14:30','N','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'Efficient Bug Bounty Automation Techniques\'','\'Gunnar Andrews\'','BBV_2825d9808c9403b71da79306fcfe5a2f','\'Title: Efficient Bug Bounty Automation Techniques
\nWhen: Saturday, Aug 10, 14:00 - 14:30 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nIf you\'re a bug bounty hunter, time can literally mean money. For this reason, automation can be a vital part of how you hunt. But automation has limits. Whether this is hardware limits, target rate limits, WAFs & bot detection, and the list goes on. Successful automation techniques should EFFICIENTLY enhance your hunting. Whether it is being first to a fresh target, or finding targets other hunters haven\'t. We will go over some techniques and tools to get ahead of the pack, without wasting all your time and money.
\n\nSpeakerBio: Gunnar Andrews
\nI am a hacker, engineer, gamer, and creator from the Midwest. I enjoy being involved in the bug bounty community, meeting new hunters, learning techniques, and building cool software! I have a passion for writing security tools and building systems, as well as creating the best and biggest community of friends I can! I love to talk automation, hacking, software/systems, and just about anything else tech.
\n\n\n\'',NULL,614611),('3_Saturday','14','14:00','14:30','N','BHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'You got a lighter? I need to do some Electroporation.\'','\'James Utley,Joshua HIll,Phil Rhodes\'','BHV_5f46b0b51bc01f6a87c77d04e56a0874','\'Title: You got a lighter? I need to do some Electroporation.
\nWhen: Saturday, Aug 10, 14:00 - 14:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nBiological warfare is a phenomenon that spans human history, tracing its roots to ancient times rather than being a recent invention. To gain insights into bioweapons\' current and future landscape, it is imperative to look into historical examples of conventional biological warfare and understand how methods were devised and implemented. Our future hinges significantly on our ability to foster transparency and creativity within the global community. This optimism is intertwined with our comprehension of technological advancements, the rapid pace of innovation, the interconnectedness of various domains, and the imperative task of constructing practical defenses against emerging threats. As a poignant reminder, our vulnerability lies in technological shortcomings and our collective failure of imagination. This discourse extends to establishing social norms and mores that are pivotal in shaping attitudes toward biological warfare and encompasses an exploration of prospective research endeavors and emerging initiatives leveraging artificial intelligence (AI) in the realm of bioweaponry. As we confront the intricate interplay between technological advancements and human agency, it is imperative to remain vigilant and resolute in our pursuit of a future safeguarded against the malevolent exploitation of biological agents.
\n\nSpeakers:James Utley,Joshua HIll,Phil Rhodes
\n
\nSpeakerBio: James Utley, Chief Scientific Officer at Auragens
\nMeet Dr. James Utley, PhD, a distinguished Immunohematology expert and cellular therapy pioneer. A Johns Hopkins alum, he transformed cellular transfusion at the Department of Defense. A true Biohacker, James pushes the boundaries of CRISPR and genetic engineering through self-experimentation. As the former Technical Director at a large healthcare organization, he oversaw 150K successful cellular transfusions, merging technical expertise with innovative practices. His avant-garde publications and FDA-approved breakthroughs underscore his impact. Now, as the Chief Scientific Officer at Auragens, James is a trailblazer in the stem cell revolution. Dubbed the “pirate” of the cellular world, he continues to reshape and advance the field, making a significant difference every day.
\n\nSpeakerBio: Joshua HIll
\nNo BIO available
\nSpeakerBio: Phil Rhodes
\nNo BIO available
\n\n\'',NULL,614612),('3_Saturday','14','14:15','14:59','N','ASV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'RF Attacks on Aviation\'s Last Line of Defense Against Mid-Air Collisions (TCAS II)\'','\'Giacomo Longo,Vincent Lenders\'','ASV_c8492f3dc4a90db5fc2d5c873969ef72','\'Title: RF Attacks on Aviation\'s Last Line of Defense Against Mid-Air Collisions (TCAS II)
\nWhen: Saturday, Aug 10, 14:15 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nAviation\'s Traffic Collision Avoidance System (TCAS) II has been touted as a foolproof safety net since its introduction in the 1980s. But what if we told you that this supposedly impenetrable system can be compromised? For years, attacks on TCAS have been mere theoretical exercises, foiled by an (accidental) built in security feature. That is, until now. In this presentation, we\'ll reveal the first working RF attacks on TCAS II, demonstrating how to hijack collision avoidance displays and create fake Traffic Advisories (TAs) and Resolution Advisories (RAs). We\'ll walk you through the technical challenges of building the necessary tooling using commercial off-the-shelf hardware.
\n\nBut that\'s not all. Our research has also uncovered a second attack capable of remotely disabling an aircraft\'s TCAS capabilities, rendering it vulnerable to mid-air collisions. The implications are clear: if our findings can be exploited in real-world scenarios, the safety of millions of passengers hangs in the balance. Join us as we lift the lid on this shocking vulnerability and explore the dark side of aviation security.
\n\nSpeakers:Giacomo Longo,Vincent Lenders
\n
\nSpeakerBio: Giacomo Longo
\nGiacomo Longo is a Ph.D. student by day, and a master of mayhem by night. When he\'s not burrowing through the depths of transportation system security, specifically primary and secondary radar systems, you can find him conjuring chaos as an engineer with a passion for solving what he thinks are the world\'s most intriguing problems. By harnessing his love for disorder into scientific research, Giacomo is on a mission to uncover the secrets of transportation systems - or at least, that\'s what he tells his thesis committee. Until the world takes notice, he\'ll continue to stir up trouble in the name of scientific progress.
\n\nSpeakerBio: Vincent Lenders, Cybersecurity Researcher and Head at Cyber-Defence Campus
\nVincent Lenders is a cybersecurity researcher from Switzerland where he acts as the Head of the Cyber-Defence Campus. He has a Master and PhD degree from ETH Zurich in electrical engineering. He has over 15 years of practical experience in cybersecurity with a strong focus on the security of wireless networks. He is the co-founder of the OpenSky Network and has published over 150 scientific papers and two books, and presents regularly at cybersecurity conferences including Usenix Secuirty, DEFCON, IEEE S&P, NDSS, ACM CCS.
\n\n\n\'',NULL,614613),('3_Saturday','14','14:30','15:15','N','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'Leveraging AI for Smarter Bug Bounties\'','\'Diego Jurado,Joel \"Niemand_Sec\" Noguera\'','BBV_329bea5cdb6c89174c77c1975011bdc3','\'Title: Leveraging AI for Smarter Bug Bounties
\nWhen: Saturday, Aug 10, 14:30 - 15:15 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nAs security researchers, we constantly attempt to stay ahead of the curve, seeking innovative solutions to enhance our offensive security strategies. In recent years, the advent of artificial intelligence (AI) has introduced a new dimension to our efforts, particularly in the realm of bug bounties and pentesting. While significant attention has been given to understanding and mitigating attacks against AI systems, the potential of AI to assist in the offensive security field remains largely unclear.
\n\nThis talk pretends to dig into the research and development process undertaken to create an AI agent designed to augment the bug bounty and pentesting workflow. Our AI agent is not merely a theoretical concept but a practical tool aimed at enhancing the efficiency and effectiveness of security researchers.
\n\nWe have conducted extensive research to understand how AI can mimic and enhance human intuition and creativity in identifying vulnerabilities. While this may sound trivial, there is little evidence of this being tested before on generative AI agents. Our work breaks new ground by pushing the boundaries of what AI can achieve in offensive security.
\n\nWill AI become an indispensable tool in our arsenal, capable of autonomously identifying and exploiting vulnerabilities? Join us as we explore the possibilities and implications of AI as an offensive assistant in this new era of offensive security.
\n\nSpeakers:Diego Jurado,Joel \"Niemand_Sec\" Noguera
\n
\nSpeakerBio: Diego Jurado, Security Researcher at XBOW
\nDiego Jurado is a security researcher at XBOW, a company dedicated to developing innovative AI for offensive security. Diego is an offensive security professional with an extensive background in bug bounty, penetration testing and red team. Prior to this role, Diego has held positions at companies such as Microsoft Xbox, Activision Blizzard King and Telefónica. Additionally, Diego participates in bug bounty programs and has managed to establish himself in the top 38 all time leaderboard of HackerOne. Diego is part of Team Spain, champion of the Ambassadors World Cup 2023 a bug bounty competition organized by HackerOne.
\n\nSpeakerBio: Joel \"Niemand_Sec\" Noguera, Security Researcher at XBOW
\nJoel Noguera is a security researcher at XBOW, a company dedicated to developing innovative AI for offensive security. Joel is a security professional and bug hunter with more than eight years of expertise in exploit development, reverse engineering, security research and consulting. He has actively participated in Bug Bounty programs since 2016, reaching the all-time top 60 on the HackerOne leaderboard. Before joining XBOW, he was part of Immunity Inc., where he worked as a security researcher for three years. Joel has presented at Recon, BlackHat Europe, EkoParty and BSides Keynote Berlin, among others.
\n\n\n\'',NULL,614614),('3_Saturday','15','14:30','15:15','Y','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'Leveraging AI for Smarter Bug Bounties\'','\'Diego Jurado,Joel \"Niemand_Sec\" Noguera\'','BBV_329bea5cdb6c89174c77c1975011bdc3','\'\'',NULL,614615),('3_Saturday','14','14:30','15:15','N','BHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'The Past, Present, and Future of Bioweapons\'','\'Lucas Potter,Meow-Ludo Disco Gamma Meow-Meow ,Xavier Palmer\'','BHV_1a61d7e31f0a1db65ecc2bd2094bc34f','\'Title: The Past, Present, and Future of Bioweapons
\nWhen: Saturday, Aug 10, 14:30 - 15:15 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nBiological warfare is a phenomenon that spans human history, tracing its roots to ancient times rather than being a recent invention. To gain insights into bioweapons\' current and future landscape, it is imperative to delve into historical examples of conventional biological warfare and understand how methods were devised and implemented.
\n\nHowever, amidst the exploration of historical precedents, it becomes evident that our optimism for the future hinges significantly on our ability to foster transparency and creativity within the global community. This optimism is intertwined with our comprehension of technological advancements, the rapid pace of innovation, the interconnectedness of various domains, and the imperative task of constructing practical defenses against emerging threats. It is crucial to acknowledge that despite the sophistication of technology, its efficacy remains intricately linked to human ingenuity. As a poignant reminder, our vulnerability lies in technological shortcomings and our collective failure of imagination. Creativity, a distinctly human attribute, stands as the cornerstone in the perpetual endeavor to safeguard against unforeseen adversities.
\n\nFurthermore, the discourse extends to establishing social norms and mores that are pivotal in shaping attitudes toward biological warfare. Addressing the proliferation of disinformation and its potential to fuel the proliferation and utilization of bioweapons becomes imperative. This discussion encompasses an exploration of prospective research endeavors and emerging initiatives leveraging artificial intelligence (AI) in the realm of bioweaponry. Notably, the utility of Generative AI in affecting societal shifts toward the normalization of bioweapon deployment warrants scrutiny. Additionally, the current societal landscape, particularly the desensitization of internet denizens to overt hostile actions, poses profound implications for the future trajectory of biological warfare.
\n\nIn essence, a comprehensive understanding of historical precedents, coupled with a proactive approach towards fostering transparency, creativity, and the cultivation of robust societal norms, is indispensable in navigating the complexities of bioweapon proliferation. As we confront the intricate interplay between technological advancements and human agency, it is imperative to remain vigilant and resolute in our pursuit of a future safeguarded against the malevolent exploitation of biological agents.
\n\nSpeakers:Lucas Potter,Meow-Ludo Disco Gamma Meow-Meow ,Xavier Palmer
\n
\nSpeakerBio: Lucas Potter, Engineer at BiosView
\nLucas has been an engineer with BiosView, specifically focusing on BioCyberSecurity, for the past five years. Previous efforts have resulted in 14 academic journal articles and 22 conference articles.
\n\nSpeakerBio: Meow-Ludo Disco Gamma Meow-Meow
\nMeow-Ludo is an Australian biohacker, serial political candidate, and general provocateur. He is interested in transdisciplinary technological systems and how they can be used and abused. He is perhaps most well known for taking the government to court over his right to use an implanted travel-pass, and through doing so opened up a conversation around the rights that individuals have over the technology they use that extended around the world. He is currently working on life extension gene therapy design and assisting with psilocybin therapies for depression.
\n\nSpeakerBio: Xavier Palmer
\nXavier comes from multiple disciplines and is also part of the virtual lab, BiosView. He is fond of promoting positive and creative projects with non-traditional students that foster curiosity and conversation around technologies that interface with all aspects of biology.
\n\n\n\'',NULL,614616),('3_Saturday','15','14:30','15:15','Y','BHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'The Past, Present, and Future of Bioweapons\'','\'Lucas Potter,Meow-Ludo Disco Gamma Meow-Meow ,Xavier Palmer\'','BHV_1a61d7e31f0a1db65ecc2bd2094bc34f','\'\'',NULL,614617),('3_Saturday','15','15:00','15:30','N','PSV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Bypass 102\'','\'Karen Ng,Terry Luan\'','PSV_fccae76523b1f02c6d1af49ef29a6098','\'Title: Bypass 102
\nWhen: Saturday, Aug 10, 15:00 - 15:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nNow that you’re familiar with the techniques used to bypass locks in some door installation, come and learn the remediations for these common bypasses. In this talk, you will learn how to protect against or harden against attacks such as the Under the Door attack, latch slipping, and more.
\n\nSpeakers:Karen Ng,Terry Luan
\n
\nSpeakerBio: Karen Ng, Risk Analyst at GGR Security
\nKaren is a Risk Analyst at GGR Security, and is one of GGR\'s entry team for physical penetration tests. She has a strong interest in physical security, delivering trainings on physical security vulnerabilities to a wide range of audiences. Karen comes from a background in engineering and has extensive experience in major event logistics. She is one of the Village Leads at the Physical Security Village, and works with the rest of the PSV team to teach how to recognize and fix security exploits to the community. Graphic design is her passion.
\n\nSpeakerBio: Terry Luan
\nTerry is a recent Computer Engineering graduate. As one of the Village Leads for the Physical Security Village, he helps with much of the Village logistics, as well as volunteer and external management. His main areas of interest are in security (both physical and virtual) and lockpicking, and he loves teaching people about various security exploits.
\n\n\n\'',NULL,614618),('3_Saturday','15','15:00','15:30','N','ICSV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'War Games: Red Team for OT (Based on Real World Case Studies)\'','\'Shishir Gupta\'','ICSV_becf1ddd7d3d6b5d6462d9fbb4063373','\'Title: War Games: Red Team for OT (Based on Real World Case Studies)
\nWhen: Saturday, Aug 10, 15:00 - 15:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nIn this talk, Shishir will share some critical insights from performing a decade worth of Red Team (attack simulation) exercises for large-scale industrial operations across the globe.
\n\nThe presentation will also cover real-world examples of attack vectors leveraged by Google\'s Mandiant Red Team while performing offensive security exercises for operational technology and control system environments.
\n\nThis talk will cover:
\n\n\n- Insights into common TTPs and attack vectors for large-scale industrial networks
\n- Network propagation and mission execution across ICS-OT attack life-cycle
\n- Examples from real-world case studies of penetrating cyber-physical systems
\n
\n\nSpeakerBio: Shishir Gupta, Technical Manager and Function Lead, ICS-OT Red Team at Mandiant
\nShishir specialises in offensive security for critical infrastructure and operational technology, and has led penetration testing and attack simulation (red team) exercises for 50+ industrial operations across the globe. He has a unique experience of conducting technical assessments across a wide variety of critical infrastructure and cyber physical sectors (including power and utilities, road transportation, rail transportation, air traffic control, industrial manufacturing, resource mining, oil and gas, telecommunications and building management systems). In his current role, Shishir serves as Technical Manager and Function Lead for ICS-OT Red Team at Mandiant (a Google company).
\n\n\n\'',NULL,614619),('3_Saturday','15','15:15','15:59','N','BBV','LVCC West/Floor 2/W222-Creator Stage 4','\'I\'ve got 99 problems but a prompt injection ain\'t pineapple\'','\'Chloé Messdaghi,Kasimir Schulz\'','BBV_7ecc47fe3206727caabfd190ff9228e5','\'Title: I\'ve got 99 problems but a prompt injection ain\'t pineapple
\nWhen: Saturday, Aug 10, 15:15 - 15:59 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nThe ethical and secure disclosure of vulnerabilities in AI has emerged as a pivotal challenge, compounded by the need to address biases and misinformation that often cloud the true nature of these vulnerabilities. This talk delves into the intricate dynamics of vulnerability disclosure within AI, balancing transparency with security. We\'ll dissect the unique challenges AI presents, such as data bias exploitation and model manipulation, which can amplify the impact of vulnerabilities. Through a lens of real-world examples and recent disclosures, we\'ll navigate the complexities of responsible vulnerability management in AI. Our discussion will not only aim to shed light on these critical issues but also inspire a unified approach to refining disclosure processes. This concerted effort is vital for enhancing the integrity of AI systems and bolstering public trust in their use.
\n\nSpeakers:Chloé Messdaghi,Kasimir Schulz
\n
\nSpeakerBio: Chloé Messdaghi, Head of Threat Intelligence at HiddenLayer
\nChloé Messdaghi is the Head of Threat Intelligence at HiddenLayer, leading efforts to secure AI measures and promote industry-wide security practices. A sought-after public speaker and trusted authority for journalists, her expertise has been widely featured in the media. Recognized as a Power Player by Business Insider and SC Media, Chloé has made significant contributions to cybersecurity. Outside of work, she is dedicated to philanthropy, advancing industry progress, and promoting societal and environmental well-being.
\n\nChloé Messdaghi serves as the Head of Threat Intelligence at HiddenLayer, where she spearheads efforts to fortify security for AI measures and fosters collaborative initiatives to enhance industry-wide security practices for AI. A highly sought-after public speaker and trusted authority for national and sector-specific journalists, Chloé\'s expertise has been prominently featured across various media platforms. Her impactful contributions to cybersecurity have earned her recognition as a Power Player by esteemed publications such as Business Insider and SC Media.Beyond her professional endeavors, Chloé remains passionately committed to philanthropy aimed at advancing industry progress and fostering societal and environmental well-being.
\n\nSpeakerBio: Kasimir Schulz, Principal Security Researcher at HiddenLayer
\nKasimir Schulz, Principal Security Researcher at HiddenLayer, is a leading expert in uncovering zero-day exploits and supply chain vulnerabilities in AI. His work has been featured in BleepingComputer and Dark Reading, and he has spoken at conferences such as FS-ISAC and Black Hat. Kasimir leads the development of advanced tools for automating vulnerability detection and implementing large-scale patches, fortifying systems against supply chain attacks. His dedication to proactive defense measures sets a new standard in cybersecurity resilience.
\n\n\n\'',NULL,614620),('3_Saturday','15','15:15','15:59','N','ESV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Reverse engineering and hacking Ecovacs robots\'','\'Dennis Giese,Braelynn\'','ESV_7fcf3dfd0ccec03ca990a07845e1ccb3','\'Title: Reverse engineering and hacking Ecovacs robots
\nWhen: Saturday, Aug 10, 15:15 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nWere you ever wondering why a vacuum robot or a smart air purifier needs multiple cameras and microphones? How secure are these devices? Can the devices be used to potentially spy on you?
\n\nFor the past 5 years we have been presenting ways to hack and root vacuum robots at various events like the c3 or the DEFCON. In all these cases it covered vacuum robots by Roborock, Dreame, Xiaomi and some smaller companies. However, did we ever take a look at other vendors and maybe some new interesting device classes? In this talk we do exactly that, and will take a deep dive into Ecovacs robots! Ecovacs is the current market leader for smart home robots and recently expanded in other areas of home robotics.
\n\nYou will be surprised how many worrisome things we found: broken crypto, missing TLS certificate verification, honor-system based ACLs, lots of RCEs, broken factory resets and unauthorized live camera access.
\n\nWe will discuss our and other researchers experience with reporting bugs to the company and why one cannot trust third party certification agencies. In regard to trust, we will also address why you need to be careful with the choice of your spouse or flatmates.
\n\nCome with us on a journey of having fun hacking interesting devices while exploring bad oversights, real problems and the ignorance of the manufacturer. Learn what ways there are to root these devices and to use them in a privacy-preserving way.
\n\nSpeakers:Dennis Giese,Braelynn
\n
\nSpeakerBio: Dennis Giese
\nDennis Giese is a researcher with the focus on the security and privacy of IoT devices. While being interested in physical security and lockpicking, he enjoys applied research and reverse engineering malware and all kinds of devices. His most known projects are the documentation and hacking of various vacuum robots. He calls himself a \"robot collector\" and his current vacuum robot army consists of over 60 different models from various vendors. He talked about his research at the Chaos Communication Congress, REcon BRX, NULLCON, and DEFCON.
\n\nSpeakerBio: Braelynn, Security Consultant at Leviathan Security Group
\nBraelynn is a security consultant at Leviathan Security Group where she conducts security assessments of products for startups, Fortune 500 companies, and everything in between. She enjoys partaking in CTFs and researching the security anything that piques her curiosity. She has previously presented this research at conferences such as Chaos Communication Congress.
\n\n\n\'',NULL,614621),('3_Saturday','15','15:30','15:59','N','PSV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Access Control Done Right the First Time\'','\'Tim Clevenger\'','PSV_7707eff4769b045a48cea73e02ac710f','\'Title: Access Control Done Right the First Time
\nWhen: Saturday, Aug 10, 15:30 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nAre you looking to install or upgrade a physical access control system? Having installed, repaired and upgraded dozens of large and small access control system installations, I have found that many vendors install a minimum viable product that can leave your new system unreliable and trivial to bypass.
\n\nThis session will give you the tools and knowledge you need to work with your installer to implement your system using best practices in the following areas:
\n\n\n- Wiring, supervision, encryption and tamper-resistance
\n- Choosing clone-resistant badges and securely programming badge readers
\n- Securing controller equipment and managing issued badges
\n- Maintaining the system for maximum security and uptime
\n
\n\nSpeakerBio: Tim Clevenger, Cybersecurity Network Engineer at SailPoint
\nAs a low voltage hardware junkie, Tim has had the opportunity to design, expand, upgrade and repair numerous physical access control, alarm and video systems, including a stint at a security vendor where he was certified in Lenel access and video. Tim works today at SailPoint as a Cybersecurity Network Engineer.
\n\n\n\'',NULL,614622),('2_Friday','15','15:00','15:30','N','CHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Bluetooth Blues: Unmasking CVE 2023-52709 - The TI BLE5-Stack Attack\'','\'Kevin Mitchell\'','CHV_c6bdb925e89e1893db51535323976c9d','\'Title: Bluetooth Blues: Unmasking CVE 2023-52709 - The TI BLE5-Stack Attack
\nWhen: Friday, Aug 9, 15:00 - 15:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nIn this talk, I will detail my discovery and analysis of CVE 2023-52709, a vulnerability in the TI Bluetooth stack. This flaw allows the stack to fail in generating a resolvable Random Private Address (RPA), which can lead to a Denial of Service (DoS) for already bonded peer devices. The discussion will cover the technical aspects of the vulnerability, the implications for automotive security, and potential mitigation strategies.
\n\nSpeakerBio: Kevin Mitchell
\nKevin Mitchell is an innovative architect and cybersecurity expert renowned for uncovering vulnerabilities in embedded systems. With a background in hardware and software security, Kevin identified CVE-2023-52709, a flaw in the TI Bluetooth stack leading to potential DoS attacks. His work underscores his expertise in safeguarding interconnected devices. A regular at DEFCON\'s Car Hacking Village, Kevin is dedicated to enhancing the security of modern automotive systems.
\n\n\n\'',NULL,614623),('2_Friday','14','14:30','15:30','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Your Smartcard is Dumb: A Brief History of Hacking Access Control Systems\'','\'Chad Shortman\'','PSV_d05d63a0ac236a676d623a9287207ca9','\'Title: Your Smartcard is Dumb: A Brief History of Hacking Access Control Systems
\nWhen: Friday, Aug 9, 14:30 - 15:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-03 - Map
\n
\nDescription:
\nHave you ever wondered how those little boxes that you tap your card to open doors work? What are they reading on the card? How do they ultimately unlock the door? And, are they even secure? In this talk, we will answer all of those questions and more. We will walk through how access-control systems, in general, work, and dig into the details of the most popular systems. Fortunately for the entertainment value of this talk, there be dragons in our doors. We will walk through some of the most high-profile attacks in detail and then dive into some more fundamental flaws with how the systems are designed. All of these discussions will be accompanied with live demos and first hand experience. After this talk, you will look at the world, especially doors, differently -- weaknesses everywhere! My hope is that we can all learn from past mistakes and create a more secure and less frustrating tomorrow together
\n\nSpeakerBio: Chad Shortman, CEO at Allthenticate
\nChad is a computer security researcher, entrepreneur, and educator who is passionate about using technology to make people’s lives easier and their digital systems more secure. He is currently the CEO of Allthenticate, a company that provides a single smartphone-based solution for both keyless physical access control and passwordless digital authentication. Chad has over 15 years of research experience and has numerous academic publications in top conferences. Formerly, he was a member of the technical research staff at MIT Lincoln Laboratory, where he worked on offensive cybersecurity research. Chad received his Ph.D. from UCSB and is also a recipient of the prestigious IBM Ph.D. Fellowship. In addition to his academic credentials, Chad is a lifetime hacker. His hacking career started in his teenage years and has taken him to compete in some of the world\'s best capture the flag tournaments around the world as a member of the Shellphish hacking team.
\n\n\n\'',NULL,614624),('2_Friday','15','14:30','15:30','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Your Smartcard is Dumb: A Brief History of Hacking Access Control Systems\'','\'Chad Shortman\'','PSV_d05d63a0ac236a676d623a9287207ca9','\'\'',NULL,614625),('3_Saturday','16','16:30','16:59','N','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'Decoding Galah, an LLM Powered Web Honeypot\'','\'Adel Karimi\'','PHV_29c6b90b58d5fad96a9af2585d509b7b','\'Title: Decoding Galah, an LLM Powered Web Honeypot
\nWhen: Saturday, Aug 10, 16:30 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nHoneypots are invaluable tools for monitoring internet-wide scans and understanding attackers\' techniques. Traditional low-interaction web honeypots use manual methods to emulate various applications or vulnerabilities. Introducing Galah, an LLM-powered web honeypot that mimics diverse applications with a single prompt. This honeypot dynamically crafts relevant HTTP responses, including headers and body content, to various HTTP requests, effectively simulating multiple web applications. In this talk, I will share lessons learned from building and deploying Galah and address two key questions: How do different large language models perform in generating HTTP messages? Does delivering authentic-looking HTTP responses increase attackers’ engagement with the honeypot?
\n\nSpeakerBio: Adel Karimi, Senior Security Engineer, Detection at Niantic
\nAdel Karimi is a senior security engineer, detection at Niantic. Before joining Niantic, he served as a lead security engineer at Google and Salesforce, specializing in detecting and responding to \"badness.\" Beyond his day job, Adel, a longtime member of the Honeynet Project, dedicates his expertise to developing open-source projects such as Galah, reflecting his keen interests in honeypots, network fingerprinting, and the broader spectrum of threat detection.
\n\n\n\'',NULL,614626),('3_Saturday','16','16:30','16:59','N','ASV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Offensive Security Testing: Safeguarding the Final Frontier\'','\'Andrzej Olchawa\'','ASV_47b377b609cf73771b05d64871ed7f5e','\'Title: Offensive Security Testing: Safeguarding the Final Frontier
\nWhen: Saturday, Aug 10, 16:30 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nEvery space mission is underpinned by critical software that spacecraft operators utilize to monitor and command their assets. The Mission Control System serves as the primary interface with a spacecraft, marking it as a crucial component of the ground segment. For decades, these systems were operated exclusively within the confines of mission control rooms, accessible only to a select group of individuals through a limited number of computer workstations. This paradigm has recently shifted, with numerous space organizations enabling their personnel to manage space assets remotely, including from the comfort of their homes. This increased accessibility has rendered space-related systems susceptible to the same security vulnerabilities that affect our daily-use software.
\n\nDespite the adoption of newer technology stacks in many mission control systems—either through upgrades or complete replacements—the consideration of security requirements has often been deferred to the final stages of development or overlooked entirely. This negligence presents a significant risk, exposing the space sector to potential exploitation by malicious entities. Like in other technology domains, merely expanding strategies to incorporate security measures, instituting security policies, and integrating new security requirements are positive but insufficient. Despite being developed and tested by extensive teams and presumably adhering to best practices, we have observed firsthand how contemporary mission control systems remain prone to elementary security flaws.
\n\nThe most effective strategy to equip space systems with a robust defense against malicious actors involves integrating offensive security testing throughout their development lifecycle.
\n\nIn this presentation, we share the results of the security research we have recently conducted on the more established, open-source Mission Control Systems: NASA OpenMCT and YaMCS. We present the details of the vulnerabilities we have discovered in those two systems, and their potential impact on a space mission when they are chained together into one exploit. We conclude by presenting with the audience the lessons learned from those security assessments.
\n\nSpeakerBio: Andrzej Olchawa
\nAndy Olchawa is an experienced Information Security Professional with over 15 years in the space industry, working as a Software Engineer and Technical Project Manager. For the past few years, he has focused on offensive security, specializing in vulnerability research, exploit development, and red team operations. He holds OSCP, OSWA, and OSWP certifications, and has been credited with several CVEs.
\n\n\n\'',NULL,614627),('3_Saturday','16','16:30','16:59','N','CHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Programming a CTS-V Gauge Cluster into an ATS-V, out of pure spite\'','\'Varjitt Jeeva\'','CHV_2d25f38468255fb25f2965134f376106','\'Title: Programming a CTS-V Gauge Cluster into an ATS-V, out of pure spite
\nWhen: Saturday, Aug 10, 16:30 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nSome cars are over-engineered, some are too basic, and some check every box except one. I did that research over months when trying to buy a new car, and landed on a 6MT Cadillac ATS-V while only wanting and dealing with Japanese cars, specifically Lexus/Toyota. The one thing it was missing was a digital gauge cluster, and programmers were asking $350, so I set off to figure it out myself. I then dove deep into GM electronics and programming, found a smart dude who initially cracked it all for free to spite all the money-grabbing gatekeepers, then became a hyprocrite, backtracking asking thousands to reveal his learnings. This presentation will go over how I programmed that cluster, posted everything on Github, out of spite.
\n\nSpeakerBio: Varjitt Jeeva, Software Engineer
\nSoftware Engineer with a love of tuner cars and car electronics
\n\n\n\'',NULL,614628),('3_Saturday','17','17:00','17:30','N','CPV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Attacks on GenAI data and using vector encryption to stop them\'','\'Bob Wall,Patrick Walsh\'','CPV_1cbfecc02b52555187bf4f22c0b68a5f','\'Title: Attacks on GenAI data and using vector encryption to stop them
\nWhen: Saturday, Aug 10, 17:00 - 17:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nAs the adoption of GenAI tools has soared, security has done little to keep up. New classes of data, and especially vector data, is flooding into new and untested data stores. Vector databases are getting copies of health data, financial data, HR data, emails, and everything else, but they have no intrinsic security. What\'s worse, the vectors themselves can be reversed in embedding inversion attacks that turn those vectors back into faces, sentences, and even pictures. We discuss these new attacks and a new branch of cryptography, vector encryption, which allows for privacy preserving searches to happen over the encrypted vectors. We\'ll discuss the benefits, trade-offs, and current state of the field and the open source software we\'ve built to meet the new need.
\n\nSpeakers:Bob Wall,Patrick Walsh
\n
\nSpeakerBio: Bob Wall
\nNo BIO available
\nSpeakerBio: Patrick Walsh, IronCore Labs
\nPatrick Walsh has more than 20 years of experience building security products and enterprise SaaS solutions. Most recently he ran an Engineering division at Oracle, delivering features and business results to the world’s largest companies. Patrick now leads IronCore Labs, a data privacy platform that helps businesses gain control of their data and meet increasingly stringent data protection needs.
\n\n\n\'',NULL,614629),('3_Saturday','17','17:00','17:59','N','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'Exposing Coordinated Attacks Hiding in the Sheer Noise of False Positives and Lone Incidents: A Data Science Correlation and Contextualization Journey of Logs, Events, and Alerts\'','\'Ezz Tahoun,Lynn Hamida\'','PHV_6a665e527be8880ba703dd915ccc28ba','\'Title: Exposing Coordinated Attacks Hiding in the Sheer Noise of False Positives and Lone Incidents: A Data Science Correlation and Contextualization Journey of Logs, Events, and Alerts
\nWhen: Saturday, Aug 10, 17:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nIn the complex landscape of modern cybersecurity, identifying coordinated attacks within massive volumes of security data is a formidable challenge. Security professionals often grapple with distinguishing these attacks from numerous false positives and isolated incidents. This talk will illuminate how data science can be harnessed to transform tons of heterogeneous events, logs, and alerts into a bunch of clusters, a few kill chains, and fewer actionable insights, with open-source models, and security knowledge encoding. Join us on a journey to enhance security operations efficacy and efficiency! No data science expertise is required!
\n\nSpeakers:Ezz Tahoun,Lynn Hamida
\n
\nSpeakerBio: Ezz Tahoun
\nEzz Tahoun, a distinguished cyber-security data scientist, who won AI & innovation awards at Yale, Princeton and Northwestern. He also got innovation awards from Canada’s Communications Security Establishment, Microsoft US, Trustwave US, PIA US, NATO, and more. He ran data science innovation programs and projects for OrangeCyber Defense, Forescout Technologies, Royal bank of Canada, Governments, and Huawei Technologies US. He has published 20 papers, countless articles and 15 open source projects in the domain. When he was 19 years old he started his CS PhD in one of the top 5 labs in the world for cyber & AI, in the prestigious University of Waterloo, where he published numerous papers and became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH. He was an adjunct professor of cyber defense and warfare at Toronto’s school of management.
\n\nSpeakerBio: Lynn Hamida
\nLynn Hamida (CISSP, GCIH) is an expert researcher and consultant in operational risk and big data analytics with deep experience & credentials in the fields of business risk, cyber risk, temporal event knowledge graphs, graph ontologies, risk modeling, operational threat modeling, graph analytics, process digitization, business process mining, business analysis. She finished her post-graduate studies in CyberSecurity at Univ of Toronto and Univ of Ottawa, and worked on multiple research cyberdatascience projects with Univ of Windsor, WASP, Cypienta and others.
\n\n\n\'',NULL,614630),('3_Saturday','17','17:00','17:30','N','ASV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'From Theory to Reality: Demonstrating the Simplicity of SPARTA Techniques\'','\'Randi Tinney\'','ASV_f80015a8a915d2011d2827348af054d1','\'Title: From Theory to Reality: Demonstrating the Simplicity of SPARTA Techniques
\nWhen: Saturday, Aug 10, 17:00 - 17:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nDemonstrating the transition from theorized space cyber attacks to practical proof of concepts. The presentation will utilize a simple yet effective attack, a man-in-the-middle attack, on the ground infrastructure to demonstrate how many SPARTA techniques and sub-techniques can be performed against a spacecraft from the ground infrastructure. By illustrating the significant impact of this simplified concept, we aim to emphasize the urgent need for enhanced cybersecurity measures throughout the entire lifecycle of space missions and break the inherit trust between the ground and spacecraft.
\n\nSpeakerBio: Randi Tinney, Engineering Specialist for the Cyber Assessments and Research Department, Cybersecurity and Advanced Platforms Subdivision (CAPS) at The Aerospace Corporation
\nRandi Tinney is an Engineering Specialist for the Cyber Assessments and Research Department, Cybersecurity and Advanced Platforms Subdivision (CAPS), at The Aerospace Corporation. In this role, Randi has focused on performing vulnerability research and exploit development on a number of specialized, ground and spacecraft, systems to support in-the-lab evaluation of customers’ implementations, performing vulnerability assessments and penetration testing activities for multiple customers. Randi is also a member of the development team for the space-focused tactic, technique, and procedures (TTPs) framework called Space Attack Research and Tactic Analysis (SPARTA). She has participated in numerous cyber related war games, including LockedShields, for several years. At DEFCON 31, Randi was a member of the team that won the RedAlert ICS CTF and received a Black Badge.
\n\n\n\'',NULL,614631),('2_Friday','14','14:30','14:59','N','CHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'How I discovered and hacked Learning Codes of the key job of a car assembled in my country\'','\'Danilo Erazo\'','CHV_bf027ed11552e6267e897749ca64c64e','\'Title: How I discovered and hacked Learning Codes of the key job of a car assembled in my country
\nWhen: Friday, Aug 9, 14:30 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nUsing hardware hacking techniques, it was possible to detect the use of learning codes instead of rolling codes in a key job of a car widely used in my country. For this purpose, the key job was disassembled and the HS2240 integrated circuit was detected and, using a logic analyzer, the emission of learning codes from the integrated circuit to the radio frequency LED emitter was checked.\nWith the use of HackRF SDR, the learning code is duplicated to be able to open the car N times without needing the original key anymore, which proves that the use of learning codes is very vulnerable, just like fixed codes.
\n\nSpeakerBio: Danilo Erazo, Ethical Hacker at Fluid Attacks
\nElectronics and Computer Networks Engineer. He works as an Ethical Hacker at Fluid Attacks where he performs Web Pentesting, Cloud Pentesting, Mobile Pentesting, among others. In his free time he dedicates himself to research in the area of hardware/radio frequency/car hacking. He has had the opportunity to be a speaker at international cybersecurity events such as Ekoparty 2023 Argentina, Flisol Ecuador, Hack4all Chile, Bsides Colombia 2024, Nerdearla Chile 2024, among others.
\n\n\n\'',NULL,614632),('3_Saturday','17','17:30','17:59','N','ASV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'A dive into world of Aircraft PKI\'','\'Matt Gaffney\'','ASV_35481460f90e915a290403aed38db3a6','\'Title: A dive into world of Aircraft PKI
\nWhen: Saturday, Aug 10, 17:30 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nFrom protecting Aircraft Software Parts to authenticating aircraft to ground networks, aircraft use PKI in their day-to-day operations. In this talk we will cover the typical use cases, technologies, and regulations in play and touch upon the emerging threat of the Post-Quantum world and what it could mean for the protection of embedded software we find on aircraft.
\n\nSpeakerBio: Matt Gaffney, Principal Engineer, Aircraft Cyber Operations at United Airlines
\nGaffers is a Principal Engineer for Aircraft Cyber Operations with United Airlines. Since joining their team in 2022 he has been heavily involved in Aircraft PKI projects serving as the SME on the requirements and regulations.
\n\nHe fell into cybersecurity while serving in the British Army. Having had a previous life in software development, Gaffers found his superiors sending anything IT-related his way. When he later rejoined civilian life he spent a few years bouncing around different industries as a cybersecurity contractor before finding a passion in the niche of aviation cyber. In 2022 he moved across the pond with impeccable timing to land a role at a major US airline.
\n\n\n\'',NULL,614633),('3_Saturday','16','16:00','16:30','N','CHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Exploiting Bluetooth - from your car to the bank account$$\'','\'Vladyslav Zubkov,Martin Strohmeier\'','CHV_3cf49294ace268accf38d6b4bc3290c4','\'Title: Exploiting Bluetooth - from your car to the bank account$$
\nWhen: Saturday, Aug 10, 16:00 - 16:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nOver the past decade, infotainment systems experienced a growth in functionality, broader adoption and central incorporation into the vehicle architecture. Due to the ever-growing role of wireless protocols such as Bluetooth and a known lack of patches alongside the difficulty of patch installation, this poses a new attack surface and a genuine threat to the users. At the same time, the tools and methodologies required for testing are scattered across the Internet, absent and need a rigorous setup.
\n\nIn this talk, we share a comprehensive framework BlueToolkit to test and replay Bluetooth Classic vulnerabilities. We provide practical information and tips. Additionally, we release new exploits and a privilege escalation attack vector.
\n\nWe show how we used the toolkit to find 64 new vulnerabilities in 22 modern cars and the Garmin Flight Stream flight management system used in several aircraft types.
\n\nOur work equips Bluetooth hackers with necessary information on novel implementation-specific vulnerabilities that could be used to steal information from target cars, establish MitM position or escalate privileges to hijack victims’ accounts stealthily.
\n\nWe believe our research will be beneficial in finding new vulnerabilities and making Bluetooth research more accessible and reproducible.
\n\nSpeakers:Vladyslav Zubkov,Martin Strohmeier
\n
\nSpeakerBio: Vladyslav Zubkov, Bug Bounty Hunter
\nVladyslav Zubkov (aka yso and schwytz) is a bug bounty hunter. He is consistently among the top hackers at live hacking events organized by Meta, Intel, Louis Vuitton, Intigriti and YesWeHack. His interests include vulnerability research, application security, red teaming, bug bounty hunting, developing tools and proactively securing systems.
\n\nSpeakerBio: Martin Strohmeier, Senior Scientist at Cyber Defence Campus
\nMartin Strohmeier is a Senior Scientist at the Swiss Cyber Defence Campus, where he is responsible for vulnerability research programmes into aircraft, satellites and cars. His work was published in all major systems security conferences, totalling more than 100 publications to date. He has also spoken previously at the DEFCON Aerospace Village and co-organized CTFs there.
\n\n\n\'',NULL,614634),('3_Saturday','17','17:30','17:59','N','CPV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'GUR RIBYHGVBA BS PELCGBTENCUL\'','\'Jeff Man\'','CPV_9a14b025359beb0e8adb64bff0515cf3','\'Title: GUR RIBYHGVBA BS PELCGBTENCUL
\nWhen: Saturday, Aug 10, 17:30 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nI recently googled the meaning of “encryption” and found this definition on Wikipedia: “In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext.” Um…no, encoding produces code, enciphering produces ciphertext, encryption is more than just encoding, and so on. Given the jumbling together of historically very unique and significant terminology I set out to find the actual, historical definitions and try to find a way to teach and/or demonstrate the differences in the foundational forms of cryptography. But I quickly noticed that some of this terminology is so often mis-applied in our digital age that I wondered if maybe there has been an evolution of the meanings of these terms? I might not like it, but I’m open to that possibility. This very quickly led me to the conclusion that my research on this topic would make for an interesting talk and so here we are. I want to share the classical, historical forms of cryptography, discuss the etymology of the terminology, look at how the words apply today – and help the audience decide if the actual meanings even matter (or it’s just me). One important consideration is the tradeoff between keeping the data secret (security) and protecting the identity of individuals associated with the data (privacy). I hope you’ll join me in this journey to victory (or defeat) in the ongoing battle of preserving the classic goals and objectives of data security.
\n\nSpeakerBio: Jeff Man
\nJeff is a respected Information Security advocate, advisor, hacker, evangelist, mentor, teacher, international keynoter, speaker, former host of Security & Compliance Weekly, co-host on Paul\'s Security Weekly, Tribe of Hackers (TOH) contributor, including Red Team, Security Leaders, and Blue Team editions, and a member of the Cabal of the Curmudgeons. Jeff has over 40 years of experience working in all aspects of computer, network, and information security, including cryptography, risk management, vulnerability analysis, compliance assessment, forensic analysis and penetration testing. Certified National Security Agency Cryptanalyst. Designed and fielded the first software-based cryptosystem ever produced by NSA. Inventor of the \"whiz\" wheel, a cryptologic cipher wheel used by US Special Forces for over a decade currently on display at the National Cryptologic Museum. Honorary lifetime member of the Special Forces Association. Previously held security research, management and product development roles with the National Security Agency, the DoD and private-sector enterprises. Pioneering member of the first penetration testing \"red team\" at NSA. For the past twenty-eight years has been a pen tester, security architect, consultant, QSA, and PCI SME, providing consulting and advisory services to many of the nation\'s best known companies.
\n\n\n\'',NULL,614635),('4_Sunday','10','10:00','10:30','N','CPV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Porn & Privacy\'','\'ET\'','CPV_0f064d0a1d3af191a0d6e5d07197c7de','\'Title: Porn & Privacy
\nWhen: Sunday, Aug 11, 10:00 - 10:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nAs our social lives are highly intertwined with our online lives, people share a lot of information and create pictures and content that needs to be secured. In this talk I cover obscenity laws, revenge porn (nonconsensual distribution of intimate images), stalking, catfishing and sextortion and how people can prevent information being leaked as well as how to recover from it.
\n\nSpeakerBio: ET
\nET is a cybersecurity professional who cares about digital privacy. They have helped people who have been affected by revenge pornography and help them put together a plan of action. I like to volunteer, I help with BSides Orlando, DEATHCon and DC407.
\n\n\n\'',NULL,614636),('4_Sunday','10','10:00','10:59','N','DC','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Taking off the blindfold: Detecting persistent threats on Draytek edge devices\'','\'Gastón Aznarez,Octavio Gianatiempo\'','DC_6be510064fb4fe3aac8abf236b837e19','\'Title: Taking off the blindfold: Detecting persistent threats on Draytek edge devices
\nWhen: Sunday, Aug 11, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nAdvanced attackers are increasingly choosing edge devices as targets, many of which are security appliances such as VPNs and Firewalls. They run closed-source firmware, and defenders and researchers must understand it to assess its security and integrity. We faced this firsthand when a client that used Draytek equipment was compromised. With at least 500k Draytek routers exposed to the Internet globally, no working tools exist to extract their firmware and assist researchers and defenders working with them.
\n\nWe reverse-engineered Draytek\'s firmware format, developed tools to extract it, and discovered that its RTOS kernel can load code modules dynamically. These stored modules remain active even after firmware upgrades, inadvertently facilitating persistent threats. We crafted and uploaded malicious modules using our tools and newly found vulnerabilities to achieve persistence.
\n\nEnd-users lack straightforward means to detect such compromises. In response to this threat, we developed our own module to assess the integrity of other modules loaded in memory, mitigating its impact. In our pursuit of a more secure internet, we are sharing our knowledge and opening our tools to the community, enabling observability, hardening, transparency, and vulnerability research on Draytek edge devices.
\n\nSpeakers:Gastón Aznarez,Octavio Gianatiempo
\n
\nSpeakerBio: Gastón Aznarez, Security Researcher at Faraday
\nGastón Aznarez is a computer enthusiast who is passionate about cybersecurity. He earned a degree in Computer Science and began working in malware detection in firmware. He currently works as a Security Researcher at Faraday, specializing in discovering and exploiting vulnerabilities in IoT and embedded devices. Gastón also participates in CTF competitions and has shared his expertise as a speaker at different conferences.
\n\nSpeakerBio: Octavio Gianatiempo, Student, Computer Science at University of Buenos Aires
\nOctavio Gianatiempo is a Security Researcher at Faraday and a Computer Science student at the University of Buenos Aires. He\'s also a biologist with research experience in molecular biology and neuroscience. The necessity of analyzing complex biological data was his point of entry into programming. However, he wanted to gain a deeper understanding of how computers work, so he enrolled in Computer Science. As a Security Researcher at Faraday, he focuses on vulnerability research on IoT and embedded devices and fuzzing open and closed-source software to find new vulnerabilities and exploit them. He has presented his findings at various conferences, including DEFCON, Ekoparty, 8.8, and Nerdearla.
\n\nOctavio Gianatiempo trabaja como Security Researcher en Faraday y es estudiante de Ciencias de la Computación en la Universidad de Buenos Aires. También es biólogo con experiencia en biología molecular y neurociencia. Dentro de su rol en Faraday, se enfoca en sistemas embebidos e IoT, ingeniería inversa y fuzzing de código abierto y propietario para identificar vulnerabilidades y explotarlas. Ha presentado sus hallazgos en conferencias como DEF CON, Ekoparty, 8.8 y Nerdearla.
\n\n\n\'',NULL,614637),('4_Sunday','10','10:30','11:30','N','CPV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Famous and Not-So-Famous Unsolved Codes\'','\'Elonka Dunin,Klaus Schmeh\'','CPV_0f5270b086f9a1baf2c6368b01de7fd0','\'Title: Famous and Not-So-Famous Unsolved Codes
\nWhen: Sunday, Aug 11, 10:30 - 11:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nThere are many famous codes and ciphers still waiting to be solved, such as the encrypted Voynich manuscript and Edward Elgar\'s Dorabella cipher. All hold a special fascination. In this talk, prepare to be entertained and informed by Elonka Dunin and Klaus Schmeh, as we briefly discuss the encryption on Kryptos, the mysterious sculpture at the center of CIA Headquarters; NKrypt, an encrypted sculpture in Australia; an encrypted engraving on an early 20th century German silver cigarette case; details about the message attached to the leg of a WWII carrier pigeon that was found in an English chimney; an encrypted postcard by the owner of UK\'s Luton soccer team; and the intriguing encrypted messages created by the mysterious Henry Debosnys while awaiting his murder trial in New York in the late 1800s.
\n\nSpeakers:Elonka Dunin,Klaus Schmeh
\n
\nSpeakerBio: Elonka Dunin, Crypto Expert
\nElonka Dunin is a crypto expert and co-leader of a group that is working to crack the final cipher on the Kryptos sculpture at CIA Headquarters. She maintains a website of the World’s most famous unsolved codes, and bestselling author Dan Brown named his character “Nola Kaye”, a scrambled form of “Elonka”, in his novel The Lost Symbol, after her.
\n\nElonka was a member of the Board of Directors for the National Cryptologic Museum Foundation, and General Manager and Executive Producer at Simutronics, making award-winning online and mobile games.
\n\nIn 2006, Elonka published The Mammoth Book of Secret Codes and Cryptograms, and with Klaus she co-wrote the book Codebreaking: A Practical Guide, with editions in 2020 and 2023.
\n\nSpeakerBio: Klaus Schmeh, Crypto Expert at Eviden
\nKlaus Schmeh has written 15 books (mostly in German) about cryptography, as well as over 250 articles, 25 scientific papers, and 1500 blog posts. Klaus’s main fields of interest are codebreaking and the history of encryption.
\n\nKlaus is a popular speaker, known for his entertaining presentation style involving self-drawn cartoons, self-composed songs, and Lego models. He has lectured at hundreds of conferences, including the NSA Crypto History Symposium, DEF CON, and the RSA Conference.
\n\nIn his day job, Klaus works as a crypto expert for the global IT security company Eviden.
\n\n\n\'',NULL,614638),('4_Sunday','11','10:30','11:30','Y','CPV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Famous and Not-So-Famous Unsolved Codes\'','\'Elonka Dunin,Klaus Schmeh\'','CPV_0f5270b086f9a1baf2c6368b01de7fd0','\'\'',NULL,614639),('4_Sunday','11','11:00','11:30','N','ADV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Exploiting Voice Cloning in Adversarial Simulation\'','\'Mark Foudy\'','ADV_65fb517a8b6e4b4aaece997329bc2522','\'Title: Exploiting Voice Cloning in Adversarial Simulation
\nWhen: Sunday, Aug 11, 11:00 - 11:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nWe live in an era where voice verification is increasingly adopted in security protocols. The potential for abuse through voice cloning technology presents a significant and growing threat to cybersecurity. This talk dives into the alarming capabilities of deep learning to create highly convincing voice clones. Using my own voice as a case study, I will demonstrate a recorded simulation where the cloned voice successfully bypasses several major institutions’ voice verification systems. This presentation will outline the tools and techniques leveraged for voice cloning, discuss the pressing risks involved, and explore strategic countermeasures for red teams. The aim is to equip offensive security researchers with a nuanced understanding of voice cloning technology, emphasizing its implications for threat emulation and defensive strategy formulation. Attendees will gain insight into adversary tactics using publicly available voice samples for simulating voice-based attacks, providing a clear perspective on preparing defenses against such AI-driven threats.
\n\nSpeakerBio: Mark Foudy, Founder at NeurodiverseHackers.com
\nI am a cybersecurity professional and researcher with a robust academic background in computer science and cybersecurity from graduate school. As the head of the Hack the Box Boston Meetup and DEFCON 508, I lead efforts to cultivate a strong community of cybersecurity enthusiasts in Massachusetts. In addition to my community leadership roles, I founded and currently manage NeurodiverseHackers.com. This platform is dedicated to supporting cybersecurity practitioners in navigating their careers while managing neurodiversity and mental health challenges. Neurodiverse Hackers emphasizes inclusivity and resilience in the fast-evolving security landscape.
\n\n\n\'',NULL,614640),('4_Sunday','11','11:00','11:45','N','PLV','LVCC West/Floor 2/W222-Creator Stage 4','\'Flying Blind: Navigating the Turbulent Skies of Aviation Cybersecurity Regulation\'','\'Mike Weigand,Stuart Wagner\'','PLV_751e7dce53fd977b07f29ea67685d2d9','\'Title: Flying Blind: Navigating the Turbulent Skies of Aviation Cybersecurity Regulation
\nWhen: Sunday, Aug 11, 11:00 - 11:45 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nThis combination presentation and panel discussion will surface the policy and technical challenges associated with securing civil aviation, bringing together perspectives from government, industry, and aviation cybersecurity companies.
\n\nGiven the continued growth in civil aviation and impending regulation in the United States of America and Europe, this talk will describe the key technical challenges and the resulting policy challenges that should be addressed to keep civil aviation secure.
\n\nSpeakers:Mike Weigand,Stuart Wagner
\n
\nSpeakerBio: Mike Weigand, Entrepreneur in Residence at Squadra Ventures
\nMichael Weigand is a defense tech founder and aviation nerd. Previously, the co-founder and Chief Growth Officer of Shift5, a company he started to build cybersecurity tools to enhance the survivability of planes, trains, and tanks, he is now an Entrepreneur in Residence at Squadra Ventures, a venture capital firm with a strong cyber and national security focus. Michael previously served in the US Army as a founding member of the Army cyber branch and helped stand up the first expeditionary and capability development units. Michael\'s life-long passion for aviation and hacking eventually led him into the fascinating world of domestic and international policy, regulation, and standards development, where he advocates for safer operational technology practices.
\n\nSpeakerBio: Stuart Wagner, Former Chief Digital Transformation Officer at Department of the Air Force
\nStuart Wagner, former Chief Digital Transformation Officer for the Department of the Air Force, led significant policy-driven innovations from 2021-2024, advancing digital transformation across the U.S. Air Force and U.S. Space Force. He orchestrated BRAVO, the largest DoD hackathon series, producing over 200 software and hardware prototypes to support global warfighters. Wagner\'s policy expertise includes telemetry, data unification, NLP, and security classification. His career highlights include building and managing a 50+ engineer team at the DoD to develop Advana, an analytics platform, and initiating Gamechanger, an open-source NLP and search platform. Holding degrees from the University of Michigan, the London School of Economics, and the University of Pennsylvania, Wagner is also an active angel investor and serves on a charitable foundation board.
\n\n\n\'',NULL,614641),('4_Sunday','11','11:00','11:30','N','PSV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Physical OSINT\'','\'Lukas McCullough\'','PSV_90faeee2c78e2eb53570030a9f1e998d','\'Title: Physical OSINT
\nWhen: Sunday, Aug 11, 11:00 - 11:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nOpen source intelligence may sound like something you’ve never done, but even something as simple as finding your old friends on social media overlaps with skills required for the job. Learn about what OSINT is, how to start an investigation, and resources used by experts to collect the maximum amount of data on a facility before ever visiting the site.
\n\nSpeakerBio: Lukas McCullough
\nLukas recently graduated from Marist College, majoring in cybersecurity; and will be continuing his education at Boston University toward a Masters of Criminal Justice in Cybercrime Investigation & Cybersecurity and Crime Analysis. In his free time, he competes in CTFs and rock climbs from time to time.
\n\n\n\'',NULL,614642),('4_Sunday','11','11:30','11:59','N','ASV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Warflying in a Cessna\'','\'Matt Thomassen,Sean McKeever\'','ASV_f2c75e746e314ee017b659ab95679b7e','\'Title: Warflying in a Cessna
\nWhen: Sunday, Aug 11, 11:30 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nWardriving is cool, and airplanes are cool. What happens if we combine the two? Is it safe? Is it legal? How much WiFi is it possible to see from an airplane? How far does WiFi leak into the atmosphere? How far away can we see an access point? Can we catch a specific network at 1500 feet above the ground? How about 2500? We loaded up a small plane and flew around in circles to find out. This talk will share both our preparation and our results, including figuring out the best places to warfly, what equipment to use, and how to do it safely. We will present the flights we made, the data we gathered, how we analyzed it, and what we discovered. (Spoiler alert: flying a Cessna is a really, really non-stealthy way to collect information about wireless access points.)
\n\nSpeakers:Matt Thomassen,Sean McKeever
\n
\nSpeakerBio: Matt Thomassen, Security Architect at a financial organization
\nMatthew Thomassen has been doing computer security since before it was cool and is currently a Security Architect in a financial organization, with previous experience in the consumer healthcare and automotive sectors, which afforded him the opportunity to help with random things in the early days of the Car Hacking Village. He is a certified Commercial Pilot with Multiengine and Instrument ratings, as well as an Airframe & Powerplant Mechanic. He is also an Extra Class Amateur Radio operator and has an MBA, though he tries not to live and die by Excel spreadsheets.
\n\nSpeakerBio: Sean McKeever, Senior Security Researcher at GRIMM
\nSean McKeever is a Senior Security Researcher at GRIMM, specializing in automotive/mobility security, and embedded systems reverse engineering. Previously he worked as a Cybersecurity Architect at global automotive OEM where he secured advanced transportation mobility platforms and served as the company’s Bug Bounty Program Manager. Outside of Sean’s employment, he co-founded the Detroit chapter of the Automotive Security Research Group (ASRG), developed the RoboCar Platform, and has contributed to Car Hacking Village CTFs for DEFCON and GRRCon, and the general CTFs for Converge and BSides Detroit.
\n\n\n\'',NULL,614643),('4_Sunday','11','11:30','11:59','N','PSV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Fitness of Physical Red Teamers\'','\'Billy Graydon,Lucas Rooyakkers\'','PSV_345d6768db94cf43b9c58471bbe71820','\'Title: Fitness of Physical Red Teamers
\nWhen: Sunday, Aug 11, 11:30 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nCybersecurity red teams have myriad ways of practicing their skills - from CTFs to certifications - but how do you train for physical red teaming? This talk will focus on leveling up your body - add new abilities to climb, sneak, jump, and become an unstoppable ninja while performing physical penetration tests. We’ll talk about which abilities you need, and how we train ourselves (and our staff) for performing at our peak for physical engagements. This will be complemented by plenty of war stories and lessons learned in the field for what abilities are most worth leveling up in, and comparisons between red teaming before and after our weight loss. We’ll then discuss different exercises and habits that the audience can start doing as soon as in your hotel room to improve your lives and your ability to break into buildings!
\n\nSpeakers:Billy Graydon,Lucas Rooyakkers
\n
\nSpeakerBio: Billy Graydon, Principal at GGR Security
\nBill Graydon is a principal at GGR Security, where he hacks everything from locks and alarms to critical infrastructure; this has given him some very fine-tuned skills for breaking stuff. He’s passionate about advancing the security field through research, teaching numerous courses, giving talks, and running the Physical Security Village at various cons. He’s received various degrees in computer engineering, security, and forensics and comes from a broad background of work experience in physical and cyber security, anti-money laundering, and infectious disease detection.
\n\nSpeakerBio: Lucas Rooyakkers, Red Teamer at GGR Security
\nLucas currently researches covert communications at Royal Military College, and is a red teamer at GGR Security. Formerly a software engineer for a satellite internet company (not Elon’s) and a signaller in the military. Lucas has written code for several Low Earth Orbit satellites whizzing above your head in space, and for OpenSource projects. When not procrastinating thesis writing, he can often be found with an SDR trying to bypass some security system or other. Lucas also speaks Esperanto.
\n\n\n\'',NULL,614644),('4_Sunday','11','11:30','11:59','N','ADV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Kubernetes Attack Simulation: The Definitive Guide\'','\'Leo Tsaousis\'','ADV_c5ecf74bf4eb77448c616e577eff4438','\'Title: Kubernetes Attack Simulation: The Definitive Guide
\nWhen: Sunday, Aug 11, 11:30 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nSo your organization decided to follow the trend and switched to Kubernetes for hosting their applications. And this means that the mission for the SOC, has now changed from monitoring servers and networks, to building detective capability for a container orchestration platform. Where do you even start with for Kubernetes TTPs? What attack signatures should you alert upon, and what logs are there to look for in first place?
\n\nA similar challenge arises for the offensive security practitioner: What strategies exist for performing continuous Kubernetes threat emulation? Infrastructure technologies have changed rapidly, and adversaries have adapted. Despite the novelty of attack surface, insider threats still remain relevant, and prevention alone is not enough to manage the risk posed to the modern enterprise.
\n\nThis talk will explain the benefits of investing in a proactive approach to the security of your Kubernetes clusters through collaborative purple teams, and will provide a comprehensive guide for doing so – as informed by our latest research and experience in running attack simulations against large enterprises. Attendees will get up to speed with Kubernetes security monitoring concepts and will take away key advice for planning and executing successful attack detection exercises against containerized environments.
\n\nSpeakerBio: Leo Tsaousis, Senior Security Consultant at WithSecure
\nLeo is a Senior Security Consultant at WithSecure where he leads the Attack Path Mapping service. His current role involves planning and conducting collaborative offensive security assessments for large organizations, while building the team globally and pushing the boundaries of threat simulation.
\n\nAfter a brief stint on the defensive side, he returned to consulting with a mission to help SOC teams of all sizes develop their detective capability. To this end, he has been designing and leading purple team exercises for WithSecure’s clients.
\n\nHis passion for technical research has occasionally led to the discovery of vulnerabilities in products which were assigned CVE IDs and presented at security conferences like ROOTCON and BSides. In his free time, Leo volunteers his skills and experience to help NGOs across the world address their cyber security needs.
\n\n\n\'',NULL,614645),('4_Sunday','12','12:00','12:30','N','BHV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'3DU: Homo (e)x Machina\'','\'Lacey Harbour\'','BHV_4d59e91ca02e0ef44fee3c476c2aaa20','\'Title: 3DU: Homo (e)x Machina
\nWhen: Sunday, Aug 11, 12:00 - 12:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nThe future of healthcare is precise, personalized, and involves point of care with a wide variety of applications. Each application has its own unique set of challenges that change based on risk and the stakeholders’ perspective. Foreseeing these challenges, in 2021 FDA issued the discussion paper 3D Printing Medical Devices at the Point of Care to expound upon pertinent challenges and request stakeholder feedback. Within this paper, the concept of the 3D Printing medical device production system (MDPS) as a medical device was presented. In this session, we will investigate the concept of the MDPS from the perspective of different stakeholders, the necessity of AI to make this in-hospital MDPS POC solution a reality, and the unique relationship the MDM and HDO must have to support the MDPS.
\n\nSpeakerBio: Lacey Harbour
\nLacey is an AI enabler for healthcare. Lacey has been published on standards and guidances around AI and 3D printing at the point of care and is a globally recognized speaker. She is a strategic committee member and leader within the AI-Global Health Initiative (AI-GHI).
\n\n\n\'',NULL,614646),('4_Sunday','12','12:00','12:59','N','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Anyone can hack IoT - a beginner’s guide to hacking your first IoT device\'','\'Andrew \"DigitalAndrew\" Bellini\'','IOTV_73ab2d17ddc4ffaa62a0a8c30155d662','\'Title: Anyone can hack IoT - a beginner’s guide to hacking your first IoT device
\nWhen: Sunday, Aug 11, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nYes, anyone can hack IoT devices and I’ll show you how! It doesn’t matter if you’re an experienced pen tester in other fields, completely new to cybersecurity or just IoT curious, by the end of this talk you’ll have the knowledge to hack your first device. You might be thinking - but I thought IoT was complicated, required knowledge of hardware, and expensive tools. In this talk, I’m here to dispel those myths by directly showing you the methodology, tools and tactics you can use to go and hack an IoT device today (or maybe when you get home). I’ll cover what IoT devices are best for beginners, what tools you need (and don’t need), how to build a small toolkit for <$100, common tactics to get a foothold into IoT devices and how to find your first vulnerability or bug.
\n\nSpeakerBio: Andrew \"DigitalAndrew\" Bellini, Instructor at TCM
\nAndrew Bellini, also known as DigitalAndrew, is an electrical engineer by trade with a bachelor\'s degree in electrical engineering and a licensed Professional Engineer in Ontario, Canada. He is the creator of TCM Security’s Beginner’s Guide to IoT and Hardware Hacking course and Practical Junior IoT Tester certification. While his background and most of his career are in electrical engineering, Andrew is also an avid and passionate ethical hacker! In addition to being an instructor at TCM, he is also a longtime student and credits their quality courses helping him transition his career into cybersecurity. Including his love for all things ethical hacking, cybersecurity, CTFs and tech, he\'s also a dad, plays guitar and is very passionate about the outdoors and fishing!
\n\n\n\'',NULL,614647),('2_Friday','12','12:00','12:59','N','PHV','LVCC West/Floor 2/W222-Creator Stage 4','\'The Curious Case of Alice and Bob: What You Can (And Cannot!) Do as Digital Investigators\'','\'Catherine J. Ullman\'','PHV_094b802bb80f697a55c4504b24e690c2','\'Title: The Curious Case of Alice and Bob: What You Can (And Cannot!) Do as Digital Investigators
\nWhen: Friday, Aug 9, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nThe game is afoot! The curious case of Alice and Bob will explore beyond the surface of technical know-how. Attendees will navigate the intricate labyrinth of digital investigation, learning not just \'where\' to seek digital clues – perhaps hidden in the registry – but crucially, \'why\' these details matter and \'how\' they fit into the larger puzzle of our investigation. Join me on a narrative adventure illuminating the practical use of tools in a real-world scenario. For both seasoned and aspiring digital sleuths, this talk aims to sharpen investigative skills, setting or recalibrating your expectations of what digital forensics can realistically achieve.
\n\nSpeakerBio: Catherine J. Ullman, Principle Technology Architect, Security at University at Buffalo
\nDr. Catherine J. Ullman is a security researcher, speaker, author, and Principal Technology Architect, Security, at the University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a digital forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness among faculty and staff which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at numerous information security conferences including DEF CON and Blue Team Con. Cathy is a contributor to the O’Reilly title 97 Things Every Information Professional Should Know and the author of the Wiley title The Active Defender. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo Zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.
\n\n\n\'',NULL,614648),('4_Sunday','12','12:00','12:30','N','ASV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'The Interplay between Safety and Security in Aviation Systems\'','\'Lillian Ash Baker\'','ASV_b33411b25af267997ef4379a8eb3845b','\'Title: The Interplay between Safety and Security in Aviation Systems
\nWhen: Sunday, Aug 11, 12:00 - 12:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nSafety has been at the forefront of Civil Aviation since the formalization of DO-178, Software Considerations in Airborne Systems and Equipment Certification, in 1981. However, times have changed since then and we live in a world with seemingly limitless connectivity. DO-356A, Airworthiness Security Methods and Considerations, forms the cybersecurity bedrock in which aviation systems are designed and implemented. In this talk, participants will learn about how Safety and Security is applied to system design and how they interact with one another. Design Assurance Levels (DAL) and Security Assurance Levels (SAL) concepts are presented and explained what their purpose is. This talk is designed to appeal to the general cybersecurity community by introducing fundamentals of Safety analyses and discussing how Safety and Security interact with one another.
\n\nThis talk will first touch upon fundamental documents that form the Certification basis for System Development (ARP4754B), System Safety (ARP4761A), and Security Considerations (DO-356A). From there, it walk through pieces that form a safety analysis and Design Assurance Level (DAL), walk through a system architecture under consideration, and learn about how Safety and requirements in a system can be used to inform the Threat Model for the system. From there, we end with a discussion on how Security Mitigations are assigned Security Assurance Level (SAL) and what this means for developers.
\n\nSpeakerBio: Lillian Ash Baker, Product Security Engineer at The Boeing Company/Wisk Aero
\nLillian Ash Baker (aka Zap!) is a Sr. Product Security Engineer with The Boeing Company and Wisk Aero, securing the next generation of civil aviation aircraft. She is responsible for driving cybersecurity requirements across the entire aircraft ecosystem and maintaining DO-356/326 compliance. Prior to their time in Product Security, Lily was at Collins Aerospace for 15 years, responsible for the development, test, manufacturing, and integration of civil avionics equipment with a focus on Navigation and Inertial Systems. They have dealt with civil avionics certification to ARP-4754A, DO-160, DO-178, D…Ok, you get the idea. From particle accelerators to inertial flight testing, Lily has plenty Certified Scars and their stories to tell. When not designing aircraft, she volunteers as the CFP Organizer at the Aerospace Village.
\n\n\n\'',NULL,614649),('4_Sunday','12','12:30','12:59','N','IOTV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Finding 0days in Vilo Home Routers\'','\'Ava Petersen,Justin Mott\'','IOTV_e883a6ae53ce9f84f11bcb492cdc1672','\'Title: Finding 0days in Vilo Home Routers
\nWhen: Sunday, Aug 11, 12:30 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nFrom January to May 2024, a team of student researchers at Brigham Young University looked for 0days in a consumer-grade home router made by Vilo Living. By April 2024, they had found 9 zero days, 6 of which were critical. This presentation covers the process they went through from initial reconnaissance to hardware hacking to finding buffer overflows to reporting the bugs to the organization. Outline: Initial recon - OSINT on the company, previous vulnerabilities released (none), and black-box interactions with network services on the LAN Hardware hacking - identifying chips on the board, connecting to the UART interface, deciphering boot up info, dumping the flash memory (didn’t work), and observing reads/writes by the CPU to flash memory to obtain the firmware Cloud enumeration - discovering the AWS S3 buckets and IoT infrastructure, tracing cloud interactions (authenticating to the router remotely, retrieving MQTT certificates, etc.) Firmware enumeration - kernel + libc version, arch, how to emulate binaries on an x86 machine, compiling code to run on the router, what binary does what, etc. Vulnerability discovery - finishing reversing custom TCP protocol for mobile app->router interactions, searching for stack overflows, lack of authentication, command injection (and accidentally bricking 3 routers), info leaks, reviewing the 9 vulnerabilities we discovered, weaponizing and chaining some of the vulnerabilities, etc. Vendor disclosure - difficulty contacting the vendor in May 2024 with vulnerability details (they were almost dead), how the disclosure process went, filing for CVEs in June, publishing vuln details in August Conclusion - how stupid easy it is to hack IoT devices, how IoT vendors treat security issues, where future research can focus
\n\nSpeakers:Ava Petersen,Justin Mott
\n
\nSpeakerBio: Ava Petersen, Student at Brigham Young University (BYU)
\nI\'m Ava Petersen, a student at Brigham Young University pursuing an undergraduate degree in cybersecurity. I am extremely passionate about my field of study, and I love the fast-paced and creative aspect of the field which keeps me on my feet and encourages thinking outside the box to solve (or find) problems. Whether through my competitions, research, or work, I am always being challenged in new and exciting ways. You’ll find me everywhere in the cybersecurity competition space under the handle “deltabluejay” and on the BYU Cyberia team.
\n\nSpeakerBio: Justin Mott, Grad Student at Brigham Young University (BYU)
\nJustin Mott is a grad student at BYU researching IoT security and adversary emulation. He graduated with a Bachelor\'s in Cybersecurity at BYU in 2023. His hobbies include CTFs, TCGs and spending time with his family.
\n\n\n\'',NULL,614650),('4_Sunday','13','13:00','13:30','N','CPV','LVCC West/Floor 2/W222-Creator Stage 4','\'Wu-Tang is for the Children: How States Laws Intended to Protect Children Raise Other Privacy and Legal Risks\'','\'Anthony Hendricks\'','CPV_e98912c54a26cfadcb346f516d12a4a4','\'Title: Wu-Tang is for the Children: How States Laws Intended to Protect Children Raise Other Privacy and Legal Risks
\nWhen: Sunday, Aug 11, 13:00 - 13:30 PDT
\nWhere: LVCC West/Floor 2/W222-Creator Stage 4 - Map
\n
\nDescription:
\nOn February 25, 1998, hip-hop group the Wu-Tang Clan made Grammy history… for all the wrong reasons. After losing in the Rap Album of the Year category, Wu-Tang member ODB stormed the stage, interrupting an acceptance speech to declare the now infamous phrase “Wu-Tang is for the children.” Anyone who has heard a song from Wu-Tang knows that despite ODB’s insistence, it is certainly not true. It appears that States may be taking this same approach when it comes to children\'s privacy and safety online. Despite these laws being for the protection of children, they often raise other unintended consequences. State legislatures around the country are debating new laws to protect children online. This year, Tennessee, Maryland, Virginia, Georgia, Utah, and Florida have passed legislation focused on children\'s privacy, usually through restrictions on social media use. While privacy advocates have championed these laws, they have been met with criticism and, in some instances, legal challenges. This is because in order to implement laws that apply to kids online, companies have to identify which users are kids—which requires the collection of sensitive personal information. Along with this privacy tension, there are First Amendment protection concerns that these laws limit online speech. This presentation will explore how youth privacy laws may not be protecting children in the ways that we hope by first discussing the attempts made by states to address youth privacy. Then, analyzing the unintended privacy consequences, focusing on how states are required to collect sensitive information that we are often trying to protect. Next, we will examine the First Amendment concerns using the example of the challenges to California’s Age Appropriate Design Code Act before finally discussing a path forward to protecting children.
\n\nSpeakerBio: Anthony Hendricks, Litigator at Crowe & Dunlevy
\nAnthony Hendricks is a legal problem solver and litigator at Crowe & Dunlevy, one of Oklahoma’s largest and oldest firms. At Crowe & Dunlevy, Anthony serves as founder and chair of the firm’s Cybersecurity and Data Privacy Practice Group. His legal practice focuses on data privacy compliance, regulatory enforcement and permitting, and other “bet-the-company” suits in the areas of cybersecurity, privacy, and other complex business litigation. Anthony is an adjunct professor who teaches Cybersecurity Law and Information Privacy courses at Oklahoma City University School of Law. He also hosts “Nothing About You Says Computer Technology,” a podcast on cybersecurity and data privacy viewed through the lens of diverse voices. Anthony has been nationally recognized for his legal skills. He has been selected as a member of the Lawyers of Color Hot List, a 40 under 40 attorney by the National Association of Black Lawyers, Oklahoma Magazine 40 under 40, and the Journal Record 40 under 40, and is listed by both Super Lawyers Magazine and Best Lawyers. Anthony is a former cybersecurity policy fellow in New America’s Cybersecurity Initiative. To learn more about Anthony’s current projects, upcoming speaking events or listen to the latest episodes of his podcast, visit www.anthonyjhendricks.com
\n\n\n\'',NULL,614651),('4_Sunday','12','12:30','12:59','N','ASV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Behind the Badge: How we used and abused hardware to create the AV badge for DC32\'','\'Adam Batori,Robert Pafford\'','ASV_8ab5067747e0311dc34d0a2bae07300a','\'Title: Behind the Badge: How we used and abused hardware to create the AV badge for DC32
\nWhen: Sunday, Aug 11, 12:30 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nADS-B aircraft tracking has long been done with Raspberry Pi’s and SDRs. We set out to build our own receiver from the ground up, but without resorting to expensive and power-hungry SDR chips. Join us for a behind-the-scenes look as we walk through how we were able to (ab)use hardware to squeeze an entire Linux system, custom signal processing chain, and map visualizer into a chip that costs less than most microcontrollers.
\n\nSpeakers:Adam Batori,Robert Pafford
\n
\nSpeakerBio: Adam Batori
\nNo BIO available
\nSpeakerBio: Robert Pafford
\nRobert Pafford graduated summa cum laude from The Ohio State University with a B.S. in Electrical and Computer Engineering this past May. During his time there, he was an avid participant in Ohio State’s Underwater Robotics Team, leading the team to top placement in an international autonomous underwater vehicle competition where he led the design of the vehicle’s next generation electronics system. Robert\'s passion for problem-solving and cutting-edge technology led him into reverse engineering, where, starting this fall, he will work as an Associate Engineer at STR, a national-security focused technology firm.
\n\n\n\'',NULL,614652),('3_Saturday','17','17:00','17:59','N','BBV','LVCC West/Floor 1/Hall 4/Creator Stage 3','\'Top War Stories from a TryHard Bug Bounty Hunter\'','\'Justin \"Rhynorater\" Gardner\'','BBV_9cb765711a7c40957bc56f09c547415f','\'Title: Top War Stories from a TryHard Bug Bounty Hunter
\nWhen: Saturday, Aug 10, 17:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/Creator Stage 3 - Map
\n
\nDescription:
\nAsk any top bug bounty hunter: the best part of a live hacking event is the Show & Tell; the time when the veil is lifted and we collectively revel in the ingenuity of the best finds from the competition. The goal of this talk is to give you that same experience. I will speak to you as the competent hackers that you are, not withholding the nitty-gritty technical details and the Ls along the way. Together, we’ll journey through the highs and the lows of my hunts, both solo and in a Live Hacking Event context. You’ll see everything from RCE to SQL injection, mass PII leakage to spying on people’s homes and workplaces. You’ll find some bugs mind-numbingly simple, and some bugs mind-bogglingly complex. Each bug in this talk was assigned the highest severity possible, and awarded somewhere between $10k-$60k in bounties.
\n\n\n\nSpeakerBio: Justin \"Rhynorater\" Gardner, Host at Critical Thinking - Bug Bounty Podcast
\nYo! I\'m Justin Gardner - a full-time bug bounty hunter out of Richmond, VA. I also host the Critical Thinking - Bug Bounty Podcast and advise for Caido - the latest and greatest HTTP proxy.
\n\nI\'m an active member of the HackerOne live hacking event circuit (the medium through which I do most of my bug bounties) and have placed top 5 in most of the live hacking events I\'ve attended for the past couple years. Web hacking is my sh*t, but I love all types of hacking.
\n\nOutside of hacking, I love volleyball, I love Jesus, and I love startups. Those, with a healthy dose of family and friends, keep all my free time on lock.
\n\n\n\'',NULL,614653),('1_Thursday','16','16:00','19:59','N','DDV','LVCC West/Floor 2/W225','\'DDV starts accepting drives for duplication\'','\'\'','DDV_3fd4bc5404cb85a3623160a5c630576f','\'Title: DDV starts accepting drives for duplication
\nWhen: Thursday, Aug 8, 16:00 - 19:59 PDT
\nWhere: LVCC West/Floor 2/W225 - Map
\n
\nDescription:
\nWe start taking drives at 4: 00pm local time on Thursday - possibly a little earlier. We\'ll keep accepting drives until we reach capacity (usually late Friday or early Saturday). Then we copy and copy all the things until we just can\'t copy any more - first come, first served. Don\'t forget - some require 8TB drives now. We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.
\n\nAbout Us
\n\nThe Data Duplication Village has all the updated bits and bytes available from infocon.org packed up into nice, neat packages. If you\'re looking for a copy of all the things, we\'ve got what you need to fill up all your storage including a few nice hash tables and all of the DefCon talks. Add to that just about every other security con talk known to hacker-kind! Our village provides a \"free-to-you\" service of direct access to terabytes of useful data to help build those hacking skills and talk with other storage enthusiasts.
\n\nCheck the schedule and/or dcddv.org for the most up-to-date information.
\n\nHow It Works
\n\nThe DDV provides a core set of drive duplicators and data content options. We accept 8TB and larger drives on a first come, first served basis and duplicate \'till we can no longer see straight. Bring in your blank SATA3 drives - check them in early - to get the data you want. Come back in about 24 hours to pick up your data-packed drive. Space allowing, we\'ll accept drives all the way through until Saturday morning - but remember, it\'s FIFO - get those drives in early!
\n\nWhat You Get
\n\nWe\'re working on more content right up until the last minute so keep checking on dcddv.org for the latest. This year, we\'re adding new data to duplicate! Humans will be able to choose from the following data sources for duplication:
\n\n\n- A) Infocon.org Archive - 6TB archive of all the past hacking convention videos that DT could find, built on last years collection and always adding more for your data consuming appetite.
\n- B) Rainbow tables 1 of 3 - 6TB from freerainbowtables.com, the Lanman, MSQLSHA1, and NTLM hash tables plus freerainbowtables.com tools
\n- C) Rainbow tables 2 of 3 - 6TB from freerainbowtables.com, the A5/1 GSM, and MD5 tables plus freerainbowtables.com tools
\n- D) Vx Underground Archive - 8TB archive of the latest papers, samples, and code from Vx Underground
\n- E) Rainbow tables 3 of 3 - 8TB of New NTLM-9 hash tables and a copy of the Infocon.org mirrors
\n
\n\n\'',NULL,614654),('1_Thursday','17','16:00','19:59','Y','DDV','LVCC West/Floor 2/W225','\'DDV starts accepting drives for duplication\'','\'\'','DDV_3fd4bc5404cb85a3623160a5c630576f','\'\'',NULL,614655),('1_Thursday','18','16:00','19:59','Y','DDV','LVCC West/Floor 2/W225','\'DDV starts accepting drives for duplication\'','\'\'','DDV_3fd4bc5404cb85a3623160a5c630576f','\'\'',NULL,614656),('1_Thursday','19','16:00','19:59','Y','DDV','LVCC West/Floor 2/W225','\'DDV starts accepting drives for duplication\'','\'\'','DDV_3fd4bc5404cb85a3623160a5c630576f','\'\'',NULL,614657),('3_Saturday','10','10:00','16:59','N','DDV','LVCC West/Floor 2/W225','\'DDV open and accepting drives for duplication\'','\'\'','DDV_9cdf24326e432b21befbdaa6efbb7973','\'Title: DDV open and accepting drives for duplication
\nWhen: Saturday, Aug 10, 10:00 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W225 - Map
\n
\nDescription:
\nWe reopen at 10: 00am and accept drives until we reach capacity (usually late Friday or early Saturday). Then we copy and copy all the things until we just can\'t copy any more - first come, first served. Don\'t forget - some require 8TB drives now. We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.
\n\nAbout Us
\n\nThe Data Duplication Village has all the updated bits and bytes available from infocon.org packed up into nice, neat packages. If you\'re looking for a copy of all the things, we\'ve got what you need to fill up all your storage including a few nice hash tables and all of the DefCon talks. Add to that just about every other security con talk known to hacker-kind! Our village provides a \"free-to-you\" service of direct access to terabytes of useful data to help build those hacking skills and talk with other storage enthusiasts.
\n\nCheck the schedule and/or dcddv.org for the most up-to-date information.
\n\nHow It Works
\n\nThe DDV provides a core set of drive duplicators and data content options. We accept 8TB and larger drives on a first come, first served basis and duplicate \'till we can no longer see straight. Bring in your blank SATA3 drives - check them in early - to get the data you want. Come back in about 24 hours to pick up your data-packed drive. Space allowing, we\'ll accept drives all the way through until Saturday morning - but remember, it\'s FIFO - get those drives in early!
\n\nWhat You Get
\n\nWe\'re working on more content right up until the last minute so keep checking on dcddv.org for the latest. This year, we\'re adding new data to duplicate! Humans will be able to choose from the following data sources for duplication:
\n\n\n- A) Infocon.org Archive - 6TB archive of all the past hacking convention videos that DT could find, built on last years collection and always adding more for your data consuming appetite.
\n- B) Rainbow tables 1 of 3 - 6TB from freerainbowtables.com, the Lanman, MSQLSHA1, and NTLM hash tables plus freerainbowtables.com tools
\n- C) Rainbow tables 2 of 3 - 6TB from freerainbowtables.com, the A5/1 GSM, and MD5 tables plus freerainbowtables.com tools
\n- D) Vx Underground Archive - 8TB archive of the latest papers, samples, and code from Vx Underground
\n- E) Rainbow tables 3 of 3 - 8TB of New NTLM-9 hash tables and a copy of the Infocon.org mirrors
\n
\n\n\'',NULL,614658),('3_Saturday','11','10:00','16:59','Y','DDV','LVCC West/Floor 2/W225','\'DDV open and accepting drives for duplication\'','\'\'','DDV_9cdf24326e432b21befbdaa6efbb7973','\'\'',NULL,614659),('3_Saturday','12','10:00','16:59','Y','DDV','LVCC West/Floor 2/W225','\'DDV open and accepting drives for duplication\'','\'\'','DDV_9cdf24326e432b21befbdaa6efbb7973','\'\'',NULL,614660),('3_Saturday','13','10:00','16:59','Y','DDV','LVCC West/Floor 2/W225','\'DDV open and accepting drives for duplication\'','\'\'','DDV_9cdf24326e432b21befbdaa6efbb7973','\'\'',NULL,614661),('3_Saturday','14','10:00','16:59','Y','DDV','LVCC West/Floor 2/W225','\'DDV open and accepting drives for duplication\'','\'\'','DDV_9cdf24326e432b21befbdaa6efbb7973','\'\'',NULL,614662),('3_Saturday','15','10:00','16:59','Y','DDV','LVCC West/Floor 2/W225','\'DDV open and accepting drives for duplication\'','\'\'','DDV_9cdf24326e432b21befbdaa6efbb7973','\'\'',NULL,614663),('3_Saturday','16','10:00','16:59','Y','DDV','LVCC West/Floor 2/W225','\'DDV open and accepting drives for duplication\'','\'\'','DDV_9cdf24326e432b21befbdaa6efbb7973','\'\'',NULL,614664),('2_Friday','10','10:00','16:59','N','DDV','LVCC West/Floor 2/W225','\'DDV open and accepting drives for duplication\'','\'\'','DDV_740db1925eb9e32b29d86f84809c40bf','\'Title: DDV open and accepting drives for duplication
\nWhen: Friday, Aug 9, 10:00 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W225 - Map
\n
\nDescription:
\nWe reopen at 10: 00am and accept drives until we reach capacity (usually late Friday or early Saturday). Then we copy and copy all the things until we just can\'t copy any more - first come, first served. Don\'t forget - some require 8TB drives now. We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.
\n\nAbout Us
\n\nThe Data Duplication Village has all the updated bits and bytes available from infocon.org packed up into nice, neat packages. If you\'re looking for a copy of all the things, we\'ve got what you need to fill up all your storage including a few nice hash tables and all of the DefCon talks. Add to that just about every other security con talk known to hacker-kind! Our village provides a \"free-to-you\" service of direct access to terabytes of useful data to help build those hacking skills and talk with other storage enthusiasts.
\n\nCheck the schedule and/or dcddv.org for the most up-to-date information.
\n\nHow It Works
\n\nThe DDV provides a core set of drive duplicators and data content options. We accept 8TB and larger drives on a first come, first served basis and duplicate \'till we can no longer see straight. Bring in your blank SATA3 drives - check them in early - to get the data you want. Come back in about 24 hours to pick up your data-packed drive. Space allowing, we\'ll accept drives all the way through until Saturday morning - but remember, it\'s FIFO - get those drives in early!
\n\nWhat You Get
\n\nWe\'re working on more content right up until the last minute so keep checking on dcddv.org for the latest. This year, we\'re adding new data to duplicate! Humans will be able to choose from the following data sources for duplication:
\n\n\n- A) Infocon.org Archive - 6TB archive of all the past hacking convention videos that DT could find, built on last years collection and always adding more for your data consuming appetite.
\n- B) Rainbow tables 1 of 3 - 6TB from freerainbowtables.com, the Lanman, MSQLSHA1, and NTLM hash tables plus freerainbowtables.com tools
\n- C) Rainbow tables 2 of 3 - 6TB from freerainbowtables.com, the A5/1 GSM, and MD5 tables plus freerainbowtables.com tools
\n- D) Vx Underground Archive - 8TB archive of the latest papers, samples, and code from Vx Underground
\n- E) Rainbow tables 3 of 3 - 8TB of New NTLM-9 hash tables and a copy of the Infocon.org mirrors
\n
\n\n\'',NULL,614665),('2_Friday','11','10:00','16:59','Y','DDV','LVCC West/Floor 2/W225','\'DDV open and accepting drives for duplication\'','\'\'','DDV_740db1925eb9e32b29d86f84809c40bf','\'\'',NULL,614666),('2_Friday','12','10:00','16:59','Y','DDV','LVCC West/Floor 2/W225','\'DDV open and accepting drives for duplication\'','\'\'','DDV_740db1925eb9e32b29d86f84809c40bf','\'\'',NULL,614667),('2_Friday','13','10:00','16:59','Y','DDV','LVCC West/Floor 2/W225','\'DDV open and accepting drives for duplication\'','\'\'','DDV_740db1925eb9e32b29d86f84809c40bf','\'\'',NULL,614668),('2_Friday','14','10:00','16:59','Y','DDV','LVCC West/Floor 2/W225','\'DDV open and accepting drives for duplication\'','\'\'','DDV_740db1925eb9e32b29d86f84809c40bf','\'\'',NULL,614669),('2_Friday','15','10:00','16:59','Y','DDV','LVCC West/Floor 2/W225','\'DDV open and accepting drives for duplication\'','\'\'','DDV_740db1925eb9e32b29d86f84809c40bf','\'\'',NULL,614670),('2_Friday','16','10:00','16:59','Y','DDV','LVCC West/Floor 2/W225','\'DDV open and accepting drives for duplication\'','\'\'','DDV_740db1925eb9e32b29d86f84809c40bf','\'\'',NULL,614671),('4_Sunday','10','10:00','10:59','N','DDV','LVCC West/Floor 2/W225','\'Last chance to pick up drives at the DDV\'','\'\'','DDV_85ef229fcab9649c599792f20a63189b','\'Title: Last chance to pick up drives at the DDV
\nWhen: Sunday, Aug 11, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 2/W225 - Map
\n
\nDescription:
\nThis is your last chance to pickup your drives whether they\'re finished or not. Get here between 10:00am and 11:00am on Sunday as any drives left behind are considered donations.
\n\n\'',NULL,614672),('3_Saturday','10','10:00','17:59','N','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_90d769969c329133369b346f6c0ec6fd','\'Title: Egor\'s Keyboard Corner
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nKeyboard Corner hosts typing challenges that test the speed and accuracy of attendees\' typing skills on various keyboards. Participants can compete for high scores and bragging rights in a friendly and competitive setting. This activity adds an element of fun and excitement to the conference while highlighting the importance of efficient typing in cybersecurity.
\n\n\'',NULL,614673),('3_Saturday','11','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_90d769969c329133369b346f6c0ec6fd','\'\'',NULL,614674),('3_Saturday','12','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_90d769969c329133369b346f6c0ec6fd','\'\'',NULL,614675),('3_Saturday','13','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_90d769969c329133369b346f6c0ec6fd','\'\'',NULL,614676),('3_Saturday','14','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_90d769969c329133369b346f6c0ec6fd','\'\'',NULL,614677),('3_Saturday','15','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_90d769969c329133369b346f6c0ec6fd','\'\'',NULL,614678),('3_Saturday','16','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_90d769969c329133369b346f6c0ec6fd','\'\'',NULL,614679),('3_Saturday','17','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_90d769969c329133369b346f6c0ec6fd','\'\'',NULL,614680),('4_Sunday','10','10:00','11:59','N','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_dd4a8315fdc7fcdb6ef613ede63127fe','\'Title: Egor\'s Keyboard Corner
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nKeyboard Corner hosts typing challenges that test the speed and accuracy of attendees\' typing skills on various keyboards. Participants can compete for high scores and bragging rights in a friendly and competitive setting. This activity adds an element of fun and excitement to the conference while highlighting the importance of efficient typing in cybersecurity.
\n\n\'',NULL,614681),('4_Sunday','11','10:00','11:59','Y','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_dd4a8315fdc7fcdb6ef613ede63127fe','\'\'',NULL,614682),('2_Friday','10','10:00','17:59','N','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_1a40c5440b8ae4abd6b50c989c81d2d3','\'Title: Egor\'s Keyboard Corner
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nKeyboard Corner hosts typing challenges that test the speed and accuracy of attendees\' typing skills on various keyboards. Participants can compete for high scores and bragging rights in a friendly and competitive setting. This activity adds an element of fun and excitement to the conference while highlighting the importance of efficient typing in cybersecurity.
\n\n\'',NULL,614683),('2_Friday','11','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_1a40c5440b8ae4abd6b50c989c81d2d3','\'\'',NULL,614684),('2_Friday','12','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_1a40c5440b8ae4abd6b50c989c81d2d3','\'\'',NULL,614685),('2_Friday','13','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_1a40c5440b8ae4abd6b50c989c81d2d3','\'\'',NULL,614686),('2_Friday','14','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_1a40c5440b8ae4abd6b50c989c81d2d3','\'\'',NULL,614687),('2_Friday','15','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_1a40c5440b8ae4abd6b50c989c81d2d3','\'\'',NULL,614688),('2_Friday','16','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_1a40c5440b8ae4abd6b50c989c81d2d3','\'\'',NULL,614689),('2_Friday','17','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Egor\'s Keyboard Corner\'','\'\'','MISC_1a40c5440b8ae4abd6b50c989c81d2d3','\'\'',NULL,614690),('4_Sunday','10','10:00','11:59','N','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_2315b44e0392606fde638470e38d8c2b','\'Title: LHC\'s Unofficial Sticker Swap Table
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nThe Unofficial Sticker Swap is a casual and engaging activity where attendees can trade and collect unique stickers. This event fosters a sense of community and allows participants to showcase their creativity and personal style.
\n\n\'',NULL,614691),('4_Sunday','11','10:00','11:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_2315b44e0392606fde638470e38d8c2b','\'\'',NULL,614692),('2_Friday','10','10:00','17:59','N','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_72589b523ac23e9197ace398c491fd86','\'Title: LHC\'s Unofficial Sticker Swap Table
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nThe Unofficial Sticker Swap is a casual and engaging activity where attendees can trade and collect unique stickers. This event fosters a sense of community and allows participants to showcase their creativity and personal style.
\n\n\'',NULL,614693),('2_Friday','11','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_72589b523ac23e9197ace398c491fd86','\'\'',NULL,614694),('2_Friday','12','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_72589b523ac23e9197ace398c491fd86','\'\'',NULL,614695),('2_Friday','13','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_72589b523ac23e9197ace398c491fd86','\'\'',NULL,614696),('2_Friday','14','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_72589b523ac23e9197ace398c491fd86','\'\'',NULL,614697),('2_Friday','15','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_72589b523ac23e9197ace398c491fd86','\'\'',NULL,614698),('2_Friday','16','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_72589b523ac23e9197ace398c491fd86','\'\'',NULL,614699);
INSERT INTO `events` VALUES ('2_Friday','17','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_72589b523ac23e9197ace398c491fd86','\'\'',NULL,614700),('3_Saturday','10','10:00','17:59','N','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_4607fd91ea5056cd1b8eb56e8d5c6f91','\'Title: LHC\'s Unofficial Sticker Swap Table
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nThe Unofficial Sticker Swap is a casual and engaging activity where attendees can trade and collect unique stickers. This event fosters a sense of community and allows participants to showcase their creativity and personal style.
\n\n\'',NULL,614701),('3_Saturday','11','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_4607fd91ea5056cd1b8eb56e8d5c6f91','\'\'',NULL,614702),('3_Saturday','12','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_4607fd91ea5056cd1b8eb56e8d5c6f91','\'\'',NULL,614703),('3_Saturday','13','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_4607fd91ea5056cd1b8eb56e8d5c6f91','\'\'',NULL,614704),('3_Saturday','14','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_4607fd91ea5056cd1b8eb56e8d5c6f91','\'\'',NULL,614705),('3_Saturday','15','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_4607fd91ea5056cd1b8eb56e8d5c6f91','\'\'',NULL,614706),('3_Saturday','16','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_4607fd91ea5056cd1b8eb56e8d5c6f91','\'\'',NULL,614707),('3_Saturday','17','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC\'s Unofficial Sticker Swap Table\'','\'\'','MISC_4607fd91ea5056cd1b8eb56e8d5c6f91','\'\'',NULL,614708),('2_Friday','10','10:00','17:59','N','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_0eddf0f7fbbd0a7ab55b617420859595','\'Title: Lonely Hackers Club Community Room Open
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\n\n\n\'',NULL,614709),('2_Friday','11','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_0eddf0f7fbbd0a7ab55b617420859595','\'\'',NULL,614710),('2_Friday','12','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_0eddf0f7fbbd0a7ab55b617420859595','\'\'',NULL,614711),('2_Friday','13','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_0eddf0f7fbbd0a7ab55b617420859595','\'\'',NULL,614712),('2_Friday','14','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_0eddf0f7fbbd0a7ab55b617420859595','\'\'',NULL,614713),('2_Friday','15','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_0eddf0f7fbbd0a7ab55b617420859595','\'\'',NULL,614714),('2_Friday','16','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_0eddf0f7fbbd0a7ab55b617420859595','\'\'',NULL,614715),('2_Friday','17','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_0eddf0f7fbbd0a7ab55b617420859595','\'\'',NULL,614716),('4_Sunday','10','10:00','12:59','N','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_01c78113e0cd85245854d8e287072151','\'Title: Lonely Hackers Club Community Room Open
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\n\n\n\'',NULL,614717),('4_Sunday','11','10:00','12:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_01c78113e0cd85245854d8e287072151','\'\'',NULL,614718),('4_Sunday','12','10:00','12:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_01c78113e0cd85245854d8e287072151','\'\'',NULL,614719),('3_Saturday','10','10:00','17:59','N','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_5a51f2d371ddbb30f4be7771f599f2e2','\'Title: Lonely Hackers Club Community Room Open
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\n\n\n\'',NULL,614720),('3_Saturday','11','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_5a51f2d371ddbb30f4be7771f599f2e2','\'\'',NULL,614721),('3_Saturday','12','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_5a51f2d371ddbb30f4be7771f599f2e2','\'\'',NULL,614722),('3_Saturday','13','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_5a51f2d371ddbb30f4be7771f599f2e2','\'\'',NULL,614723),('3_Saturday','14','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_5a51f2d371ddbb30f4be7771f599f2e2','\'\'',NULL,614724),('3_Saturday','15','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_5a51f2d371ddbb30f4be7771f599f2e2','\'\'',NULL,614725),('3_Saturday','16','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_5a51f2d371ddbb30f4be7771f599f2e2','\'\'',NULL,614726),('3_Saturday','17','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Lonely Hackers Club Community Room Open\'','\'\'','MISC_5a51f2d371ddbb30f4be7771f599f2e2','\'\'',NULL,614727),('2_Friday','10','10:00','12:59','N','MISC','LVCC West/Floor 2/W208','\'Resume Reviews\'','\'\'','MISC_4a160f1b3dd36a0a230cc2b31f2648b1','\'Title: Resume Reviews
\nWhen: Friday, Aug 9, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nResume Reviews offer attendees the opportunity to have their resumes critiqued by industry professionals. This activity provides personalized feedback and tips on how to improve resumes to stand out in the cybersecurity job market. It\'s a great way for participants to enhance their professional profiles and increase their chances of landing their desired roles.
\n\n\'',NULL,614728),('2_Friday','11','10:00','12:59','Y','MISC','LVCC West/Floor 2/W208','\'Resume Reviews\'','\'\'','MISC_4a160f1b3dd36a0a230cc2b31f2648b1','\'\'',NULL,614729),('2_Friday','12','10:00','12:59','Y','MISC','LVCC West/Floor 2/W208','\'Resume Reviews\'','\'\'','MISC_4a160f1b3dd36a0a230cc2b31f2648b1','\'\'',NULL,614730),('2_Friday','14','14:00','17:59','N','MISC','LVCC West/Floor 2/W208','\'Resume Reviews\'','\'\'','MISC_2bffde9cb970c2ccf10d82e5fc8e8471','\'Title: Resume Reviews
\nWhen: Friday, Aug 9, 14:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nResume Reviews offer attendees the opportunity to have their resumes critiqued by industry professionals. This activity provides personalized feedback and tips on how to improve resumes to stand out in the cybersecurity job market. It\'s a great way for participants to enhance their professional profiles and increase their chances of landing their desired roles.
\n\n\'',NULL,614731),('2_Friday','15','14:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Resume Reviews\'','\'\'','MISC_2bffde9cb970c2ccf10d82e5fc8e8471','\'\'',NULL,614732),('2_Friday','16','14:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Resume Reviews\'','\'\'','MISC_2bffde9cb970c2ccf10d82e5fc8e8471','\'\'',NULL,614733),('2_Friday','17','14:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Resume Reviews\'','\'\'','MISC_2bffde9cb970c2ccf10d82e5fc8e8471','\'\'',NULL,614734),('3_Saturday','14','14:00','17:59','N','MISC','LVCC West/Floor 2/W208','\'Resume Reviews\'','\'\'','MISC_4df74cf70facbc035fb8f5132b623f07','\'Title: Resume Reviews
\nWhen: Saturday, Aug 10, 14:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nResume Reviews offer attendees the opportunity to have their resumes critiqued by industry professionals. This activity provides personalized feedback and tips on how to improve resumes to stand out in the cybersecurity job market. It\'s a great way for participants to enhance their professional profiles and increase their chances of landing their desired roles.
\n\n\'',NULL,614735),('3_Saturday','15','14:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Resume Reviews\'','\'\'','MISC_4df74cf70facbc035fb8f5132b623f07','\'\'',NULL,614736),('3_Saturday','16','14:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Resume Reviews\'','\'\'','MISC_4df74cf70facbc035fb8f5132b623f07','\'\'',NULL,614737),('3_Saturday','17','14:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Resume Reviews\'','\'\'','MISC_4df74cf70facbc035fb8f5132b623f07','\'\'',NULL,614738),('3_Saturday','10','10:00','12:59','N','MISC','LVCC West/Floor 2/W208','\'Resume Reviews\'','\'\'','MISC_00a963e0abdbbbe845a957f95cbfd504','\'Title: Resume Reviews
\nWhen: Saturday, Aug 10, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nResume Reviews offer attendees the opportunity to have their resumes critiqued by industry professionals. This activity provides personalized feedback and tips on how to improve resumes to stand out in the cybersecurity job market. It\'s a great way for participants to enhance their professional profiles and increase their chances of landing their desired roles.
\n\n\'',NULL,614739),('3_Saturday','11','10:00','12:59','Y','MISC','LVCC West/Floor 2/W208','\'Resume Reviews\'','\'\'','MISC_00a963e0abdbbbe845a957f95cbfd504','\'\'',NULL,614740),('3_Saturday','12','10:00','12:59','Y','MISC','LVCC West/Floor 2/W208','\'Resume Reviews\'','\'\'','MISC_00a963e0abdbbbe845a957f95cbfd504','\'\'',NULL,614741),('3_Saturday','15','15:00','17:59','N','MISC','LVCC West/Floor 2/W208','\'Name the Noob\'','\'\'','MISC_880f658148837425ecfdc8d416b14333','\'Title: Name the Noob
\nWhen: Saturday, Aug 10, 15:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nName the Noob is a fun and interactive session where seasoned hackers create unique handles for new attendees. This activity helps newbies integrate into the hacking community and gives them a memorable start to their cybersecurity journey.
\n\n\'',NULL,614742),('3_Saturday','16','15:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Name the Noob\'','\'\'','MISC_880f658148837425ecfdc8d416b14333','\'\'',NULL,614743),('3_Saturday','17','15:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Name the Noob\'','\'\'','MISC_880f658148837425ecfdc8d416b14333','\'\'',NULL,614744),('2_Friday','16','16:00','17:59','N','MISC','LVCC West/Floor 2/W208','\'Name the Noob\'','\'\'','MISC_2c4df82dfc3d3cb504e6d8c5d2061f0a','\'Title: Name the Noob
\nWhen: Friday, Aug 9, 16:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nName the Noob is a fun and interactive session where seasoned hackers create unique handles for new attendees. This activity helps newbies integrate into the hacking community and gives them a memorable start to their cybersecurity journey.
\n\n\'',NULL,614745),('2_Friday','17','16:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'Name the Noob\'','\'\'','MISC_2c4df82dfc3d3cb504e6d8c5d2061f0a','\'\'',NULL,614746),('2_Friday','11','11:00','12:15','N','BBV','LVCC West/Floor 2/W215','\'Panel of Bug Bounty Community Leaders\'','\'Inti De Ceukelaire,Jessica Sexton,Ryan Rutan,Lucas Philippe,Michael \"codingo\" Skelton,Roni \"Lupin\" Carta\'','BBV_c375ffe935af2567c953d2ff7be18174','\'Title: Panel of Bug Bounty Community Leaders
\nWhen: Friday, Aug 9, 11:00 - 12:15 PDT
\nWhere: LVCC West/Floor 2/W215 - Map
\n
\nDescription:
\nJoin us for an engaging and insightful panel discussion at the Bug Bounty Village, where community leaders from four of the world\'s leading bug bounty platforms—HackerOne, Synack, YesWeHack, and Intigriti—come together to share their expertise and vision for the future of bug bounty programs. This panel, moderated by a prominent hacker from the community, will explore the latest trends, challenges, and innovations in the bug bounty space.
\n\nAttendees will gain valuable insights into how these platforms are evolving to meet the growing demands of cybersecurity, the strategies they employ to attract and retain top talent, and their perspectives on the impact of bug bounty programs on the broader security landscape. Through a crowdsourced Q&A session, community-driven questions will take center stage, allowing participants to delve into topics that matter most to them.
\n\nWhether you are a seasoned bug bounty hunter, a security professional, or someone new to the field, this panel offers a unique opportunity to learn from the leaders shaping the future of vulnerability disclosure and rewarding ethical hacking. Don\'t miss this chance to connect with industry pioneers and contribute to the dialogue that drives innovation and collaboration in cybersecurity.
\n\nSpeakers:Inti De Ceukelaire,Jessica Sexton,Ryan Rutan,Lucas Philippe,Michael \"codingo\" Skelton,Roni \"Lupin\" Carta
\n
\nSpeakerBio: Inti De Ceukelaire, Intigriti
\nInti De Ceukelaire is a Belgian ethical hacker and cybercrime investigator. He currently works as the Chief Hacker Officer at Europe’s largest vulnerability disclosure platform, Intigriti, a founding member of the Hacker Policy Council. With extensive experience in the field of security and ethical hacking, Inti has earned a reputation as a thought leader in the industry. His work and expertise have been featured in a variety of international publications, including the BBC, Wired, The Verge, CNET, Mashable, and New York Magazine.
\n\nSpeakerBio: Jessica Sexton, HackerOne
\nJessica Sexton, Sr. Director of Community at HackerOne, has significantly contributed over the past five years, leading the live hacking program and innovative initiatives like the Ambassador World Cup. She heads the Hacker Success Management team, focusing on retention, enablement, and growth of the hacker community. Before HackerOne, Jessica held roles in customer management and cybersecurity, honing her skills in strategy and growth. Her work inspires and energizes the HackerOne community, fostering a collaborative and inclusive environment.
\n\nSpeakerBio: Ryan Rutan, SynAck
\nAfter spending over a decade building online communities for tech savvy enterprises, Ryan has returned to his hacker roots as the Sr. Director, Community at the Synack Red Team. He is a long-time developer/maker at heart and technology innovator by trade, but his passion comes from uniting people, process and technology into sustainable community programs capable of scaling to meet any business challenge. In his spare time, he enjoys flexing his creativity by writing fiction novels (Fork This Life), hacking on IoT projects and furthering his cybersecurity knowledge through his programming, automation and integration talents cultivated over the past twenty years of his technical career.
\n\nSpeakerBio: Lucas Philippe, YesWeHack
\nBitK is a French Security Researcher, Bug Hunter, Member of the French CTF team The Flat Network Society and Tech Ambassador at YesWeHack. He has been doing CTF and bug bounty for over ten years with a specialty in web exploitation. He is also the author of multiple hacking tools like pwnfox, yesweburp, CTFNote and more.
\n\nSpeakerBio: Michael \"codingo\" Skelton, VP of Operations at Bugcrowd
\nPreviously a top 10 bounty hunter at Bugcrowd, now the VP of Operations overseeing triage, appeals, escalations, and the support team, also creating YouTube content at youtube.com/codingo and developing tools at github.com/codingo.
\n\nSpeakerBio: Roni \"Lupin\" Carta, Co-Founder at Lupin & Holmes
\nRoni Carta, a.k.a @Lupin, is a 22 years old ethical hacker. He left school and his virtual classes to devote himself full-time to hacking. He credits Maurice Leblanc\'s book \"Arsène Lupin\" with immersing him into the culture and mindset of ethical hacking.
\n\nRoni co-founded with his brother Lupin & Holmes, an offensive security Research & Development company
\n\n\n\'',NULL,614747),('2_Friday','12','11:00','12:15','Y','BBV','LVCC West/Floor 2/W215','\'Panel of Bug Bounty Community Leaders\'','\'Inti De Ceukelaire,Jessica Sexton,Ryan Rutan,Lucas Philippe,Michael \"codingo\" Skelton,Roni \"Lupin\" Carta\'','BBV_c375ffe935af2567c953d2ff7be18174','\'\'',NULL,614748),('3_Saturday','17','17:30','17:59','N','BBV','LVCC West/Floor 2/W215','\'Meet the PortSwigger Research team (Q/A)\'','\'Martin Doyhenard,James \"albinowax\" Kettle,Gareth Heyes\'','BBV_96fb144c203dc256aaeaba45f1b1235c','\'Title: Meet the PortSwigger Research team (Q/A)
\nWhen: Saturday, Aug 10, 17:30 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W215 - Map
\n
\nDescription:
\nMeet the minds behind a decade of acclaimed web security research. Whether you\'d like to query our thoughts on technical matters or career decisions, share something cool you\'ve found, flood us with Burp Suite feature requests, or simply say hi, this is your chance! We\'re also giving three presentations at DEF CON so if you\'d like to treat this as an extended Q&A for those, that\'s cool too. Please note this session may be chaotic.
\n\nSpeakers:Martin Doyhenard,James \"albinowax\" Kettle,Gareth Heyes
\n
\nSpeakerBio: Martin Doyhenard, Security Researcher at Portswigger
\nMartin Doyhenard is a Security Researcher at Portswigger, known for exploiting HTTP servers and web applications. Over the past few years he has presented his findings in multiple top security conferences including BlackHat, DEFCON, RSA, EkoParty, Hack in The Box and Troopers.
\n\nHis latest work includes discovering HTTP Response Smuggling techniques and exploiting SAP’s Inter-Process Communication service - compromising more than 200 thousand companies in the world.He’s also passionate about low level reverse engineering and testing his skills in online CTFs.
\n\nSpeakerBio: James \"albinowax\" Kettle, Director of Research at PortSwigger
\nJames \'albinowax\' Kettle is the Director of Research at PortSwigger, the makers of Burp Suite. He\'s best known for his HTTP Desync Attacks research, which popularised HTTP Request Smuggling. James has extensive experience cultivating novel attack techniques, including web cache poisoning, browser-powered desync attacks, server-side template injection, and password reset poisoning. James is also the author of multiple popular open-source tools including Param Miner, Turbo Intruder, and HTTP Request Smuggler. He is a frequent speaker at numerous prestigious venues including both Black Hat USA and EU, OWASP AppSec USA and EU, and DEF CON.
\n\nSpeakerBio: Gareth Heyes, Researcher at PortSwigger
\nPortSwigger researcher Gareth Heyes is probably best known for smashing the AngularJS sandbox to pieces and creating super-elegant XSS vectors. He is the author of JavaScript for hackers. In his daily life at PortSwigger, Gareth can often be found creating new XSS vectors, and researching new techniques to attack web applications. He has a keen interest in hacking CSS to do wonderful, unexpected things and can often be seen experimenting with 3D pure CSS rooms, games and taking markup languages to the limit on his website. He\'s also the author of PortSwigger\'s XSS Cheat Sheet. In his spare time, he loves writing new BApp extensions such as Hackvertor.
\n\n\n\'',NULL,614749),('2_Friday','10','10:00','10:59','N','BBV','LVCC West/Floor 2/W215','\'Caido Internals Deep-Dive\'','\'Emile Fugulin\'','BBV_c6e2911013076a40704b825fb0976657','\'Title: Caido Internals Deep-Dive
\nWhen: Friday, Aug 9, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 2/W215 - Map
\n
\nDescription:
\nGet a deep-dive into the more complex and powerful parts of Caido by its creators. We will cover various topics ranging from:\n- Using HttpQL at its full potential\n- Creating complex workflows and leveraging them in your day-to-day\n- Using the Caido GraphQL API to extend the tool\n- Building frontend plugins\n- And more!
\n\nWe will also be there to answer all your complex technical questions.
\n\nPre-Requisites:\n- Install Caido if you want to follow along.
\n\nSpeakerBio: Emile Fugulin, Caido
\nEmile was a freelance DevOps & backend developer for many years prior to starting Caido. He always had a passion for security, and working on Caido is the perfect combination of both!
\n\n\n\'',NULL,614750),('2_Friday','12','12:15','13:45','N','BBV','LVCC West/Floor 2/W215','\'A Zero to Hero Crash Course to Server-Side Request Forgery (SSRF)\'','\'Ben \"NahamSec\" Sadeghipour\'','BBV_d0b6be1763e9276a7ef181db5c225f4d','\'Title: A Zero to Hero Crash Course to Server-Side Request Forgery (SSRF)
\nWhen: Friday, Aug 9, 12:15 - 13:45 PDT
\nWhere: LVCC West/Floor 2/W215 - Map
\n
\nDescription:
\nServer-Side Request Forgery is now one of the most widely recognized and significant vulnerabilities that bug hunters should have in their arsenal. This interactive workshop covers basic exploitation of SSRF, as well as tackling more intricate vulnerabilities that involve chaining multiple exploits, a thorough comprehension of the target\'s infrastructure, and other advanced techniques.
\n\nPre-Prerequisites
\n\n\n- Basic understanding of web application hacking
\n- Knowledge of Web Proxies
\n- Working laptop
\n- Working WiFi (Will not be doable without access to a working WiFi)
\n- Caido (BurpSuite or similar works too!)
\n
\n\nSpeakerBio: Ben \"NahamSec\" Sadeghipour, Hacking Hub
\nBen Sadeghipour, also known as NahamSec, is an ethical hacker, content creator, and keynote speaker. With a passion for cybersecurity that began in his teenage years, Ben\'s professional journey as a bug bounty hunter took off in 2014. He has played a role in helping organizations identify and remediate thousands of security vulnerabilities across a wide range of web and mobile applications in tech giants such as Amazon, Apple, Google, Airbnb, Snapchat, Zoom, and even the US Department of Defense. Ben helps others learn ethical hacking, bug bounty hunting, and reconnaissance techniques. He has also created training materials and content for conferences such as OWASP, DEFCON, and BSides.
\n\n\n\'',NULL,614751),('2_Friday','13','12:15','13:45','Y','BBV','LVCC West/Floor 2/W215','\'A Zero to Hero Crash Course to Server-Side Request Forgery (SSRF)\'','\'Ben \"NahamSec\" Sadeghipour\'','BBV_d0b6be1763e9276a7ef181db5c225f4d','\'\'',NULL,614752),('2_Friday','14','14:00','14:59','N','BBV','LVCC West/Floor 2/W215','\'Why You Should Be Hunting on Web3 Bug Bounties\'','\'Gonçalo Marques Raposo de Magalhães\'','BBV_6803a900182db3d9d885f57fcb98276a','\'Title: Why You Should Be Hunting on Web3 Bug Bounties
\nWhen: Friday, Aug 9, 14:00 - 14:59 PDT
\nWhere: LVCC West/Floor 2/W215 - Map
\n
\nDescription:
\nThe presentation will feature a brief introduction to Web3 and Web3 bug bounties, notoriously some of the differences that the typical blockchain transparency brings in comparison to web2. Then we will explain what’s at stake in Web3. In traditional bug bounties, what\'s most often at stake is PII data, as well as critical infrastructure. In the blockchain world, money is at malicious actors\' finger tips - extremely large sums of money. We will go over some of the most notorious hacks that happened in Web3, and we will look at real blockchain data:
\n\n\n- The technical details of the exploit
\n- The money flows
\n- The out of this world messages sent in the negotiation process between the hackers and the hacked protocol. Yes, often this negotiation actually happens through transparent blockchain transactions.
\n
\n\nFinally, we will recreate some of the most iconic +$1M bounties and their proof of concepts. At least one will be on smart contracts, one will be on the blockchain stack and one on will be in novelty zero knowledge circuit technology.
\n\nSpeakerBio: Gonçalo Marques Raposo de Magalhães, Head of Security at Immunefi
\nAerospace engineer, turned embedded systems engineer, turned smart contract engineer. Currently Head of Security at Immunefi and Advanced Solidity and Blockchain teacher. Web3 security audits independently.
\n\n\n\'',NULL,614753),('2_Friday','15','15:00','16:30','N','BBV','LVCC West/Floor 2/W215','\'Prototype Pollution in Depth, From Beginner to 0-Day Hunter\'','\'Lucas Philippe\'','BBV_16a7a10122953f349a4cae8f5bbfa758','\'Title: Prototype Pollution in Depth, From Beginner to 0-Day Hunter
\nWhen: Friday, Aug 9, 15:00 - 16:30 PDT
\nWhere: LVCC West/Floor 2/W215 - Map
\n
\nDescription:
\nPrototype pollution is a vulnerability in JavaScript applications that can have varying impacts depending on the complexity and nature of the affected app. By manipulating an object\'s prototype chain, an attacker can introduce malicious properties, leading to unexpected behavior and potentially allowing the attacker to execute arbitrary code.\nIn this workshop, we will first try to understand the subtleties of the Javascript prototype chain. Then, we will explore different techniques for black box detection. Finally, we will use pp-finder to find new RCE gadgets in popular libraries.
\n\nPre-Requisites:\n- Attendees are expect to have basic Javascript knowledge and have a computer with docker ready
\n\nSpeakerBio: Lucas Philippe, YesWeHack
\nBitK is a French Security Researcher, Bug Hunter, Member of the French CTF team The Flat Network Society and Tech Ambassador at YesWeHack. He has been doing CTF and bug bounty for over ten years with a specialty in web exploitation. He is also the author of multiple hacking tools like pwnfox, yesweburp, CTFNote and more.
\n\n\n\'',NULL,614754),('2_Friday','16','15:00','16:30','Y','BBV','LVCC West/Floor 2/W215','\'Prototype Pollution in Depth, From Beginner to 0-Day Hunter\'','\'Lucas Philippe\'','BBV_16a7a10122953f349a4cae8f5bbfa758','\'\'',NULL,614755),('2_Friday','16','16:30','17:59','N','BBV','LVCC West/Floor 2/W215','\'LFG! Forming a Bug Bounty Hunting Party\'','\'Harrison Richardson\'','BBV_fd397e1a6d666bc5d34eb4dfc7c41ad2','\'Title: LFG! Forming a Bug Bounty Hunting Party
\nWhen: Friday, Aug 9, 16:30 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W215 - Map
\n
\nDescription:
\nJames \"Jimmy\" Donaldson, better known by his online handle Mr. Beast, is the most successful YouTuber of all time. The digital superstar has often spoken about how learning to make digital content with a group was the reason he was able to grow so quickly. By collaborating with a small cohort of people who shared his passion, each individual was able to not only learn from one another\'s unique skills, but most importantly, they learned from each other\'s failures and made corrections to avoid those pitfalls themselves. This workshop is designed to help you learn to apply this same principle to Bug Bounty Hunting and grow exponentially faster than you can on your own.
\n\nAfter sharing some success stories from his own journey, Harrison Richardson (rs0n) will lead the audience in forming small bug bounty hunting groups optimized for success. Attendees will be grouped based on their technical skills, bug bounty experience, and work experience to build an effective cohort. Next, rs0n will guide each group in selecting a public Bug Bounty Program based on their combined skills and will coach the groups individually on working together to find and report bugs. Special emphasis will be placed on learning to take essential notes and build a custom hunting methodology that works for you and your team. Finally, rs0n will host a live Q&A session to answer any \"burning\" questions the participants have about bug bounty hunting and/or transitioning to a career of Application Security.
\n\nThere have been massive strides made in the bug bounty industry over the past few years, but one problem continues to persist. Researchers at all levels view other bug bounty hunters as competition who will steal their techniques. The goal of this workshop is not only to teach the skills needed to effectively collaborate on bug bounty programs, but also to demonstrate the immense value of collaboration when learning offensive security.
\n\nSpeakerBio: Harrison Richardson
\nHarrison Richardson (rs0n) began his Cybersecurity career in the US Army as a 25B. After leaving the service, Harrison worked various contract and freelance jobs while completing his Masters in Cybersecurity from the University of Dallas. Harrison\'s first full-time job in the civilian sector was at Rapid7, where he worked as a senior security solutions engineer as part of their Applied Engineering Team. Today, Harrison is the security engineering manager for the FloQast Security Team, specifically overseeing application security. In his free time, Harrison works to provide educational content to the bug bounty community through YouTube and Twitch.
\n\n\n\'',NULL,614756),('2_Friday','17','16:30','17:59','Y','BBV','LVCC West/Floor 2/W215','\'LFG! Forming a Bug Bounty Hunting Party\'','\'Harrison Richardson\'','BBV_fd397e1a6d666bc5d34eb4dfc7c41ad2','\'\'',NULL,614757),('3_Saturday','10','10:00','10:59','N','BBV','LVCC West/Floor 2/W215','\'Leveraging Internal Systems for Enhanced Bug Bounty Success\'','\'Rotem Bar\'','BBV_0bd806232886593d6ed248d77f21a64c','\'Title: Leveraging Internal Systems for Enhanced Bug Bounty Success
\nWhen: Saturday, Aug 10, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 2/W215 - Map
\n
\nDescription:
\nEvery bug hunter knows the initial steps: reconnaissance, fuzzing, and asset enumeration, But what if I told you there\'s a way to get everything you need internally and have it handed to you on a silver platter? Join me as I share my journey as part of different security teams across my career. I\'ll reveal the methods and tricks I\'ve developed to utilize internal systems to retrieve crucial data, significantly boosting productivity in finding and exploiting flaws in our code. I\'ll present success stories and real-life examples where researchers uncovered critical vulnerabilities with internal assistance. Additionally, I\'ll delve into the tactics and techniques I employ to obtain this valuable data, providing program owners with insights to elevate their game—if they dare to expose this information.
\n\n\n\nSpeakerBio: Rotem Bar
\nRotem Bar is a dedicated cybersecurity expert with over ten years of experience, focusing on internal security using bug bounty programs and other pentesting capabilities. His passion for identifying and mitigating security vulnerabilities has led him to actively participate in numerous security initiatives, earning recognition within the community.
\n\n\n\'',NULL,614758),('3_Saturday','11','11:00','12:30','N','BBV','LVCC West/Floor 2/W215','\'The Bug Hunters Methodology Live - DEF CON Edition\'','\'Jason Haddix\'','BBV_2c156377bd057309ef06c8eee088c6cd','\'Title: The Bug Hunters Methodology Live - DEF CON Edition
\nWhen: Saturday, Aug 10, 11:00 - 12:30 PDT
\nWhere: LVCC West/Floor 2/W215 - Map
\n
\nDescription:
\nThe Bug Hunter\'s Methodology (TBHM) is a series of talks done by Jason exposing new advents in tools, tactics, and procedures used in web pentesting, bug bounty, and red teaming. In this talk, Jason will explore the mindset of approaching a hardened web target and how he breaks up finding vulnerabilities across its\' stack. Many talks can teach you how to exploit a certain vulnerability, less can teach you how to find out where they are in complex pieces of software. TBHM also covers Jason\'s personal tips/tricks in the areas of automation, content discovery, javascript analysis, spidering, parameter analysis, functionality \"\"\"\"heatmapping\"\"\"\", and more. The DEF CON edition will not be recorded and will release some free cutting edge content usually only available in Jasons live courses!
\n\nSpeakerBio: Jason Haddix, Arcanum Security
\nJason Haddix, leads as CEO and “Hacker in Charge” of Arcanum Information Security, a premier firm specializing in assessments and training. Currently, he is the Field CISO for Flare.io and a Strategic Advisor to Bugcrowd. With a distinguished 20-year tenure in cybersecurity, Jason has previously held notable positions such as CISO at Ubisoft, Head of Trust at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has expertise across nearly all cybersecurity domains and is ranked 57th all-time on Bugcrowd’s bug bounty leaderboards.
\n\n\n\'',NULL,614759),('3_Saturday','12','11:00','12:30','Y','BBV','LVCC West/Floor 2/W215','\'The Bug Hunters Methodology Live - DEF CON Edition\'','\'Jason Haddix\'','BBV_2c156377bd057309ef06c8eee088c6cd','\'\'',NULL,614760),('3_Saturday','12','12:30','13:59','N','BBV','LVCC West/Floor 2/W215','\'A Bug Hunter\'s Guide to Account Takeover\'','\'Ben \"NahamSec\" Sadeghipour\'','BBV_37a579751a580fc6ae0bf9c10b9698af','\'Title: A Bug Hunter\'s Guide to Account Takeover
\nWhen: Saturday, Aug 10, 12:30 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W215 - Map
\n
\nDescription:
\nThis is a hands-on workshop with a lab that will help students and attendees learn some of the common and interesting ways to takeover accounts or escalate access while looking for vulnerabilities in a web app. These labs are all based on valid and have been awarded bounties by multiple large organizations such as Amazon, Zoom, PayPal, Yahoo, and more!
\n\nPre-Prerequisites\n- Basic understanding of web application hacking\n- Knowledge of Web Proxies\n- Working laptop\n- Working WiFi (Will not be doable without access to a working WiFi)\n- Caido (BurpSuite or similar works too!)
\n\nSpeakerBio: Ben \"NahamSec\" Sadeghipour, Hacking Hub
\nBen Sadeghipour, also known as NahamSec, is an ethical hacker, content creator, and keynote speaker. With a passion for cybersecurity that began in his teenage years, Ben\'s professional journey as a bug bounty hunter took off in 2014. He has played a role in helping organizations identify and remediate thousands of security vulnerabilities across a wide range of web and mobile applications in tech giants such as Amazon, Apple, Google, Airbnb, Snapchat, Zoom, and even the US Department of Defense. Ben helps others learn ethical hacking, bug bounty hunting, and reconnaissance techniques. He has also created training materials and content for conferences such as OWASP, DEFCON, and BSides.
\n\n\n\'',NULL,614761),('3_Saturday','13','12:30','13:59','Y','BBV','LVCC West/Floor 2/W215','\'A Bug Hunter\'s Guide to Account Takeover\'','\'Ben \"NahamSec\" Sadeghipour\'','BBV_37a579751a580fc6ae0bf9c10b9698af','\'\'',NULL,614762),('3_Saturday','14','14:30','15:59','N','BBV','LVCC West/Floor 2/W215','\'High ROI Manual Bug Hunting Techniques\'','\'Justin \"Rhynorater\" Gardner\'','BBV_5a45fd9236da74be8609c3c7d9e3640c','\'Title: High ROI Manual Bug Hunting Techniques
\nWhen: Saturday, Aug 10, 14:30 - 15:59 PDT
\nWhere: LVCC West/Floor 2/W215 - Map
\n
\nDescription:
\nWho isn’t busy nowadays? When you sit down to hack, you want to find a bug, or at least know you’re on the right track to find one. Over the past 5 years of full-time bug bounty, I’ve identified a couple of techniques that will get you some quick wins on most applications. I’ll show you how to apply these techniques, and then, building upon them, direct your longer-term testing to keep finding bugs and getting the best ROI for your time hunting. This workshop is oriented toward equipping you to make the most money with the least time investment. These are not the most technical bugs. These are the bugs that pay the bills and keep you well-fed, dopamine\'ed up, and pushing deeper into these apps. In this workshop, we\'ll target REAL bug bounty targets, and apply the very techniques I\'ve used in the past to find bugs on these targets. We\'ll cover mega-efficient testing techniques for various types of client-side access controls and IDORs. We\'ll cover polyglot usage for generic injection testing. We\'ll cover attack vector ideation, friction minimization, gadget hunting, organization. And much, much more. All of these things will keep you motivated, on track, and efficient as you push through the slog of HTTP requests between you and your next pay day. Leggo.
\n\nWhat skill level is your presentation aimed at?\nAll skill levels, but attendees should have a basic understanding of web architecture and web vulnerabilities such as XSS, CSRF, IDOR, and Broken Access Controls.
\n\nPre-Requisites:\n- Bring your laptop\n- Please come with Caido installed (or Burp, if you must) \n- General understanding of HTTP requests and web testing
\n\nSpeakerBio: Justin \"Rhynorater\" Gardner, Host at Critical Thinking - Bug Bounty Podcast
\nYo! I\'m Justin Gardner - a full-time bug bounty hunter out of Richmond, VA. I also host the Critical Thinking - Bug Bounty Podcast and advise for Caido - the latest and greatest HTTP proxy.
\n\nI\'m an active member of the HackerOne live hacking event circuit (the medium through which I do most of my bug bounties) and have placed top 5 in most of the live hacking events I\'ve attended for the past couple years. Web hacking is my sh*t, but I love all types of hacking.
\n\nOutside of hacking, I love volleyball, I love Jesus, and I love startups. Those, with a healthy dose of family and friends, keep all my free time on lock.
\n\n\n\'',NULL,614763),('3_Saturday','15','14:30','15:59','Y','BBV','LVCC West/Floor 2/W215','\'High ROI Manual Bug Hunting Techniques\'','\'Justin \"Rhynorater\" Gardner\'','BBV_5a45fd9236da74be8609c3c7d9e3640c','\'\'',NULL,614764),('3_Saturday','16','16:00','17:30','N','BBV','LVCC West/Floor 2/W215','\'Unveiling Vulnerabilities: A Comprehensive Guide to Bug Bounty Recon\'','\'Dhiyaneshwaran Balasubramaniam,Prince Chaddha,Tarun Koyalwar\'','BBV_53ac7d63aa8a8d1dc510c898ea9f17fb','\'Title: Unveiling Vulnerabilities: A Comprehensive Guide to Bug Bounty Recon
\nWhen: Saturday, Aug 10, 16:00 - 17:30 PDT
\nWhere: LVCC West/Floor 2/W215 - Map
\n
\nDescription:
\nIn the rapidly evolving landscape of cybersecurity, effective reconnaissance is the cornerstone of successful bug bounty hunting. This presentation will guide you through identifying, enriching, and prioritizing targets before any scanning occurs, emphasizing the importance of uncovering \"unknown unknowns.\" We will cover the use of tools like subfinder and amass for asset discovery, followed by httpx for extracting relevant data such as titles and ports. Prioritization will be discussed to focus efforts on high-potential targets, including those requiring sign-in. Once prioritized, we\'ll move to scanning, employing advanced techniques to uncover hidden files and functionalities, targeting both known vulnerabilities and the elusive \"unknown unknowns.\" Finally, we\'ll focus on exploiting discovered functionalities, equipping you with the skills to uncover and exploit weaknesses. Join us to enhance your bug bounty hunting capabilities with a methodical approach to reconnaissance and exploitation, ensuring no stone is left unturned in your quest for vulnerabilities.
\n\nSpeakers:Dhiyaneshwaran Balasubramaniam,Prince Chaddha,Tarun Koyalwar
\n
\nSpeakerBio: Dhiyaneshwaran Balasubramaniam, Nuclei Template Engineer at ProjectDiscovery.io
\nDhiyaneshwaran is a Nuclei Template Engineer at ProjectDiscovery.io, crafting Nuclei templates for trending exploits and CVEs. With over 1350 templates written, he leads the Nuclei-Templates leaderboard. In his free time, he engages in bug bounty hunting and develops unique reconnaissance methodologies. He is also an active speaker and organizer in the cybersecurity community, contributing to Null Chapter, OWASP Local Chapters, and BSides Chapters.
\n\nSpeakerBio: Prince Chaddha, ProjectDiscovery
\nPrince Chaddha leads the nuclei-templates project at ProjectDiscovery. With over a decade of experience in web application security, bug bounties, code auditing, and pentesting across various domains, including network, API, mobile, cloud, and infrastructure security. He actively writes about DevSecOps and cloud security, including AI, open-source, and blockchain security.
\n\nSpeakerBio: Tarun Koyalwar, Go developer at ProjectDiscovery
\nTarun is a Go developer at ProjectDiscovery, where he maintains and contributes to open-source projects such as Nuclei, Cvemap, Katana, and Subfinder. He specializes in developing and contributing to automation tools for bug bounty hunting, with a focus on large-scale automation and fuzzing techniques. Alongside his development work, Tarun has hands-on experience as a part-time bug bounty hunter. He is passionate about discovering and refining techniques for automating bug bounty experience
\n\n\n\'',NULL,614765),('3_Saturday','17','16:00','17:30','Y','BBV','LVCC West/Floor 2/W215','\'Unveiling Vulnerabilities: A Comprehensive Guide to Bug Bounty Recon\'','\'Dhiyaneshwaran Balasubramaniam,Prince Chaddha,Tarun Koyalwar\'','BBV_53ac7d63aa8a8d1dc510c898ea9f17fb','\'\'',NULL,614766),('4_Sunday','11','11:00','12:30','N','BBV','LVCC West/Floor 2/W215','\'Lost in Translation - WAF Bypasses By Abusing Data Manipulation Processes\'','\'Ryan Barnett,Isabella Barnett\'','BBV_527a69b2bb80a37e500eab43075b9eb8','\'Title: Lost in Translation - WAF Bypasses By Abusing Data Manipulation Processes
\nWhen: Sunday, Aug 11, 11:00 - 12:30 PDT
\nWhere: LVCC West/Floor 2/W215 - Map
\n
\nDescription:
\nIn today\'s dynamic web application ecosystem, there exists numerous data manipulation processes to sanitize, translate and manipulate data for use by applications, for storage in back-end systems or sent to clients in web browsers. These same processes, however, can also be leveraged by bug hunters to obfuscate attack payloads from intermediary security systems such as web application firewalls (WAFs). In this workshop we will discuss several abuse scenarios including Edge-Side Includes (ESI), XSS Sanitizers and Unicode Normalizations.
\n\nPre-Requisites:\nHands-on labs will be hosted on YesWeHack’s free DOJO platform (https://dojo-yeswehack.com/). Participants are encouraged to sign up for an account in advance and will use their own laptops for labs.
\n\nSpeakers:Ryan Barnett,Isabella Barnett
\n
\nSpeakerBio: Ryan Barnett, Akamai
\nRyan Barnett is a Principal Security Researcher working on the Akamai Threat Research Team supporting the App and API Protector product. In addition to his primary work at Akamai, he is also a former Faculty Member for the SANS Institute, a WASC Board Member and OWASP Project Leader for: ModSecurity Core Rule Set (CRS) Web Hacking Incident Database (WHID). Mr. Barnett has also authored two web security books: Preventing Web Attacks with Apache (Pearson) and The Web Application Defender\'s Cookbook: Battling Hackers and Defending Users (Wiley).
\n\nSpeakerBio: Isabella Barnett
\nIsabella Barnett is a Software Engineering Intern at Databuoy and a rising freshman at George Mason Honor\'s College studying Cyber Security Engineering.
\n\n\n\'',NULL,614767),('4_Sunday','12','11:00','12:30','Y','BBV','LVCC West/Floor 2/W215','\'Lost in Translation - WAF Bypasses By Abusing Data Manipulation Processes\'','\'Ryan Barnett,Isabella Barnett\'','BBV_527a69b2bb80a37e500eab43075b9eb8','\'\'',NULL,614768),('2_Friday','12','12:00','17:59','N','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_0df71f8755b9484ec7a6fe44485f8eff','\'Title: Blacks in Cyber CTF
\nWhen: Friday, Aug 9, 12:00 - 17:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nHybrid Contest\nContest available online Friday 12:00 to Saturday 17:00
\n\nThe BIC Village Capture The Flag is a jeopardy style event designed to practice solving challenges in multiple categories. This event seeks to not only be a series of puzzles and challenges to solve, but a gamified way to learn concepts of social justice and Black history. This event will highlight previous, current and up & coming Black individuals and their contributions to technology. This year we are excited to bring back our physical challenge room with a variety of interactive components for players to interface with.
\n\nThis event also aims to bring to the forefront a range of technologies that we will expose to the community that operate in our day-to-day lives and examine their capabilities; contributing to the discussion of privacy, social justice and civil rights. Our event will allow the DEF CON community to fully engage in “Reading all the stories, learning all the technologies, and hacking all the things.”
\n\n\'',NULL,614769),('2_Friday','13','12:00','17:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_0df71f8755b9484ec7a6fe44485f8eff','\'\'',NULL,614770),('2_Friday','14','12:00','17:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_0df71f8755b9484ec7a6fe44485f8eff','\'\'',NULL,614771),('2_Friday','15','12:00','17:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_0df71f8755b9484ec7a6fe44485f8eff','\'\'',NULL,614772),('2_Friday','16','12:00','17:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_0df71f8755b9484ec7a6fe44485f8eff','\'\'',NULL,614773),('2_Friday','17','12:00','17:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_0df71f8755b9484ec7a6fe44485f8eff','\'\'',NULL,614774),('3_Saturday','10','10:00','16:59','N','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_b371fe863385ae2e84cc28557819c6d3','\'Title: Blacks in Cyber CTF
\nWhen: Saturday, Aug 10, 10:00 - 16:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nHybrid Contest\nContest available online Friday 12:00 to Saturday 17:00
\n\nThe BIC Village Capture The Flag is a jeopardy style event designed to practice solving challenges in multiple categories. This event seeks to not only be a series of puzzles and challenges to solve, but a gamified way to learn concepts of social justice and Black history. This event will highlight previous, current and up & coming Black individuals and their contributions to technology. This year we are excited to bring back our physical challenge room with a variety of interactive components for players to interface with.
\n\nThis event also aims to bring to the forefront a range of technologies that we will expose to the community that operate in our day-to-day lives and examine their capabilities; contributing to the discussion of privacy, social justice and civil rights. Our event will allow the DEF CON community to fully engage in “Reading all the stories, learning all the technologies, and hacking all the things.”
\n\n\'',NULL,614775),('3_Saturday','11','10:00','16:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_b371fe863385ae2e84cc28557819c6d3','\'\'',NULL,614776),('3_Saturday','12','10:00','16:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_b371fe863385ae2e84cc28557819c6d3','\'\'',NULL,614777),('3_Saturday','13','10:00','16:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_b371fe863385ae2e84cc28557819c6d3','\'\'',NULL,614778),('3_Saturday','14','10:00','16:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_b371fe863385ae2e84cc28557819c6d3','\'\'',NULL,614779),('3_Saturday','15','10:00','16:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_b371fe863385ae2e84cc28557819c6d3','\'\'',NULL,614780),('3_Saturday','16','10:00','16:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_b371fe863385ae2e84cc28557819c6d3','\'\'',NULL,614781),('2_Friday','12','12:00','16:59','N','CON','Virtual','\'Blacks in Cyber CTF\'','\'\'','CON_383d911c6526016de3bdcee497c8802f','\'Title: Blacks in Cyber CTF
\nWhen: Friday, Aug 9, 12:00 - 16:59 PDT
\nWhere: Virtual
\n
\nDescription:
\nHybrid Contest\nContest available online Friday 12:00 to Saturday 17:00
\n\nThe BIC Village Capture The Flag is a jeopardy style event designed to practice solving challenges in multiple categories. This event seeks to not only be a series of puzzles and challenges to solve, but a gamified way to learn concepts of social justice and Black history. This event will highlight previous, current and up & coming Black individuals and their contributions to technology. This year we are excited to bring back our physical challenge room with a variety of interactive components for players to interface with.
\n\nThis event also aims to bring to the forefront a range of technologies that we will expose to the community that operate in our day-to-day lives and examine their capabilities; contributing to the discussion of privacy, social justice and civil rights. Our event will allow the DEF CON community to fully engage in “Reading all the stories, learning all the technologies, and hacking all the things.”
\n\n\'',NULL,614782),('2_Friday','13','12:00','16:59','Y','CON','Virtual','\'Blacks in Cyber CTF\'','\'\'','CON_383d911c6526016de3bdcee497c8802f','\'\'',NULL,614783),('2_Friday','14','12:00','16:59','Y','CON','Virtual','\'Blacks in Cyber CTF\'','\'\'','CON_383d911c6526016de3bdcee497c8802f','\'\'',NULL,614784),('2_Friday','15','12:00','16:59','Y','CON','Virtual','\'Blacks in Cyber CTF\'','\'\'','CON_383d911c6526016de3bdcee497c8802f','\'\'',NULL,614785),('2_Friday','16','12:00','16:59','Y','CON','Virtual','\'Blacks in Cyber CTF\'','\'\'','CON_383d911c6526016de3bdcee497c8802f','\'\'',NULL,614786),('3_Saturday','14','14:00','14:59','N','BICV','LVCC West/Floor 3/W314-W316','\'MCPA x BIC x CAPT Virtual National Service Panel 2024\'','\'Sydney Johns,Nikkia Henderson,Manvell Lessane,Dr. William (Bill) Butler,Dr. Juel Tillman\'','BICV_fbf37a9dcec1851095ab015a4bdb2584','\'Title: MCPA x BIC x CAPT Virtual National Service Panel 2024
\nWhen: Saturday, Aug 10, 14:00 - 14:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nNational Service and Cybersecurity: Bridging the Gap Across Experiences
\n\nIn an increasingly interconnected world, cybersecurity stands at the forefront of national security and defense. This panel brings together a diverse group of veterans, federal civilians, and actively serving soldiers to delve into the critical intersection of national service and cybersecurity. Through their unique perspectives and experiences, the panelists will shed light on how their respective roles play a vital part in protecting national interests and addressing the ever-evolving landscape of cyber threats.
\n\nOur panel aims to underscore each group\'s indispensable contributions to the cybersecurity field, from veterans\' strategic and operational insights to active service members\' hands-on expertise and federal civilians\' policy and management perspectives. By attending, you will gain valuable insights into the synergies between these roles and the pivotal role of collaboration in fortifying national security.
\n\nJoin us for a compelling discussion on the profound impact of national service on cybersecurity, the challenges encountered by each group, and the vast opportunities for future collaboration to fortify our digital infrastructure.
\n\nSpeakers:Sydney Johns,Nikkia Henderson,Manvell Lessane,Dr. William (Bill) Butler,Dr. Juel Tillman
\n
\nSpeakerBio: Sydney Johns, Phd Student & Artificial Intelligence Researcher at Johns Hopkins Human Language Technology Center of Excellence
\nSydney Johns is an Artificial Intelligence Researcher at the Johns Hopkins Human Language Technology Center of Excellence. She was previously a Computer Engineer in the Army C5ISR Research and Technology Integration Directorate and has worked for the JHU Applied Physics Laboratory and Northrop Grumman.
\n\nSpeakerBio: Nikkia Henderson, Program Operations Lead
\nNikkia Henderson is a 14 year tenured federal government employee. In her current role she is a Senior Advisor at the Cybersecurity Infrastructure Security Agency (CISA). She serves a Cyber Supply Chain Risk Management (C-SCRM) Strategy and Governance Program lead, within CISA’s Cybersecurity Division. Ms. Henderson is also the President of the Women in Cybersecurity Mid Atlantic Affiliate, where she serves as a \"cybHERprenuer\" who is passionate about helping Cybersecurity/IT professionals define their vision, mission, and federal career path. In this session, Ms. Henderson shares her journey into a federal cyber career. She will highlight her challenges as well as milestones that catapulted her to where she is today!
\n\nSpeakerBio: Manvell Lessane, Cybersecurity Professional
\nWith over two decades of dedicated service in the federal government, Manvell Lessane is a seasoned cybersecurity professional known for his robust expertise across multiple domains of information technology, cybersecurity program management, contracting, and acquisitions.
\n\nManvell Lessane\'s journey began at the age of 16, when he participated in the Mayor\'s Youth Program in Washington, DC. This early experience ignited a passion for public service and technology, paving the way for a prestigious career in cybersecurity and IT within the federal landscape.
\n\nThroughout his career, Manvell Lessane has worn many hats, demonstrating a versatile command over IT and cybersecurity program management. His solid grasp of contracting and acquisitions has further underscored his ability to navigate and streamline complex governmental processes.
\n\nThrough his expansive career, Manvell Lessane has continuously driven developments in cybersecurity policies and IT program management strategies, fostering a more secure and efficient governmental infrastructure.
\n\nManvell Lessane embodies a commitment to excellence, bringing a wealth of knowledge, leadership, and innovation to every team and project. His journey is a testament to the impact of dedication and lifelong learning in the ever-evolving landscape of cybersecurity and IT management.
\n\nPassionate about the future of cybersecurity and public service, Manvell Lessane continues to be a vital asset in fortifying the digital defenses of the federal government, ensuring the safety and integrity of critical information systems nationwide.
\n\nManvell Lessane holds an impressive array of academic credentials, including: - Master of Business Administration (MBA) \n- Master\'s in Communication Technology \n- Master’s degree in Law with a specialization in Cybersecurity Law and Policy
\n\nIn recognition of his skills and dedication, Manvell Lessane has achieved several high-level certifications: \n- Project Management Professional (PMP) \n- Certified Information Security Manager (CISM) \n- Federal Acquisition Certification for Contracting Officer’s Representative (FAC-COR II) \n- Federal Acquisition Certification for Program and Project Managers (FAC-P/PM) with a specialization in IT
\n\nSpeakerBio: Dr. William (Bill) Butler, Vice President Cyber Science Outreach and Partnerships at Capitol Technology University
\nDr. William (Bill) Butler is the Vice President of Cyber Science Outreach and Partnerships at Capitol Technology University. Beginning in 2021, he served as Vice President of Academic Affairs and Cybersecurity Chair for 8 years at Capitol Tech. Earlier in his career, he worked as a network engineer and consultant in the networking and I.T. industries for over 30 years. Dr. Butler also served as a joint qualified communications information systems officer in the U.S. Marine Corps and retired as a Colonel with 30 years of service (active and reserve). He is very active in various working groups such as the National Institute of Standards and Technology Cloud Computing Security Forum Working Group (NIST CCSFWG), Cloud Security Alliance (CSA) Big Data and Mobile Computing Working Group, and the National Cyber Watch Center Curriculum Taskforce and the National Cybersecurity Student Association Advisory Board. Dr. Butler holds degrees from Brenau University, Marine Corps University, U.S. Army War College, National Defense University, University of Maryland, and Capitol Technology University. He earned his DSc in cybersecurity at Capitol in 2016, with a Dissertation titled \"PRESERVING CELLPHONE PRIVACY - COUNTERING IMSI CATCHERS.\"
\n\nSpeakerBio: Dr. Juel Tillman, Service Member & Cybersecurity Professional
\nFirst Sergeant Juel Tillman has served in the armed forces for over 23 years with three branches of service (United States Marine Corps, United States Army, and the Delaware National Guard). While serving, First Sergeant Tillman has deployed nine times under three campaigns (Operation Iraqi Freedom, Operation Enduring Freedom, and Operation Inherent Resolve)and has received 19 medals, Gung Ho Award (Marine Corps), Distinguished Honor Grade (Senior Leadership Course), Distinguish Leadership awards, SBI Duncan award, letters of Appreciation Awards, Certificates of War Time Service, and Certificates of Achievement, based on performance, leadership, and expertise in heavy equipment operations, network operations, network security, tactical security, and field construction. While serving, First Sergeant Tillman completed Doctorate Degree, Three master’s degrees, bachelor’s degree, and associate’s degree.
\n\n\n\'',NULL,614787),('3_Saturday','13','13:00','13:59','N','BICV','LVCC West/Floor 3/W314-W316','\'Virtual SIEM/SOAR Workshop\'','\'Kenneth Ellington\'','BICV_a899b6ca22c5423a78a01754a0773dbd','\'Title: Virtual SIEM/SOAR Workshop
\nWhen: Saturday, Aug 10, 13:00 - 13:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nWhat exactly are SIEM and SOAR and why are they so critical to the cyber securitylandscape? In today\'s session, I want to explore the ins and outs of SIEM and SOAR platforms and how they can be scaled up and down from smaller businesses all the way to multiple billion-dollar firms and their security organizations. I will also be covering how learning and understanding automation and having soft skills in this space can set you apart from the competition and help you land a role faster. Anyone who is interested in the blue side of cybersecurity doesn\'t want to miss this.
\n\nSpeakerBio: Kenneth Ellington, Senior Cybersecurity Consultant
\nKenneth Ellington is rising cybersecurity professional who is dedicated to nurturing new cybersecurity talent. A Florida native now based in Dallas-Fort Worth Texas, he’s leveraged his unyielding drive to go from working at the deli counter to landing a Big 4 Senior Cybersecurity Consulting role - all within 3 fast-paced years. His current specialties are in SIEM, SOAR, and endpoint security.
\n\nIn his trainings, Kenneth brings that same energy and passion to students as they learn about security solutions and address real-world scenarios. He also used to teach Cyber Infrastructure part-time at the University of Houston, volunteers for the non-profit Blacks in Cyber Security (BIC), and trains in boxing and kickboxing in his free time.
\n\n\n\'',NULL,614788),('2_Friday','09','09:00','09:30','N','BICV','LVCC West/Floor 3/W314-W316','\'BIC United Kingdom Chapter Informational Virtual Opening Session\'','\'Ike Marizu\'','BICV_cbaddb929781b89be612a60d87bb1aac','\'Title: BIC United Kingdom Chapter Informational Virtual Opening Session
\nWhen: Friday, Aug 9, 09:00 - 09:30 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nMeet BIC @ UK! The U.K. Chapter of Blacks In Cybersecurity is dedicated to empowering Black professionals in the United Kingdom. This session will introduce you to the regional leaders and their vision for their local chapter and members.
\n\nSpeakerBio: Ike Marizu, BIC U.K. Ambassador
\nNo BIO available
\n\n\'',NULL,614789),('2_Friday','09','09:30','09:59','N','BICV','LVCC West/Floor 3/W314-W316','\'BIC Village Opening Q&A with Marcus Hutchins\'','\'Michaela Barnett,Marcus Hutchins\'','BICV_cf5d939645e520798bc95163c057739a','\'Title: BIC Village Opening Q&A with Marcus Hutchins
\nWhen: Friday, Aug 9, 09:30 - 09:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nIn this Q&A session featuring a malware engineer, the BIC community will engage with insights and inquiries!
\n\nSpeakers:Michaela Barnett,Marcus Hutchins
\n
\nSpeakerBio: Michaela Barnett, Red Team Operator & Cybersecurity Researcher
\nMichaela is the founder of Blacks In Cybersecurity (BIC). She is a Penetration Tester and Researcher in the fields of BioCybersecurity & Maritime Cybersecurity. Michaela initially ventured into greater service of the Cybersecurity community through the founding and continued leadership of Blacks In Cybersecurity.
\n\nSpeakerBio: Marcus Hutchins, Cybersecurity Speaker
\nMarcus Hutchins is best known for stopping one of the largest cyberattacks in history, the 2017 WannaCry ransomware attack. At the age of 13, Marcus was given his first computer, enabling him to begin teaching himself programming. Throughout his teen years he alternated between different programming languages, learning VB, PHP, C, C++, and Assembly. Due to almost exclusively hanging around hacking communities, he eventually found himself making money writing and selling illegal hacking tools. In 2013 Marcus started MalwareTech, an anonymous blog focused on detailing the deep and technical inner workings of malware. The blog became popular among both security professionals and criminal hackers alike. As time went on, he became increasingly uncomfortable with working for cybercriminals and focused on leaving that life behind. Through his blog, Marcus had received several high paying job offers from international security companies, and gained some understanding of the cybersecurity industry. In 2016, he made the decision to transition into cybersecurity, taking a job as a research and development lead at a Los Angeles based firm. On May 2017, Marcus gained worldwide media attention after being outed as the person who stopped WannaCry, an extremely destructive ransomware virus. Reporters were able to track his MalwareTech alias back to his real identity, thrusting him into the spotlight. Three months later, he was arrested by the FBI while attending DEF CON, the world’s largest hacking convention.
\n\n\n\'',NULL,614790),('2_Friday','10','10:00','10:59','N','BICV','LVCC West/Floor 3/W314-W316','\'BIC Village Keynote: Cyber Threat Landscape And Law Enforcement\'','\'Kevin Parker\'','BICV_b52be7738ab16432e98a7bfcd21ca101','\'Title: BIC Village Keynote: Cyber Threat Landscape And Law Enforcement
\nWhen: Friday, Aug 9, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nCybersecurity threats are increasingly sophisticated and pervasive. This talk provides a overview of the current threat landscape, highlighting key trends like ransomware, state-sponsored attacks, and supply chain threats. We will explore how law enforcement combats cybercrime through innovative investigation techniques, international collaboration and evolving legal frameworks. Gain actionable insights to strengthen your cybersecurity posture and understand the critical role of law enforcement in maintaining digital security.
\n\nSpeakerBio: Kevin Parker, Cybersecurity and Privacy Researcher at Blacksuit Consulting
\nKevin Parker is the principal at Blacksuit Consulting and a retired FBI Special Agent. He served as the lead agent for state sponsored computer intrusion investigations and pursued foreign threat actors. Kevin investigated criminal computer intrusions, collected evidence and arrested numerous subjects while providing actionable intelligence to investigations across the FBI.
\n\nKevin served several years as a liaison to private sector and the Defense Industrial Base (DIB) in the roles of FBI Infragard and Strategic Partnership Coordinator. In these roles he brought security awareness and security best practices to critical infrastructure organizations.
\n\n\n\'',NULL,614791),('2_Friday','11','11:30','12:30','N','BICV','LVCC West/Floor 3/W314-W316','\'From Redlining to Weblining: Examining Broadband Deserts and Racial Injustice\'','\'Dr. Fatou Sankare\'','BICV_87e044a4f020eebdaa2bcab35854a300','\'Title: From Redlining to Weblining: Examining Broadband Deserts and Racial Injustice
\nWhen: Friday, Aug 9, 11:30 - 12:30 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nThis talk dives deep into the historical context of redlining, segregation, and the enduring legacy of unequal access to technology, particularly focusing on its impact on Black communities. It examines the concept of broadband deserts, highlighting geographic disparities and their economic ramifications. Furthermore, the talk explores how the lack of broadband access hinders economic opportunities for Black individuals, including limited exposure to the tech field and decreased participation in tech and cyber-related activities from a young age. By shedding light on these issues, the presentation aims to foster awareness and discussion on strategies to bridge the digital divide and promote equitable access to technology in marginalized communities.
\n\nSpeakerBio: Dr. Fatou Sankare, Security Researcher & Professor
\nDr. Fatou Sankare is a passionate professor and cyber engineer whose diverse interests span from hacking and sewing to advocating for digital equity in marginalized communities. With a robust background in cybersecurity and a knack for creative problem-solving, she dedicates her career to bridging the digital divide, ensuring underserved populations have equal access to technology and opportunities in the digital age. Through innovative educational initiatives and community outreach programs, Dr. Fatou strives to empower individuals by enhancing their technological literacy and fostering inclusive digital environments.
\n\n\n\'',NULL,614792),('2_Friday','12','11:30','12:30','Y','BICV','LVCC West/Floor 3/W314-W316','\'From Redlining to Weblining: Examining Broadband Deserts and Racial Injustice\'','\'Dr. Fatou Sankare\'','BICV_87e044a4f020eebdaa2bcab35854a300','\'\'',NULL,614793),('2_Friday','13','13:00','13:59','N','BICV','LVCC West/Floor 3/W314-W316','\'Worried about AI taking your job? Then this talk is for you.\'','\'Levone Campbell\'','BICV_c56ae807d17fe52d591a54dbdbddbccf','\'Title: Worried about AI taking your job? Then this talk is for you.
\nWhen: Friday, Aug 9, 13:00 - 13:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nArtificial intelligence (AI) promises to be a game-changing technology across industries, but when it comes to identifying and mitigating complex cybersecurity threats, AI still falls short. The inherent nature of malicious attacks and the sophistication of hackers ultimately hamper even the most advanced AI systems currently available. There are many critical jobs where AI cannot replace humans due to the limits of current technology in exercising judgment, especially in undefined and complex situations. AI can only process information it has been trained on, lacking real-world experience and the discernment needed for high-stakes decision making.
\n\nSpeakerBio: Levone Campbell, Incident Response & Cyber Operations Consultant
\nLevone Campbell brings over 18 years of extensive experience to his role as Cyber Security Lead and Incident Coordinator, safeguarding his organization on the digital front. He first built expertise in core information technology before specializing in the critical domain of cybersecurity.\n\nOver nearly two decades, Levone has amassed comprehensive knowledge spanning cyber security operations, cyber threat intelligence, cyber-crime investigation and espionage. He provides a veteran presence, coordinating incident response and fortifying the organization\'s overall security posture against both internal and external threats.\n\nTo complement his on-the-ground experience, Levone holds a duo of bachelor’s degrees in management and marketing from North Carolina A&T State University. Understanding the importance of lifelong learning, he furthered his education with a MBA from Walden University and a Masters in Technology Management from Georgetown University. Additionally, Levone has earned numerous industry certifications to stay updated with the latest cybersecurity tools and tactics.
\n\n\n\'',NULL,614794),('2_Friday','14','14:00','14:59','N','BICV','LVCC West/Floor 3/W314-W316','\'\"BYOCTF\" - Bring Your Own [Challenges||Capture] The Flag\'','\'Eli McRae\'','BICV_be9e8f47f59859bfbe69dbd5495a12ac','\'Title: \"BYOCTF\" - Bring Your Own [Challenges||Capture] The Flag
\nWhen: Friday, Aug 9, 14:00 - 14:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nOne of the best ways to learn something is to teach others about it. BYOCTF is a CTF framework (really a concept) that allows CTF players to contribute challenges for other players to solve and earn points as a reward. The purpose of the framework is to allow people to think about the learning experience of others. Everyone can learn how to become a CTF challenge developer.
\n\nSpeakerBio: Eli McRae, Penetration Tester
\nI\'m a hacker person that sometimes does cool things. Hacker, husband, and father of 4 (2 human, 2 dogs). Veteran and occasional entrepreneur. I have worked in automation, security, development, infrastructure orchestration, training, network and software administration, and support. Full-stack IT FTW. Currently, I work as a penetration tester for a shipping and logistics firm. Previously, I worked as a trainer on behalf of the Arkansas Dept. of Education where taught both Cybersecurity and Computer Science concepts to public school teachers all across Arkansas (under previous governor, not the current one.). See more about that here.
\n\nRemember kids, hacking is more than the bad actions of bad actors.
\n\n\n\'',NULL,614795),('2_Friday','15','15:00','15:59','N','BICV','LVCC West/Floor 3/W314-W316','\'Life, Liberty and the pursuit of Convenience: the slow death of independence\'','\'Kaleeque Pierce\'','BICV_6c120eb967bc5acabfa99e61e8be5c07','\'Title: Life, Liberty and the pursuit of Convenience: the slow death of independence
\nWhen: Friday, Aug 9, 15:00 - 15:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nOver the years, while people have expressed more and more concern about what freedoms we have in the US, less and less understanding of what true freedom means has been demonstrated. Here, we take a look at the related definitions, and how technology has been both a secret advocate and opponent of the freedoms we claim to desire so much.
\n\nSpeakerBio: Kaleeque Pierce, Management Professional
\nNo BIO available
\n\n\'',NULL,614796),('2_Friday','16','16:00','16:59','N','BICV','LVCC West/Floor 3/W314-W316','\'The Implications of Cyberbiosecurity in Advanced Agricultural Systems\'','\'Simone Stephen\'','BICV_eb04b84d7592d0d6d4a2140407944ce6','\'Title: The Implications of Cyberbiosecurity in Advanced Agricultural Systems
\nWhen: Friday, Aug 9, 16:00 - 16:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nThe world is currently undergoing a rapid digital transformation sometimes referred to as the fourth industrial revolution. During this transformation, it is increasingly clear that many scientific fields are not prepared for this change. One specific area is agriculture. As the sector which creates global food supply, this critical infrastructure requires detailed assessment and research via newly developed technologies (Millett et al, 2019; Peccoud et al, 2018) . Despite its fundamental significance to modern civilization, many aspects of industrial agriculture have not yet adapted to the digital world. This is evident in the many vulnerabilities currently present within agricultural systems, as well as the lacking and fragmented nature of policy dictating cybersecurity stances– the field which intersects both cybersecurity and biosecurity to protect several areas within life sciences (Murch et al, 2018; Duncan et al, 2019; U.S. Department of Agriculture, 2022) . These looming oversights create dangers to advanced agricultural systems, which in turn poses risk to businesses, economies, and individuals. While there are various methods to reduce these risk factors, they ultimately depend on the careful consideration of cyberbiosecurity (CBS) by all involved. This includes the system developers, equipment engineers, and especially the end users - all of us. A conscientious team-effort can work to diminish risks and ultimately provide a safer environment for advanced agriculture and all who depend on it. This analysis explores numerous vulnerabilities within the system of advanced agriculture, discusses potential solutions to the escalating risks they present, and considers the achievable future of an advanced agricultural system which further implements the role of CBS.
\n\nSpeakerBio: Simone Stephen, Security Researcher
\nSimone is a lover of all things STEM but has a special place in her heart for Cyber. She graduated with my bachelor\'s in mechanical engineering in 2022, and attained a masters in Cybersecurity in December, 2023.
\n\n\n\'',NULL,614797),('3_Saturday','10','10:00','10:45','N','BICV','LVCC West/Floor 3/W314-W316','\'Fumbling into FedCyber\'','\'Nikkia Henderson\'','BICV_2cba245f54569ecef4b446f448f9f52e','\'Title: Fumbling into FedCyber
\nWhen: Saturday, Aug 10, 10:00 - 10:45 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nNikkia Henderson is a 14 year tenured federal government employee. In her current role she is a Senior Advisor at the Cybersecurity Infrastructure Security Agency (CISA). She serves a Cyber Supply Chain Risk Management (C-SCRM) Strategy and Governance Program lead, within CISA’s Cybersecurity Division. Ms. Henderson is also the President of the Women in Cybersecurity Mid Atlantic Affiliate, where she serves as a \"cybHERprenuer\" who is passionate about helping Cybersecurity/IT professionals define their vision, mission, and federal career path. In this session, Ms. Henderson shares her journey into a federal cyber career. She will highlight her challenges as well as milestones that catapulted her to where she is today!
\n\nSpeakerBio: Nikkia Henderson, Program Operations Lead
\nNikkia Henderson is a 14 year tenured federal government employee. In her current role she is a Senior Advisor at the Cybersecurity Infrastructure Security Agency (CISA). She serves a Cyber Supply Chain Risk Management (C-SCRM) Strategy and Governance Program lead, within CISA’s Cybersecurity Division. Ms. Henderson is also the President of the Women in Cybersecurity Mid Atlantic Affiliate, where she serves as a \"cybHERprenuer\" who is passionate about helping Cybersecurity/IT professionals define their vision, mission, and federal career path. In this session, Ms. Henderson shares her journey into a federal cyber career. She will highlight her challenges as well as milestones that catapulted her to where she is today!
\n\n\n\'',NULL,614798),('3_Saturday','10','10:45','11:30','N','BICV','LVCC West/Floor 3/W314-W316','\'Unmasking Shadows: Strategies on Hunting Ransomware Groups\'','\'R.J. McCarley\'','BICV_9faa5f9eb445f7f0f2630042129fa757','\'Title: Unmasking Shadows: Strategies on Hunting Ransomware Groups
\nWhen: Saturday, Aug 10, 10:45 - 11:30 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nIn the modern world of cybersecurity threats, ransomware groups pose a significant challenge to organizations worldwide. This talk, tailored for cybersecurity students and professionals, delves into practical techniques for tracking and dismantling these elusive adversaries. Attendees will explore methods such as monitoring the latest ransomware attacks, engaging with ransomware blogs on the dark web, and reaching out to victims to gather firsthand insights into the operations of these malicious entities. By combining these strategies, participants will gain a comprehensive understanding of how to unmask and combat ransomware groups, bolstering their defenses against this pervasive threat.
\n\nSpeakerBio: R.J. McCarley, Principal Security Researcher
\nNo BIO available
\n\n\'',NULL,614799),('3_Saturday','11','10:45','11:30','Y','BICV','LVCC West/Floor 3/W314-W316','\'Unmasking Shadows: Strategies on Hunting Ransomware Groups\'','\'R.J. McCarley\'','BICV_9faa5f9eb445f7f0f2630042129fa757','\'\'',NULL,614800),('3_Saturday','11','11:30','12:15','N','BICV','LVCC West/Floor 3/W314-W316','\'My Smart Red Team Copilot\'','\'Gaspard Baye\'','BICV_36d026e80a2edff4b9409438ef3b5639','\'Title: My Smart Red Team Copilot
\nWhen: Saturday, Aug 10, 11:30 - 12:15 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nAmid the Gen-AI revolution, notably through the rise of Large Language Models (LLMs), the cybersecurity landscape faces opportunities and challenges. These advanced AI models have successfully analyzed texts at unprecedented speeds, offering profound insights into vast data pools. However, this rapid technological growth has also paved the way for sophisticated Gen-AI-powered cyber threats that exploit these systems\' adaptable, polymorphic nature, outpacing traditional defenses.
\n\nThis presentation seeks to empower red teamers by unveiling the potential of open-source Gen-AI as a formidable ally in cybersecurity. Focusing on practical application, we will guide participants through constructing their own Gen-AI-based \"\"co-pilot,\"\" leveraging LLMs to enhance vulnerability identification and defense mechanisms.
\n\nAttendees will be introduced to the fundamentals of Gen-AI, including cost-effective strategies for fine-tuning LLMs using custom datasets drawn from pentest reports, bug bounties, and more. The discussion will extend to innovative, memory-efficient training methods such as LORA (Low-Rank Adaptation) and Quantized Low-Rank Adaptation (QLORA), making training an LLM on a modest single GPU setup feasible.
\n\nDesigned for beginners with no prior AI experience, this talk aims to equip red teamers with powerful, open-source AI tools to accelerate vulnerability detection. By harnessing Gen-AI, cybersecurity professionals can stay one step ahead, identifying and mitigating potential threats at machine speed, ensuring they outpace adversaries in the ongoing cyber battle.
\n\nSpeakerBio: Gaspard Baye, AI Researcher & Ph.D. Candidate
\nGaspard Baye, a PhD candidate in cyber-AI, brings over five years of industry experience, successfully leading teams to address over 100 critical challenges across 10 evaluations. His contributions include publishing six Cyber-AI algorithms, cited nearly 40 times in esteemed IEEE conferences and journals such as NeurIPS, PMLR, IEEE ISNCC, and IEEE/ACM MICRO\'22. Recognized with a CVE for his cybersecurity work, Gaspard has fortified defenses for renowned firms like Nokia and Ford, earning places in multiple Hall of Fames.
\n\n\n\'',NULL,614801),('3_Saturday','12','11:30','12:15','Y','BICV','LVCC West/Floor 3/W314-W316','\'My Smart Red Team Copilot\'','\'Gaspard Baye\'','BICV_36d026e80a2edff4b9409438ef3b5639','\'\'',NULL,614802),('3_Saturday','12','12:15','12:59','N','BICV','LVCC West/Floor 3/W314-W316','\'Weaponized Convenience: Inside the Rise of Remote Tool Abuse\'','\'Nader Zaveri,Fernando Tomlinson\'','BICV_84665d788fd8fc54de0aa03acb191128','\'Title: Weaponized Convenience: Inside the Rise of Remote Tool Abuse
\nWhen: Saturday, Aug 10, 12:15 - 12:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nIn an era of remote work and distributed IT environments, remote administration tools (RATs) and remote monitoring and management (RMM) tools have become indispensable for system administrators and managed service providers (MSPs). However, the same features that make these tools efficient also make them attractive targets for malicious actors. Advanced threat actors are increasingly leveraging legitimate RATs and RMMs to gain unauthorized access to networks, bypassing traditional security controls and evading detection.
\n\nSpeakers:Nader Zaveri,Fernando Tomlinson
\n
\nSpeakerBio: Nader Zaveri, Incident Response & Remediation Senior Manager
\nNader Zaveri has over 15 years in the cybersecurity industry, and holds over a dozen industry-related certifications as well as an author and a regular speaker at industry events. Specializing in incident response and remediation, particularly against complex threats like nation-states and ransomware, he has also led post-incident transformational projects in security and infrastructure. Nader\'s experience spans leadership roles in top cybersecurity firms and multinational organizations. Apart from his professional pursuits, he mentors young professionals and has served on the boards of various startups, contributing significantly to their growth and success.
\n\nSpeakerBio: Fernando Tomlinson, Forensics and Incident Response Technical Manager at Mandiant / Google Cloud
\nFernando Tomlinson is a Technical Manager for Digital Forensics and Incident Response at Mandiant/ Google Cloud. Prior to that, he served in the U.S. Army where he retired as a Cyber Warrant Officer. While serving, he was the Senior Technical Advisor for forensics and malware analysis at the U.S. Army Cyber Command, responsible for the defensive actions of all U.S. Army systems. He also served as a Technical Director of a Cyber Operations Center and has led multi-level Digital Forensics and Incident Response and threat hunting teams. Additionally, he is an Adjunct Professor at the University of Arizona and enjoys contributing to the community.
\n\n\n\'',NULL,614803),('3_Saturday','13','13:00','13:59','N','BICV','LVCC West/Floor 3/W314-W316','\'Navigating Microaggressions and Fostering Inclusive Communication with Peers and Leadership for Black Professionals\'','\'Jessica Hoffman\'','BICV_2364bad51b905148b80a97d117c7940e','\'Title: Navigating Microaggressions and Fostering Inclusive Communication with Peers and Leadership for Black Professionals
\nWhen: Saturday, Aug 10, 13:00 - 13:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nThis presentation dives into the critical role of emotional intelligence in navigating microaggressions and fostering inclusive communication dynamics for Black professionals in the cybersecurity field, particularly focusing on interactions with peers and leadership. It explores how developing emotional intelligence skills can equip Black cybersecurity professionals to effectively address and mitigate the impact of microaggressions while promoting respectful and inclusive communication exchanges within the team and with leadership.
\n\nSpeakerBio: Jessica Hoffman, DCISO & University Professor
\nNo BIO available
\n\n\'',NULL,614804),('3_Saturday','14','14:00','14:59','N','BICV','LVCC West/Floor 3/W314-W316','\'How to Find a 0day in iOS Apps\'','\'Xavier D. Johnson\'','BICV_6e901d515f462f41a5086b70166512ef','\'Title: How to Find a 0day in iOS Apps
\nWhen: Saturday, Aug 10, 14:00 - 14:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nThis talk delves into the methodologies and strategies for discovering zero-day vulnerabilities in iOS applications. It covers the fundamental principles of iOS security, including code review, reverse engineering, and dynamic analysis techniques. Attendees will gain insights into common weaknesses in iOS app architecture and learn how to exploit these vulnerabilities ethically. By the end of the session, participants will be equipped with practical tools and knowledge to identify and address potential security threats in iOS applications.
\n\nSpeakerBio: Xavier D. Johnson, Security Researcher
\nBorn and raised in Detroit, a self-starter from the heart of the Motor City. I took the initiative to teach myself programming in 2004, setting the stage for a trajectory that would shape my future. During my high school years, I proudly served as the President of my school\'s engineering academy, where my leadership skills and innovative mindset grew. Post-graduation, I ventured into the business world, founding a successful software company that I later sold. My transition into the realm of cybersecurity was a natural evolution, and I have since dedicated myself to security research. I founded Build Skill Foundation, a non-profit organization committed to empowering individuals through education and mentorship. My personal methodology, honed over years of self-directed learning, serves as the backbone of this foundation. In the spirit of Detroit\'s resilience, I am not just forging my own path but paving the way for others to follow, making a lasting impact on the world of technology and education.
\n\n\n\'',NULL,614805),('3_Saturday','15','15:00','15:59','N','BICV','LVCC West/Floor 3/W314-W316','\'FuzzLLM: A Fuzzing Framework for Discovering Jailbreak Vulnerabilities in Large Language Models\'','\'Ian G. Harris\'','BICV_19318fd56b7f134d86fe7a7a8ea41e7c','\'Title: FuzzLLM: A Fuzzing Framework for Discovering Jailbreak Vulnerabilities in Large Language Models
\nWhen: Saturday, Aug 10, 15:00 - 15:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nJailbreak vulnerabilities in Large Language Models (LLMs), which exploit meticulously crafted prompts to elicit content that violates service guidelines, have captured the attention of research communities. While model owners can defend against individual jailbreak prompts through safety training strategies, this relatively passive approach struggles to handle the broader category of similar jailbreaks. To tackle this issue, we introduce FuzzLLM, an automated fuzzing framework designed to proactively test and discover jailbreak vulnerabilities in LLMs. We utilize templates to capture the structural integrity of a prompt and isolate key features of a jailbreak class as constraints. By integrating different base classes into powerful combo attacks and varying the elements of constraints and prohibited questions, FuzzLLM enables efficient testing with reduced manual effort. Extensive experiments demonstrate FuzzLLM\'s effectiveness and comprehensiveness in vulnerability discovery across various LLMs.
\n\nSpeakerBio: Ian G. Harris, Professor of Computer Science at University of California Irvine
\nIan G. Harris is Professor of Computer Science at the University of California Irvine. He received his BS degree in Computer Science from Massachusetts Institute of Technology in 1990. He received his MS and PhD degrees in Computer Science from the University of California San Diego in 1992 and 1997 respectively. He was a member of the faculty in the Electrical and Computer Engineering Department at the University of Massachusetts Amherst from 1997 until June 2003.
\n\n\n\'',NULL,614806),('3_Saturday','16','16:00','16:59','N','BICV','LVCC West/Floor 3/W314-W316','\'The Transparency Algorithm: AI\'s Answer to Legal Racial and Social Inequality\'','\'Aquarious Workman\'','BICV_70c42404a96ae7645b93b089cc25d8c6','\'Title: The Transparency Algorithm: AI\'s Answer to Legal Racial and Social Inequality
\nWhen: Saturday, Aug 10, 16:00 - 16:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nThe Transparency Algorithm (TTA): AI\'s Answer to Legal Equality is a groundbreaking initiative to dismantle the deep-rooted biases and systemic disparities that have plagued the American legal system for far too long. This revolutionary effort leverages the unparalleled power of artificial intelligence (AI) and machine learning (ML) to shine a glaring light on the injustices that have condemned generations of marginalized communities to a cycle of inequity and despair.Imagine a justice system where your fate is determined not by the content of your character but by the color of your skin, your gender, or your socioeconomic status. This is the grim reality that TTA seeks to eradicate. TTA meticulously analyzes public court case data to expose the hidden biases and discriminatory practices perpetuating injustice. This initiative doesn\'t just aim to reform; it seeks to revolutionize the very foundation of our legal system, bringing about the transparency and accountability that have long been overdue. At its core, TTA is a powerful tool for democratizing access to justice. Empowering citizens with data-driven insights provides a platform for informed public discourse and advocacy for systemic reform. The time for change is now, and TTA is the catalyst we need to forge a path towards a truly equitable legal landscape.
\n\nSpeakerBio: Aquarious Workman, Security Architect & Researcher
\nAquarious Workman has over 15 years’ experience through both military and civilian service. He began his IT career at the age of 13 assisting companies with executable security protecting application from attacks such as DLL injection and reading/writing ASM via C to be injected to manually fix unique attack vectors. He served in the United States marine corps from 2012-2017 and has held roles from Analyst to VP throughout his career. He has created many Cybersecurity programs from scratch for major corporations. He is currently the Colorado Ambassador for Blacks in Cyber (BIC), the fastest growing and national organization mentioned and referenced at President Bidens Cyber Symposium on March 2023.
\n\n\n\'',NULL,614807),('4_Sunday','10','10:30','12:30','N','BICV','LVCC West/Floor 3/W314-W316','\'Ain’t that a Breach: Zero Trust Is the Only Solution!\'','\'Dr. Louis DeWeaver III\'','BICV_217497c53e1ea504b7f414939da3dc31','\'Title: Ain’t that a Breach: Zero Trust Is the Only Solution!
\nWhen: Sunday, Aug 11, 10:30 - 12:30 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nLiving a life devoid of trust in anything or anyone can lead to a dismal existence. However, in the realm of cyber security, embracing the concept of Zero Trust is essential. Trust was never meant for networks and is now irrelevant in the digital realm. This discussion explores why trust has become a vulnerability and underscores the importance for organizations to adopt principles such as Zero Trust to effectively respond to the ever-changing threat landscape; failure to do so may lead to their extinction within a few years.
\n\nSpeakerBio: Dr. Louis DeWeaver III, Cyber Security Consultant at Marsh McLennan Agency
\nDr. Louis DeWeaver is a Cyber Security Consultant at Marsh McLennan Agency (MMA). With over 20 years of experience, Louis provides strategic direction to the organization and its clients in developing and implementing effective cyber strategies and initiatives. He strives to stay up to date on the latest cyber security trends and continuously identifies the evolving methods used by attackers.
\n\n\n\'',NULL,614808),('4_Sunday','11','10:30','12:30','Y','BICV','LVCC West/Floor 3/W314-W316','\'Ain’t that a Breach: Zero Trust Is the Only Solution!\'','\'Dr. Louis DeWeaver III\'','BICV_217497c53e1ea504b7f414939da3dc31','\'\'',NULL,614809),('4_Sunday','12','10:30','12:30','Y','BICV','LVCC West/Floor 3/W314-W316','\'Ain’t that a Breach: Zero Trust Is the Only Solution!\'','\'Dr. Louis DeWeaver III\'','BICV_217497c53e1ea504b7f414939da3dc31','\'\'',NULL,614810),('4_Sunday','12','12:30','12:59','N','BICV','LVCC West/Floor 3/W314-W316','\'Exploring Bias in AI-Assisted News\'','\'Sydney Johns\'','BICV_3eeeba77920e6dadca8d24b6b8a341b4','\'Title: Exploring Bias in AI-Assisted News
\nWhen: Sunday, Aug 11, 12:30 - 12:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nThe presentation aims to discuss the existing biases in AI-assisted news reporting. It explores how AI has been integrated into news media over the years and the implications of its use, particularly in terms of misinformation and disinformation. The goal is to spark a discussion on the role of AI in news propagation and its impact on public perception and truth. Starting with a historical overview, this presentation highlights how AI has been used by outlets like Narrative Science, the Associated Press, and the Washington Post to automate news content. The talk emphasizes the distinction between misinformation and disinformation and discusses how AI can amplify existing biases if trained on biased data. The presentation also covers the shift in news consumption towards digital platforms, the rapid spread of misinformation, and the importance of diverse media sources to prevent echo chambers.
\n\nSpeakerBio: Sydney Johns, Phd Student & Artificial Intelligence Researcher at Johns Hopkins Human Language Technology Center of Excellence
\nSydney Johns is an Artificial Intelligence Researcher at the Johns Hopkins Human Language Technology Center of Excellence. She was previously a Computer Engineer in the Army C5ISR Research and Technology Integration Directorate and has worked for the JHU Applied Physics Laboratory and Northrop Grumman.
\n\n\n\'',NULL,614811),('4_Sunday','13','13:00','13:59','N','BICV','LVCC West/Floor 3/W314-W316','\'Expanding Pathways into the National Cyber Workforce\'','\'Ayan Islam\'','BICV_0d8b18e08bde6893ff2aa1126287a9eb','\'Title: Expanding Pathways into the National Cyber Workforce
\nWhen: Sunday, Aug 11, 13:00 - 13:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nThe nation is facing a shortage of approximately 500,000 good paying jobs in cyber.The problem is only going to continue to grow as the world becomes more digitized. This is a threat to our national security. The White House Office of the National Cyber Director (ONCD) is ensuring that as we build the cyber workforce the nation needs, we are reaching out to every community. Diversity is an essential element of the national cyber workforce. National Cyber Director (NCD) Harry Coker Jr., and his predecessor Kemba Walden, have both been leading our work to build the nations cyber workforce, one that is reflective of nation and its needs.
\n\nSpeakerBio: Ayan Islam, ONCD, White House
\nAyan Islam, a Somali native, is a key member of the ONCD team who handles workforce outreach to the African American Community, HBCU’s and many diverse audiences the nation desperately needs to assist with our national security. During this session, she will recount her experience, extensive background and her work with senior leaders. She will focus on ONCD’s work to expand pathways for individuals from backgrounds that are currently underrepresented in the Federal and national cyber workforce, including African Americans, to launch good-paying, meaningful careers in the cyber workforce.
\n\n\n\'',NULL,614812),('2_Friday','11','11:00','11:50','N','RTV','LVCC West/Floor 2/W204-W207','\'The Art of Critical Thinking through an Adversarial Mindset? (RTV Keynote)\'','\'Ben \"NahamSec\" Sadeghipour,YTCracker,Barrett \"pwneip\" Darnell,Ryan M. \"0dayCTF\" Montgomery,Savannah \"lazzslayer\" Lazzara\'','RTV_1a5fce89e5614aaed57be01e8d2c79dd','\'Title: The Art of Critical Thinking through an Adversarial Mindset? (RTV Keynote)
\nWhen: Friday, Aug 9, 11:00 - 11:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207 - Map
\n
\nDescription:
\nThis keynote panel will highlight the significance of an adversarial mindset. Through this discussion, we will cover the advantages of approaching challenges from the perspective of an adversary in our professional journeys, and discuss practical ways in which we have implemented this mindset in our work.
\n\nSpeakers:Ben \"NahamSec\" Sadeghipour,YTCracker,Barrett \"pwneip\" Darnell,Ryan M. \"0dayCTF\" Montgomery,Savannah \"lazzslayer\" Lazzara
\n
\nSpeakerBio: Ben \"NahamSec\" Sadeghipour, Hacking Hub
\nBen Sadeghipour, also known as NahamSec, is an ethical hacker, content creator, and keynote speaker. With a passion for cybersecurity that began in his teenage years, Ben\'s professional journey as a bug bounty hunter took off in 2014. He has played a role in helping organizations identify and remediate thousands of security vulnerabilities across a wide range of web and mobile applications in tech giants such as Amazon, Apple, Google, Airbnb, Snapchat, Zoom, and even the US Department of Defense. Ben helps others learn ethical hacking, bug bounty hunting, and reconnaissance techniques. He has also created training materials and content for conferences such as OWASP, DEFCON, and BSides.
\n\nSpeakerBio: YTCracker
\nNo BIO available
\nSpeakerBio: Barrett \"pwneip\" Darnell
\nNo BIO available
\nSpeakerBio: Ryan M. \"0dayCTF\" Montgomery
\nNo BIO available
\nSpeakerBio: Savannah \"lazzslayer\" Lazzara
\nNo BIO available
\n\n\'',NULL,614813),('2_Friday','12','12:00','12:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Infinity','\'Abusing DevOps to Pivot Between Cloud and On-Prem\'','\'Colbert Zhu,Tom Porter\'','RTV_e8a1a5fa4b30fd130a0506c7507e74aa','\'Title: Abusing DevOps to Pivot Between Cloud and On-Prem
\nWhen: Friday, Aug 9, 12:00 - 12:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Infinity - Map
\n
\nDescription:
\nAs more scrutiny is placed on the endpoint, threat actors are turning to DevOps and CI/CD platforms for initial access, escalation, and lateral movement. This workshop will showcase how these platforms can be used to pivot from on-prem to cloud, from cloud to on-prem, and how to push malicious code through pipelines to obtain additional access or establish persistence.
\n\nAttendees will get hands-on and perform field-tested, OPSEC-conscious techniques against full CI/CD pipelines. Come add TTPs to your toolkit and see why DevOps is the target-rich environment modern adversaries are looking to exploit.
\n\nSpeakers:Colbert Zhu,Tom Porter
\n
\nSpeakerBio: Colbert Zhu
\nNo BIO available
\nSpeakerBio: Tom Porter
\nNo BIO available
\n\n\'',NULL,614814),('2_Friday','12','12:00','12:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Side Winder','\'Bypassing Corporate controls on Mac Devices\'','\'Adwiteeya Agrawal,Ian Foster\'','RTV_ce2a69366628306af2426edb43bc2a7a','\'Title: Bypassing Corporate controls on Mac Devices
\nWhen: Friday, Aug 9, 12:00 - 12:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Side Winder - Map
\n
\nDescription:
\nWith widespread zero trust security adoption there has also been more focus put into corporate controls. As a red teamer what this means is that bypassing EDR is not enough, you also need to think about application allowlisting, DLP solutions, Managed browsers, MDM profiles and custom DnR tooling. In this talk I will walkthrough Mac capabilities that corporate controls leverage, their limitations and features to build into your payload and payload delivery to circumvent these restrictions.
\n\nSpeakers:Adwiteeya Agrawal,Ian Foster
\n
\nSpeakerBio: Adwiteeya Agrawal
\nNo BIO available
\nSpeakerBio: Ian Foster
\nNo BIO available
\n\n\'',NULL,614815),('2_Friday','12','12:00','12:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Ascension','\'Mining for Abandoned Gold in DNS\'','\'Matt Pawloski\'','RTV_8c4efecde7a04a07aec451b5bbca5b15','\'Title: Mining for Abandoned Gold in DNS
\nWhen: Friday, Aug 9, 12:00 - 12:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Ascension - Map
\n
\nDescription:
\nIn the cloud computing landscape, the ease of resource allocation by cloud providers contrasts sharply with traditional computing\'s constraints, turning IPv4 addresses into digital assets with multiple tenancies. Our presentation explores the \"Dangling DNS\" phenomenon—active DNS records pointing to IP addresses uncontrolled by the domain owner, creating potential security vulnerabilities.
\n\nWe will unravel the persistence of IP address-based authentication and authorization practices on the internet and discuss methods to enhance the credibility of these dangling DNS entries, including the acquisition of x.509 certificates. The implications are significant, offering avenues for commandeering these entries for Command and Control (C2) operations or crafting phishing emails capable of circumventing standard email security frameworks.
\n\nFollowing the foundational discussion, our presentation will delve into analysis of dangling DNS entries discovered in live environments. We will discuss the widespread occurrence of dangling DNS entries, identifying the cloud providers where they are most frequently found. Furthermore, we will delve into specific case studies, presenting particularly intriguing instances of dangling DNS entries to underscore their varied nature and potential implications.
\n\nA pivotal segment of our presentation introduces innovative methodologies for the identification of dangling DNS vulnerabilities. We will showcase \"Paydirt,\" an open-source tool, written by the author, designed to unearth dangling DNS entries within cloud provider shared IP address space. Furthermore, we will unveil a tool at Defcon 2024, engineered to detect exploitable cloud IP addresses within Sender Policy Framework (SPF) entries, a critical vector for executing sophisticated spear-phishing campaigns.
\n\nOur presentation aims not only to highlight the security challenges posed by the transient nature of cloud-assigned IP addresses but also to equip the cybersecurity community with simple actionable strategies to fortify their defenses against these threats.
\n\nSpeakerBio: Matt Pawloski
\nNo BIO available
\n\n\'',NULL,614816),('2_Friday','12','12:00','12:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Haven','\'Modern Red Teaming: macOS, K8s, and Cloud\'','\'Chris Gates,int eighty (of Dual Core)\'','RTV_738d5b539b6956217372d59bac003cdd','\'Title: Modern Red Teaming: macOS, K8s, and Cloud
\nWhen: Friday, Aug 9, 12:00 - 12:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Haven - Map
\n
\nDescription:
\nYou are targeting a modern organization, but new to you, the target environment has no Windows. You scour the internet for guidance, and find the results insufficient. You begin to think, “Progress will not happen until there is new maintainer.”
\n\nThis talk presents a set of techniques for hacking environments built on macOS, Kubernetes, and cloud (AWS). These techniques are accompanied by anecdotes of adventures in Red Teaming. Attendees will learn new tricks for initial access, lateral movement, and persistence in modern non-Windows environments.
\n\nSpeakers:Chris Gates,int eighty (of Dual Core)
\n
\nSpeakerBio: Chris Gates
\nNo BIO available
\nSpeakerBio: int eighty (of Dual Core)
\nNo BIO available
\n\n\'',NULL,614817),('2_Friday','12','12:00','12:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Narrows','\'Red Team Terraform Workshop\'','\'Moses Frost\'','RTV_2bda85288cea5f180d2130936edb82e6','\'Title: Red Team Terraform Workshop
\nWhen: Friday, Aug 9, 12:00 - 12:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Narrows - Map
\n
\nDescription:
\nHow to build automated Red Team Infrastructure that is composable and reproducable.
\n\nSpeakerBio: Moses Frost
\nNo BIO available
\n\n\'',NULL,614818),('2_Friday','13','13:00','13:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Infinity','\'Adversary Simulation: Using Blue Eyes to See Red\'','\'Fred Wilmot,Sebastien Tricaud\'','RTV_ce3e127c7057209c2dd9f53b8be09003','\'Title: Adversary Simulation: Using Blue Eyes to See Red
\nWhen: Friday, Aug 9, 13:00 - 13:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Infinity - Map
\n
\nDescription:
\nIn this session, we\'ll translate PCAPs, STIX objects, or detection repositories into attack scenarios and send test data to a data lake/SIEM to test detection logic and organizational context. We\'ll write scenarios in descriptive language, and give public access to a bunch of scenario content for participants to use and contribute to, as well as leave with the data to test your environment with at home if you want, and public access to the free tools to use scenarios.
\n\nSpeakers:Fred Wilmot,Sebastien Tricaud
\n
\nSpeakerBio: Fred Wilmot
\nNo BIO available
\nSpeakerBio: Sebastien Tricaud
\nNo BIO available
\n\n\'',NULL,614819),('2_Friday','13','13:00','14:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Side Winder','\'Badge Cloning: A Penetration Tester\'s Guide to Capturing and Writing Badges\'','\'Travis Weathers,Ralph May\'','RTV_6e6abcab86504679ce05e35696b7adaa','\'Title: Badge Cloning: A Penetration Tester\'s Guide to Capturing and Writing Badges
\nWhen: Friday, Aug 9, 13:00 - 14:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Side Winder - Map
\n
\nDescription:
\nIn this workshop, we distill key tactics from the comprehensive Practical Physical Exploitation course, tailored specifically for penetration testers looking to attack Physical Access Controls (PACS).
\n\nParticipants will embark on a journey through the ins and outs of cloning badges during physical penetration tests. Explore the intricacies of long-range, short-range, and Stealth cloning tactics, gaining hands-on experience in the art of badge duplication. Delve into the realm of implantable devices, understanding their role in modern access control exploitation.
\n\nJoin us as we uncover the nuances of downgrade/upgrade attacks and the protocols that make them possible. Learn to navigate the landscape of access control systems with expert guidance, equipping yourself with the knowledge to identify and exploit vulnerabilities.
\n\nBy the end of this session, you\'ll wield an arsenal of cutting-edge techniques, ready to transform your facility into a bastion of high-security readiness. Don\'t miss this opportunity to elevate your skills and refine your physical security penetration testing skills.
\n\nSpeakers:Travis Weathers,Ralph May
\n
\nSpeakerBio: Travis Weathers
\nNo BIO available
\nSpeakerBio: Ralph May, Security Analyst and Penetration Tester at Black Hills Information Security (BHIS)
\nRalph is a security analyst and penetration tester at Black Hills Information Security. Ralph is also a co-developer and instructor of the Practical Physical Exploitation course. Before joining BHIS, Ralph spent five years performing offensive operations on a wide range of security assessments. These assessments include physical, wireless, network, social engineering, and full simulation red teams. Before focusing on security, Ralph worked as a system administrator and network engineer for civilian and government employers. Ralph is a US Army veteran who previously worked with the United States Special Operations Command (USSOCOM) on information security challenges and threat actor simulations.
\n\n\n\'',NULL,614820),('2_Friday','14','13:00','14:50','Y','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Side Winder','\'Badge Cloning: A Penetration Tester\'s Guide to Capturing and Writing Badges\'','\'Travis Weathers,Ralph May\'','RTV_6e6abcab86504679ce05e35696b7adaa','\'\'',NULL,614821),('3_Saturday','12','12:00','16:59','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Ascension','\'DC NextGen / Youth Challenge Area at Red Team Village\'','\'RTV Staff\'','RTV_0b8fc4d92d1c94c7f6dc21f1a15f59ad','\'Title: DC NextGen / Youth Challenge Area at Red Team Village
\nWhen: Saturday, Aug 10, 12:00 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Ascension - Map
\n
\nDescription:
\n\n\nSpeakerBio: RTV Staff
\nNo BIO available
\n\n\'',NULL,614822),('3_Saturday','13','12:00','16:59','Y','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Ascension','\'DC NextGen / Youth Challenge Area at Red Team Village\'','\'RTV Staff\'','RTV_0b8fc4d92d1c94c7f6dc21f1a15f59ad','\'\'',NULL,614823),('3_Saturday','14','12:00','16:59','Y','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Ascension','\'DC NextGen / Youth Challenge Area at Red Team Village\'','\'RTV Staff\'','RTV_0b8fc4d92d1c94c7f6dc21f1a15f59ad','\'\'',NULL,614824),('3_Saturday','15','12:00','16:59','Y','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Ascension','\'DC NextGen / Youth Challenge Area at Red Team Village\'','\'RTV Staff\'','RTV_0b8fc4d92d1c94c7f6dc21f1a15f59ad','\'\'',NULL,614825),('3_Saturday','16','12:00','16:59','Y','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Ascension','\'DC NextGen / Youth Challenge Area at Red Team Village\'','\'RTV Staff\'','RTV_0b8fc4d92d1c94c7f6dc21f1a15f59ad','\'\'',NULL,614826),('2_Friday','13','13:00','16:59','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Ascension','\'DC NextGen / Youth Challenge Area at Red Team Village\'','\'RTV Staff\'','RTV_8ae8071dfd8cf351034e0a7805652d8a','\'Title: DC NextGen / Youth Challenge Area at Red Team Village
\nWhen: Friday, Aug 9, 13:00 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Ascension - Map
\n
\nDescription:
\n\n\nSpeakerBio: RTV Staff
\nNo BIO available
\n\n\'',NULL,614827),('2_Friday','14','13:00','16:59','Y','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Ascension','\'DC NextGen / Youth Challenge Area at Red Team Village\'','\'RTV Staff\'','RTV_8ae8071dfd8cf351034e0a7805652d8a','\'\'',NULL,614828),('2_Friday','15','13:00','16:59','Y','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Ascension','\'DC NextGen / Youth Challenge Area at Red Team Village\'','\'RTV Staff\'','RTV_8ae8071dfd8cf351034e0a7805652d8a','\'\'',NULL,614829),('2_Friday','16','13:00','16:59','Y','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Ascension','\'DC NextGen / Youth Challenge Area at Red Team Village\'','\'RTV Staff\'','RTV_8ae8071dfd8cf351034e0a7805652d8a','\'\'',NULL,614830),('4_Sunday','10','10:00','11:50','N','RTV','LVCC West/Floor 2/W204-W207','\'DC NextGen / Youth Challenge Area at Red Team Village\'','\'RTV Staff\'','RTV_d64e351af56226f8d07ec0587ad778a1','\'Title: DC NextGen / Youth Challenge Area at Red Team Village
\nWhen: Sunday, Aug 11, 10:00 - 11:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207 - Map
\n
\nDescription:
\n\n\nSpeakerBio: RTV Staff
\nNo BIO available
\n\n\'',NULL,614831),('4_Sunday','11','10:00','11:50','Y','RTV','LVCC West/Floor 2/W204-W207','\'DC NextGen / Youth Challenge Area at Red Team Village\'','\'RTV Staff\'','RTV_d64e351af56226f8d07ec0587ad778a1','\'\'',NULL,614832),('2_Friday','13','13:00','13:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Haven','\'Red Goes Purple: Executing the Attack Path\'','\'Omar Santos,Graham Helton,Kevin \"Kent\" Clark\'','RTV_bf972fdc107a2d866b9187ce675456af','\'Title: Red Goes Purple: Executing the Attack Path
\nWhen: Friday, Aug 9, 13:00 - 13:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Haven - Map
\n
\nDescription:
\nIn this collaborative panel with Blue Team Village we\'ll sit down with two Red Teamers and two Blue Teamers to talk through how real world attacks could take place - and how to defend them.
\n\nSpeakers:Omar Santos,Graham Helton,Kevin \"Kent\" Clark
\n
\nSpeakerBio: Omar Santos
\nNo BIO available
\nSpeakerBio: Graham Helton
\nNo BIO available
\nSpeakerBio: Kevin \"Kent\" Clark, Security Consultant at TrustedSec
\nKevin \"Kent\" Clark is a Security Consultant with TrustedSec and a Red Team Instructor with BC Security. His previous work includes Penetration Testing and Red Team Operator, focusing on initial access and active directory exploitation. Kevin contributes to open-source tools such as PowerShell Empire and publishes custom security toolkits such as Badrats and WindowsBinaryReplacements. Kevin authors a cybersecurity blog at https://henpeebin.com/kevin/blog.
\n\n\n\'',NULL,614833),('2_Friday','13','13:00','13:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Narrows','\'Simulated Drone Hacking\'','\'Nick Aleks\'','RTV_203b93ea5c0ddaee2c33cdbe2f662f0e','\'Title: Simulated Drone Hacking
\nWhen: Friday, Aug 9, 13:00 - 13:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Narrows - Map
\n
\nDescription:
\nDrone hacking tends to be an expensive and sometimes unsafe, but not if you use a simulator!. I have developed a drone hacking simulator called the Damn Vulnerable Drone.
\n\nThe Damn Vulnerable Drone is a virtually simulated environment designed for offensive security professionals to safely learn and practice drone hacking techniques. It simulates real-world ArduPilot & MAVLink drone architectures and vulnerabilities, offering a hands-on experience in exploiting drone systems.
\n\nSpeakerBio: Nick Aleks
\nNo BIO available
\n\n\'',NULL,614834),('2_Friday','14','14:00','14:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Infinity','\'Level UP OSINT\'','\'Mishaal Khan\'','RTV_b194bd316116fce164ca86892a116dd0','\'Title: Level UP OSINT
\nWhen: Friday, Aug 9, 14:00 - 14:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Infinity - Map
\n
\nDescription:
\nDive into the dynamic world of Open Source Intelligence (OSINT) with this quick workshop designed to give you a taste of practical online investigations and threat hunting. Led by a seasoned professional, this immersive session offers a condensed yet impactful introduction to essential OSINT techniques that you can use in your red teaming engagements.
\n\nExperience the power of hands-on learning as you engage in live demonstrations, exploring key concepts such as operational security (OpSec), advanced search engine queries, username and phone number lookups, social media reconnaissance, breached records analysis, network reconnaissance, historical records, and essential documentation, all within the span of this engaging workshop. Through interactive exercises and guided discussions, participants will gain a glimpse into the world of OSINT.
\n\nWho’s it for?
\n\nThis training is suited for all individuals in any field with a keen interest in online investigations regardless of their experience level in OSINT
\n\nSpeakerBio: Mishaal Khan
\nNo BIO available
\n\n\'',NULL,614835),('2_Friday','14','14:00','15:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Narrows','\'Modifying Impacket for Better OpSec\'','\'Ryan O\'Donnell\'','RTV_5da59774430023f5e71d09170921817a','\'Title: Modifying Impacket for Better OpSec
\nWhen: Friday, Aug 9, 14:00 - 15:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Narrows - Map
\n
\nDescription:
\nOperational security (OpSec) is a cornerstone in red teaming, necessitating continuous refinement of tools and techniques to avoid detection. This workshop is designed for new red team operators and individuals seeking to enhance their offensive capabilities. It focuses on customizing the Impacket toolset—a collection of Python classes for working with network protocols—to improve OpSec during engagements.
\n\nImpacket tools such as wmiexec, smbexec, and secretsdump are staples in the toolkit of any red teamer due to their versatility and power in gaining access and extracting sensitive data from Windows environments. However, their detectability has increased as defensive measures have become more sophisticated. This session proposes modifications to these tools to reduce their footprint and evade modern security defenses.
\n\nParticipants will explore various customization strategies, including altering network signatures, timing attacks to evade detection, and integrating stealthier authentication methods. Practical exercises will guide attendees through the process of modifying the Impacket scripts, demonstrating how these changes can significantly enhance operational security in simulated environments.
\n\nSpeakerBio: Ryan O\'Donnell, Senior Offensive Security Engineer at Microsoft
\nRyan O\'Donnell is an Offensive Security Engineer at Microsoft. Over the last 13+ years, Ryan has been performing Penetration Tests, Red Team assessments, and Incident Response investigations. Ryan has conducted hands-on workshops at Hack Space Con and Bsides Nova. Ryan has a Masters in Cybersecurity from GMU and the following Certifications: OSCP, OSEP, CRTO, GREM, GCFE, GCIH, CRTO
\n\n\n\'',NULL,614836),('2_Friday','15','14:00','15:50','Y','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Narrows','\'Modifying Impacket for Better OpSec\'','\'Ryan O\'Donnell\'','RTV_5da59774430023f5e71d09170921817a','\'\'',NULL,614837),('2_Friday','14','14:00','14:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Haven','\'Physical Security - Bypassing Access Control Systems\'','\'Andrew Johnson\'','RTV_b03fe77aca032c346e55bef97a9d096f','\'Title: Physical Security - Bypassing Access Control Systems
\nWhen: Friday, Aug 9, 14:00 - 14:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Haven - Map
\n
\nDescription:
\nBreaking Through Barriers: Attacking Access Control Systems
\n\nIn this in-depth session, we will dive into the vulnerabilities of access control systems, specifically targeting RFID readers and the Wiegand protocol that these readers commonly use to interact with other security devices. Discover the intricate design process behind a custom tool crafted to exploit specific Schlage proximity readers.
\n\nThis talk will cover:
\n\n\n- The fundamental weaknesses in RFID reader technologies and the Wiegand communication protocol.
\n- Step-by-step breakdown of designing a tool to man-in-the-middle Schlage proximity readers.
\n- Real-world implications and case studies demonstrating successful attacks on high-security installations.
\n
\n\nAttendees will gain actionable insights into the inner workings of access control systems, enabling them to conduct physical security assessments with more success. This session is a must-attend for security professionals looking to stay ahead of the curve in physical offensive security strategies.
\n\nSpeakerBio: Andrew Johnson
\nNo BIO available
\n\n\'',NULL,614838),('2_Friday','15','15:00','15:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Side Winder','\'GHOST in the Model: Generating AI-Assisted Threat Models for Efficient Offensive Security Testing\'','\'Sam Cosentino\'','RTV_f26da7f42177d045ac83a2fb57d227d2','\'Title: GHOST in the Model: Generating AI-Assisted Threat Models for Efficient Offensive Security Testing
\nWhen: Friday, Aug 9, 15:00 - 15:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Side Winder - Map
\n
\nDescription:
\nStep into a cybernetic world where humanity and technology intertwine in a complex dance of evolution. Just like the cyberpunk masterpiece, we will augment our cybersecurity defenses through the fusion of artificial intelligence and human ingenuity.
\n\nIn this presentation, we explore the symbiotic relationship between humans and AI, mirroring the fusion of man and machine in Ghost in the Shell. Through the lens of AI-enhanced threat modeling, we uncover how Generative Artificial Intelligence Language Models (GenAI LLMs) empower penetration testing and red teaming professionals to transcend traditional boundaries and improve security early in the design process. Additionally, they contribute to more efficient testing of completed systems and applications.
\n\nJoin us as we journey through the cybernetic landscape, where attendees will learn to merge human intuition with AI intelligence to fortify solutions and improve offensive security testing. Together, we will transcend the limitations of conventional approaches and embrace the cybernetic evolution that awaits us.
\n\nSpeakerBio: Sam Cosentino
\nNo BIO available
\n\n\'',NULL,614839),('2_Friday','15','15:00','16:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Infinity','\'New Skill Unlocked: C2 Infrastructure Automation\'','\'Josh Huff,Robert Pimentel\'','RTV_43ddc95daccd6459e1dc553aef482c67','\'Title: New Skill Unlocked: C2 Infrastructure Automation
\nWhen: Friday, Aug 9, 15:00 - 16:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Infinity - Map
\n
\nDescription:
\nJoin us for an immersive workshop that will revolutionize your approach to Command-and-Control (C2) infrastructure deployments. Whether you\'re a seasoned Red Team operator or just starting your offensive security journey, this workshop is designed to equip you with the tools and knowledge to create scalable, operationally secure C2 infrastructure using the power of automation.
\n\nIn this hands-on session, we\'ll demystify the process of deploying and configuring C2 components, such as frameworks, redirectors, and associated compute infrastructure.
\n\nYou\'ll learn how to leverage infrastructure as code principles to create consistent, reliable, and secure C2 deployments, all while minimizing the risk of human error.
\n\nWe\'ll dive deep into the best practices for designing and implementing C2 infrastructure automation, with a strong emphasis on operational security from the ground up.
\n\nOur instructor will guide you through real-world examples and provide you with a solid foundation for building your own secure C2 deployments.
\n\nWhether you\'re looking to enhance your Red Team capabilities or simply want to streamline your offensive security workflows, this workshop is perfect for you.
\n\nJoin us and unlock the ability to spend less time on \'Sysadmin\' tasks and more time focusing on what matters most – attacking and improving your organization\'s security posture!
\n\nNo prior experience with C2 infrastructure automation is required.
\n\nOur instructor will guide you every step of the way, ensuring that you leave the workshop with the confidence and skills to create secure, automated C2 deployments.
\n\nDon\'t miss this opportunity to take your offensive security skills to the next level. Register now and unlock the power of secure C2 infrastructure automation!
\n\nSpeakers:Josh Huff,Robert Pimentel
\n
\nSpeakerBio: Josh Huff
\nNo BIO available
\nSpeakerBio: Robert Pimentel
\nNo BIO available
\n\n\'',NULL,614840),('2_Friday','16','15:00','16:50','Y','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Infinity','\'New Skill Unlocked: C2 Infrastructure Automation\'','\'Josh Huff,Robert Pimentel\'','RTV_43ddc95daccd6459e1dc553aef482c67','\'\'',NULL,614841),('2_Friday','15','15:00','15:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Haven','\'Threat Emulation 101\'','\'Trey Bilbrey\'','RTV_f82fcc29443e491720737c95d70fa541','\'Title: Threat Emulation 101
\nWhen: Friday, Aug 9, 15:00 - 15:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Haven - Map
\n
\nDescription:
\nIn the realm of cybersecurity, Threat Emulation is akin to a skilled wizard mastering the arcane arts of replicating real-world threats and their myriad behaviors to scrutinize the defenses of an organization. This mystical practice involves crafting Intelligence-driven scenarios, woven with the threads of reality, to mimic the nefarious maneuvers of creatures that lurk in the shadows. By summoning these simulated events, organizations can fortify their defenses, sharpening their blades against the invisible foes that threaten their digital realms.
\n\nEmbark on a quest with Trey, the seasoned Threat Emulator, as he unveils the secrets of this mystical art.
\n\nSpeakerBio: Trey Bilbrey, Lead at SCYTHE Labs
\nTrey Bilbrey is the Lead of SCYTHE Labs, specializing in Purple Team Exercises, Threat Emulation, Critical Infrastructure, and holistic cyber operations. Trey\'s 15+ years of industry experience has allowed him to become an excellent educator, defender of networks, and a cultivator of cybersecurity professionals. Prior to joining SCYTHE, Trey held positions at notable organizations such as Hack The Box (HTB Academy content Developer), The Army Corps of Engineers (ICS/SCADA Penetration Testing), and a veteran of the United States Marine Corps (Defensive and Offensive Cyber Operations). Current certifications include the CISSP, GICSP, GCIP, and K>FiveFour RTAC.
\n\n\n\'',NULL,614842),('2_Friday','16','16:00','16:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Side Winder','\'Building Your Red-Teaming Co-Pilot: Navigating the New Cyber Era with Pretrained Gen-AI\'','\'Gaspard Baye\'','RTV_088aaad82ecfdaac39a5c19e0aa45efb','\'Title: Building Your Red-Teaming Co-Pilot: Navigating the New Cyber Era with Pretrained Gen-AI
\nWhen: Friday, Aug 9, 16:00 - 16:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Side Winder - Map
\n
\nDescription:
\nAmid the Gen-AI revolution, notably through the rise of Large Language Models (LLMs), the cybersecurity landscape faces opportunities and challenges. These advanced AI models have successfully analyzed texts at unprecedented speeds, offering profound insights into vast data pools. However, this rapid technological growth has paved the way for sophisticated Gen-AI-powered cyber threats that exploit these systems\' adaptable, polymorphic nature, outpacing traditional defenses.
\n\nThis presentation seeks to empower red teamers by unveiling the potential of open-source Gen-AI as a formidable ally in cybersecurity. Focusing on practical application, we will guide participants through constructing their own Gen-AI-based \"co-pilot,\" leveraging LLMs to enhance vulnerability identification and defense mechanisms.
\n\nAttendees will be introduced to the fundamentals of Gen-AI, including cost-effective strategies for fine-tuning LLMs using custom datasets drawn from pentest reports, bug bounties, and more. The discussion will extend to innovative, memory-efficient training methods such as LORA (Low-Rank Adaptation) and Quantized Low-Rank Adaptation (QLORA), making training an LLM on a modest single GPU setup feasible.
\n\nDesigned for beginners with no prior AI experience, this talk aims to equip red teamers with powerful, open-source AI tools to accelerate vulnerability detection. By harnessing Gen-AI, cybersecurity professionals can stay one step ahead, identifying and mitigating potential threats at machine speed, ensuring they outpace adversaries in the ongoing cyber battle.
\n\nSpeakerBio: Gaspard Baye, AI Researcher & Ph.D. Candidate
\nGaspard Baye, a PhD candidate in cyber-AI, brings over five years of industry experience, successfully leading teams to address over 100 critical challenges across 10 evaluations. His contributions include publishing six Cyber-AI algorithms, cited nearly 40 times in esteemed IEEE conferences and journals such as NeurIPS, PMLR, IEEE ISNCC, and IEEE/ACM MICRO\'22. Recognized with a CVE for his cybersecurity work, Gaspard has fortified defenses for renowned firms like Nokia and Ford, earning places in multiple Hall of Fames.
\n\n\n\'',NULL,614843),('2_Friday','16','16:00','16:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Haven','\'Mac-n-Cheese: How to Cook Up Delicious Electron Techniques for Red Teamers\'','\'Roberto Soares\'','RTV_08b62b3ae872f53dfc33191b1d28f51e','\'Title: Mac-n-Cheese: How to Cook Up Delicious Electron Techniques for Red Teamers
\nWhen: Friday, Aug 9, 16:00 - 16:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Haven - Map
\n
\nDescription:
\nIn the world of cybersecurity, the kitchen is always hot, and at this year’s Defcon in Las Vegas, we’re cooking up something special in the Red Team Village. Our dish of the day? A deep dive into the exploitation of Electron applications, served with a side of humor and a dash of intrigue.
\n\nElectron applications, while popular, have been found to have a soft underbelly. This talk will demonstrate how these applications can be abused to access directories protected by the Transparency, Consent, and Control (TCC) framework. We’ll also show how these applications can be manipulated to maintain persistence by inserting backdoors, effectively turning them into bridges for privilege escalation.
\n\nWe’ll walk you through the anatomy of an Electron app, laying out the exploitation scenarios in detail. We’ll serve up a course of case studies, featuring apps that were once vulnerable but have since been patched, and those that remain vulnerable because their manufacturers do not consider these issues as vulnerabilities (let\'s see if after this talk they won\'t fix it). These examples will highlight the loopholes that both red team simulations and real attackers can exploit.
\n\nOur menu will also include a discussion on the importance of hardening Electron applications. Without proper hardening, these apps can easily be used as access points for privilege escalation and backdoor implantation. We’ll present techniques that cater to the unique characteristics of some apps, which have diverse permissions in the system.
\n\nFor dessert, we’ll delve into the more sinister side of these vulnerabilities. Some applications have entitlements that enable access to the camera and audio, which can be exploited to monitor victims. We’ll demonstrate how these entitlements can be abused, adding a chilling finish to our meal.
\n\nThroughout the talk, we’ll be showcasing XX CVE’s that we’ve acquired, providing a real-world context to our discussion. We’ll also demonstrate two tools that we’ve created, which will add some spice to our presentation.
\n\nSo, join us as we whip up a batch of Mac-n-Cheese, serving you delicious Electron techniques that will leave you hungry for more. This talk is a must-attend for anyone interested in understanding the potential vulnerabilities in Electron applications and how to exploit them. Bon appétit, Red Teamers!
\n\nSpeakerBio: Roberto Soares
\nNo BIO available
\n\n\'',NULL,614844),('2_Friday','16','16:00','16:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Narrows','\'Thinking Outside the Kube - Finding and Exploiting Command Injections in Kubernetes\'','\'Tomer Peled\'','RTV_dc1ca3430732324cb9af9eaa78e9268e','\'Title: Thinking Outside the Kube - Finding and Exploiting Command Injections in Kubernetes
\nWhen: Friday, Aug 9, 16:00 - 16:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Narrows - Map
\n
\nDescription:
\nKubernetes is an extremely popular, open source container orchestration system, that is used by organizations large and small. Kubernetes’s design philosophy leaves security to the system administrators, letting them pick and choose which security mechanisms they want to enable or disable. As such, it can leave Kubernetes deployments quite vulnerable.
\n\nIn an attempt to abuse this fact, we began looking for potential exploitation avenues. Eventually, we were able to identify several vulnerabilities in different Kubernetes components that could enable a low privileged attacker to execute code, escalate privileges and exfiltrate data. We also found flaws in Kubernetes sidecar project: “gitsync”. These flaws will not be patched, meaning mitigation hinges only on the awareness of security personnel.
\n\nIn this talk we will go through the methodology we used to find these kinds of vulnerabilities, share our thought process on how to exploit them and show how attackers can easily execute commands with SYSTEM privileges. We will also discuss Kubernetes’s design philosophy and how it can allow these types of opportunities.
\n\nSpeakerBio: Tomer Peled
\nNo BIO available
\n\n\'',NULL,614845),('3_Saturday','10','10:00','10:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Haven','\'BOAZ, Yet Another layered Evasion Tool: Unveiling the Secrets Behind Antivirus Testing\'','\'Thomas X Meng\'','RTV_43b3a2b7eea271f2d1af19b680157e36','\'Title: BOAZ, Yet Another layered Evasion Tool: Unveiling the Secrets Behind Antivirus Testing
\nWhen: Saturday, Aug 10, 10:00 - 10:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Haven - Map
\n
\nDescription:
\nAntivirus (AV) solutions, serving as the last line of defense on users’ endpoint devices, have evolved into highly complex entities. Often operated as \'black boxes\' from user’s perspective due to proprietary and security reasons, the principle of \'security through obscurity\' - though far from ideal - remains prevalent in the cat-and-mouse game between defenders and attackers. This dynamic places researchers and attackers in similar positions; while malware authors can fingerprint AV detection mechanisms through various evasion techniques, researchers can employ similar methods to identify improvement opportunities in security products.\nThis study evaluates the effectiveness and performance of AV solutions against 18 open-source evasion frameworks. Notably, no AV solution could detect all samples from open-source evasion tools, and conversely, no evasion tool could bypass all contemporary AVs. This limitation is primarily attributed to the AVs’ reliance on signature and heuristic engines to balance between performance, security and access (false-positive rates). To delve deeper into AV detection capabilities across signature, heuristic, and behavioral evasions, we built BOAZ - an evasion tool serving both as a research instrument and an evasion framework. Through empirical experimentation, our findings reveal not only the varied performance of AV solutions against different evasion frameworks and techniques but also the potential for strategically combining these techniques to penetrate secured environments without needing commercial tools or zero-day exploits. Effectively, by understanding the building blocks of AV detection and evasion phases, anyone can develop their own evasion tool.
\n\nSpeakerBio: Thomas X Meng
\nNo BIO available
\n\n\'',NULL,614846),('3_Saturday','10','10:00','10:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Infinity','\'DoH Deception: Evading ML-Based Tunnel Detection with Black-Box Attack Techniques\'','\'Emanuel Valente\'','RTV_5a6f89bdca5141b0c5681fb8a4a53202','\'Title: DoH Deception: Evading ML-Based Tunnel Detection with Black-Box Attack Techniques
\nWhen: Saturday, Aug 10, 10:00 - 10:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Infinity - Map
\n
\nDescription:
\nThis presentation is part of a graduate research project that delves into the vulnerabilities of Machine Learning (ML) models specifically designed to detect DNS Over HTTPS (DoH) tunnels. Previous research has primarily focused on developing models that prioritize accuracy and explainability. However, these studies have often overlooked the potential of adversarial attacks, leaving the models vulnerable to common adversarial attacks like black-box attacks. This presentation will demonstrate that all cutting-edge DoH tunnel detection models are vulnerable to black-box attacks. Our approach leverages real-world input data generated by DoH tunnel tools, which are constrained in the attack algorithm.
\n\nMoreover, we will show specific vulnerable features that model developers should avoid. When this feature type is considered, we successfully evaded all DoH tunnel detection models without using advanced techniques.
\n\nNotably, the audience can use the same methods to evade most Machine Learning-Based Network Intrusion Detection Systems, underlining our findings\' immediate and practical implications.
\n\nght Scholarship at the University of Arizona and the University of Florida, focusing on malware analysis. Additionally, Emanuel actively contributes to the OWASP Top 10 for LLM Apps. Committed to advancing cybersecurity technology, he shares his expertise through speaking engagements and research collaborations.
\n\nThis presentation will dive into attacking ML DoH tunnel detection models using adversarial attack techniques for evasion. The key discussion points are as follows:
\n\n1 DNS tunnels\nIn this section, we will discuss the evolution of DNS. We will explain why DNS over HTTPS (DoH) was conceived, what motivations drove it, and why vulnerabilities from its predecessor tried to mitigate them. Next, we will demonstrate how attackers can leverage DNS and DoH to create tunnels, which are covert channels for communication that bypass traditional network security measures. These tunnels can be used to exfiltrate information or as C&C (Command and Control) communication channels for malicious activities. Additionally, we will highlight the most popular tools for creating these tunnels using DoH.
\n\n2 DoH Tunnel Detection Models\nThis section will discuss the primary datasets the scientific community uses to create ML models for detecting DoH tunnels. We will highlight how to extract features from DoH requests and which are the most used. We will also address the gaps and bad practices in these datasets that lead to developing vulnerable models. Additionally, we will show the best practices for building DoH tunnel detection models, such as choosing the best algorithms, implementing robust feature engineering techniques, and selecting the most relevant features for the model.
\n\n3 Adversarial Attacks\nThis section will introduce adversarial attacks, a type of attack that aims to deceive or mislead a machine learning model by providing it with maliciously crafted input data. We will explain how \'white\' and \'black\' attacks on ML models are executed and how they differ. Furthermore, we will explain how to adapt \'black-box attacks, a type of adversarial attack where the attacker does not know the internal workings of the model, to target DoH tunnel detection models and similar models.
\n\n4 Attacking (DEMOs)\nThis section will present demos covering the following scenarios: First, we will demonstrate how basic black-box attacks work for attacking DoH tunnel detection models. Next, we will show a demo using previous attacks, but this time, we will incorporate real-world inputs from DoH tunnel detection tools, constraining the attack algorithm. We will also identify vulnerable features within the dataset that attackers can exploit to bypass the DoH tunnel detection models. Additionally, we will release a patched open-source tool, dnstt, to consider all considered scenarios.\nNote: The demonstrations will be conducted live, but we will have pre-recorded videos to ensure continuity in case of any issues.
\n\n5 Defending\nThis section will explain how to defend against the attacks presented earlier and demonstrate \'good practices and techniques\' for protecting against them. We will also show how to build a robust model trained with adversarial attack samples generated from previous attacks, which can help improve the model\'s resilience to future attacks.
\n\n6 Next Steps\nIn the final section, we will outline the future steps in our research and discuss the remaining gaps. We warmly invite new contributors to join our research efforts, as your insights and expertise can significantly advance our understanding in this field.\nLinks:
\n\nExperiments (Attacking DoH tunnel detection models): link
\n\nBlack Box Attack: Zero Order Optimization Attack, constrained to support real doh tunnel tools inputs: link
\n\nDnstt patch (ongoing): You can now run it separately (dnstt + patch). The provided code does exactly that: link
\n\nSpeakerBio: Emanuel Valente
\nNo BIO available
\n\n\'',NULL,614847),('3_Saturday','10','10:00','10:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Side Winder','\'Hacking the Skies – Satellite Red Teaming\'','\'Agostino Panico\'','RTV_653adfd535704d31db6526a46534c8a1','\'Title: Hacking the Skies – Satellite Red Teaming
\nWhen: Saturday, Aug 10, 10:00 - 10:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Side Winder - Map
\n
\nDescription:
\nSatellites form a critical infrastructure for our modern world, enabling global communications, navigation, weather forecasting, and more. However, the growing reliance on satellites also highlights a troubling concern: their cybersecurity vulnerabilities.
\n\nFirstly, I provide a technical overview of how satellite communications work, covering aspects such as signal transmission, encryption, and decryption. This leads into an examination of vulnerabilities, including insecure communication channels, outdated encryption algorithms, and hardware flaws, which can be exploited by malicious actors.
\n\nThen shift focus to the practical aspects of satellite hacking, outlining key methods such as signal interception, replay attacks, and jamming. We introduce essential tools for these tasks, including GNU Radio, SDR (Software-Defined Radio), that will be used practically.
\n\nCase studies are also discussed, providing insights into high-profile satellite hacking incidents. These real-world examples and personal war stories serve to highlight the various methods used, lessons learned, and challenges faced by red teams in this domain, including signal interference and staying ahead of security updates.\nThe paper concludes with guidance for red teams and cybersecurity professionals. I offer advice on setting up a satellite hacking environment, conducting effective penetration testing, and reporting findings.
\n\nIn summary, this talk aims to illuminate the vulnerabilities of satellite systems and provide red teams with the technical, ethical, and practical knowledge necessary to navigate this unique domain responsibly.
\n\nSpeakerBio: Agostino Panico
\nNo BIO available
\n\n\'',NULL,614848),('3_Saturday','10','10:00','10:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Narrows','\'Physical Red Teaming for Offensive Cyber Teams\'','\'Shawn Abelson,Ana Aslanishvili\'','RTV_df04014deb2163f36b5f743a6fee05db','\'Title: Physical Red Teaming for Offensive Cyber Teams
\nWhen: Saturday, Aug 10, 10:00 - 10:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Narrows - Map
\n
\nDescription:
\nOffensive security is an unfamiliar concept to most physical security practitioners. Yet we still rely on physical security teams to protect our hardware, network, ports, and assets. Physical security professionals are often non-technical, former law enforcement/military, and are focused on protecting people instead of property. This talk will bridge the gap between physical and cyber red teaming, covering the best approaches, common pitfalls, dangers, and benefits of testing physical security programs as part of a red team assessment. From the difficulty of “patching” physical vulnerabilities to examples of red teams gone wrong and how to approach physical security teams without being viewed as an actual adversary - you will walk away with a broader perspective and the ability to be a better partner when conducting physical red team assessments.
\n\nSpeakers:Shawn Abelson,Ana Aslanishvili
\n
\nSpeakerBio: Shawn Abelson
\nNo BIO available
\nSpeakerBio: Ana Aslanishvili
\nNo BIO available
\n\n\'',NULL,614849),('3_Saturday','10','10:00','10:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Ascension','\'The Hybrid Horizon: Unleashing the Power of Azure Hybrid Integrations\'','\'Chirag Savla,Raunak Parmar\'','RTV_f1e1f484849ee61a11b78819dc80f1ff','\'Title: The Hybrid Horizon: Unleashing the Power of Azure Hybrid Integrations
\nWhen: Saturday, Aug 10, 10:00 - 10:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Ascension - Map
\n
\nDescription:
\nIn the era of innovation and growth, technology and evolving landscape of cloud services, hybrid environments has become crucial for running smooth business operations. Integration between Cloud and On-Premise environments has helped organizations to build a bridge to fill the gap and increased flexibility, scalability, and agility in these digital world. This presentation delves into the complexities of various Azure offerings, investigating how malicious actors can exploit them to breach on-prem server.
\n\nWe initiate our talk with a robust device management solution, demonstrating how attackers can enlist devices and manipulate certain functionalities to execute commands, which give complete access to Employee\'s Devices. Transitioning to another Azure feature, we dissect a connectivity option that enables PowerShell Remoting, effectively bridging the gap between Azure and on-premises servers.
\n\nOur exploration extends to Hybrid Workers which can be utilized to execute commands on on-premises servers, providing attackers with a stealthy pathway and can also be misused for persistence. We then examine Azure Arc and its Custom Script Extension, illustrating how it can be leveraged to execute commands within on-premises environments from the cloud.
\n\nThe talk extends to the realm of Azure DevOps, where we shed light on abuse use case associated with custom agents being used for pipeline operations, granting unauthorized entry to on-prem resources. And finally, attention is drawn to the exploitation of web-based vulnerabilities, such as Remote Code Execution (RCE), to establish a foothold in on-prem networks which leverages Azure services for hosting on-prem applications.
\n\nSpeakers:Chirag Savla,Raunak Parmar
\n
\nSpeakerBio: Chirag Savla
\nNo BIO available
\nSpeakerBio: Raunak Parmar
\nNo BIO available
\n\n\'',NULL,614850),('3_Saturday','11','11:00','11:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Haven','\'Securing the Future with CoSAI: Identified Technical Workstreams and Call for Contributions\'','\'Omar Santos,Dan McInerney,Daniel Rohrer,Jay White,Paul Vixie,Sarah Novotny\'','RTV_e72f5a1a5700f25a18e54cba731d3db4','\'Title: Securing the Future with CoSAI: Identified Technical Workstreams and Call for Contributions
\nWhen: Saturday, Aug 10, 11:00 - 11:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Haven - Map
\n
\nDescription:
\nJoin members of the newly launched OASIS Coalition for Secure AI (CoSAI) Open Project (https://www.coalitionforsecureai.org). This is an engaging forum hosted by the Red Team Village in collaboration with the AI Village.
\n\nCoSAI’s members include Amazon, Anthropic, Chainguard, Cisco, Cohere, GenLab, Google, IBM, Intel, Microsoft, NVIDIA, OpenAI, PayPal, and Wiz.
\n\nPanelists will discuss the first three technical workstreams that the group has identified:
\n\n\n- Software Supply Chain Security for AI Systems: Enhancing composition and provenance tracking to secure AI applications.
\n- Preparing Defenders for a Changing Cybersecurity Landscape: Addressing investments and integration challenges in AI and classical systems.
\n- AI Security Governance: Developing best practices and risk assessment frameworks for AI security.
\n
\n\nAlso, learn how the CoSAI goals differ from other AI efforts and plans for collaboration. The panelists will emphasize the importance of diverse community input and will host an interactive segment on how you can contribute. Whether you are red-teaming an AI model or implementing AI-powered tools, don\'t miss this opportunity to gain insights into this open project and learn how you can contribute to shaping a secure AI future
\n\nSpeakers:Omar Santos,Dan McInerney,Daniel Rohrer,Jay White,Paul Vixie,Sarah Novotny
\n
\nSpeakerBio: Omar Santos
\nNo BIO available
\nSpeakerBio: Dan McInerney
\nNo BIO available
\nSpeakerBio: Daniel Rohrer
\nNo BIO available
\nSpeakerBio: Jay White
\nNo BIO available
\nSpeakerBio: Paul Vixie
\nNo BIO available
\nSpeakerBio: Sarah Novotny
\nNo BIO available
\n\n\'',NULL,614851),('3_Saturday','11','11:00','11:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Infinity','\'Developing Evilginx Phishlets\'','\'Michael Donley\'','RTV_88ea1862a445e173439721538f02f234','\'Title: Developing Evilginx Phishlets
\nWhen: Saturday, Aug 10, 11:00 - 11:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Infinity - Map
\n
\nDescription:
\nWhile there are many phishlet templates available on the Internet, but it is rare that they work out-of-the-box for your specific scenario.
\n\nThis workshop is designed for those who are new to the Evilginx tool, and may have not had hands-on experience developing custom phishlets on their local machine. This workshop aims to give attendees the tools needed to effectively configure phishlet \'yaml\' files for their specific situation. Additionally, the workshop will survey the necessary components of the phishlet \'yaml\' file, as well as covering useful features new to Evilginx3.
\n\nThis workshop will not focus on the development of phishing emails, bypassing spam filters, or remotely deploying and protecting Evilginx infrastructure.
\n\nThis workshop is meant for all levels of experience, but some familiarity with Evilginx prior to attendance will be extremely helpful.
\n\nSpeakerBio: Michael Donley
\nNo BIO available
\n\n\'',NULL,614852),('3_Saturday','11','11:00','11:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Side Winder','\'Island Hoping: Move from LOLBins to Living off Langs\'','\'Moses Frost\'','RTV_8b003c7ffbe3b557e585be8ef95e9e87','\'Title: Island Hoping: Move from LOLBins to Living off Langs
\nWhen: Saturday, Aug 10, 11:00 - 11:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Side Winder - Map
\n
\nDescription:
\nWhat keeps me up at night? Is it that I can\'t break in anymore, or is it that we haven\'t figured out all the ways to break in? Over the years, we have seen moves to place our applications into smaller attacker surface spaces. We have seen those microservice environments abstract our attack surface. Did we eliminate all attacks? At the same time, we have an explosion of endpoints of applications that run interpreted languages and how those constraints can be broken.
\n\nWhen organisms evolve in the wild, they do so under extreme pressure. Has the pressure to find new ways to get a foothold in environments allowed us to evolve? Attackers are crafty, and defenders have to keep up. This talk demonstrates a methodology and tools for moving from container-constrained environments. They are limited to shells and interpreters. Have you been stuck like this before? Let\'s get beyond that. How does this tool move beyond containers and constrained environments into Windows and other generic workloads? Let\'s not worry about LOLBins. Bring your land and get off the air-gapped island.
\n\nSpeakerBio: Moses Frost
\nNo BIO available
\n\n\'',NULL,614853),('3_Saturday','11','11:00','11:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Ascension','\'OSINT for Hackers\'','\'Lee McWhorter,Sandra Stibbards\'','RTV_0ece4e70c0c516de8ed5caf14cb4e206','\'Title: OSINT for Hackers
\nWhen: Saturday, Aug 10, 11:00 - 11:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Ascension - Map
\n
\nDescription:
\nIn this Workshop, attendees will learn some of the most impactful techniques and tools to increase the value of OSINT to their organizations. A guided learning experience, instructors will immerse attendees in hands-on exercises.
\n\nSpeakers:Lee McWhorter,Sandra Stibbards
\n
\nSpeakerBio: Lee McWhorter
\nNo BIO available
\nSpeakerBio: Sandra Stibbards
\nNo BIO available
\n\n\'',NULL,614854),('3_Saturday','11','11:00','11:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Narrows','\'RustOps\'','\'Jose Plascencia\'','RTV_fe1421bf8cb46a652d6959e3af27a64d','\'Title: RustOps
\nWhen: Saturday, Aug 10, 11:00 - 11:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Narrows - Map
\n
\nDescription:
\nJoin me for a hands-on workshop delving into the fundamentals of the Rust programming language and its application in malware development. Designed for both curious beginners and seasoned developers, this session will cover the basics of Rust while also exploring the unique features that make Rust a powerful tool for crafting malware. Through guided exercises and real-world examples, participants will gain practical insights into how Rust can be leveraged to develop sophisticated, stealthy, and malicious software.
\n\nSpeakerBio: Jose Plascencia
\nNo BIO available
\n\n\'',NULL,614855),('3_Saturday','12','12:00','12:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Narrows','\'Developing Better Payloads with Automated Testing\'','\'Nick McClendon\'','RTV_db6828edc75a3a8046dad4eeb7ba8def','\'Title: Developing Better Payloads with Automated Testing
\nWhen: Saturday, Aug 10, 12:00 - 12:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Narrows - Map
\n
\nDescription:
\nEveryone else is doing automated testing - why aren\'t red teamers? Be confident your payload will execute, regardless of the options you picked, by integrating shellidate into your continuous integration pipelines!
\n\nSpeakerBio: Nick McClendon
\nNo BIO available
\n\n\'',NULL,614856),('3_Saturday','12','12:00','12:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Infinity','\'Insert coin: Hacking arcades for fun\'','\'Ignacio Daniel Navarro\'','RTV_0982b1a7ab0bbcea68e63238165a1739','\'Title: Insert coin: Hacking arcades for fun
\nWhen: Saturday, Aug 10, 12:00 - 12:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Infinity - Map
\n
\nDescription:
\nSince we were children we wanted to go to the arcade and play for hours and hours for free. How about we do it now? In this talk I’m gonna show you some vulnerabilities that I discovered in the cashless system of one of the biggest companies in the world, with over 2,300 installations across 70 countries, from arcades in Brazil, amusement parks in the United Arab Emirates to a famous roller coaster in Las Vegas. We will talk about API security, access control and NFC among other things.
\n\nDescription
\n\nThe talk is divided into 10(+1) stages. Starting at Stage 0, I will relate the origin of the idea during H2HC Brazil in 2023. Initially, the proposal was an arcade in Brazil with a debit card system.
\n\nIn Stage 1, I will present the company, the NFC card, an application to charge money and check our data, but without exploitable vulnerabilities due to the use of middleware.
\n\nIn the next stage, the focus shifts to the company responsible for the debit card system. This Argentine company dominates the market, with more than 2300 installations in 70 countries, ranging from arcades to a famous roller coaster in Las Vegas. During the investigation, the /api endpoint on the server was identified, filtering out endpoints that did not return 404 or 200. DNS enumeration and the use of Shodan revealed an outdated info.php, as well as other servers with open ports and versions with vulnerabilities. Documentation was also found in /api/v2 without the necessary credentials.
\n\nIn Stage 3, the IDOR and Broken Authentication vulnerabilities will be explained. Then I will present endpoints in the system that allow us to exploit these vulnerabilities and obtain card information and personal customer data.
\n\nThen, it will be revealed that the company provides a mobile application. When decompiling some applications, keys and API endpoints were discovered. All APKs were similar, differing only in keys and endpoints. Now, with these credentials we have the ability to recharge credit to our debit card.
\n\nIn Stage 5, we will explain the Account Takeover attack and how to execute it on the system via API. Also I’ll explain Race Condition found in the API.
\n\nIn the next scenario, a server found in Shodan: The online event booking system. Confidential information was found here, such as all Argentinean invoices, logs and extra company information, obtained by script written by me.
\n\nA reservation management portal was also identified with a Broken Access Control vulnerability, allowing us to view and modify all reservations, including modifying prices. It is important to note that all of these vulnerabilities affect ALL of the company\'s customers.
\n\nAs we near the end, other servers will be quickly highlighted, such as the company\'s public Zendesk, allowing user creation and access to useful information. A U.S. case will be presented where a go-karting facility uses this system, allowing access to all monitors. Other examples include an amusement park company in Spain providing links to their park management consoles, and similar findings in Chile, Ecuador and Phoenix.
\n\nThe last scenario will explain the NFC system, focusing on card reading and manipulation due to lack of security. Some attacks, such as changing the ID and referencing another card, will be shown. I’m also going to show the “feature” of emulating the card with the NFC of android phones, thus being able to emulate any card.
\n\nThe idea of the talk is to demonstrate that even in 2024 there are significant systems with many users and with \"basic\" vulnerabilities known for years. Also I would like to encourage new generations to do ethical hacking and help generate a good relationship between hackers and companies. Computer security education and training are crucial to prevent attacks and protect our digital assets.
\n\nOutline
\n\n\n- Stage 0\n
\n- Stage 1\n
\n- About Brazilian arcade and cashless system
\n- NFC Card
\n- Website to charge money and view data
\n
\n- Stage 2\n
\n- Company who provide the system
\n- More than 2300 installations across 70 countries
\n- Api endpoints
\n
\n- Stage 3\n
\n- IDOR and Broken Authentication
\n- A lot of user and cards data
\n- Not just arcades. Roller coaster Vegas. Clients around the world
\n
\n- Stage 4\n
\n- Mobile app for all the customers
\n- Keys and endpoints in plain text (DEMO)
\n- Endpoint to recharge credits
\n
\n- Stage 5\n
\n- Account Takeover (DEMO)
\n- Race Condition (DEMO)
\n
\n- Stage 6\n
\n- Online Party Booking
\n- A lot of confidential information
\n- Script to get data (DEMO)
\n
\n- Stage 7: Booking Management portal\n
\n- Broken Access Control
\n- List and modify all the bookings
\n
\n- Stage 8: Side servers\n
\n- Public zendesk with data
\n- Go-karting in U.S.
\n- Amusement park in Spain
\n- Chile, Ecuador, Phoenix
\n
\n- Stage 9: NFC\n
\n- Brazilian card
\n- Leak security
\n- Android NFC
\n
\n- Stage 10\n
\n- A lot of customers in the U.S.
\n- Conclusions
\n- QA
\n
\n
\n\nSpeakerBio: Ignacio Daniel Navarro, Appication security / Ethical hacker
\nIgnacio Navarro, an Ethical Hacker and Security Researcher from Cordoba, Argentina. With around 6 years in the cybersecurity game, he\'s currently working as an Application Security. Their interests include code analysis, web application security, and cloud security.
\n\nSpeaker at Hackers2Hackers, Security Fest, BSides, Diana Initiative, Hacktivity Budapest, 8.8, Ekoparty.
\n\n\n\'',NULL,614857),('3_Saturday','12','12:00','12:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Side Winder','\'Tunnel Vision: Exploring VPN Post-Exploitation Techniques\'','\'Ori David\'','RTV_d4f3176ebc0dc1e63d3d3e354916b889','\'Title: Tunnel Vision: Exploring VPN Post-Exploitation Techniques
\nWhen: Saturday, Aug 10, 12:00 - 12:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Side Winder - Map
\n
\nDescription:
\nWe all heard this story before - a critical vulnerability is discovered in a VPN server. It\'s exploited in the wild. Administrators rush to patch. Panic spreads across Twitter.
\n\nAttackers have long sought to exploit VPN servers - they are accessible from the internet, expose a rich attack surface, and often lack in security and monitoring. Historically, VPNs were primarily abused to achieve a single objective: gaining entry into internal victim networks. While this is evidently very valuable, control over a VPN server shouldn\'t solely be seen as a gateway to the network, and can certainly be abused in various other ways.
\n\nIn this talk, we will explore VPN post-exploitation - a new approach that consists of different techniques attackers can employ on the compromised VPN server to further progress their intrusion. To demonstrate this concept, we will inspect two of the most common VPN servers on the market - Ivanti Connect Secure and Fortigate, and show how an attacker with control over them can collect user credentials, move laterally, and maintain persistent access to the network.
\n\nWe will conclude by detailing best practices and principles that should be followed by security teams when using VPN servers to reduce the risk from post-exploitation techniques.
\n\nSpeakerBio: Ori David
\nNo BIO available
\n\n\'',NULL,614858),('3_Saturday','13','13:00','14:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Haven','\'An Operator\'s Guide: Hunting SCCM in the Real World\'','\'Garrett Foster,Zachary Stein\'','RTV_586079b672ba32ec2c79b0f50b7c6b50','\'Title: An Operator\'s Guide: Hunting SCCM in the Real World
\nWhen: Saturday, Aug 10, 13:00 - 14:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Haven - Map
\n
\nDescription:
\nSCCM abuse has become a popular technique in the offensive security community but can be intimidating to test in production environments due to its complexity. This workshop aims to provide operators not only a safe environment to practice tradecraft but also provide them with the confidence to properly find and assess SCCM during their engagements.
\n\nSpeakers:Garrett Foster,Zachary Stein
\n
\nSpeakerBio: Garrett Foster, Senior Consultant at SpecterOps
\nGarrett Foster (@garrfoster) is a Senior Consultant at SpecterOps, where he conducts red team operations, penetration testing, research, training, and course development. Garrett has presented at WWHF and BsidesPDX. Garrett is a the primary author of SCCMHunter and a co-author of Misconfiguration Manager.
\n\nSpeakerBio: Zachary Stein
\nNo BIO available
\n\n\'',NULL,614859),('3_Saturday','14','13:00','14:50','Y','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Haven','\'An Operator\'s Guide: Hunting SCCM in the Real World\'','\'Garrett Foster,Zachary Stein\'','RTV_586079b672ba32ec2c79b0f50b7c6b50','\'\'',NULL,614860),('3_Saturday','13','13:00','13:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Narrows','\'Building Surgical Implants: A Comprehensive Guide to APT-style Techniques\'','\'John Rodriguez\'','RTV_2a58fcfc880068683e3f34ae3e66332f','\'Title: Building Surgical Implants: A Comprehensive Guide to APT-style Techniques
\nWhen: Saturday, Aug 10, 13:00 - 13:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Narrows - Map
\n
\nDescription:
\nExplore the realm of crafting payloads with precision at DEFCON 32 in our session, \"Mastering APT-Style Implants: 101.\" This deep dive experience goes beyond theory, providing practical insights into the development of payloads inspired by Advanced Persistent Threats (APTs).
\n\nAttendees will gain a holistic mindset by comprehending—an objective-based methodology for offensive cyber operations. Gain insights into real-world APT tactics and historical perspectives.
\n\nThis is followed by practical payload development, AI integration, and comprehending industry-relevant tools, from line-by-line code to compiler settings necessary to ensure payload success. These techniques are then wrapped into stealth and operation security concepts with a scenario-based objective targeting a matured environment representative of today\'s real-world environments.
\n\nAt the end of the deep dive, attendees will have experienced the payload development cycle from the perspective of a nation-state adversary. Comprehend the mindset necessary to operate in today\'s most mature environments and the practical knowledge to craft their implants.
\n\nSpeakerBio: John Rodriguez
\nNo BIO available
\n\n\'',NULL,614861),('3_Saturday','13','13:00','13:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Infinity','\'macOS Red Team on Corporate Scenarios\'','\'Ricardo L0gan\'','RTV_6777a3447b057ae34df99e4c218d9bb4','\'Title: macOS Red Team on Corporate Scenarios
\nWhen: Saturday, Aug 10, 13:00 - 13:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Infinity - Map
\n
\nDescription:
\nIn this research businesses and organizations continue to adopt more advanced security measures to protect against cyber-attacks on your macOS endpoints, attackers are constantly evolving their techniques to bypass these measures. In this presentation, we will demonstrate real-world attack scenarios and reveal common vulnerabilities, as well as provide insights on how to exploit them. \"macOS Red Team on Corporate Scenarios\" is the result of years of research and dedicated work in testing macOS environments. Its main objective is to provide a comprehensive view of the security surrounding Apple\'s operating system, demonstrating how potential vulnerabilities can be exploited. The adopted approach assumes the perspective of an insider attacker or during a Red Team simulation.
\n\nThe research will delve into various security features embedded within macOS, such as SIP (System Integrity Protection), TCC (Transparency, Consent, and Control), FileVault, SSV (System Software Version), Gatekeeper, XProtect, and Secure Boot. These components play crucial roles in safeguarding the integrity, privacy, and overall security posture of the macOS operating system.
\n\nThe research will also delve into the tactics, techniques, and procedures (TTPs) recommended by the MITRE ATT&CK framework for macOS systems to assist in conducting red team simulations. This exploration aims to provide insights into the methodologies and strategies employed by attackers, enhancing the effectiveness of defensive strategies and improving overall cybersecurity posture in macOS environments.
\n\nAt the conclusion of the presentation, we will demonstrate how to perform a bypass of a vulnerability discovered in the macOS Transparency, Consent, and Control (TCC) framework. This vulnerability has been reported to Apple for investigation and mitigation. We will also discuss the process of how Apple has handled the vulnerability disclosure and the steps taken by the company to address the issue.
\n\nSpeakerBio: Ricardo L0gan
\nNo BIO available
\n\n\'',NULL,614862),('3_Saturday','14','14:00','14:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Infinity','\'Cloud Offensive Breaches: The Graph-Based Exploitation of Misconfigurations\'','\'Filipi Pires\'','RTV_a72b47b305e19361ead6ffbdbccc68b8','\'Title: Cloud Offensive Breaches: The Graph-Based Exploitation of Misconfigurations
\nWhen: Saturday, Aug 10, 14:00 - 14:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Infinity - Map
\n
\nDescription:
\nDuring this talk, we will cover the critical importance of permissions management in integrations, especially in cloud environments, and how an inappropriate permissions standard can create significant vulnerabilities for attackers. We will explore how an attacker can leverage legitimate permissions to perform privilege escalation in the cloud, highlighting the fundamental differences between Attack Vector and Attack Path. Additionally, we will examine the most effective and shortest path an attacker can take to achieve success in their goals. We will also discuss strategies to improve security in this context and mitigate these threats.
\n\nSpeakerBio: Filipi Pires, Founder at Black&White Technology
\nI’ve been working as Security and Threat Researcher and Cybersecurity Advocate at senhasegura, Founder at Black&White Technology, Cybersecurity Advocate, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US, Canada, France, Spain, Germany, Poland, and others, I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I\'m Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).
\n\n\n\'',NULL,614863),('3_Saturday','14','14:00','14:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Side Winder','\'Combining Uncensored and Censored LLMs for Ransomware Generation\'','\'Muhammad Mudassar Yamin\'','RTV_39c75a5f9d34870ae38c0481f884b941','\'Title: Combining Uncensored and Censored LLMs for Ransomware Generation
\nWhen: Saturday, Aug 10, 14:00 - 14:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Side Winder - Map
\n
\nDescription:
\nUncensored LLMs represent a category of language models free from ethical constraints, thus prone to misuse for various malicious purposes like generating malware. However, their capabilities fall short compared to commercially available LLMs, which are censored and unsuitable for such nefarious activities. Previously, researchers could bypass censorship in LLMs to generate malicious content using Jail Breaks. However, over time and with the introduction of new security measures, such exploits have become increasingly rare. In this research, we propose a novel technique in which we combine censored and uncensored LLMs for the generation of ransomware. The uncensored LLM will generate the initial malware, which will then be refined by the censored LLM to create a final, functional ransomware. We have tested the developed Ransomware in latest version of Windows OS and found it suitable for exploitation purposes. Additionally with minor efforts the rasnowmares can be updated using LLM for code obfuscation and unnecessary functionality addition for bypassing antivirus and antimalware solutions.
\n\nSpeakerBio: Muhammad Mudassar Yamin
\nNo BIO available
\n\n\'',NULL,614864),('3_Saturday','14','14:00','14:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Narrows','\'Tempest c2: Use and Design\'','\'Kirk Trychel\'','RTV_bb99fe10837110bdbb836c1cf41f8a3e','\'Title: Tempest c2: Use and Design
\nWhen: Saturday, Aug 10, 14:00 - 14:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Narrows - Map
\n
\nDescription:
\nTempest is a new command and control framework written in Rust. The main goal of this framework is to prioritize ease of use for the hacker while also achieving elegant effectiveness on operations. Attendees will learn all about how to use the framework, with a focus on operational security and understanding the underlying code.\nThis talk will go beyond just showing how to push buttons and learn steps for using a tool. We\'ll talk about how the c2 works, how post-ex modules work, how to avoid EDR detection, and how to make the most effective use of this or any c2 framework.
\n\nSpeakerBio: Kirk Trychel, Senior Red Team Engineer at Box.com
\nKirk Trychel is a Senior Red Team Engineer with Box.com and a lifelong hacker. He has lead Red Teams with the Department of Defense, Secureworks Adversary Group, and CrowdStrike Adversary Emulations. Always eager to hack the newest technology, Kirk has produced original research across many areas of offensive security. His diverse experience combines with a passion to understand and expand attack surfaces, and do what defenders have not considered. Besides breaching systems, Kirk loves sharing his knowledge with the community and helping enhance organizations’ security posture.
\n\n\n\'',NULL,614865),('3_Saturday','15','15:00','15:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Infinity','\'Introduction to Kubernetes common attack techniques\'','\'Lenin Alevski\'','RTV_6b443fc3a10a40d6851a67c345d3ff8c','\'Title: Introduction to Kubernetes common attack techniques
\nWhen: Saturday, Aug 10, 15:00 - 15:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Infinity - Map
\n
\nDescription:
\nKubernetes is the de facto operating system of the cloud, and more and more organizations are running their workloads on Kubernetes. While Kubernetes offers many benefits, it also introduces new security risks, such as cluster misconfiguration, leaked credentials, cryptojacking, container escapes, and vulnerable clusters.
\n\nThis workshop will teach you the fundamentals of Kubernetes security, you\'ll learn how to exploit workloads running on a Kubernetes environment using Living Off the Land (LotL) techniques like exploiting Insecure APIs, Secrets Theft, Container Escape and Pod Privilege Escalation, similar to the ones used by real-world threat actors.
\n\nSpeakerBio: Lenin Alevski, Security Engineer at Google
\nLenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog
\n\n\n\'',NULL,614866),('3_Saturday','15','15:00','16:59','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Side Winder','\'Learning the New Amass Collection Engine\'','\'Jeff Foley\'','RTV_6dbf637bca226e21fe144c785d290837','\'Title: Learning the New Amass Collection Engine
\nWhen: Saturday, Aug 10, 15:00 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Side Winder - Map
\n
\nDescription:
\nThe OWASP Amass Project has been developing the new OSINT Collection Engine that is designed around the Open Asset Model data standard released last year. The new engine makes your use of Amass more flexible than ever before, yet does come with some additional configurations to learn. This workshop will take users, both new and seasoned, all the way through the experience of using this new architecture.
\n\nSpeakerBio: Jeff Foley
\nNo BIO available
\n\n\'',NULL,614867),('3_Saturday','16','15:00','16:59','Y','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Side Winder','\'Learning the New Amass Collection Engine\'','\'Jeff Foley\'','RTV_6dbf637bca226e21fe144c785d290837','\'\'',NULL,614868),('3_Saturday','15','15:00','15:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Haven','\'The Curious Case of Stealer Logs: Access & Espionage in the World\'s Most Interesting Dataset\'','\'Eric Clay,Nick Ascoli\'','RTV_bc4da5ee2630cd8c0f3e1bbc24077d48','\'Title: The Curious Case of Stealer Logs: Access & Espionage in the World\'s Most Interesting Dataset
\nWhen: Saturday, Aug 10, 15:00 - 15:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Haven - Map
\n
\nDescription:
\nWhat would someone know about you if they had all of the credentials saved on your computer? More importantly what would you know about the world if you had 60 million random samples of all of the credentials saved on the\' computers of others? Join Eric Clay and Nick Ascoli as they dive into the fascinating world of stealer logs. Nick & Eric have spent more than 6 months examining the world\'s most comprehensive stealer log data set to understand.... well everything. What can you learn from the credentials on a terrorists computer? What about a U.S. adversaries intelligence service or a ransomware group? And who actually killed JFK? Ok well maybe we haven\'t figured that one out yet. Nick and Eric will go deep and examine one of the most interesting data sets for intelligence since the advent of writing while maintaining a healthy sense of humor and more than a little fear of Polonium poisoning.
\n\nSpeakers:Eric Clay,Nick Ascoli
\n
\nSpeakerBio: Eric Clay
\nEric is a cybersecurity speaker and researcher with 8+ years in the field and 2+ years focused on cybercrime. Eric began his career as a GRC analyst before pivoting into network security data analysis and then Threat Intelligence. Eric now co-leads Flare\'s threat intelligence research team in addition to leading the marketing team.
\n\nSpeakerBio: Nick Ascoli
\nNick Ascoli is an experienced threat researcher who is recognized for his expertise in data leaks, reconnaissance, and detection engineering. Nick is an active member of the cybersecurity community contributing to open-source projects, regularly appearing on podcasts (Cyberwire, Simply Cyber, etc.) and speaking at conferences (GrrCON, B-Sides, DEFCON Villages, SANS, etc.)
\n\n\n\'',NULL,614869),('3_Saturday','15','15:00','15:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Narrows','\'Using Retrieval Augmented Generation (RAG), Langchain, and LLMs for Cybersecurity Operations\'','\'Omar Santos\'','RTV_9a32a935c817060939a9aa3385aa8c91','\'Title: Using Retrieval Augmented Generation (RAG), Langchain, and LLMs for Cybersecurity Operations
\nWhen: Saturday, Aug 10, 15:00 - 15:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Narrows - Map
\n
\nDescription:
\nEveryone is trying to leverage AI for many tasks. However, are they doing it effectively? This presentation explores the integration of Retrieval Augmented Generation (RAG), Langchain, and Large Language Models (LLMs) within cybersecurity and offensive security operations. We will begin by exploring the conceptual foundations of these technologies, looking at their unique capabilities for enhancing automation in offensive (and defensive) security operations.
\n\nWe will go over different practical demonstrations and case studies. You will gain insights into how these tools can be harnessed to take your red, blue, purple team to the next level. We will discuss the implementation of RAG for dynamic information retrieval, re-ranking, and other techniques and how Langchain is making using these technologies so easy nowadays. We will also explore the use of uncensored models that can be used for cybersecurity and to create exploits.
\n\nSpeakerBio: Omar Santos
\nNo BIO available
\n\n\'',NULL,614870),('3_Saturday','16','16:00','16:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Narrows','\'Bespoke C2s are coming of age.\'','\'David \"Icer\" Maynor\'','RTV_c59f693d5156c965c106b603d0b58575','\'Title: Bespoke C2s are coming of age.
\nWhen: Saturday, Aug 10, 16:00 - 16:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Narrows - Map
\n
\nDescription:
\nThis talk introduces a method for creating unique command and control (C2) servers for each engagement, utilizing diverse programming languages, obfuscations, and communication protocols. The approach leverages a curated repository of historical C2 and implant data, with feedback to ensure continuous improvement. Want a C2 written in PERL that uses Gopher for comms? I don\'t know why you would but I can show you how. Rust, nodejs, and more. Want a C2 that runs in UEFI? The best part is once the engagement is done you don\'t have to worry that your toolset was blown because next engagement you will have a new framework.
\n\nSpeakerBio: David \"Icer\" Maynor, Secret Keeper at ThreatHunter.ai
\nDavid “Icer” Maynor, Secret Keeper at ThreatHunter.ai, has over 20 years of experience in information security with deep technical expertise in threat intelligence, reverse engineering, exploit development, and offensive security testing. Results-driven research, analysis, and solutions leveraging partnerships and cross-disciplinary teams, to strengthen customer and business security posture and capabilities. Served as founder, executive, and advisor within the information security startup space. Author of and contributor to several popular open-source tools, presenter and instructor, and subject matter expert contributor for print, television, and online media.
\n\n\n\'',NULL,614871),('3_Saturday','16','16:00','16:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Haven','\'Pipeline Pandemonium: How to Hijack the Cloud and Make it Rain\'','\'Blake Hudson\'','RTV_572fb679e367f3c9b285b0f0a09b1c69','\'Title: Pipeline Pandemonium: How to Hijack the Cloud and Make it Rain
\nWhen: Saturday, Aug 10, 16:00 - 16:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Haven - Map
\n
\nDescription:
\nIn today\'s tech landscape, where cloud computing and DevOps practices have converged, managing the integrity of CI/CD pipelines is essential. These intertwined elements should be holistically addressed, particularly regarding security measures.
\n\nHowever, with the rise of automation, there comes an increased risk. Join us for \"Pipeline Pandemonium,\" a comprehensive talk about vulnerabilities within CI/CD pipelines and their potential to inadvertently negatively affect organizations that rely on cloud environments. Through real-world examples and case studies, attendees will explore the convergence of rapid software delivery and cloud infrastructure, uncovering the methods used by malicious actors to infiltrate pipelines and compromise cloud security.
\n\nSeveral real-world examples will be expounded, including code injection, dependency hijacking, unauthorized access through over-provisioned keys, runner abuse, and artifact poisoning. More specifically, much of the talk will focus on common techniques to abuse privileges and configurations associated with GitHub actions, CircleCI and Jenkins pipelines. The presenter has real world experience exploiting these issues at fortune 500 companies and has made significant contributions to their security organization’s security posture.
\n\nAttendees will gain a deep understanding of the vulnerabilities inherent in CI/CD processes and general strategies to defend against common attacks. Although the focus of the presentation is for a broad audience and requires no in-depth knowledge about the specific topics that will be covered.
\n\nJoin us for \"Pipeline Pandemonium\" and discover how to navigate the turbulent waters of cloud security with confidence, turning the tide against insecurity and reclaiming control of your CI/CD pipelines.
\n\nSpeakerBio: Blake Hudson
\nNo BIO available
\n\n\'',NULL,614872),('4_Sunday','10','10:00','10:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Infinity','\'From Network to Network: Hands-On Pivoting Techniques in Internal Environments\'','\'Francisco Canteli\'','RTV_3337d332f997e6d17d2c0a14c07139bf','\'Title: From Network to Network: Hands-On Pivoting Techniques in Internal Environments
\nWhen: Sunday, Aug 11, 10:00 - 10:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Infinity - Map
\n
\nDescription:
\nIn this workshop, the basic concepts of pivoting will be introduced, and a hands-on experience will be provided in a realistic testing environment. Participants will learn to utilize effective tools and techniques to move from one network to another within an organization\'s infrastructure. Additionally, attendees will have the opportunity to set up their own Docker laboratory to perform pivoting practices in an emulated environment.
\n\nSpeakerBio: Francisco Canteli
\nNo BIO available
\n\n\'',NULL,614873),('4_Sunday','10','10:00','10:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Haven','\'From Runners to IdP Admin\'','\'Sim Cher Boon\'','RTV_e38abe6bcae7b720694c1e3d70744fa5','\'Title: From Runners to IdP Admin
\nWhen: Sunday, Aug 11, 10:00 - 10:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Haven - Map
\n
\nDescription:
\nDo you think AWS Admin is the end game? Let\'s dive deeper into cloud native lateral movement and how Identity Providers has become the biggest C2 that has ever existed.
\n\nSpeakerBio: Sim Cher Boon
\nNo BIO available
\n\n\'',NULL,614874),('4_Sunday','10','10:00','10:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Side Winder','\'Hacking Processes: Introducing the Redteaming Process Framework: RTPF\'','\'Alex Gonzalez,Bobby R\'','RTV_1f724ffb06e7b92076406941c72b892b','\'Title: Hacking Processes: Introducing the Redteaming Process Framework: RTPF
\nWhen: Sunday, Aug 11, 10:00 - 10:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Side Winder - Map
\n
\nDescription:
\nPeople often talk about red teaming as hacking people or systems, but no one really talks about hacking processes. Company processes are oftentimes some of the most critical business functions that a threat actor could go after, but there is no framework or attack chain lifecycle equivalent for red teaming processes. In this talk, we’ll be talking about how Fortune 500 red teamers simulate adversaries and attack processes, and how you can use our new framework, the Redteaming Process Framework: RTPF, to do the same.
\n\nSpeakers:Alex Gonzalez,Bobby R
\n
\nSpeakerBio: Alex Gonzalez
\nNo BIO available
\nSpeakerBio: Bobby R
\nNo BIO available
\n\n\'',NULL,614875),('4_Sunday','10','10:00','10:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Narrows','\'IDOR in Financial Operations\'','\'Ilkin Javadov\'','RTV_92c8996a62bfeb62d462596fa9ab553f','\'Title: IDOR in Financial Operations
\nWhen: Sunday, Aug 11, 10:00 - 10:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Narrows - Map
\n
\nDescription:
\nBank case : Bank A provides an online banking application where users can access their accounts, perform transactions, and initiate money transfers. Here\'s a scenario with an IDOR vulnerability: Scenario: User A wants to transfer $1000 to User B. User A initiates a transfer and selects the recipient\'s account. However, due to an IDOR flaw in the application, the validation process fails, allowing users to select other users\' accounts. In this case, User A can actually select User B\'s account and transfer the money, leading to unauthorized access to accounts.
\n\nand other cases :)
\n\nSpeakerBio: Ilkin Javadov
\nNo BIO available
\n\n\'',NULL,614876),('4_Sunday','11','11:00','11:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Narrows','\'Red Team Infrastructure Setup and Automation\'','\'Aravind Prakash,Arun Nair,Shebin Mathew\'','RTV_f0309299ac5abc1b5a52e4456bf8a299','\'Title: Red Team Infrastructure Setup and Automation
\nWhen: Sunday, Aug 11, 11:00 - 11:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Narrows - Map
\n
\nDescription:
\nThis workshop offers a fast-paced and engaging introduction to setting up Red Team Infrastructure, focusing on the practical use of Terraform and Ansible. The session begins with a brief overview of Red Team operations and the critical role of robust infrastructure. It then swiftly moves into the practical aspects, demonstrating the basics of Terraform for deploying cloud infrastructure and Ansible for efficient configuration management. The highlight is a demonstration on integrating these tools to automate key components of Red Team infrastructure, emphasizing their application in real-world scenarios. This workshop is tailored for those eager to quickly grasp the essentials of Red Team infrastructure automation.
\n\nSpeakers:Aravind Prakash,Arun Nair,Shebin Mathew
\n
\nSpeakerBio: Aravind Prakash
\nNo BIO available
\nSpeakerBio: Arun Nair
\nNo BIO available
\nSpeakerBio: Shebin Mathew
\nNo BIO available
\n\n\'',NULL,614877),('4_Sunday','11','11:00','11:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Side Winder','\'Supercharge your vuln finding workflow with automated labs: How Ludus made it rain creds from SCCM\'','\'Erik Hunstad,Alberto Rodriguez\'','RTV_7f619e3efdf47c5a11629cbad9e9b358','\'Title: Supercharge your vuln finding workflow with automated labs: How Ludus made it rain creds from SCCM
\nWhen: Sunday, Aug 11, 11:00 - 11:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Side Winder - Map
\n
\nDescription:
\nWhat if you could set up a full Active Directory network, with ADCS, SCCM, and Elastic EDR with one command, on hardware you control, with parameters you define? Come with us as we explore the power of automated labs NOT based on pre-configured static templates, instead built on-demand. This talk will explore the past, present, and future of automated cybersecurity test environments that enable you to get hands-on cybersecurity experience without spending a decade becoming a sysadmin first. It will also discuss how we used our lab to find a common misconfiguration in SCCM that was exposing Domain Admin credentials on the public internet! You’ll walk away with a new SCCM tool and an open source tool to create your own labs, as well as the framework and ideas to build your own sharable modules.
\n\nSpeakers:Erik Hunstad,Alberto Rodriguez
\n
\nSpeakerBio: Erik Hunstad
\nNo BIO available
\nSpeakerBio: Alberto Rodriguez
\nNo BIO available
\n\n\'',NULL,614878),('4_Sunday','11','11:00','11:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Haven','\'The SIEMless Hack: Rewriting Reality with Log Injection\'','\'Özgün Kültekin\'','RTV_3e41dd5307891b78a503f40a8089c0f2','\'Title: The SIEMless Hack: Rewriting Reality with Log Injection
\nWhen: Sunday, Aug 11, 11:00 - 11:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Haven - Map
\n
\nDescription:
\nEven tools \"designed to improve your security\" can be ridiculously vulnerable. Paradoxically, they can actually open the door to novel types of attacks. There\'s a significant threat right before us, one that everyone assumed was the cornerstone of our security but overlooked: YES, your SIEM!. In this talk, I will explain how attackers become more dangerous as they grow more creative, turning our own defenses against us. I can guarantee that by the end of the talk, some of us will be saying \"I wish we had never used any SIEM tools in the first place.\".
\n\nIn this talk, the structure of SIEM tools and hidden vulnerable points of them will be discussed, using Splunk as a primary example. This talk will include demonstrations of various attack types using the open-source offensive security tool specifically developed for this research. Prepare to be both educated and amazed as we inject fake logs, distract blue teams, and hide our activities right under their noses.
\n\nThis talk will equip red teamers with a novel post-exploitation strategy to enhance their engagements, challenging blue teams with the realization that the logs they monitor minutely may not always be trustworthy.
\n\nSpeakerBio: Özgün Kültekin
\nNo BIO available
\n\n\'',NULL,614879),('4_Sunday','11','11:00','11:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Infinity','\'Threat hunting like a pentester\'','\'Ronald Gonzalez\'','RTV_3c985e4d92af328db7cc4b284e107897','\'Title: Threat hunting like a pentester
\nWhen: Sunday, Aug 11, 11:00 - 11:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Infinity - Map
\n
\nDescription:
\nThis workshop has been developed to teach participants to be one step ahead of malicious actors with the techniques they use, making use of CVE\'s, investigating old and new exploits, to find payloads, vulnerable directory paths, remote inclusion of files and others so you can convert them into alerts or rules in Sentinel One. We are going to first analyze some of the most used CVEs or exploits of the moment to obtain the attack vectors and later convert them into rules
\n\nSpeakerBio: Ronald Gonzalez
\nNo BIO available
\n\n\'',NULL,614880),('3_Saturday','15','15:30','16:30','N','BHV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'D0N0H4RM: Cyber STEM Storytime\'','\'Nitin Natarajan,Christian Dameff,Andrew Carney,Matt Hazelett,Erika Cheung\'','BHV_8f136228bad95773b5d73b3c500d18e9','\'Title: D0N0H4RM: Cyber STEM Storytime
\nWhen: Saturday, Aug 10, 15:30 - 16:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\n\n\nSpeakers:Nitin Natarajan,Christian Dameff,Andrew Carney,Matt Hazelett,Erika Cheung
\n
\nSpeakerBio: Nitin Natarajan, Deputy Director at Cybersecurity and Infrastructure Security Agency (CISA)
\nNitin Natarajan was appointed to serve as the Deputy Director for the Cybersecurity and Infrastructure Security Agency (CISA) on February 16, 2021. Prior to joining CISA, Natarajan served in a variety of public and private sector positions spanning over 30 years. Most recently he served as an executive with consulting firms within the National Capital Region, providing subject matter expertise on a variety of topics, including cybersecurity, homeland and national security, critical infrastructure protection, environmental emergency management, continuity of operations, and health security matters. Natarajan also held a number of federal government roles to include Deputy Assistant Administrator at the U.S. Environmental Protection Agency, the Director of Critical Infrastructure Policy at the White House/National Security Council, and as a Director at the U.S. Health and Human Services overseeing healthcare and public health programs. Prior to serving in the federal government, Natarajan served in positions at the state/local government level and served as a hospital administrator in New York. At the beginning of his career, Natarajan spent 13 years as a first responder in New York, which included service as a flight paramedic. He was the Commander of a federal medical response team, based in New York, and has extensive experience deploying to natural and man-made disasters throughout the nation. He holds an undergraduate degree from the State University of New York and a graduate degree from the United States Naval Postgraduate School.
\n\nSpeakerBio: Christian Dameff, Emergency PhysicianMD
\nDr. Christian Dameff is an Emergency Physician, Clinical Informaticist, and researcher. Published clinical works include post cardiac arrest care including therapeutic hypothermia, novel drug targets for acute myocardial infarction patients, ventricular fibrillation waveform analysis, cardiopulmonary resuscitation (CPR) quality and optimization, dispatch assisted CPR, teletoxicology, clinical applications of wearables, and electronic health records.
\n\nDr. Dameff is also a hacker and security researcher interested in the intersection of healthcare, patient safety, and cybersecurity. He has spoken at some of the world’s most prominent hacker forums including DEFCON, RSA, Blackhat, Derbycon, BSides: Las Vegas, and is one of the cofounders of the CyberMed Summit, a novel multidisciplinary conference with emphasis on medical device and infrastructure cybersecurity. Published cybersecurity topics include hacking 911 systems, HL7 messaging vulnerabilities, and malware.
\n\nSpeakerBio: Andrew Carney, Program Manager at Advanced Research Projects Agency for Health (ARPA-H)
\nAndrew Carney joined ARPA-H in July 2023 from HSBC’s Cybersecurity Science and Analytics group, where he worked as a principal researcher. He has over 15 years of experience in software and hardware vulnerability research, technical education and training, and management of research and development teams.
\n\nIn addition to his role as program manager with ARPA-H, Carney holds a joint program manager appointment with the Defense Advanced Research Projects Agency (DARPA) for the AI Cyber Challenge (AIxCC), a competition focused on securing software in critical infrastructure. Before HSBC, Carney was a technical advisor and contractor for the Defense Advanced Research Projects Agency (DARPA). At DARPA, he supported research efforts focused on reverse engineering, program analysis, human-machine teaming, and automated program repair. Throughout his career, Carney has been involved in competitive hacking (called Capture the Flag, or CTF) as both a player and a competition organizer. He holds a master’s degree in computer science from The Johns Hopkins University.
\n\nSpeakerBio: Matt Hazelett, Program Director for the Cybersecurity Focal Point Program in the Office of Product Evaluation and Quality (OPEQ) at FDA
\nI coordinate across the Center for Devices and Radiological Health (CDRH) at FDA on medical device cybersecurity policy development, vulnerability and incident response, and policy implementation across the total product lifecycle (TPLC).
\n\nI have led and oversee the implementation of Section 524B, Ensuring Cybersecurity of Devices, of the Food, Drug, and Cosmetic (FD&C) Act and the FDA guidance, Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions. This includes making available training for over 1000 review staff and managers, developing submission support resources (eSTAR Template and help text), developing support resources for review staff, and answering policy questions.
\n\nAlso, as the Program Director for the Cybersecurity Focal Point Program in the Office of Product Evaluation and Quality (OPEQ), I work to build reviewer subject matter expertise in medical device cybersecurity as well as build and maintain consistency across the review offices and the TPLC.
\n\nSpeakerBio: Erika Cheung, Executive Director at Ethics in Entrepreneurship
\nCurrently, the Executive Director of Ethics in Entrepreneurship, a non-profit whose mission is to foster ethical questioning, culture, and systems in startups and startup ecosystems. We provide programs catered to workers, investors, and founders.
\n\nErika is an advisor to several family offices, venture capital firms, and governmental investment programs focused on healthcare, biosciences, and biotechnology companies. She invests a portion of her time building cross-border networks between the US and the Asia Pacific region to facilitate the growth of companies operating in emerging markets.
\n\nHer first job out of college was working for Theranos, where she subsequently was one of the critical whistleblowers reporting the fraud case to regulators preventing the company from providing false lab results to patients. The Theranos scandal has been extensively covered in the media. She\'s working towards obtaining her ACFE-certified fraud examiner\'s license to educate others on fraud prevention strategies and develop programs to protect business stakeholders from high-risk ventures. She is also an advisor to several whistleblower advocacy organizations to support individuals who may be retaliated against while reporting misconduct.
\n\nShe is passionate about innovation ecosystem building, development, economic mobility, affordable healthcare, and public-interest technology projects. She is an avid mixed martial artist in her free time and hopes to support efforts that leverage martial arts to empower trauma survivors
\n\n\n\'',NULL,614881),('3_Saturday','16','15:30','16:30','Y','BHV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'D0N0H4RM: Cyber STEM Storytime\'','\'Nitin Natarajan,Christian Dameff,Andrew Carney,Matt Hazelett,Erika Cheung\'','BHV_8f136228bad95773b5d73b3c500d18e9','\'\'',NULL,614882),('1_Thursday','20','20:00','01:59','N','SOC','LVCC West/Floor 2/W231-W233','\'Music Set / Entertainment (Thursday, SYN Stage)\'','\'PatAttack,Grind613,DotOrNot,DJ Vulp,Daemon Chadeau,CTRL / rsm\'','SOC_ca5d32702a2e1c5c05971d22b79e296b','\'Title: Music Set / Entertainment (Thursday, SYN Stage)
\nWhen: Thursday, Aug 8, 20:00 - 01:59 PDT
\nWhere: LVCC West/Floor 2/W231-W233 - Map
\n
\nDescription:
\n\n- 20:00 - 21:00 - Daemon Chadeau
\n- 21:00 - 22:00 - DotOrNot
\n- 22:00 - 23:00 - PatAttack
\n- 23:00 - 00:00 - DJ Vulp
\n- 00:00 - 01:00 - CTRL / rsm
\n- 01:00 - 02:00 - Grind613
\n
\n\nSpeakers:PatAttack,Grind613,DotOrNot,DJ Vulp,Daemon Chadeau,CTRL / rsm
\n
\nSpeakerBio: PatAttack
\nNo BIO available
\nSpeakerBio: Grind613
\nNo BIO available
\nSpeakerBio: DotOrNot
\nNo BIO available
\nSpeakerBio: DJ Vulp
\nNo BIO available
\nSpeakerBio: Daemon Chadeau
\nNo BIO available
\nSpeakerBio: CTRL / rsm
\nNo BIO available
\n\n\'',NULL,614883),('2_Friday','20','20:00','01:59','N','SOC','LVCC West/Floor 2/W231-W233','\'Music Set / Entertainment (Retro Sci-Fi Friday, SYN Stage)\'','\'ZEE,YTCracker,TRIODE,Ohm-I & The NPC Collective,MC Frontalot,Icetre Normal,Dual Core,Costume Contest\'','SOC_a3e543a28497ee019597e96da79656d2','\'Title: Music Set / Entertainment (Retro Sci-Fi Friday, SYN Stage)
\nWhen: Friday, Aug 9, 20:00 - 01:59 PDT
\nWhere: LVCC West/Floor 2/W231-W233 - Map
\n
\nDescription:
\n\n- 20:00 - 20:45 - Icetre Normal
\n- 20:45 - 21:30 - Ohm-I & The NPC Collective
\n- 21:30 - 22:15 - Dual Core
\n- 22:15 - 23:00 - YTCracker
\n- 23:00 - 00:00 - MC Frontalot
\n- 00:00 - 00:15 - Costume Contest
\n- 00:15 - 01:15 - ZEE
\n- 01:15 - 02:00 - TRIODE
\n
\n\nSpeakers:ZEE,YTCracker,TRIODE,Ohm-I & The NPC Collective,MC Frontalot,Icetre Normal,Dual Core,Costume Contest
\n
\nSpeakerBio: ZEE
\nNo BIO available
\nSpeakerBio: YTCracker
\nNo BIO available
\nSpeakerBio: TRIODE
\nNo BIO available
\nSpeakerBio: Ohm-I & The NPC Collective
\nNo BIO available
\nSpeakerBio: MC Frontalot
\nNo BIO available
\nSpeakerBio: Icetre Normal
\nNo BIO available
\nSpeakerBio: Dual Core
\nNo BIO available
\nSpeakerBio: Costume Contest
\nNo BIO available
\n\n\'',NULL,614884),('3_Saturday','20','20:00','01:59','N','SOC','LVCC West/Floor 2/W231-W233','\'Music Set / Entertainment (Pirate\'s Night For Me! Saturday, SYN Stage)\'','\'Skittish and Bus,O\'Craven Celtic Pirate Band,Ninjula,Miss Jackalope,Grindhaus Selektor,DJ Scythe,Costume Contest\'','SOC_4f7ca6974b3b93972882a2d4ccd70aca','\'Title: Music Set / Entertainment (Pirate\'s Night For Me! Saturday, SYN Stage)
\nWhen: Saturday, Aug 10, 20:00 - 01:59 PDT
\nWhere: LVCC West/Floor 2/W231-W233 - Map
\n
\nDescription:
\n\n- 20:00 - 21:00 - DJ Scythe
\n- 21:00 - 22:00 - Grindhaus Selektor
\n- 22:00 - 23:00 - Skittish and Bus
\n- 23:00 - 00:00 - Miss Jackalope
\n- 00:00 - 01:00 - O\'Craven Celtic Pirate Band
\n- 01:00 - 01:15 - Costume Contest
\n- 01:15 - 02:00 - Ninjula
\n
\n\nSpeakers:Skittish and Bus,O\'Craven Celtic Pirate Band,Ninjula,Miss Jackalope,Grindhaus Selektor,DJ Scythe,Costume Contest
\n
\nSpeakerBio: Skittish and Bus
\nNo BIO available
\nSpeakerBio: O\'Craven Celtic Pirate Band
\nNo BIO available
\nSpeakerBio: Ninjula
\nNo BIO available
\nSpeakerBio: Miss Jackalope
\nNo BIO available
\nSpeakerBio: Grindhaus Selektor
\nNo BIO available
\nSpeakerBio: DJ Scythe
\nNo BIO available
\nSpeakerBio: Costume Contest
\nNo BIO available
\n\n\'',NULL,614885),('3_Saturday','20','20:00','01:59','N','SOC','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Music Set / Entertainment (Cyberpunk Bar Saturday, ACK Stage)\'','\'Wesley McGrew,Syntax (DJ) + Luna (VJ),N8,mattrix,Magik Plan,Kampf\'','SOC_a79ef2c57a78c234a3d377978bed1fd5','\'Title: Music Set / Entertainment (Cyberpunk Bar Saturday, ACK Stage)
\nWhen: Saturday, Aug 10, 20:00 - 01:59 PDT
\nWhere: LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage - Map
\n
\nDescription:
\n\n- 20:00 - 21:00 - Kampf
\n- 21:00 - 22:00 - mattrix
\n- 22:00 - 23:00 - Dr. McGrew
\n- 23:00 - 00:00 - Magik Plan
\n- 00:00 - 01:00 - Syntax (DJ) + Luna (VJ)
\n- 01:00 - 02:00 - N8
\n
\n\nSpeakers:Wesley McGrew,Syntax (DJ) + Luna (VJ),N8,mattrix,Magik Plan,Kampf
\n
\nSpeakerBio: Wesley McGrew, Senior Cybersecurity Fellow at MartinFederal
\nDr. Wesley McGrew directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and malware analysis at DEF CON and Black Hat USA and taught a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.
\n\nSpeakerBio: Syntax (DJ) + Luna (VJ)
\nNo BIO available
\nSpeakerBio: N8
\nNo BIO available
\nSpeakerBio: mattrix
\nNo BIO available
\nSpeakerBio: Magik Plan
\nNo BIO available
\nSpeakerBio: Kampf
\nNo BIO available
\n\n\'',NULL,614886),('2_Friday','20','20:00','01:59','N','SOC','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Music Set / Entertainment (Cyberpunk Bar Friday, ACK Stage)\'','\'Scotch & Bubbles,PankleDank,DJ St3rling,DJ Habbs,Call the Cops,Archwisp\'','SOC_1bfc2dbf0f915c97ac7893276350e791','\'Title: Music Set / Entertainment (Cyberpunk Bar Friday, ACK Stage)
\nWhen: Friday, Aug 9, 20:00 - 01:59 PDT
\nWhere: LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage - Map
\n
\nDescription:
\n\n- 20:00 - 21:00 - Call the Cops
\n- 21:00 - 22:00 - DJ Habbs
\n- 22:00 - 23:00 - PankleDank
\n- 23:00 - 00:00 - Scotch & Bubbles
\n- 00:00 - 01:00- DJ St3rling
\n- 01:00 - 02:00 - Archwisp
\n
\n\nSpeakers:Scotch & Bubbles,PankleDank,DJ St3rling,DJ Habbs,Call the Cops,Archwisp
\n
\nSpeakerBio: Scotch & Bubbles
\nNo BIO available
\nSpeakerBio: PankleDank
\nNo BIO available
\nSpeakerBio: DJ St3rling
\nNo BIO available
\nSpeakerBio: DJ Habbs
\nNo BIO available
\nSpeakerBio: Call the Cops
\nNo BIO available
\nSpeakerBio: Archwisp
\nNo BIO available
\n\n\'',NULL,614887),('1_Thursday','20','20:00','01:59','N','SOC','LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage','\'Music Set / Entertainment (Cyberpunk Bar Thursday, ACK Stage)\'','\'Talk Sinn,Stitcharoo,Relay,deaddoll,CaptHz,Acid-T\'','SOC_f9888c65566cfdcf46deafc6bd24e252','\'Title: Music Set / Entertainment (Cyberpunk Bar Thursday, ACK Stage)
\nWhen: Thursday, Aug 8, 20:00 - 01:59 PDT
\nWhere: LVCC West/Floor 1/North Lobby/North Lobby Contests/ACK Stage - Map
\n
\nDescription:
\n\n- 20:00 - 21:00 - Stitcharoo
\n- 21:00 - 22:00 - Talk Sinn
\n- 22:00 - 23:00 - deaddoll
\n- 23:00 - 00:00 - CaptHz
\n- 00:00 - 01:00 - Relay
\n- 01:00 - 02:00 - Acid-T
\n
\n\nSpeakers:Talk Sinn,Stitcharoo,Relay,deaddoll,CaptHz,Acid-T
\n
\nSpeakerBio: Talk Sinn
\nNo BIO available
\nSpeakerBio: Stitcharoo
\nNo BIO available
\nSpeakerBio: Relay
\nNo BIO available
\nSpeakerBio: deaddoll
\nNo BIO available
\nSpeakerBio: CaptHz
\nNo BIO available
\nSpeakerBio: Acid-T
\nNo BIO available
\n\n\'',NULL,614888),('2_Friday','10','10:00','11:45','N','PLV','LVCC West/Floor 2/W237','\'US and International Public Cyber Policy 101\'','\'Harley Geiger,Adam Dobell,Cassie Crossley\'','PLV_c31102e6d4e4cf55c130e22188933a74','\'Title: US and International Public Cyber Policy 101
\nWhen: Friday, Aug 9, 10:00 - 11:45 PDT
\nWhere: LVCC West/Floor 2/W237 - Map
\n
\nDescription:
\nThe session will provide an overview of the current themes and topics being explored by US and International policymakers. It will help provide clarity into the landscape of cyber public policy, highlighting the need for governments around the world to align on policy development and intervention. It will help establish a baseline of knowledge on what\'s happening in global cyber policy for those wanting to get up to speed, and will help set the scene for many of the policy discussions to come throughout DEF CON.
\n\nSpeakers:Harley Geiger,Adam Dobell,Cassie Crossley
\n
\nSpeakerBio: Harley Geiger, Venable
\nHarley Geiger is a legal and public policy specialist with deep experience in vulnerability management and disclosure. He leads the Hacking Policy Council, a group of senior executives with policy, business, and technical expertise in vulnerability management.
\n\nSpeakerBio: Adam Dobell
\nAdam Dobell has extensive experience in cybersecurity and international policy, principally in the Indo-Pacific. Prior to joining Venable, Adam served as the first secretary for the department of home affairs at the Embassy of Australia in Washington DC, where he engaged with officials at the White House and congressional and industry stakeholders to further Australia’s national security interests. He also represented the Australian Government in multilateral groupings including the Asia Pacific Economic Cooperation, the International Counter Ransomware Initiative, and the Quad.
\n\nSpeakerBio: Cassie Crossley, Vice President, Supply Chain Security, Cybersecurity & Product Security Office at Schneider Electric
\nCassie Crossley, Vice President, Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development and author of \"Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware.\" She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, program management, and data privacy. Ms. Crossley has designed frameworks and operating models for end-to-end security in software development lifecycles, third party risk management, cybersecurity governance, and cybersecurity initiatives. She has an M.B.A. from California State University, Fresno, and her Bachelor of Science degree in Technical and Professional Communication with a specialization in Computer Science.
\n\n\n\'',NULL,614889),('2_Friday','11','10:00','11:45','Y','PLV','LVCC West/Floor 2/W237','\'US and International Public Cyber Policy 101\'','\'Harley Geiger,Adam Dobell,Cassie Crossley\'','PLV_c31102e6d4e4cf55c130e22188933a74','\'\'',NULL,614890),('2_Friday','12','12:00','12:45','N','PLV','LVCC West/Floor 2/W237','\'Rules All Hackers Must Follow in War\'','\'Dr. Kosuke Onishi\'','PLV_5403fb174febc2aabd9ca9bf4074c995','\'Title: Rules All Hackers Must Follow in War
\nWhen: Friday, Aug 9, 12:00 - 12:45 PDT
\nWhere: LVCC West/Floor 2/W237 - Map
\n
\nDescription:
\nAs digital technology is changing how militaries conduct war, a trend has emerged in which a growing number of civilians are becoming involved in armed conflicts through digital means. Sitting at some distance from physical hostilities, including outside the countries at war, civilians – including hackers – are conducting a range of cyber operations against their “enemy.” One example is the international armed conflict between Russia and Ukraine, where some groups present themselves as a “worldwide IT community” with the mission to, in their words, “help Ukraine win by crippling aggressor economies, blocking vital financial, infrastructural and government services, and tiring major taxpayers.” Others have reportedly “called for and carried out disruptive – albeit temporary – attacks on hospital websites in both Ukraine and allied countries,” among many other operations. In this session, the International Committee of the Red Cross will highlight that there are legal limits in warfare, and will set out several international humanitarian law (IHL)-based rules that all hackers who carry out operations in the context of an armed conflict must comply with. The session will also discuss why it is a State’s responsibility to restrain hackers engaging in those conflicts.
\n\nSpeakerBio: Dr. Kosuke Onishi, Legal Advisor at International Committee of the Red Cross
\nDr. Kosuke Onishi is a legal adviser for the International Committee of the Red Cross (ICRC) at the Permanent Observer Mission to the United Nations in New York. Prior to this, he was a legal adviser for the ICRC Regional Delegation in Washington D.C. Dr. Onishi has also taught international law at Osaka University and Aichi Prefectural University as an adjunct lecturer. He holds a B.A. in law from Doshisha University, an M.A. in global politics and law from Doshisha and Sheffield Universities (dual degree), an LL.M. in public international law from Leiden University, and an LL.D. from Doshisha University.
\n\n\n\'',NULL,614891),('2_Friday','13','13:00','13:45','N','PLV','LVCC West/Floor 2/W237','\'The Value of Trust in the Open-source Software Ecosystem\'','\'Nasreen Djouini,Jordan Kasper,Aeva Black\'','PLV_94d21d94760c2e65056f6223cfc98556','\'Title: The Value of Trust in the Open-source Software Ecosystem
\nWhen: Friday, Aug 9, 13:00 - 13:45 PDT
\nWhere: LVCC West/Floor 2/W237 - Map
\n
\nDescription:
\nOne year since the five-agency release of the Request for Information (RFI) on Open-Source Software Security Areas of Long Term Focus and Prioritization the U.S. government is returning to DEF CON to release an RFI Summary Report that consolidates the feedback received from the open-source software community and highlight agency-wide priorities to secure the open-source software ecosystem. In this panel, you will hear from government employees leading the charge on policy solutions towards secure open-source software and building trust with the open-source software ecosystem. In this panel, White House, the U.S. Department of Homeland Security, and Infrastructure Security Agency officials will present an overview of the Federal Government efforts in this space. The discussion will address the five priority areas addressed in the RFI, including (i) Securing Open-Source Software Foundations; (ii) Sustaining Open-Source Software Communities and Governance; (iii) Creating Behavioral and Economic Incentives to Secure the Open-Source Software Ecosystem; (iv) Improving R&D/ Innovation; and (v) Expanding International Collaboration. We look to work with you to ensure a secure, sustainable, and resilient open-source software future.
\n\nSpeakers:Nasreen Djouini,Jordan Kasper,Aeva Black
\n
\nSpeakerBio: Nasreen Djouini, Senior Policy Advisor at Office of the National Cyber Director (ONCD)
\nNasreen Djouini is a Senior Policy Advisor at the Office of the National Cyber Director working on efforts to secure open-source software. In this role, she leads and facilitates the multi-agency working group on Open-Source Software initiative (OS3I).
\n\nSpeakerBio: Jordan Kasper, Senior Advisor for Technology and Delivery in the Office of the CIO at Department of Homeland Security
\nJordan Kasper is a software engineer, speaker, tinkerer, and open source zealot. He spent much of his career in private industry building web applications for companies and organizations of all sizes. In 2017, he joined the U.S. Digital Service to help make technology better for all Americans. Since then he has worked on systems that serve millions of people and has written policies and strategies that have shaped government information technology across the board. He has developed in numerous languages from Natural on IBM mainframes to microservices in Node.js. Over the years he has spoken at over a hundred events worldwide on all things tech. He currently serves as Senior Advisor for Technology and Delivery in the Office of the CIO for the U.S. Department of Homeland Security.
\n\nSpeakerBio: Aeva Black, DHS Cyber Security and Infrastructure Security Agency
\nAeva Black is an open-source hacker and international public speaker with 25 years of experience building digital infrastructure and leading open-source projects. They previously served on the OpenSSF Technical Advisory Committee, OpenStack Technical Committee, Kubernetes Code of Conduct Committee, and led open-source security strategy within the Microsoft Azure Office of the CTO. In their spare time, Aeva serves on the Board of the Open-Source Initiative and enjoys riding motorcycles and supporting the local LGBTQ+ community.
\n\n\n\'',NULL,614892),('2_Friday','14','14:00','14:45','N','PLV','LVCC West/Floor 2/W237','\'Advocating for an Inclusive Cyber-Civil Rights Policy Agenda for Vulnerable Communities\'','\'Nicole Tisdale,Kemba Walden,Jacob H Braun,Elizabeth Eigner\'','PLV_64cf6d26f9a088d3ebe9e0fc21f8ac51','\'Title: Advocating for an Inclusive Cyber-Civil Rights Policy Agenda for Vulnerable Communities
\nWhen: Friday, Aug 9, 14:00 - 14:45 PDT
\nWhere: LVCC West/Floor 2/W237 - Map
\n
\nDescription:
\nCyber-financial crimes devastate marginalized communities, robbing them of economic opportunity and hard earned civil rights. This panel issues an urgent call to action to cyber advocates: join forces in pioneering policy solutions that enhance community resilience against these persistent threats to our global community. Our experts go beyond critiquing existing laws to envision groundbreaking models prioritizing the voices of impacted groups. We\'ll explore how to effectively amplify grassroots initiatives fostering digital awareness and empowerment from the ground up. This is a roadmap for multi-stakeholder collaboration - uniting policy leaders, corporate innovators, government officials, hackers, and advocates. Together we can build robust frameworks that embed civil rights into the core of cybersecurity strategy and implementation.
\n\nSpeakers:Nicole Tisdale,Kemba Walden,Jacob H Braun,Elizabeth Eigner
\n
\nSpeakerBio: Nicole Tisdale, Founder at Advocacy Blueprints
\nNicole Tisdale is a fifteen-year national security expert and former Director at The White House - National Security Council and the U.S. Congress\' House Committee on Homeland Security. Nicole’s policy expertise encompasses cybersecurity, counterintelligence, and election security. Nicole founded Advocacy Blueprints, a policy consulting and advocacy training firm. Her creation and commitment cyber-impact policy is evidenced by her writing The Hidden Injustice of Cyberattacks for WIRED Magazine and her commitment to civic engagement for advocates highlighted in her book “Right to Petition.” She serves in several advisor and fellowship positions, including Aspen Digital, POPVOX Foundation, and Omidyar Networks.
\n\nSpeakerBio: Kemba Walden, President at Paladin Global Institute
\nKemba Walden is President of the Paladin Global Institute and former Acting National Cyber Director at the White House Office of the National Cyber Director (ONCD). Kemba also served a decade at the Department of Homeland Security (DHS) and three years at Microsoft. Since 2019, Kemba has been an adjunct professor of information security law and regulatory compliance at Georgetown University’s School of Continuing Studies, which she balances with her duties as a member of the Council on Foreign Relations and Atlantic Council Board of Directors, as well as co-chair of the Aspen Digital U.S. Cybersecurity Group.
\n\nSpeakerBio: Jacob H Braun, Acting Principal Deputy National Cyber Director at Office of the National Cyber Director (ONCD)
\nJake Braun served in the White House as Acting Principal Deputy National Cyber Director from May 2023 to July 2024. Prior to joining the White House Office of the National Cyber Director, he was appointed by President Joseph Biden as Senior Counselor to the Secretary of Homeland Security. Braun is also a lecturer at the University of Chicago’s Harris School of Public Policy Studies and Chairman of the Cyber Policy Initiative there.
\n\nFrom 2009 to 2011, Braun served as White House Liaison to the U.S. Department of Homeland Security. Braun is also co-founder of the DEF CON Voting Machine Hacking Village (Voting Village) hacker conference.\"
\n\nSpeakerBio: Elizabeth Eigner, Security Policy Strategist at Microsoft
\nElizabeth Eigner is a Security Policy Strategist in Microsoft\'s Global Cybersecurity Policy, where she oversees its marginalized user protection initiatives, tailoring Microsoft’s cybersecurity approach to the needs of marginalized communities. Elizabeth also leads Microsoft’s High-risk User and Human Rights Defender Protection initiative. Prior to joining Microsoft, Elizabeth worked at the Washington Technology Industry Association (WTIA), where she provided policy and strategic guidance on expanding digital access to underserved Washington communities, and MIT Solve, Massachusetts Institute of Technology’s social impact accelerator, where she collaborated with tech-based social entrepreneurs around the world solving challenges related to digital inclusion and equity.
\n\n\n\'',NULL,614893),('2_Friday','15','15:00','16:45','N','PLV','LVCC West/Floor 2/W237','\'NSM-22 and the National Risk Management Plan: CISA Wants to Hear from You on How to Protect Our Nation’s Critical Infrastructure\'','\'William Loomis,Michael Garcia\'','PLV_bc1f93b58020a4822724a4955cf1a113','\'Title: NSM-22 and the National Risk Management Plan: CISA Wants to Hear from You on How to Protect Our Nation’s Critical Infrastructure
\nWhen: Friday, Aug 9, 15:00 - 16:45 PDT
\nWhere: LVCC West/Floor 2/W237 - Map
\n
\nDescription:
\nOn April 30th, the White House released National Security Memorandum-22 (NSM) on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and all-hazard threats. NSM-22 recognizes the changed risk landscape over the past decade and leverages the enhanced authorities of federal departments and agencies to implement a new risk management cycle that prioritizes collaborating with partners to identify and mitigate sector, cross-sector, and nationally significant risk. The culmination of this cycle is the creation of the National Infrastructure Risk Management Plan (National Plan)—thereby replacing the 2013 National Infrastructure Protection Plan—and will guide the Federal effort to mitigate cross-sector and national risks to critical infrastructure. As the National Coordinator for critical infrastructure security and resilience, CISA will develop this National Plan to be forward-looking and one that employs all available Federal tools, resources, and authorities to manage and reduce national-level risks, including those cascading across critical infrastructure sectors. In other words, the National Plan will be the federal government’s comprehensive plan to mitigate and manage cross-sector risk. And that is why CISA is asking for you to help us and Sector Risk Management Agencies (SRMAs) over the course of the year as we develop this foundational document. During this session, two of the CISA leads when it comes to drafting this document will briefly walk through their approach, and then the rest of the session will be devoted to guided discussion and feedback.
\n\nSpeakers:William Loomis,Michael Garcia
\n
\nSpeakerBio: William Loomis, Cyber Policy Advisor for the Office of Strategy, Policy, and Plans at DHS Cyber Security and Infrastructure Security Agency
\nWill Loomis is a Cyber Policy Advisor for the Office of Strategy, Policy, and Plans at the Cybersecurity and Infrastructure Security Agency. He is also a nonresident fellow with the Atlantic Council’s Cyber Statecraft Initiative under the Digital Forensic Research Lab. Loomis previously served as an associate director with the Cyber Statecraft Initiative, where he led the program’s work on critical infrastructure cybersecurity and software supply chain risk management. He was also formerly the chair of Young Professionals in Foreign Policy’s Cybersecurity Policy & Technology Discussion Group and an organizer and Goon for Policy @ DEF CON.
\n\nSpeakerBio: Michael Garcia, Senior Policy Advisor for the Office of Strategy, Policy, and Plans at DHS Cyber Security and Infrastructure Security Agency
\nMichael Garcia is a senior policy advisor for the Office of Strategy, Policy, and Plans at the U.S. Cybersecurity and Infrastructure Security Agency (CISA) where he develops and supports interagency cybersecurity policies. Prior to joining CISA, Michael was a professional staff member for the U.S. Senate Homeland Security and Governmental Affairs Committee, where he worked on the Cyber Incident Reporting for the Critical Infrastructure Act of 2022 and other cybersecurity legislation. Before working for the Senate, Michael held several other cyber policy positions, including working at Third Way as a senior policy advisor for their Cyber Enforcement Initiative, serving as director for external engagement and outreach for the U.S. Cyberspace Solarium Commission, and advising governors’ offices on cybersecurity policy issues at the National Governors Association. Michael was a 2020 fellow for New America and the Global Public Policy Institute\'s Transatlantic Digital Debate and a 2021 Next Gen National Security Fellow for the Center for New American Security. His work has been published and quoted by Politico, Lawfare, The Hill, Just Security, and the Council on Foreign Relations.
\n\n\n\'',NULL,614894),('2_Friday','16','15:00','16:45','Y','PLV','LVCC West/Floor 2/W237','\'NSM-22 and the National Risk Management Plan: CISA Wants to Hear from You on How to Protect Our Nation’s Critical Infrastructure\'','\'William Loomis,Michael Garcia\'','PLV_bc1f93b58020a4822724a4955cf1a113','\'\'',NULL,614895),('3_Saturday','11','11:00','12:20','N','PLV','LVCC West/Floor 2/W237','\'How can hackers support efforts to secure AI systems?\'','\'Wan Ding Yao,Christine Lai,Anjuli Shere\'','PLV_2f8cfd584446d884bbaf10ff9f6712f3','\'Title: How can hackers support efforts to secure AI systems?
\nWhen: Saturday, Aug 10, 11:00 - 12:20 PDT
\nWhere: LVCC West/Floor 2/W237 - Map
\n
\nDescription:
\nArtificial Intelligence is increasingly being framed in dystopian ways even though the technology has been around for decades and the opportunities it brings are vast. In the past months, more Governments have announced proposals to make AI models and systems more secure. Through a panel session, we want to shine a light on these efforts, particularly those that are most relevant to the DEFCON community, such as recommendations on testing and red teaming as well as the need for vulnerability disclosure processes. This session aims to foster a better understanding of what hackers are seeing on the ground in terms of the vulnerabilities in AI models and to identify how more collaboration could be undertaken. The outcome of this session will be to provide a spotlight on data gaps in this area and to share insights that can positively inform future work, such as the development of international AI standards.
\n\nSpeakers:Wan Ding Yao,Christine Lai,Anjuli Shere
\n
\nSpeakerBio: Wan Ding Yao, AI Security Lead at Singapore GovTech’s Cyber Security Group
\nMr Wan Ding Yao is the AI Security Lead in Singapore GovTech’s Cyber Security Group driving workstreams at the intersection of AI and cybersecurity including prototyping AI use cases for cybersecurity operations and developing AI red-teaming capabilities. He holds a Bachelor of Laws (Technology for Business) and a Master of Science in Computing (Data Science & Engineering) from the Singapore Management University. He is admitted to the Singapore Bar and holds professional cybersecurity certifications from OffSec, CREST, (ISC)2, Practical DevSecOps, MAD20, AWS, Microsoft, and Google.
\n\nSpeakerBio: Christine Lai, Cybersecurity Research Specialist at DHS Cyber Security and Infrastructure Security Agency
\nChristine Lai is a cybersecurity research specialist in the Office of the Technical Director at the Cybersecurity and Infrastructure Security Agency (CISA), where she currently serves as the AI Security lead for the agency. Prior to joining CISA, she was a cybersecurity and machine learning researcher on critical infrastructure programs at Sandia National Laboratories in Albuquerque, NM.
\n\nSpeakerBio: Anjuli Shere, Head of Cyber Advocacy in the Cyber Security at Directorate of the UK\'s Department for Science, Innovation and Technology
\nDr. Anjuli Shere is the Head of Cyber Advocacy in the Cyber Security Directorate of the UK\'s Department for Science, Innovation and Technology. She has a doctorate in Cyber Security from the University of Oxford, during which she spent two years as a Research Fellow at Harvard Kennedy School\'s Shorenstein Center on Media, Politics and Public Policy. Dr.Shere\'s research covered emerging technological risks, focusing on converging threats to journalists and media freedom from the consumer Internet of Things in Taiwan, Australia, the U.K. and the U.S. Additionally, she was an intelligence analyst on Channel 4’s fugitive simulations \"Hunted\" and \"Celebrity Hunted\" for seven series (2017-2025), and an expert advisor to the Financial Times Film \"People You May Know\" about surveillance during the COVID-19 pandemic. Dr. Shere\'s previous relevant experience also includes tech/politics writing for the New Statesman, working as a research analyst at the Association for International Broadcasting, and honing her skills in analysis and investigation as part of CyberPATH (the UK National Cyber Resilience Centres Programme) and as a “Digital Sherlock” with the Atlantic Council’s Digital Forensic Research Lab.
\n\n\n\'',NULL,614896),('3_Saturday','12','11:00','12:20','Y','PLV','LVCC West/Floor 2/W237','\'How can hackers support efforts to secure AI systems?\'','\'Wan Ding Yao,Christine Lai,Anjuli Shere\'','PLV_2f8cfd584446d884bbaf10ff9f6712f3','\'\'',NULL,614897),('3_Saturday','13','13:00','13:45','N','PLV','LVCC West/Floor 2/W237','\'Global Perspectives in Cybersecurity: Challenging Norms and Expanding Horizons\'','\'Wouter Veenstra,Randy Pestana,Kerry-Ann Barrett,Brett DeWitt\'','PLV_faf966ff7295a5db176673abf647f13f','\'Title: Global Perspectives in Cybersecurity: Challenging Norms and Expanding Horizons
\nWhen: Saturday, Aug 10, 13:00 - 13:45 PDT
\nWhere: LVCC West/Floor 2/W237 - Map
\n
\nDescription:
\nThis panel aims to mobilize DEFCON\'s technical talent towards global good, encouraging application of their skills in a broader, impactful context. Transcending conventional cybersecurity dialogues focused primarily on the US and Europe, this discussion highlights underexplored regions and emphasizes the importance of partnerships and incorporating international developments into cybersecurity strategies. Attendees will learn from Mr. Randy Pestana on how academic institutions contribute to cybersecurity, followed by Ms. Kerry Ann Barrett on the influence of multilateral organizations, Mr. Brett DeWitt on financial sector insights that influence foreign investment, and Mr. Wouter Veenstra on the necessity of global collaboration. This session equips participants to engage more effectively in international cybersecurity efforts, highlighting the value of diverse global perspectives and strategic partnerships.
\n\nSpeakers:Wouter Veenstra,Randy Pestana,Kerry-Ann Barrett,Brett DeWitt
\n
\nSpeakerBio: Wouter Veenstra, GFCE
\nWouter Veenstra is in the lead of GFCE Outreach and Partnerships and his key responsibilities are to identify and connect key stakeholders on Cyber Capacity Building, to interest them to join the GFCE and to connect them on cyber topics based on their wants, needs and means.
\n\nSpeakerBio: Randy Pestana, Director of Cybersecurity Polic at Florida International University’s Jack D. Gordon Institute for Public Policy
\nRandy Pestana serves as Director of Cybersecurity Policy at Florida International University’s Jack D. Gordon Institute for Public Policy. He is responsible for managing the institutes cyber-related partnerships to include U.S. government entities, multilateral organizations and numerous industry partners across the cybersecurity community.
\n\nSpeakerBio: Kerry-Ann Barrett, Cybersecurity Program Manager at Inter-American Committee Against Terrorism of the Organization of American States
\nKerry-Ann Barrett is the Cybersecurity Program Manager within the Inter-American Committee Against Terrorism of the Organization of American States (OAS/CICTE). In her capacity she leads the OAS/CICTE’s cybersecurity capacity building efforts to member states through the design, planning and execution of cybersecurity initiatives.
\n\nSpeakerBio: Brett DeWitt, Mastercard
\nBrett DeWitt drives global cybersecurity public policy strategies to enable a more secure, inclusive, and innovative digital economy. Brett represents Mastercard in international trade associations, engages in public-private partnerships, supports the development of policy solutions for governments, and coordinates external communications.
\n\n\n\'',NULL,614898),('3_Saturday','14','14:00','15:45','N','PLV','LVCC West/Floor 2/W237','\'What’s next for the commercial CNE marketplace? A chance for you to influence the policy that will impact the future\'','\'UK Repersentative 2,Senior Representative from UK NCSC,Océane Thieriot,Claudi d’Antoine,Bill Marczak,Daniel Cuthbert\'','PLV_787b6ba5b9a600e716ce6daef1b80839','\'Title: What’s next for the commercial CNE marketplace? A chance for you to influence the policy that will impact the future
\nWhen: Saturday, Aug 10, 14:00 - 15:45 PDT
\nWhere: LVCC West/Floor 2/W237 - Map
\n
\nDescription:
\nThe marketplace offering commercial proliferation of cyber tools and services (such as end to end CNE capabilities as well as individual components for those capabilities) is lowering the barrier to entry resulting in greater and irresponsible use by threat actors. Across the world, governments, industry, civil society, journalists, and think tanks are responding to this. Through the Pall Mall Process, the UK and French governments are working together to address this challenge, while recognising that these tools and services can provide benefits when used for legitimate purposes and developed responsibly. This session will inform those attending about the Pall Mall Process up to now and look at some of the next steps. It will also give a chance for questions to understand what it could mean for them. There is also a plan to hold an open roundtable at DEF CON for those who wish to provide feedback in a more intimate setting so that this can be considered whilst working through the next steps of the Pall Mall Process.
\n\nSpeakers:UK Repersentative 2,Senior Representative from UK NCSC,Océane Thieriot,Claudi d’Antoine,Bill Marczak,Daniel Cuthbert
\n
\nSpeakerBio: UK Repersentative 2, Head of Cyber Proliferation Policy at UK Foreign Commonwealth & Development Office
\nNo BIO available
\nSpeakerBio: Senior Representative from UK NCSC, CTO for Cyber Policy & Assessment at UK National Cyber Security Centre
\nNo BIO available
\nSpeakerBio: Océane Thieriot, Counselor for Cyber Affairs at Embassy of France in Washington DC
\nOcéane Thieriot is the Counselor for Cyber Affairs at the Embassy of France in Washington DC. Before joining the Embassy, she held positions within the French Ministry of Foreign Affairs, serving in Brussels (Deputy Antici Counselor and Climate Counselor at the French Permanent Representation to the EU) as well as in Paris (member of the cabinet of the Minister for European Affairs). She is a graduate from Ecole Normale Supérieure, Sciences Po and Ecole Nationale d’Administration.
\n\nSpeakerBio: Claudi d’Antoine, President and CEO at Margin Research
\nClaudia d’Antoine, MD is the President and CEO of Margin Research, an offensive cybersecurity firm based in New York City. Claudia is a business leader and entrepreneur who stands at the intersection of security, technical development, and policy. She works closely with partners in the United States Government as well as within the five eyes community to drive problem-solving and support their missions. She is a member of the Atlantic Council on their Counter-Terrorism projects as well as an advisor to the Pall Mall Process. She has spoken at OffensiveCon and REcon and hosts CTFs for the broader cybersecurity community. Prior to joining Margin, she worked as a software engineer and as a physician. She has a passion for bridging technical divides between industries, advancing cutting edge research, and finding practical applications for mission-driven work.
\n\nSpeakerBio: Bill Marczak, Senior Researcher at University of Toronto\'s Citizen Lab
\nBill Marczak is a Senior Researcher at the University of Toronto\'s Citizen Lab where he investigates novel surveillance and censorship tools that threaten Internet freedom. Bill received his PhD in Computer Science from UC Berkeley. Some of Bill’s greatest hits include leading the first public report about NSO Group’s Pegasus spyware, and the capture of the ForcedEntry and BlastPass iOS zero-click exploits. Coverage of Bill\'s work has been featured in Vanity Fair, the New York Times, and on CNN and 60 Minutes.
\n\nSpeakerBio: Daniel Cuthbert
\nNo BIO available
\n\n\'',NULL,614899),('3_Saturday','15','14:00','15:45','Y','PLV','LVCC West/Floor 2/W237','\'What’s next for the commercial CNE marketplace? A chance for you to influence the policy that will impact the future\'','\'UK Repersentative 2,Senior Representative from UK NCSC,Océane Thieriot,Claudi d’Antoine,Bill Marczak,Daniel Cuthbert\'','PLV_787b6ba5b9a600e716ce6daef1b80839','\'\'',NULL,614900),('2_Friday','10','10:00','10:50','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Using ChatGPT to Write Defensive & Offensive Tools for ICS/OT\'','\'Mike Holcomb\'','ICSV_a9140e7bd94439673730ab630d2b6832','\'Title: Using ChatGPT to Write Defensive & Offensive Tools for ICS/OT
\nWhen: Friday, Aug 9, 10:00 - 10:50 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nDuring the work on my SANS Master\'s thesis, I realized two things: I am not a developer and ChatGPT makes a pretty good one. Using ChatGPT to write the Python scripts for my research, I started to branch out and use it to write defensive tools such as for identifying unknown assets on the network as a listening service or offensively such as when taking a PLC out of Run mode remotely. If you can think through the process, ChatGPT (or other GenAI) can help you make it a reality. Want to Live off the Land and don\'t want to download a Python script which might be spotted? Use ChatGPT to convert it to PowerShell on the spot! Receiving error messages from the code it wrote for you? Don\'t worry - it can fix those issues too! The presentation will walk attendees through prompt creation for two sample coding projects - both with offensive/defensive capabilities, tools that attendees would be able to use back on the job. And, with inspiration, go out and create their own tools!
\n\nSpeakerBio: Mike Holcomb, Fellow of Cybersecurity and ICS/OT Cybersecurity Global Lead at Fluor
\nMike helps people learn how to secure Industrial Control Systems (ICS)/Operational Technology (OT) environments, from engineers and IT cyber security team members to asset owners and operators. He is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, one of the world’s largest engineering, procurement, and construction companies. His current role provides him with the opportunity to work in securing some of the world’s largest ICS/OT environments, from power plants and commuter rail to manufacturing facilities and refineries. He has his Masters degree in ICS/OT cybersecurity from the SANS Technology Institute. Additionally, he maintains more than a few cyber security and ICS/OT certifications.
\n\n\n\'',NULL,614901),('2_Friday','11','11:00','11:25','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Importance of ICS knowledge from a engineer\'s perspective\'','\'Ray Baeza\'','ICSV_40e1b1fe26d96531ab160b6ce40ad2b1','\'Title: Importance of ICS knowledge from a engineer\'s perspective
\nWhen: Friday, Aug 9, 11:00 - 11:25 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nIn the realm of Operational Technology (OT) environments, incident response is a critical function that ensures the continuity and security of industrial processes. A thorough understanding of vendors, asset types, and associated frameworks is indispensable for effective incident management. This talk underscores the significance of this knowledge from an operator\'s perspective, highlighting how it can substantially enhance the ability of a cyber security analyst to respond to incidents swiftly and efficiently.
\n\nKnowing your vendors and the specific types of assets deployed within an OT environment provides a foundational understanding that is crucial during an incident. Cyber Security analyst\'s equipped with detailed knowledge of where to locate critical configuration files and logs on OT devices can significantly streamline the incident response process. This insight is vital for establishing baselines, which are essential for detecting anomalies and potential threats. When an incident occurs, the ability to swiftly access and analyze these files can make the difference between a contained event and a widespread disruption.
\n\nSpeakerBio: Ray Baeza, Founder at Agriculture Defense Group
\nRay Baeza is the founder of Agriculture Defense Group, specializing in cybersecurity services for the agriculture industry. Hailing from Davis, CA, Ray grew up immersed in agriculture. With over 6 years of experience as an ICS cybersecurity engineer, Ray has honed expertise in ICS detection engineering and incident response. Driven by a passion for ICS technologies and the agriculture industry, he is dedicated to safeguarding agricultural systems from cyber threats.
\n\n\n\'',NULL,614902),('2_Friday','11','11:30','11:55','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Invisible Invaders: Strategies to Combat Living Off the Land Techniques in ICS\'','\'Dan Gunter\'','ICSV_066a2ef7d070520c82d8366572362d17','\'Title: Invisible Invaders: Strategies to Combat Living Off the Land Techniques in ICS
\nWhen: Friday, Aug 9, 11:30 - 11:55 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nWhile living off the land attacks have always been possible in industrial environments, a notable uptick has been reported recently between Volt Typhoon\'s five-plus year campaign and reports of attackers using unauthenticated industrial protocols to manipulate and impact industrial processes. This talk will explore past living off the land attacks in industrial environments, the differences in IT and OT living off the land attacks, and provide approaches to counter these attacks.
\n\nSpeakerBio: Dan Gunter, Founder and CEO at Insane Cyber
\nDan Gunter is the founder and CEO of Insane Cyber, a San Antonio, Texas-based technology company that provides a cybersecurity automation platform for forward, at at-home investigations supporting critical operations, as well as tailored proactive and reactive services. Prior to Insane Cyber, Dan was an early employee at Dragos, an industrial cybersecurity startup, where he established and served as Director of Research and Development and as one of the first principal analysts executing and advising on threat hunting in power, oil & gas, mining, and other critical infrastructure environments. Before Dragos, Dan served as an officer in the United States Air Force with a variety of offensive and defensive roles across the Department of Defense.
\n\n\n\'',NULL,614903),('2_Friday','12','12:00','12:59','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'A hole in one: pwning a cruise ship from a golf simulator and other tales of maritime IT-OT misconvergence\'','\'Andrew Tierney\'','ICSV_c626fe8f8284c9a69b01c0efff6ce98a','\'Title: A hole in one: pwning a cruise ship from a golf simulator and other tales of maritime IT-OT misconvergence
\nWhen: Friday, Aug 9, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nAndrew is formally a ships engineer and now spends much of his time pen testing ships. Along the way he\'s found the weirdest ways that IT/OT segregation has been broken, often through 3rd party technology suppliers. From VDRs to ICMS to safety management systems to fire control to azipods to... you name it he\'s broken it.
\n\nCruising adds another layer of complexity, bringing together customer entertainment, restaurant and billing systems. The scope for segregation errors is multiplied.
\n\nThe headline of this talk is tale about a misconfigured golf simulator onboard, that led to compromise of almost the entire vessel.
\n\nSpeakerBio: Andrew Tierney, Security Consultant at Pen Test Partners
\nAndrew leads PTP’s hardware security team. He covers all systems that aren\'t general purpose computers e.g. ICS, IoT, phones, cars, ships, and planes. He has considerable experience of reverse engineering, researching, and finding vulnerabilities in these systems. He’s a proficient electrical and electronics engineer, giving him great knowledge of underlying hardware and engineering.
\n\nHe advises companies on building secure products. This ranges from the nitty-gritty of securing devices against physical attack, through to developing complete connected platforms that make use of defence-in-depth. He trains people on how to attack and defend hardware, with customers ranging from medical device manufacturers through to police forensics teams. Andrew has presented at DEF CON, BlackHat, hardwear.io, 44CON, multiple BSides events, and to private audiences such as the GSMA and NCSC.
\n\n\n\'',NULL,614904),('2_Friday','13','13:00','13:25','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'HandPwning: \"Your Hand is your Passport. Verify me. Now let me in!\"\'','\'Luca \"CYBERANTANI\" Bongiorni\'','ICSV_e0097e7d31f1c0cb6cffa3fae55c68d5','\'Title: HandPwning: \"Your Hand is your Passport. Verify me. Now let me in!\"
\nWhen: Friday, Aug 9, 13:00 - 13:25 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nBiometrics applied to PACS (Physical Access Control Systems) has been an hot-topic for a few years now. The spread of fingerprint or face recognition based access control and time attendance systems among corporate, industrial and military environments has surged. And with it, also the number of potential attack vectors has increased. In this talk, after a brief overview of the state of art of available PACS utilizing biometrics to authenticate and authorize users, we will investigate one technology among others (usually perceived less-invasive) that has been widely used in some specific fields (e.g. industrial plants, airports, food industry, etc.): the handpunch access control and time attendance systems. The handpunch PACS are based on the hand-geometry recognition. In this presentation we will have a look how this tech works and, in particular, we will focus our attention on reviewing some of existing handpunch devices: from a physical security POV until reversing the communication protocol. Moreover, during the presentation will be demonstrated how to remotely push a new super-admin user into it (i.e. persistent backdoor), how to dump existing users credentials and will be also released an opensource tool-suite: HandScan & HandPwner.
\n\nEventually, thanks the cooperation with Shodan’s creator, it has been confirmed that more than 1800 of these vulnerable devices were found exposed on the Internet. Finally, we will conclude the talk with practical and actionable countermeasures to prevent these attacks and how to harden these devices.
\n\nSpeakerBio: Luca \"CYBERANTANI\" Bongiorni, Founder at We Hack In Disguise (WHID)
\nLuca Bongiorni is working as Director of a CyberSecurity Lab and is Founder of WHID - We Hack In Disguise: a cybersecurity boutique focused on R&D offensive hardware implants and IIoT Security. Luca is also actively involved in InfoSec where his main fields of research are: Radio Networks, Hardware Hacking, Internet of Things, and Physical Security. At the moment, he is focusing his researches on bypassing biometric access control systems, IIoT Security & Forensics, Air-Gapped Environments and IoOT (Internet of Offensive Things).
\n\n\n\n\n\'',NULL,614905),('2_Friday','13','13:30','13:55','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Cyber Informed Engineering for Critical Infrastructure\'','\'Aaron Crow\'','ICSV_b9e96b09896a34bf20809dab3744d25e','\'Title: Cyber Informed Engineering for Critical Infrastructure
\nWhen: Friday, Aug 9, 13:30 - 13:55 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nIn an era where critical infrastructure faces unprecedented cyber threats, Cyber Informed Engineering (CIE) emerges as a pivotal strategy to safeguard essential services. This talk delves into the significance of integrating CIE into both existing installations and new builds, highlighting its transformative impact on enhancing security and resilience. Attendees will gain insights into practical applications of CIE, exploring use cases that demonstrate its efficacy in retrofitting legacy systems and embedding robust cybersecurity measures in new projects. Additionally, we\'ll discuss how CIE serves as a powerful tool for comprehensively understanding and optimizing business processes, ultimately driving more secure and efficient operations. Join us to uncover the essential role of Cyber Informed Engineering in fortifying our critical infrastructure against evolving cyber threats.
\n\nSpeakerBio: Aaron Crow
\nAaron Crow has over two decades of experience in cybersecurity, focusing on the power utility and operational technology (OT) sectors. At Luminant (Vistra), he managed OT cybersecurity for over 40 power generation sites, including a nuclear plant. Aaron has worked as a consultant, where he led OT cybersecurity programs and influenced product development and as CTO where he helped drive product and direction focusing OT cybersecurity. He hosts the \"PrOTect IT All\" podcast, sharing insights from industry experts, and advises Building Cyber Security, helping improve security practices in building management systems. Aaron\'s extensive career highlights his deep understanding of the challenges in securing critical infrastructure.
\n\n\n\'',NULL,614906),('2_Friday','14','14:00','14:55','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Detouring Danger: Hunting Privileged File Operation Vulnerabilities in OT/ICS software\'','\'Asher Davila\'','ICSV_5c13ef7bf1d45122ce6774e04583dabd','\'Title: Detouring Danger: Hunting Privileged File Operation Vulnerabilities in OT/ICS software
\nWhen: Friday, Aug 9, 14:00 - 14:55 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nThe Microsoft Detours library was leveraged to instrument the entire process environment of an engineering workstation in an operational technology/industrial control system (OT/ICS) setting. This approach allowed for the comprehensive monitoring and analysis of privileged file operations within these systems. Through this method, multiple vulnerabilities in SCADA software were identified and exploited, demonstrating the effective use of Detours for security research in critical infrastructure contexts.\nThis presentation will discuss how the custom dynamic-link library (DLL) developed with Detours enabled the systematic examination of file operations, leading to the discovery of security flaws that were then exploited. The talk will showcase these exploitations, providing insight into the types of vulnerabilities that were uncovered and the potential implications for system security. The focus will be on demonstrating the importance of having an effective vulnerability hunting strategy in critical environments and showing real exploitation scenarios of the vulnerabilities found through this method.
\n\nSpeakerBio: Asher Davila, IoT/OT Security Researcher at Palo Alto Networks
\nAsher Davila (@asher_davila) is an IoT/OT Security Researcher at Palo Alto Networks, leveraging his expertise in the intersection of software and hardware across IoT to IIoT, ICS, and critical infrastructure security. His work includes discovering and disclosing vulnerabilities and malware affecting these systems, alongside developing tools for reverse engineering and exploitation efforts. Asher has also presented his findings at multiple cybersecurity conferences and academic events.
\n\n\n\'',NULL,614907),('2_Friday','15','15:00','15:25','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'The People\'s Republic of Fieldbus: What to know about EPA\'','\'Jonathan Reiter\'','ICSV_8d52ab2c1f9af095d44c7fecbc9bb1e9','\'Title: The People\'s Republic of Fieldbus: What to know about EPA
\nWhen: Friday, Aug 9, 15:00 - 15:25 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nEthernet for Plant Automation (EPA) is one of the global variety of IEC 61158 standards, developed as a regionalized versions of Fieldbus standards, used predominantly in industrial settings with prohibitive latency and durability requirements. EPA in particular seems to be used exclusively in the People\'s Republic of China, and largely for power stations.
\n\nIn this talk, I will cover the standard through both IEC and GB/T documents, both in English and Mandarin, the protocol\'s history used in sensitive national projects, and what supporting the standard is like. I\'ll even dive in to some example software and hardware that use the standard, and show some POC code for interacting with EPA devices, should you be lucky enough to find yourself on a network with an EPA-supported router or PLC.
\n\nSpeakerBio: Jonathan Reiter
\nNo BIO available
\n\n\'',NULL,614908),('2_Friday','15','15:30','15:55','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'OT Incident response and Threat Hunting\'','\'Adam Robbie,Bradley Nash\'','ICSV_b2399d5f895c23483f484c54752c045e','\'Title: OT Incident response and Threat Hunting
\nWhen: Friday, Aug 9, 15:30 - 15:55 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nIn the rapidly evolving landscape of cybersecurity, operational technology (OT) systems are increasingly becoming prime targets for cyber attacks. As a result, the adoption of effective incident response plans and threat hunting strategies has become essential for organizations to protect their critical OT infrastructure. This presentation will discuss the importance of OT incident response and threat hunting, as well as the challenges faced by the OT industry in implementing these cybersecurity measures.
\n\nOne of the key challenges in the OT industry is the complexity and interconnectivity of OT systems, which often consist of legacy equipment and proprietary protocols that can be difficult to monitor and secure. Additionally, the lack of visibility into OT networks and the limited availability of skilled cybersecurity professionals with OT expertise pose significant obstacles in detecting and responding to cyber threats in a timely manner. Moreover, the convergence of IT and OT environments further complicates incident response efforts, as organizations must navigate the unique requirements and operational constraints of both domains.
\n\nDespite these challenges, we will provide you with tools and frameworks to help overcome them by implementing a proactive approach to incident response and threat hunting in OT environments. This includes conducting architecture, passive, and active defense mechanisms and strategies in the OT environments. By addressing these challenges head-on and fostering collaboration between IT and OT teams, organizations can enhance their cybersecurity posture and effectively defend against cyber threats targeting their OT systems.
\n\nSpeakers:Adam Robbie,Bradley Nash
\n
\nSpeakerBio: Adam Robbie, Head of OT Security Research at Palo Alto Networks
\nAdam is the Head of OT Security Research at Palo Alto Networks since 2022 with over 10 years of experience in both OT and IT industries. Publisher and author with SANS, IEEE, and other journals and conferences. His ambition is about contributing to secure our critical infrastructure, search for recent vulnerabilities, develop best practices and lead new initiatives. Adam has a Bachelor and Master of Science in Electrical Engineering. Additionally, he obtained advanced certifications including the Global Industrial Cyber Security Professional (GICSP) and GIAC Response and Industrial Defense (GRID) certifications.
\n\nIn addition to his technical expertise, He has a strong background in leadership and education. As an Adjunct Professor, he has been teaching cybersecurity bootcamp at The George Washington University, University of Michigan, University of Wisconsin, and other universities. Through these roles, he has successfully mentored and guided students, encouraging them to excel in the field of cybersecurity. Additionally he served as an advisor for developing cybersecurity curriculum across different universities.
\n\nDuring his tenure as a Senior Cyber Security Consultant at Deloitte, he gained extensive experience in performing ICS/IoT penetration testing, threat hunting, risk assessment, and vulnerability research. Furthermore, he has actively contributed to enhancing detection systems through advanced research and creation of security use cases.
\n\nSpeakerBio: Bradley Nash, IIT Perimeter Security Supervisor at ExxonMobil Corporation
\nBrad is a seasoned IT professional with diverse expertise in network communications, cybersecurity, and project management. Brad has accumulated over a decade of experience in roles spanning IT operations, security, and analysis of both hardware and software. Majority of Brad’s experience comes from being in the field as he has moved around the country learning each area’s unique challenges. That experience helps Brad interface with the business needs for projects, work prioritization within the team, and system assessment and hardening in his role of IIT Perimeter Security Supervisor. Brad holds an Associates of Science in System Administration and Bachelor of Science in Network Communications and Management from DeVry University. Brad\'s dedication to efficiency and problem-solving has made him a valuable asset in optimizing IT operations and ensuring robust cybersecurity measures. With a strong foundation in network communications, Brad\'s impact on IT organizations is characterized by his commitment to excellence and technical proficiency.
\n\n\n\'',NULL,614909),('2_Friday','16','16:00','16:55','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Correlating & contextualizing OT events/alerts/logs using weakly supervised AI\'','\'Ezz Tahoun\'','ICSV_169e542499b6280b8ce722693c7cf03e','\'Title: Correlating & contextualizing OT events/alerts/logs using weakly supervised AI
\nWhen: Friday, Aug 9, 16:00 - 16:55 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nIn the complex landscape of modern cybersecurity, identifying coordinated attacks within massive volumes of operational & security data is a formidable challenge. Security professionals often grapple with distinguishing these attacks from numerous false positives and isolated incidents. This talk will illuminate how data science can be harnessed to transform tons of ICS events, logs, and alerts into a bunch of clusters, a few kill chains, and fewer actionable insights, with open-source models.
\n\nJoin us on a journey to enhance ICS security operations efficacy and efficiency.
\n\nIn the intricate and ever-evolving landscape of modern cybersecurity, pinpointing coordinated attacks amid vast volumes of security data is an immensely challenging task. Security professionals constantly wrestle with distinguishing genuine threats from a sea of false positives and isolated incidents. This talk will shed light on how data science can be leveraged to transform an overwhelming number of events, logs, and alerts into manageable clusters, insightful kill chains, and actionable insights using open-source models.
\n\nAttendees will gain a comprehensive understanding of the necessary steps to preprocess and normalize diverse data sources, map them to standardized threat models, and use AI-driven methods to contextualize and correlate security events. The session will also cover how to generate different types of tickets, such as false positive advisories, incident reports, and detailed attack stories, to streamline response efforts and enhance IT & OT security operations\' overall efficacy and efficiency.
\n\nSpeakerBio: Ezz Tahoun
\nEzz Tahoun, a distinguished cyber-security data scientist, who won AI & innovation awards at Yale, Princeton and Northwestern. He also got innovation awards from Canada’s Communications Security Establishment, Microsoft US, Trustwave US, PIA US, NATO, and more. He ran data science innovation programs and projects for OrangeCyber Defense, Forescout Technologies, Royal bank of Canada, Governments, and Huawei Technologies US. He has published 20 papers, countless articles and 15 open source projects in the domain. When he was 19 years old he started his CS PhD in one of the top 5 labs in the world for cyber & AI, in the prestigious University of Waterloo, where he published numerous papers and became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH. He was an adjunct professor of cyber defense and warfare at Toronto’s school of management.
\n\n\n\'',NULL,614910),('3_Saturday','10','10:00','10:55','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Securing the Harvest: Cyber Defense for Agricultural Control Systems\'','\'Ray Baeza\'','ICSV_a5f58182d55d9998cda4edb7c1f387b0','\'Title: Securing the Harvest: Cyber Defense for Agricultural Control Systems
\nWhen: Saturday, Aug 10, 10:00 - 10:55 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nIn the digital age, the agriculture industry has embraced advanced technologies to enhance productivity and efficiency. Central to this transformation are Industrial Control Systems (ICS), which manage everything from irrigation and fertilization to harvesting and storage. However, the integration of ICS in agriculture has also introduced a new vector of vulnerabilities and cyber threats.
\n\nThis presentation will delve into the critical need to secure ICS in the agriculture sector against an ever-growing array of cyber threats. We will explore the unique challenges that agriculture faces, including the dispersed nature of operations, the integration of legacy systems with modern technologies, and the reliance on remote access and IoT devices.
\n\nSpeakerBio: Ray Baeza, Founder at Agriculture Defense Group
\nRay Baeza is the founder of Agriculture Defense Group, specializing in cybersecurity services for the agriculture industry. Hailing from Davis, CA, Ray grew up immersed in agriculture. With over 6 years of experience as an ICS cybersecurity engineer, Ray has honed expertise in ICS detection engineering and incident response. Driven by a passion for ICS technologies and the agriculture industry, he is dedicated to safeguarding agricultural systems from cyber threats.
\n\n\n\'',NULL,614911),('3_Saturday','11','11:00','11:50','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Where\'s Waldo? Can you find the Raspberry Pi in the Cyber Defense Exercise?\'','\'Shane McFly,Brian Howard\'','ICSV_e93e144bf835afa04384d7e76da769f7','\'Title: Where\'s Waldo? Can you find the Raspberry Pi in the Cyber Defense Exercise?
\nWhen: Saturday, Aug 10, 11:00 - 11:50 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nThe Raspberry Pi was designed to make computing accessible and affordable for everyone. For this reason, it\'s especially useful in the domain of OT and ICS Security workforce development. In a domain frequently understaffed, underfunded and struggling to find interested, qualified candidates (heck, sometimes even just warm bodies!), budgets are tight if not non-existent when it comes to developing the skills needed to secure these systems. This talk will discuss the use of low-cost computing solutions to deliver learning objectives to everyone from existing professionals in a full-scale OT Cyber Defense Exercise to demonstrating ICS principles to the up-and-coming workforce of tomorrow. We\'ll show how such devices can pinch hit for GPS to provide NTP, act as a PLC, function as a sync server, replace packet squirrels, act as MITM devices, and even how to use them to model fully functioning cyber physical systems on a shoestring educator\'s budget.
\n\n\n- These statements are the opinions of the researcher/educator presenting and have not been approved by Raspberry Pi Foundation.
\n
\n\nSpeakers:Shane McFly,Brian Howard
\n
\nSpeakerBio: Shane McFly
\nShane McFly is not a shill for the Raspberry Pi Foundation, but he is always willing to listen to ~~bribe~~ sponsorship offers. He is iN fact, fRom the govErnment and he’s here to heLp. He’s not technically a fed, but his laptop might be. While contributing to a project during his time employed by a research unIversity, he Learned some things about the state of cybersecurity of the US criticaL infrastructure. As a result, he can’t sleep at night unless he’s spending his days helping the folks that defend it. And trying to recruit more help for them (and himself) by indoctrinating local engineering students about CPS security, dragging them to conferences, and making them get up on stage and speak to literally dozens of humans about how to live action role play scenarios around power grid cyber defense with lots of neat equipment (not to mention a few Raspberry Pis) with the help of some ~~scary hackers~~ skilled reverse-engineers. Any rumors of extra credit offered to such students in exchange for spending hours of their own time creating and managing ICS security demonstrations at a nearby table are greatly exaggerated.
\n\nSpeakerBio: Brian Howard
\nBrian Howard is an avid tinkerer with a weak spot for pi. As a grad student and government worker he is no stranger to shoestring budgets and ambitious expectations. As a man of culture, he rarely responds to bribes or promises of extra credit despite recent allegations
\n\n\n\'',NULL,614912),('3_Saturday','12','12:00','12:59','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Don\'t Give Up The Ship! Maritime SOC/NOC Afloat\'','\'Philip Acosta,Cliff Neve,Brad Proctor\'','ICSV_65f9a3546d191166caa9ba8d07b7e832','\'Title: Don\'t Give Up The Ship! Maritime SOC/NOC Afloat
\nWhen: Saturday, Aug 10, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nDefending a vessel\'s IT and OT systems while underway can be a matter of life and death. Cliff, Brad, and Phil present a framework for developing 24/7 network and security operations for vessels, addressing such technical topics as limited bandwidth/latency, detection and response, pre-planned actions, and an underway readiness dashboard. We will address technical and risk-management strategies for a SOC and NOC, including how we use a lab environment to simulate security operations for vessels underway.
\n\nSpeakers:Philip Acosta,Cliff Neve,Brad Proctor
\n
\nSpeakerBio: Philip Acosta, Founder and CEO at GuROO LLC
\nPhillip Acosta is the founder and CEO of GuROO LLC. With over 20 years of experience across the federal government in enterprise IT services, secure unified communications, and network engineering, Phil has led the charge to bring Network Operations-as-a-Service (NOCaaS) and cutting-edge communications services to the maritime industry. GuROO is currently delivering NOCaaS to the National Security Maritime Vessel (NSMV) fleet, a new class of vessel primarily utilized as a training vessel for the maritime academies. GuROO is also engaged with several maritime-focused autonomous unmanned platform providers to connect multiple UxVs for oceanographic research, monitoring, and freedom of navigation.
\n\nSpeakerBio: Cliff Neve, Vice President of Maritime Cybersecurity at MAD Security
\nCliff Neve is the Vice President of Maritime Cybersecurity at MAD Security. He is a 1993 US Coast Guard Academy graduate and a retired Coast Guard Commander with 30 years of IT and cybersecurity leadership in the military and industry. He has served as the acting Deputy of Coast Guard Cyber Command and was instrumental in establishing CGCYBER and MAD\'s Maritime Security Operations Center, and also served as Deputy CIO of the White House Communications Agency. Cliff has consulted for maritime ports, shipping companies, the US Coast Guard, and the Department of Transportation’s Maritime Administration (MARAD). His deep commitment to securing the Maritime Transportation System drives his advocacy efforts to find innovative and effective ways of securing information and systems in the maritime environment.
\n\nSpeakerBio: Brad Proctor
\nNo BIO available
\n\n\'',NULL,614913),('3_Saturday','13','13:00','13:25','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Don\'t Ship Your Bridges! Tools to Explore Wireless Attack Surfaces in Every Ship\'s Marine Navigation Systems\'','\'Nick Halt,Duncan Woodbury\'','ICSV_0639b6c8f759dfbfb45012550a5a1882','\'Title: Don\'t Ship Your Bridges! Tools to Explore Wireless Attack Surfaces in Every Ship\'s Marine Navigation Systems
\nWhen: Saturday, Aug 10, 13:00 - 13:25 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nIn collaboration with the legendary Kess, the presenters will demonstrate a FOSS (gnuradio) based SDR tool for accessing and exploring wireless attack surfaces present on every ship and large maritime vessel. We will demonstrate abuse of the AIS protocol to cause various forms of mischief, including causing marine navigation and telemetry systems to hallucinate other major vessels and obstructions.
\n\nSpeakers:Nick Halt,Duncan Woodbury
\n
\nSpeakerBio: Nick Halt
\nNo BIO available
\nSpeakerBio: Duncan Woodbury
\nNo BIO available
\n\n\'',NULL,614914),('3_Saturday','13','13:30','13:55','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'The perma-lag: why industrial cybersecurity will never be state-of-the-art\'','\'Kyle McMillan\'','ICSV_3719b74069c18a5d23c5a0db339f471e','\'Title: The perma-lag: why industrial cybersecurity will never be state-of-the-art
\nWhen: Saturday, Aug 10, 13:30 - 13:55 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nWe’ve been talking about the gap in ICS cybersecurity features and functions for over a decade, but it seems like we’re always confronting the same set of challenges. Despite all the progress in products, systems, regulations and oversight it feels like we’re caught in an endless loop of vulnerabilities. The problem isn’t in a lack of effort on anyone’s behalf: it’s in the fundamental market forces that drive the critical infrastructure investments we depend on. This presentation looks at these forces and shows how to work with them rather than agains them, no matter what your mission might be.
\n\nSpeakerBio: Kyle McMillan
\nNo BIO available
\n\n\'',NULL,614915),('3_Saturday','14','14:00','14:50','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Seeing the Unseen: An Evaluation of Active Scanning in ICS Environments\'','\'Jennifer Guerra\'','ICSV_03e0199bbb444174e973bbb66d8f6b51','\'Title: Seeing the Unseen: An Evaluation of Active Scanning in ICS Environments
\nWhen: Saturday, Aug 10, 14:00 - 14:50 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nThe National Renewable Energy Laboratory\'s Clean Energy Cybersecurity Accelerator (CECA) program focuses on accelerating the deployment of innovative OT security solutions in the electric grid. Sponsored by the Department of Energy and utility partners, CECA collaborates with utility sponsors to prioritize cybersecurity gaps and evaluate emerging solutions focused on those gaps. The second cohort of CECA addressed the challenge of OT asset management, particularly incomplete system visibility in Industrial Control Systems (ICS). This presentation covers CECA\'s evaluation of runZero, a product that enhances asset visibility through active scanning. The evaluation process involved rigorous, repeatable testing in a controlled environment to assess the product\'s ability to accurately identify devices and its impact on device operation. We will discuss the results of this testing, demonstrating how active scanning can be safe and effective for improving asset visibility. Additionally, we will delve into CECA’s testing philosophy and approach, providing insights into our evaluation process and how it ensures the reliability and efficacy of new cybersecurity solutions.
\n\nSpeakerBio: Jennifer Guerra, Cybersecurity Researcher at National Renewable Energy Laboratory (NREL)
\nJennifer Guerra is a cybersecurity researcher at the National Renewable Energy Laboratory (NREL), where she focuses on building representative architectures and designing scientific evaluations for novel OT solutions. She currently serves as a technical lead for the Clean Energy Cybersecurity Accelerator (CECA), which advances cyber innovation to defend modern, renewable energy technologies against high-priority cybersecurity risks to the energy sector.
\n\nPrior to joining NREL, she served as a cyber-physical systems security researcher at the Oak Ridge National Laboratory (ORNL) coordinating cyber actions and emanation detection on an energized electric power system. She holds an M.S. in Computer Science and B.S. in Criminal Justice and Psychology which have influenced the unique perspective she brings to persistent and emerging ICS security challenges.
\n\n\n\'',NULL,614916),('3_Saturday','15','15:00','15:30','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Underway to Identifying Commonalities of Cybersecurity Incidents in the Maritime Transportation System\'','\'Rebecca J. Rohan\'','ICSV_7e426c0aeebea331b5924eb2b10e8da5','\'Title: Underway to Identifying Commonalities of Cybersecurity Incidents in the Maritime Transportation System
\nWhen: Saturday, Aug 10, 15:00 - 15:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nThe purpose of this study is to identify commonalities in cybersecurity incidents in the maritime transportation system (MTS). For this exploratory study, the researcher expanded upon their previous research into identifying commonalities in cyberattacks by analyzing documents to identify trends concerning all cybersecurity incidents in the civilian and military MTS components. The MTS can use identified commonalities from the expanded study, including all cybersecurity incidents impacting the civilian and military aspects, to make better informed decisions on cybersecurity threats and appropriate measures. In addition to the Diamond Model of Intrusion Analysis and the information security triad—Confidentiality, Integrity, or Availablity (CIA), this study incorporates additional cybersecurity concepts, such as the Parkerian Hexad and the MITRE ATT&CK framework, to provide more granularity to commonalities identifying in previous research.
\n\nSpeakerBio: Rebecca J. Rohan
\nRebecca Rohan has over 15 years of experience in cyber threat intelligence and information security and is currently completing her Doctor of Science in Cybersecurity at Marymount University in Arlington, VA. She has been a certified SANS Global Industrial Cyber Security Professional (GISCP) since January 2016. Her main academic research areas are maritime cybersecurity, cybersecurity education, cybersecurity intelligence, and diversity in cybersecurity.
\n\n\n\'',NULL,614917),('3_Saturday','15','15:30','15:55','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Building Zero Trust in ICS\'','\'Sting\'','ICSV_5094e5bb3f3923b14ce2c079d9f668a6','\'Title: Building Zero Trust in ICS
\nWhen: Saturday, Aug 10, 15:30 - 15:55 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Sting
\nSting(剑思庭), Master of Software Engineering from Fudan University, previously worked for Siemens Group and Emerson Process Control. In the past few years, Sting has been focusing on penetration testing and security defense construction work in the ICS field. Attended 2018 Kcon Hacker Conference /2019 ISC Internet Security Conference /INSEC World Information Security Conference. Create an industrial control Security Red Team IRT(industrial Red Team) to industrial control security as the goal of the Red Team organization, from the technical direction and technical depth are based on industrial control security as the main line. Familiar with Siemens PLC, AB PLC, Schneider PLC, Hollysys DCS and Supper control DCS system. Sting has been developed ICS Windows, the first industrial penetration platform based on Windows system.
\n\n\n\'',NULL,614918),('4_Sunday','10','10:00','10:55','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Countdown to Industrial Extinction\'','\'Mike Holcomb\'','ICSV_390803c5e5f25fde4be055fe4a78a542','\'Title: Countdown to Industrial Extinction
\nWhen: Sunday, Aug 11, 10:00 - 10:55 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nICS/OT environments are targets. Since the Colonial Pipeline breach in 2021, the ICS/OT threat landscape has changed tremendously. This presentation is not about the Fear, Uncertain and Doubt when an ICS/OT environment goes boom, but what happens when it goes down for ten days. What\'s the impact to the organization? It\'s employees? The people it serves?
\n\nMost importantly, what can we do to prevent it from occurring?
\n\nThe remainder of the presentation covers secure network architecture, therapy for IT and OT working together and continually learning/improving.
\n\nSpeakerBio: Mike Holcomb, Fellow of Cybersecurity and ICS/OT Cybersecurity Global Lead at Fluor
\nMike helps people learn how to secure Industrial Control Systems (ICS)/Operational Technology (OT) environments, from engineers and IT cyber security team members to asset owners and operators. He is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, one of the world’s largest engineering, procurement, and construction companies. His current role provides him with the opportunity to work in securing some of the world’s largest ICS/OT environments, from power plants and commuter rail to manufacturing facilities and refineries. He has his Masters degree in ICS/OT cybersecurity from the SANS Technology Institute. Additionally, he maintains more than a few cyber security and ICS/OT certifications.
\n\n\n\'',NULL,614919),('4_Sunday','11','11:00','11:50','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Tracking Industrial Advanced Threat Actors Who Aren\'t Really Advanced Just Skiddies Who Deface PLCs and Have Bad Manners: Methods and Results\'','\'Ron Fabela\'','ICSV_9c3a7531b3c7ada45fa93e8216d7f343','\'Title: Tracking Industrial Advanced Threat Actors Who Aren\'t Really Advanced Just Skiddies Who Deface PLCs and Have Bad Manners: Methods and Results
\nWhen: Sunday, Aug 11, 11:00 - 11:50 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nIndustrial attacks garner a ton of attention especially from VC funded startups and government agencies who share a common goal - fundraising - I mean protecting our critical infrastructure. Threat actors around the world capitalize on geopolitical unrest and \"hack\" our industrial environments, posting screencaps while making wild claims. Both sides have seen an uptick in activity and I\'ve been tracking unreal from reality. Heard of CyBeR AvEnGeRs or the CyBeR ArMy Of RusSiA ReBoRn and their terrifying water utilities hacks? (or not?) I\'ll deep dive into how these skiddies operate, their communication channels, claims, methods for validating claims, and general debauchery. I have receipts, will spill tea, and in this session will demonstrate for the village the methods/results of my work so everyone can see for themselves (so they can point and laugh and cry and laugh)
\n\nSpeakerBio: Ron Fabela, CEO at Infinity Squared Group (ISG)
\nRon, CEO at the Infinity Squared Group (ISG), is passionate about developing practical solutions to address evolving challenges such as ransomware/extortion, expanding attack surfaces, and advanced threats against industrial control systems. With over 25 years of experience, Ron has conducted everything from exciting ICS red teaming to even more exciting ICS network cable installation, all in the quest to protect our infrastructure. The formation of ISG combines field-acquired cybersecurity expertise with a strong operational focus to safeguard critical systems.
\n\nCrocs are PPE, goats are a DHS critical sector, nothing is impossible! ∞²
\n\n\n\'',NULL,614920),('4_Sunday','12','12:00','12:59','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Building a foundation with the 5 critical controls\'','\'Dillon Lee\'','ICSV_2ba37cb720884ef6aa8a29104714d5c6','\'Title: Building a foundation with the 5 critical controls
\nWhen: Sunday, Aug 11, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Dillon Lee
\nGeneric cyber guy in polo
\n\n\n\'',NULL,614921),('4_Sunday','13','13:00','13:25','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Career Development - The Human Element\'','\'Kirsten Renner\'','ICSV_5cb70706021bb7163b1b06dbbe829ce6','\'Title: Career Development - The Human Element
\nWhen: Sunday, Aug 11, 13:00 - 13:25 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Kirsten Renner, VP of Talent at SilverEdge Gov Solutions
\nSerial community volunteer and recruiting expert
\n\n\n\'',NULL,614922),('4_Sunday','13','13:30','13:55','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Forgetting the Fundamentals? Data Communications: Physical and Logical Explanation\'','\'Kevin Manna\'','ICSV_fefeeb3933e92b4d760f3cc5f71cd52d','\'Title: Forgetting the Fundamentals? Data Communications: Physical and Logical Explanation
\nWhen: Sunday, Aug 11, 13:30 - 13:55 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nMany problems in our networks are simple problems that boil down to forgotten fundamentals. Kevin reviews the communication models and demonstrates a simple password capture.
\n\nSpeakerBio: Kevin Manna
\nKevin is a Professor Emeritus from Northampton Community College in Bethlehem, PA. He holds a CISSP, CCNA, Cisco CyberOps Certification and is a certified Cisco Networking Academy Instructor. He is skilled in Business Planning, Cisco Routing and Switching, Advanced Routing Technologies, International Business, Business Process Improvement, Network Design, Network and Business Consulting, and System Security and Administration. He is an educational professional with a Master of Business Administration (MBA) focused on Finance and International Economics from LaSalle University. He was the Primary Investigator for the Wall Street West Dept. of Labor grant at NCC. He has held workshops on topics including basic networking, wireless fundamentals, information security, time management, and leadership development.
\n\n\n\'',NULL,614923),('2_Friday','10','10:00','10:59','N','MISC','LVCC West/Floor 1/Hall 3/HW3-06-03','\'Welcome / Badge & Swag Pick Up\'','\'\'','MISC_40b8e828a9b1368316375c7302ff27d5','\'Title: Welcome / Badge & Swag Pick Up
\nWhen: Friday, Aug 9, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-03 - Map
\n
\nDescription:
\nPick up your DCNextGen badge and other swag. We will also have an overview of DCNextGen activities and adventures!
\n\n\'',NULL,614924),('2_Friday','11','11:00','11:59','N','MISC','LVCC West/Floor 1/Hall 3/HW3-06-03','\'Intro to Circuit Python (Badge class level 1)\'','\'\'','MISC_51245f6144e0560e0f92db86cc591f04','\'Title: Intro to Circuit Python (Badge class level 1)
\nWhen: Friday, Aug 9, 11:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-03 - Map
\n
\nDescription:
\nLearn how to program the DCNextGen Badge
\n\n\'',NULL,614925),('2_Friday','14','14:00','14:59','N','MISC','LVCC West/Floor 1/Hall 3/HW3-06-03','\'Hack the Badge (Badge class level 2)\'','\'\'','MISC_b380fd814faed297911e4edaa8eb71c4','\'Title: Hack the Badge (Badge class level 2)
\nWhen: Friday, Aug 9, 14:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-03 - Map
\n
\nDescription:
\nLearn how to hack the DCNextGen Badge and take it to another level!
\n\n\'',NULL,614926),('2_Friday','15','15:00','17:59','N','MISC','LVCC West/Floor 1/Hall 3/HW3-06-03','\'C2Society / DC702 Intro to CTFs\'','\'\'','MISC_3da6d6636f469b9d6701cb52c62b2255','\'Title: C2Society / DC702 Intro to CTFs
\nWhen: Friday, Aug 9, 15:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-03 - Map
\n
\nDescription:
\nBreaking into the capture the flag (CTF) world can be daunting and many people are overwhelmed when faced with participation in these events and challenges. With how beneficial the various challenges can be to both beginners and seasoned professionals, we want to demystify this world and help people get the most out of them. This is a full hands-on course on how to do CTFs, tools and more. Bring your laptops!
\n\n\'',NULL,614927),('2_Friday','16','15:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-06-03','\'C2Society / DC702 Intro to CTFs\'','\'\'','MISC_3da6d6636f469b9d6701cb52c62b2255','\'\'',NULL,614928),('2_Friday','17','15:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-06-03','\'C2Society / DC702 Intro to CTFs\'','\'\'','MISC_3da6d6636f469b9d6701cb52c62b2255','\'\'',NULL,614929),('3_Saturday','10','10:00','10:59','N','MISC','LVCC West/Floor 1/Hall 3/HW3-06-03','\'Intro to Circuit Python (Badge class level 1) (Overflow if Friday is too full)\'','\'\'','MISC_b6d6ae1ab39840cb59414c87ca2b251a','\'Title: Intro to Circuit Python (Badge class level 1) (Overflow if Friday is too full)
\nWhen: Saturday, Aug 10, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-03 - Map
\n
\nDescription:
\n(NOTE: This is an overflow class only if the first session is full)
\n\nLearn how to program the DCNextGen Badge
\n\n\'',NULL,614930),('3_Saturday','11','11:00','11:59','N','MISC','LVCC West/Floor 1/Hall 3/HW3-06-03','\'Hack the Badge (Badge class level 2) (Overflow if Friday is too full)\'','\'\'','MISC_13deefcefd40f4363cc5b64cd68476d1','\'Title: Hack the Badge (Badge class level 2) (Overflow if Friday is too full)
\nWhen: Saturday, Aug 10, 11:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-03 - Map
\n
\nDescription:
\n(NOTE: This is an overflow class only if the first session is full)
\n\nLearn how to hack the DCNextGen Badge and take it to another level!
\n\n\'',NULL,614931),('3_Saturday','12','12:00','12:59','N','MISC','LVCC West/Floor 1/Hall 3/HW3-06-03','\'Austin School For The Driven\'','\'\'','MISC_2ec377e21508a295c5139ed54e7db59c','\'Title: Austin School For The Driven
\nWhen: Saturday, Aug 10, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-03 - Map
\n
\nDescription:
\n\n\n\'',NULL,614932),('4_Sunday','10','10:00','10:59','N','MISC','LVCC West/Floor 1/Hall 3/HW3-06-03','\'Secure From Scatch\'','\'\'','MISC_52d940f87838e68da3fec905eba62e9d','\'Title: Secure From Scatch
\nWhen: Sunday, Aug 11, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-03 - Map
\n
\nDescription:
\nWant to learn how to stop hackers in their tracks? Come to the Secure From Scratch coding workshop. Learn what you need to know to write secure code from the very first line of code. It\'s surprisingly easy! Plus, you\'ll get to try your hand at hacking, discovering how attackers think so you can build defences against them. (Some coding knowledge in Python is recommended. You should know loops, if statements, arrays, and functions.)
\n\n\'',NULL,614933),('4_Sunday','12','12:00','12:59','N','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Group Photo and People\'s Choice Award\'','\'\'','MISC_808ba47171d829b8a8be21f93a7144dc','\'Title: Hard Hat Brigade - Group Photo and People\'s Choice Award
\nWhen: Sunday, Aug 11, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-02 - Map
\n
\nDescription:
\nJoin us for our annual group photo and voting session for the \"People\'s Choice Award\". Even though we don\'t have a contest, as a community we can still choose a favorite hat. We have to take the picture at 12:05 sharp so be there!
\n\n\'',NULL,614934),('3_Saturday','14','14:00','14:59','N','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Q&A Panel\'','\'\'','MISC_3f7f76f61146a0bf9e27ed4f0532da41','\'Title: Hard Hat Brigade - Q&A Panel
\nWhen: Saturday, Aug 10, 14:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-02 - Map
\n
\nDescription:
\nGet all your questions about hard hats answered by the Hard Hat Brigade community organizers.
\n\n\'',NULL,614935),('3_Saturday','10','10:00','17:59','N','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_b17bc3e02dbfb5e735388da17c2a984c','\'Title: Hard Hat Brigade - Community Space Open
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-02 - Map
\n
\nDescription:
\nEver see someone walking around DEF CON and wonder “what is up with the hard hats?”
\n\nThe Hard Hat Brigade brings hackers together in the spirit of endless curiosity and tinkering. We use a common platform (hats) to combine art (bling) and hacker functionality (warez) to inspire others to explore outside of their comfort zones in a safe and welcoming community.
\n\nWe encourage everyone to explore their creativity using art, electronics, mechanical design, or any other medium that piques their interest. Hats are inexpensive, widely available, and easy to modify to suit your needs. We started with hard hats but are not limited to any type of hat, so you have the freedom to choose whatever hat suits your fancy.
\n\nDespite everyone using a common platform, every creation is unique and embodies the personality of the creator. Walking around DEF CON, you can display your creation for all to see, and many will stop to ask you about what you have created. This allows you to talk about your experience, as well as inspire others to explore new ideas of their own.
\n\nOne of the challenges at hacker summer camp has been finding people to connect with. By leveraging hard hats as a canvas, HHB has solved this challenge with something that is incredibly accessible while also offering a ton of variety. Gazing upon these creations, they reflect back the uniqueness of all the awesome hackers that we’ve been able to meet. In years past, we’ve had the opportunity to see how so many talented and creative hackers tackle the challenge of using the venerable hard hat as their muse. Just as fun, charming and skilled as so many attendees are, the hard hat has been a great vessel to carry their awesome projects.
\n\nStop by our community space and make your trip memorable by trying on a hat, learning and sharing building techniques, networking with other hat loving hackers, and expressing yourself in your own hacker way. Keep on hacking!
\n\n\'',NULL,614936),('3_Saturday','11','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_b17bc3e02dbfb5e735388da17c2a984c','\'\'',NULL,614937),('3_Saturday','12','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_b17bc3e02dbfb5e735388da17c2a984c','\'\'',NULL,614938),('3_Saturday','13','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_b17bc3e02dbfb5e735388da17c2a984c','\'\'',NULL,614939),('3_Saturday','14','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_b17bc3e02dbfb5e735388da17c2a984c','\'\'',NULL,614940),('3_Saturday','15','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_b17bc3e02dbfb5e735388da17c2a984c','\'\'',NULL,614941),('3_Saturday','16','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_b17bc3e02dbfb5e735388da17c2a984c','\'\'',NULL,614942),('3_Saturday','17','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_b17bc3e02dbfb5e735388da17c2a984c','\'\'',NULL,614943),('4_Sunday','10','10:00','12:59','N','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_c37e34c2f64d65049333ff0ea67c7db9','\'Title: Hard Hat Brigade - Community Space Open
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-02 - Map
\n
\nDescription:
\nEver see someone walking around DEF CON and wonder “what is up with the hard hats?”
\n\nThe Hard Hat Brigade brings hackers together in the spirit of endless curiosity and tinkering. We use a common platform (hats) to combine art (bling) and hacker functionality (warez) to inspire others to explore outside of their comfort zones in a safe and welcoming community.
\n\nWe encourage everyone to explore their creativity using art, electronics, mechanical design, or any other medium that piques their interest. Hats are inexpensive, widely available, and easy to modify to suit your needs. We started with hard hats but are not limited to any type of hat, so you have the freedom to choose whatever hat suits your fancy.
\n\nDespite everyone using a common platform, every creation is unique and embodies the personality of the creator. Walking around DEF CON, you can display your creation for all to see, and many will stop to ask you about what you have created. This allows you to talk about your experience, as well as inspire others to explore new ideas of their own.
\n\nOne of the challenges at hacker summer camp has been finding people to connect with. By leveraging hard hats as a canvas, HHB has solved this challenge with something that is incredibly accessible while also offering a ton of variety. Gazing upon these creations, they reflect back the uniqueness of all the awesome hackers that we’ve been able to meet. In years past, we’ve had the opportunity to see how so many talented and creative hackers tackle the challenge of using the venerable hard hat as their muse. Just as fun, charming and skilled as so many attendees are, the hard hat has been a great vessel to carry their awesome projects.
\n\nStop by our community space and make your trip memorable by trying on a hat, learning and sharing building techniques, networking with other hat loving hackers, and expressing yourself in your own hacker way. Keep on hacking!
\n\n\'',NULL,614944),('4_Sunday','11','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_c37e34c2f64d65049333ff0ea67c7db9','\'\'',NULL,614945),('4_Sunday','12','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_c37e34c2f64d65049333ff0ea67c7db9','\'\'',NULL,614946),('2_Friday','10','10:00','17:59','N','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_462501c1289c904571bbce8821a18638','\'Title: Hard Hat Brigade - Community Space Open
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-02 - Map
\n
\nDescription:
\nEver see someone walking around DEF CON and wonder “what is up with the hard hats?”
\n\nThe Hard Hat Brigade brings hackers together in the spirit of endless curiosity and tinkering. We use a common platform (hats) to combine art (bling) and hacker functionality (warez) to inspire others to explore outside of their comfort zones in a safe and welcoming community.
\n\nWe encourage everyone to explore their creativity using art, electronics, mechanical design, or any other medium that piques their interest. Hats are inexpensive, widely available, and easy to modify to suit your needs. We started with hard hats but are not limited to any type of hat, so you have the freedom to choose whatever hat suits your fancy.
\n\nDespite everyone using a common platform, every creation is unique and embodies the personality of the creator. Walking around DEF CON, you can display your creation for all to see, and many will stop to ask you about what you have created. This allows you to talk about your experience, as well as inspire others to explore new ideas of their own.
\n\nOne of the challenges at hacker summer camp has been finding people to connect with. By leveraging hard hats as a canvas, HHB has solved this challenge with something that is incredibly accessible while also offering a ton of variety. Gazing upon these creations, they reflect back the uniqueness of all the awesome hackers that we’ve been able to meet. In years past, we’ve had the opportunity to see how so many talented and creative hackers tackle the challenge of using the venerable hard hat as their muse. Just as fun, charming and skilled as so many attendees are, the hard hat has been a great vessel to carry their awesome projects.
\n\nStop by our community space and make your trip memorable by trying on a hat, learning and sharing building techniques, networking with other hat loving hackers, and expressing yourself in your own hacker way. Keep on hacking!
\n\n\'',NULL,614947),('2_Friday','11','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_462501c1289c904571bbce8821a18638','\'\'',NULL,614948),('2_Friday','12','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_462501c1289c904571bbce8821a18638','\'\'',NULL,614949),('2_Friday','13','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_462501c1289c904571bbce8821a18638','\'\'',NULL,614950),('2_Friday','14','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_462501c1289c904571bbce8821a18638','\'\'',NULL,614951),('2_Friday','15','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_462501c1289c904571bbce8821a18638','\'\'',NULL,614952),('2_Friday','16','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_462501c1289c904571bbce8821a18638','\'\'',NULL,614953),('2_Friday','17','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade - Community Space Open\'','\'\'','MISC_462501c1289c904571bbce8821a18638','\'\'',NULL,614954),('3_Saturday','10','10:00','17:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_bfaea348a78989d31af3280c33d5fd56','\'Title: Hardware Hacking: Glitching Lab
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nCurious about hacking chips using fault-injection? Take your first steps in our (free) glitching workshops! We provide you with hardware & guidance to conduct your first fault-injection attacks, all you need is a laptop running Python & OpenOCD: Reproduce the nRF52 \"AirTag\" glitch or learn how to glitch one of the chips used in crypto-wallets to store millions of dollars.
\n\nWe will also have a secret challenge announced on site!
\n\nLab provided by hextree.io
\n\n\'',NULL,614955),('3_Saturday','11','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_bfaea348a78989d31af3280c33d5fd56','\'\'',NULL,614956),('3_Saturday','12','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_bfaea348a78989d31af3280c33d5fd56','\'\'',NULL,614957),('3_Saturday','13','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_bfaea348a78989d31af3280c33d5fd56','\'\'',NULL,614958),('3_Saturday','14','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_bfaea348a78989d31af3280c33d5fd56','\'\'',NULL,614959),('3_Saturday','15','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_bfaea348a78989d31af3280c33d5fd56','\'\'',NULL,614960),('3_Saturday','16','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_bfaea348a78989d31af3280c33d5fd56','\'\'',NULL,614961),('3_Saturday','17','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_bfaea348a78989d31af3280c33d5fd56','\'\'',NULL,614962),('2_Friday','10','10:00','17:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_94a6457cedbdce3df0141343ec3afe6d','\'Title: Hardware Hacking: Glitching Lab
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nCurious about hacking chips using fault-injection? Take your first steps in our (free) glitching workshops! We provide you with hardware & guidance to conduct your first fault-injection attacks, all you need is a laptop running Python & OpenOCD: Reproduce the nRF52 \"AirTag\" glitch or learn how to glitch one of the chips used in crypto-wallets to store millions of dollars.
\n\nWe will also have a secret challenge announced on site!
\n\nLab provided by hextree.io
\n\n\'',NULL,614963),('2_Friday','11','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_94a6457cedbdce3df0141343ec3afe6d','\'\'',NULL,614964),('2_Friday','12','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_94a6457cedbdce3df0141343ec3afe6d','\'\'',NULL,614965),('2_Friday','13','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_94a6457cedbdce3df0141343ec3afe6d','\'\'',NULL,614966),('2_Friday','14','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_94a6457cedbdce3df0141343ec3afe6d','\'\'',NULL,614967),('2_Friday','15','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_94a6457cedbdce3df0141343ec3afe6d','\'\'',NULL,614968),('2_Friday','16','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_94a6457cedbdce3df0141343ec3afe6d','\'\'',NULL,614969),('2_Friday','17','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_94a6457cedbdce3df0141343ec3afe6d','\'\'',NULL,614970),('4_Sunday','10','10:00','12:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_14c4ac19d9a9f6eba090957629056e31','\'Title: Hardware Hacking: Glitching Lab
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nCurious about hacking chips using fault-injection? Take your first steps in our (free) glitching workshops! We provide you with hardware & guidance to conduct your first fault-injection attacks, all you need is a laptop running Python & OpenOCD: Reproduce the nRF52 \"AirTag\" glitch or learn how to glitch one of the chips used in crypto-wallets to store millions of dollars.
\n\nWe will also have a secret challenge announced on site!
\n\nLab provided by hextree.io
\n\n\'',NULL,614971),('4_Sunday','11','10:00','12:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_14c4ac19d9a9f6eba090957629056e31','\'\'',NULL,614972),('4_Sunday','12','10:00','12:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Hardware Hacking: Glitching Lab\'','\'\'','ESV_14c4ac19d9a9f6eba090957629056e31','\'\'',NULL,614973),('3_Saturday','10','10:00','17:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_cdf8d971e36bdb85ee2c770c9744be9b','\'Title: 101 Labs: Hardware Lab
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nIf you\'ve never popped open an embedded device and tried to get a simple shell, this is the lab for you. This is a first-come first-served workshop where you can walk through the step by step instructions to finding and connecting to a debug interface on an embedded device.
\n\n\'',NULL,614974),('3_Saturday','11','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_cdf8d971e36bdb85ee2c770c9744be9b','\'\'',NULL,614975),('3_Saturday','12','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_cdf8d971e36bdb85ee2c770c9744be9b','\'\'',NULL,614976),('3_Saturday','13','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_cdf8d971e36bdb85ee2c770c9744be9b','\'\'',NULL,614977),('3_Saturday','14','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_cdf8d971e36bdb85ee2c770c9744be9b','\'\'',NULL,614978),('3_Saturday','15','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_cdf8d971e36bdb85ee2c770c9744be9b','\'\'',NULL,614979),('3_Saturday','16','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_cdf8d971e36bdb85ee2c770c9744be9b','\'\'',NULL,614980),('3_Saturday','17','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_cdf8d971e36bdb85ee2c770c9744be9b','\'\'',NULL,614981),('2_Friday','10','10:00','17:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_f89e670d1bfb6d6ad02910665d1a0166','\'Title: 101 Labs: Hardware Lab
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nIf you\'ve never popped open an embedded device and tried to get a simple shell, this is the lab for you. This is a first-come first-served workshop where you can walk through the step by step instructions to finding and connecting to a debug interface on an embedded device.
\n\n\'',NULL,614982),('2_Friday','11','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_f89e670d1bfb6d6ad02910665d1a0166','\'\'',NULL,614983),('2_Friday','12','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_f89e670d1bfb6d6ad02910665d1a0166','\'\'',NULL,614984),('2_Friday','13','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_f89e670d1bfb6d6ad02910665d1a0166','\'\'',NULL,614985),('2_Friday','14','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_f89e670d1bfb6d6ad02910665d1a0166','\'\'',NULL,614986),('2_Friday','15','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_f89e670d1bfb6d6ad02910665d1a0166','\'\'',NULL,614987),('2_Friday','16','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_f89e670d1bfb6d6ad02910665d1a0166','\'\'',NULL,614988),('2_Friday','17','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_f89e670d1bfb6d6ad02910665d1a0166','\'\'',NULL,614989),('4_Sunday','10','10:00','12:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_b095dd256fb817b21bbf8f42377f655b','\'Title: 101 Labs: Hardware Lab
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nIf you\'ve never popped open an embedded device and tried to get a simple shell, this is the lab for you. This is a first-come first-served workshop where you can walk through the step by step instructions to finding and connecting to a debug interface on an embedded device.
\n\n\'',NULL,614990),('4_Sunday','11','10:00','12:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_b095dd256fb817b21bbf8f42377f655b','\'\'',NULL,614991),('4_Sunday','12','10:00','12:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Hardware Lab\'','\'\'','ESV_b095dd256fb817b21bbf8f42377f655b','\'\'',NULL,614992),('2_Friday','10','10:00','17:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_f02152596365db81d1b975ff612c2a20','\'Title: 101 Labs: Firmware and Software exploitation
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nThis series of self-guided labs will introduce even the most novice hacker to the world of embedded device firmware and software exploitation. First-come first-served, don\'t miss a chance try out these labs and get started with embedded device hacking.
\n\n\'',NULL,614993),('2_Friday','11','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_f02152596365db81d1b975ff612c2a20','\'\'',NULL,614994),('2_Friday','12','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_f02152596365db81d1b975ff612c2a20','\'\'',NULL,614995),('2_Friday','13','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_f02152596365db81d1b975ff612c2a20','\'\'',NULL,614996),('2_Friday','14','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_f02152596365db81d1b975ff612c2a20','\'\'',NULL,614997),('2_Friday','15','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_f02152596365db81d1b975ff612c2a20','\'\'',NULL,614998),('2_Friday','16','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_f02152596365db81d1b975ff612c2a20','\'\'',NULL,614999),('2_Friday','17','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_f02152596365db81d1b975ff612c2a20','\'\'',NULL,615000),('4_Sunday','10','10:00','12:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_a9a7632aadce88f81853e30629fa138e','\'Title: 101 Labs: Firmware and Software exploitation
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nThis series of self-guided labs will introduce even the most novice hacker to the world of embedded device firmware and software exploitation. First-come first-served, don\'t miss a chance try out these labs and get started with embedded device hacking.
\n\n\'',NULL,615001),('4_Sunday','11','10:00','12:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_a9a7632aadce88f81853e30629fa138e','\'\'',NULL,615002),('4_Sunday','12','10:00','12:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_a9a7632aadce88f81853e30629fa138e','\'\'',NULL,615003),('3_Saturday','10','10:00','17:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_403ce44fc159ad9ab925fb7a3205adec','\'Title: 101 Labs: Firmware and Software exploitation
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nThis series of self-guided labs will introduce even the most novice hacker to the world of embedded device firmware and software exploitation. First-come first-served, don\'t miss a chance try out these labs and get started with embedded device hacking.
\n\n\'',NULL,615004),('3_Saturday','11','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_403ce44fc159ad9ab925fb7a3205adec','\'\'',NULL,615005),('3_Saturday','12','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_403ce44fc159ad9ab925fb7a3205adec','\'\'',NULL,615006),('3_Saturday','13','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_403ce44fc159ad9ab925fb7a3205adec','\'\'',NULL,615007),('3_Saturday','14','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_403ce44fc159ad9ab925fb7a3205adec','\'\'',NULL,615008),('3_Saturday','15','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_403ce44fc159ad9ab925fb7a3205adec','\'\'',NULL,615009),('3_Saturday','16','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_403ce44fc159ad9ab925fb7a3205adec','\'\'',NULL,615010),('3_Saturday','17','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'101 Labs: Firmware and Software exploitation\'','\'\'','ESV_403ce44fc159ad9ab925fb7a3205adec','\'\'',NULL,615011),('2_Friday','10','10:00','17:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_7122cc2f5733d46409314ce1d02d87e2','\'Title: Secure Microcontroller Workshop
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nCome try a hands-on workshop on embedded computing using the new RP2350 processor from Raspberry Pi. Lean about the security architecture in modern embedded microprocessors and tinker with it in person! Think you have what it takes to break our stuff? Come learn, say hi and give it a try!
\n\n\'',NULL,615012),('2_Friday','11','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_7122cc2f5733d46409314ce1d02d87e2','\'\'',NULL,615013),('2_Friday','12','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_7122cc2f5733d46409314ce1d02d87e2','\'\'',NULL,615014),('2_Friday','13','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_7122cc2f5733d46409314ce1d02d87e2','\'\'',NULL,615015),('2_Friday','14','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_7122cc2f5733d46409314ce1d02d87e2','\'\'',NULL,615016),('2_Friday','15','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_7122cc2f5733d46409314ce1d02d87e2','\'\'',NULL,615017),('2_Friday','16','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_7122cc2f5733d46409314ce1d02d87e2','\'\'',NULL,615018),('2_Friday','17','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_7122cc2f5733d46409314ce1d02d87e2','\'\'',NULL,615019),('3_Saturday','10','10:00','17:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_2c8682e532ed9a4e49fcda66377b5742','\'Title: Secure Microcontroller Workshop
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nCome try a hands-on workshop on embedded computing using the new RP2350 processor from Raspberry Pi. Lean about the security architecture in modern embedded microprocessors and tinker with it in person! Think you have what it takes to break our stuff? Come learn, say hi and give it a try!
\n\n\'',NULL,615020),('3_Saturday','11','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_2c8682e532ed9a4e49fcda66377b5742','\'\'',NULL,615021),('3_Saturday','12','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_2c8682e532ed9a4e49fcda66377b5742','\'\'',NULL,615022),('3_Saturday','13','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_2c8682e532ed9a4e49fcda66377b5742','\'\'',NULL,615023),('3_Saturday','14','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_2c8682e532ed9a4e49fcda66377b5742','\'\'',NULL,615024),('3_Saturday','15','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_2c8682e532ed9a4e49fcda66377b5742','\'\'',NULL,615025),('3_Saturday','16','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_2c8682e532ed9a4e49fcda66377b5742','\'\'',NULL,615026),('3_Saturday','17','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_2c8682e532ed9a4e49fcda66377b5742','\'\'',NULL,615027),('4_Sunday','10','10:00','12:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_dd90decec218bad6a83636ec41260fc4','\'Title: Secure Microcontroller Workshop
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nCome try a hands-on workshop on embedded computing using the new RP2350 processor from Raspberry Pi. Lean about the security architecture in modern embedded microprocessors and tinker with it in person! Think you have what it takes to break our stuff? Come learn, say hi and give it a try!
\n\n\'',NULL,615028),('4_Sunday','11','10:00','12:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_dd90decec218bad6a83636ec41260fc4','\'\'',NULL,615029),('4_Sunday','12','10:00','12:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Secure Microcontroller Workshop\'','\'\'','ESV_dd90decec218bad6a83636ec41260fc4','\'\'',NULL,615030),('2_Friday','10','10:00','17:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_72aca98d4b142f2b54ff036859cfe235','\'Title: Emulating (and Hacking) Embedded Devices
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nHack your first embedded system! Sit down at our provided laptops and be guided through exploiting an IP camera, then learn how you can set up the emulated camera (and other devices) at home with Ludus!
\n\n\'',NULL,615031),('2_Friday','11','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_72aca98d4b142f2b54ff036859cfe235','\'\'',NULL,615032),('2_Friday','12','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_72aca98d4b142f2b54ff036859cfe235','\'\'',NULL,615033),('2_Friday','13','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_72aca98d4b142f2b54ff036859cfe235','\'\'',NULL,615034),('2_Friday','14','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_72aca98d4b142f2b54ff036859cfe235','\'\'',NULL,615035),('2_Friday','15','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_72aca98d4b142f2b54ff036859cfe235','\'\'',NULL,615036),('2_Friday','16','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_72aca98d4b142f2b54ff036859cfe235','\'\'',NULL,615037),('2_Friday','17','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_72aca98d4b142f2b54ff036859cfe235','\'\'',NULL,615038),('4_Sunday','10','10:00','12:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_fa692ce4ae037716fedc66ca018d2e0f','\'Title: Emulating (and Hacking) Embedded Devices
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nHack your first embedded system! Sit down at our provided laptops and be guided through exploiting an IP camera, then learn how you can set up the emulated camera (and other devices) at home with Ludus!
\n\n\'',NULL,615039),('4_Sunday','11','10:00','12:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_fa692ce4ae037716fedc66ca018d2e0f','\'\'',NULL,615040),('4_Sunday','12','10:00','12:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_fa692ce4ae037716fedc66ca018d2e0f','\'\'',NULL,615041),('3_Saturday','10','10:00','17:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_208e78ff9c8d1875b5ea2d4c17668162','\'Title: Emulating (and Hacking) Embedded Devices
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nHack your first embedded system! Sit down at our provided laptops and be guided through exploiting an IP camera, then learn how you can set up the emulated camera (and other devices) at home with Ludus!
\n\n\'',NULL,615042),('3_Saturday','11','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_208e78ff9c8d1875b5ea2d4c17668162','\'\'',NULL,615043),('3_Saturday','12','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_208e78ff9c8d1875b5ea2d4c17668162','\'\'',NULL,615044),('3_Saturday','13','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_208e78ff9c8d1875b5ea2d4c17668162','\'\'',NULL,615045),('3_Saturday','14','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_208e78ff9c8d1875b5ea2d4c17668162','\'\'',NULL,615046),('3_Saturday','15','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_208e78ff9c8d1875b5ea2d4c17668162','\'\'',NULL,615047),('3_Saturday','16','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_208e78ff9c8d1875b5ea2d4c17668162','\'\'',NULL,615048),('3_Saturday','17','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Emulating (and Hacking) Embedded Devices\'','\'\'','ESV_208e78ff9c8d1875b5ea2d4c17668162','\'\'',NULL,615049),('4_Sunday','10','10:00','12:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_844a1fcd60d186315bad39f5ea3f2e88','\'Title: Wireless & Networking workshop
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nCome and explore embedded communication by sniffing wireless traffic, exploring embedded servers, and finding flags hidden within.
\n\nSpeakerBio: Alex Kelly
\nNo BIO available
\n\n\'',NULL,615050),('4_Sunday','11','10:00','12:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_844a1fcd60d186315bad39f5ea3f2e88','\'\'',NULL,615051),('4_Sunday','12','10:00','12:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_844a1fcd60d186315bad39f5ea3f2e88','\'\'',NULL,615052),('2_Friday','10','10:00','17:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_63040f4561153f946717334c861e1cd9','\'Title: Wireless & Networking workshop
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nCome and explore embedded communication by sniffing wireless traffic, exploring embedded servers, and finding flags hidden within.
\n\nSpeakerBio: Alex Kelly
\nNo BIO available
\n\n\'',NULL,615053),('2_Friday','11','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_63040f4561153f946717334c861e1cd9','\'\'',NULL,615054),('2_Friday','12','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_63040f4561153f946717334c861e1cd9','\'\'',NULL,615055),('2_Friday','13','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_63040f4561153f946717334c861e1cd9','\'\'',NULL,615056),('2_Friday','14','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_63040f4561153f946717334c861e1cd9','\'\'',NULL,615057),('2_Friday','15','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_63040f4561153f946717334c861e1cd9','\'\'',NULL,615058),('2_Friday','16','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_63040f4561153f946717334c861e1cd9','\'\'',NULL,615059),('2_Friday','17','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_63040f4561153f946717334c861e1cd9','\'\'',NULL,615060),('3_Saturday','10','10:00','17:59','N','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_935b936f8578f1e15db0c1ed82c1192f','\'Title: Wireless & Networking workshop
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nCome and explore embedded communication by sniffing wireless traffic, exploring embedded servers, and finding flags hidden within.
\n\nSpeakerBio: Alex Kelly
\nNo BIO available
\n\n\'',NULL,615061),('3_Saturday','11','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_935b936f8578f1e15db0c1ed82c1192f','\'\'',NULL,615062),('3_Saturday','12','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_935b936f8578f1e15db0c1ed82c1192f','\'\'',NULL,615063),('3_Saturday','13','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_935b936f8578f1e15db0c1ed82c1192f','\'\'',NULL,615064),('3_Saturday','14','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_935b936f8578f1e15db0c1ed82c1192f','\'\'',NULL,615065),('3_Saturday','15','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_935b936f8578f1e15db0c1ed82c1192f','\'\'',NULL,615066),('3_Saturday','16','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_935b936f8578f1e15db0c1ed82c1192f','\'\'',NULL,615067),('3_Saturday','17','10:00','17:59','Y','ESV','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Wireless & Networking workshop\'','\'Alex Kelly\'','ESV_935b936f8578f1e15db0c1ed82c1192f','\'\'',NULL,615068),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_cb3d1c8eed30116b7688153529de5437','\'Title: Embedded CTF
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nEmbedded systems are everywhere in our daily lives, from the smart devices in our homes to the systems that control critical infrastructure. These systems exist at the intersection of hardware and software, built to accomplish a specific task. However, unlike general-purpose computers, embedded systems are typically designed for a particular case of use and have limited resources. This makes them both challenging and fascinating to work with, especially from a security perspective. Often these disciplines are dealt with individually, but understanding the custom relationships between hardware and software is vital to performing security research on these devices.
\n\nThe embedded device CTF contest is an exciting opportunity to explore the intricacies of these systems and test your skills in a competitive environment. Contestants are challenged to find vulnerabilities in the firmware or hardware and exploit them to gain access or control over the device. The contest offers a unique opportunity to explore embedded devices\' inner workings and understand their design\'s security implications.
\n\nNew devices will be dramatically introduced at set intervals throughout the competition, and point values will decrease over time. This keeps contestants guessing and on their toes, forcing them to adapt and use their skills to tackle new challenges. It also offers a chance to learn about different types of devices and how they function, broadening participants\' knowledge and experience.
\n\nBy participating in the contest, contestants can develop a deep understanding of how these systems operate and how to secure them against potential attacks. Additionally, the contest encourages participants to think outside the box and approach problems creatively, honing their problem-solving skills. The competition provides a valuable opportunity to network with like-minded individuals and a chance to learn from others in the field hands-on.
\n\nOverall, the embedded device CTF contest is an exciting and educational experience that showcases the unique challenges and rewards of working with embedded devices. With the rise of the Internet of Things and the increasing integration of technology in our daily lives, embedded devices are becoming more ubiquitous, making this contest relevant and worth checking out. Whether you\'re a seasoned security professional or just starting in the field, the contest offers a chance to learn, test your skills, and have fun in a dynamic and competitive environment.
\n\nThis is the main event at Embedded Systems Village. Come and show off your skills at hacking our collection of vulnerable embedded devices and find flags to score points! New this year we have a 101 track where each team will have their own set of emulated devices, as well as embedded challenges from the MITRE eCTF and some boss-level embedded challenges from Toyota Tsusho Systems US!
\n\n\'',NULL,615069),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_cb3d1c8eed30116b7688153529de5437','\'\'',NULL,615070),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_cb3d1c8eed30116b7688153529de5437','\'\'',NULL,615071),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_cb3d1c8eed30116b7688153529de5437','\'\'',NULL,615072),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_cb3d1c8eed30116b7688153529de5437','\'\'',NULL,615073),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_cb3d1c8eed30116b7688153529de5437','\'\'',NULL,615074),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_cb3d1c8eed30116b7688153529de5437','\'\'',NULL,615075),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_cb3d1c8eed30116b7688153529de5437','\'\'',NULL,615076),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_b9b8d849a6bb93f0c17608787f279914','\'Title: Embedded CTF
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nEmbedded systems are everywhere in our daily lives, from the smart devices in our homes to the systems that control critical infrastructure. These systems exist at the intersection of hardware and software, built to accomplish a specific task. However, unlike general-purpose computers, embedded systems are typically designed for a particular case of use and have limited resources. This makes them both challenging and fascinating to work with, especially from a security perspective. Often these disciplines are dealt with individually, but understanding the custom relationships between hardware and software is vital to performing security research on these devices.
\n\nThe embedded device CTF contest is an exciting opportunity to explore the intricacies of these systems and test your skills in a competitive environment. Contestants are challenged to find vulnerabilities in the firmware or hardware and exploit them to gain access or control over the device. The contest offers a unique opportunity to explore embedded devices\' inner workings and understand their design\'s security implications.
\n\nNew devices will be dramatically introduced at set intervals throughout the competition, and point values will decrease over time. This keeps contestants guessing and on their toes, forcing them to adapt and use their skills to tackle new challenges. It also offers a chance to learn about different types of devices and how they function, broadening participants\' knowledge and experience.
\n\nBy participating in the contest, contestants can develop a deep understanding of how these systems operate and how to secure them against potential attacks. Additionally, the contest encourages participants to think outside the box and approach problems creatively, honing their problem-solving skills. The competition provides a valuable opportunity to network with like-minded individuals and a chance to learn from others in the field hands-on.
\n\nOverall, the embedded device CTF contest is an exciting and educational experience that showcases the unique challenges and rewards of working with embedded devices. With the rise of the Internet of Things and the increasing integration of technology in our daily lives, embedded devices are becoming more ubiquitous, making this contest relevant and worth checking out. Whether you\'re a seasoned security professional or just starting in the field, the contest offers a chance to learn, test your skills, and have fun in a dynamic and competitive environment.
\n\nThis is the main event at Embedded Systems Village. Come and show off your skills at hacking our collection of vulnerable embedded devices and find flags to score points! New this year we have a 101 track where each team will have their own set of emulated devices, as well as embedded challenges from the MITRE eCTF and some boss-level embedded challenges from Toyota Tsusho Systems US!
\n\n\'',NULL,615077),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_b9b8d849a6bb93f0c17608787f279914','\'\'',NULL,615078),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_b9b8d849a6bb93f0c17608787f279914','\'\'',NULL,615079),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_f3fac1de544e70e5ce5346f23492c1ee','\'Title: Embedded CTF
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-05 - Map
\n
\nDescription:
\nEmbedded systems are everywhere in our daily lives, from the smart devices in our homes to the systems that control critical infrastructure. These systems exist at the intersection of hardware and software, built to accomplish a specific task. However, unlike general-purpose computers, embedded systems are typically designed for a particular case of use and have limited resources. This makes them both challenging and fascinating to work with, especially from a security perspective. Often these disciplines are dealt with individually, but understanding the custom relationships between hardware and software is vital to performing security research on these devices.
\n\nThe embedded device CTF contest is an exciting opportunity to explore the intricacies of these systems and test your skills in a competitive environment. Contestants are challenged to find vulnerabilities in the firmware or hardware and exploit them to gain access or control over the device. The contest offers a unique opportunity to explore embedded devices\' inner workings and understand their design\'s security implications.
\n\nNew devices will be dramatically introduced at set intervals throughout the competition, and point values will decrease over time. This keeps contestants guessing and on their toes, forcing them to adapt and use their skills to tackle new challenges. It also offers a chance to learn about different types of devices and how they function, broadening participants\' knowledge and experience.
\n\nBy participating in the contest, contestants can develop a deep understanding of how these systems operate and how to secure them against potential attacks. Additionally, the contest encourages participants to think outside the box and approach problems creatively, honing their problem-solving skills. The competition provides a valuable opportunity to network with like-minded individuals and a chance to learn from others in the field hands-on.
\n\nOverall, the embedded device CTF contest is an exciting and educational experience that showcases the unique challenges and rewards of working with embedded devices. With the rise of the Internet of Things and the increasing integration of technology in our daily lives, embedded devices are becoming more ubiquitous, making this contest relevant and worth checking out. Whether you\'re a seasoned security professional or just starting in the field, the contest offers a chance to learn, test your skills, and have fun in a dynamic and competitive environment.
\n\nThis is the main event at Embedded Systems Village. Come and show off your skills at hacking our collection of vulnerable embedded devices and find flags to score points! New this year we have a 101 track where each team will have their own set of emulated devices, as well as embedded challenges from the MITRE eCTF and some boss-level embedded challenges from Toyota Tsusho Systems US!
\n\n\'',NULL,615080),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_f3fac1de544e70e5ce5346f23492c1ee','\'\'',NULL,615081),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_f3fac1de544e70e5ce5346f23492c1ee','\'\'',NULL,615082),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_f3fac1de544e70e5ce5346f23492c1ee','\'\'',NULL,615083),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_f3fac1de544e70e5ce5346f23492c1ee','\'\'',NULL,615084),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_f3fac1de544e70e5ce5346f23492c1ee','\'\'',NULL,615085),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_f3fac1de544e70e5ce5346f23492c1ee','\'\'',NULL,615086),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-05','\'Embedded CTF\'','\'\'','CON_f3fac1de544e70e5ce5346f23492c1ee','\'\'',NULL,615087),('2_Friday','10','10:00','17:59','N','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_46df8de51b10d9fe477eb42416c25420','\'Title: Lockpicking Activities
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03-A - Map
\n
\nDescription:
\nWant to tinker with locks and tools the likes of which you\'ve only seen in movies featuring secret agents, daring heists, or covert entry teams?
\n\nThen come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.
\n\nThe Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.
\n\nExperts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.
\n\nA popular spot for new lock pickers! Highly recommended you stop by. The Lockpick Village is always kid friendly and welcomes folks of all ages. We do require that the parents stay with the kids.
\n\n\'',NULL,615088),('2_Friday','11','10:00','17:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_46df8de51b10d9fe477eb42416c25420','\'\'',NULL,615089),('2_Friday','12','10:00','17:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_46df8de51b10d9fe477eb42416c25420','\'\'',NULL,615090),('2_Friday','13','10:00','17:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_46df8de51b10d9fe477eb42416c25420','\'\'',NULL,615091),('2_Friday','14','10:00','17:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_46df8de51b10d9fe477eb42416c25420','\'\'',NULL,615092),('2_Friday','15','10:00','17:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_46df8de51b10d9fe477eb42416c25420','\'\'',NULL,615093),('2_Friday','16','10:00','17:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_46df8de51b10d9fe477eb42416c25420','\'\'',NULL,615094),('2_Friday','17','10:00','17:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_46df8de51b10d9fe477eb42416c25420','\'\'',NULL,615095),('4_Sunday','10','10:00','12:59','N','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_ecca167fc6ee3875956a7a7b1670bb75','\'Title: Lockpicking Activities
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03-A - Map
\n
\nDescription:
\nWant to tinker with locks and tools the likes of which you\'ve only seen in movies featuring secret agents, daring heists, or covert entry teams?
\n\nThen come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.
\n\nThe Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.
\n\nExperts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.
\n\nA popular spot for new lock pickers! Highly recommended you stop by. The Lockpick Village is always kid friendly and welcomes folks of all ages. We do require that the parents stay with the kids.
\n\n\'',NULL,615096),('4_Sunday','11','10:00','12:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_ecca167fc6ee3875956a7a7b1670bb75','\'\'',NULL,615097),('4_Sunday','12','10:00','12:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_ecca167fc6ee3875956a7a7b1670bb75','\'\'',NULL,615098),('3_Saturday','10','10:00','17:59','N','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_af3555cf2d0d8a3004eef29a9b3f20ff','\'Title: Lockpicking Activities
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03-A - Map
\n
\nDescription:
\nWant to tinker with locks and tools the likes of which you\'ve only seen in movies featuring secret agents, daring heists, or covert entry teams?
\n\nThen come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.
\n\nThe Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.
\n\nExperts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.
\n\nA popular spot for new lock pickers! Highly recommended you stop by. The Lockpick Village is always kid friendly and welcomes folks of all ages. We do require that the parents stay with the kids.
\n\n\'',NULL,615099),('3_Saturday','11','10:00','17:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_af3555cf2d0d8a3004eef29a9b3f20ff','\'\'',NULL,615100),('3_Saturday','12','10:00','17:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_af3555cf2d0d8a3004eef29a9b3f20ff','\'\'',NULL,615101),('3_Saturday','13','10:00','17:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_af3555cf2d0d8a3004eef29a9b3f20ff','\'\'',NULL,615102),('3_Saturday','14','10:00','17:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_af3555cf2d0d8a3004eef29a9b3f20ff','\'\'',NULL,615103),('3_Saturday','15','10:00','17:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_af3555cf2d0d8a3004eef29a9b3f20ff','\'\'',NULL,615104),('3_Saturday','16','10:00','17:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_af3555cf2d0d8a3004eef29a9b3f20ff','\'\'',NULL,615105),('3_Saturday','17','10:00','17:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Lockpicking Activities\'','\'\'','LPV_af3555cf2d0d8a3004eef29a9b3f20ff','\'\'',NULL,615106),('3_Saturday','12','12:00','15:59','N','HDA','LVCC West/Floor 1/W110','\'HDA Presents the open Synth Jam Session\'','\'\'','HDA_acb2bef3382c49161f46aa9447a0bb69','\'Title: HDA Presents the open Synth Jam Session
\nWhen: Saturday, Aug 10, 12:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/W110 - Map
\n
\nDescription:
\nBring your instruments, synths, and self for an open jam session
\n\n\'',NULL,615107),('3_Saturday','13','12:00','15:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Presents the open Synth Jam Session\'','\'\'','HDA_acb2bef3382c49161f46aa9447a0bb69','\'\'',NULL,615108),('3_Saturday','14','12:00','15:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Presents the open Synth Jam Session\'','\'\'','HDA_acb2bef3382c49161f46aa9447a0bb69','\'\'',NULL,615109),('3_Saturday','15','12:00','15:59','Y','HDA','LVCC West/Floor 1/W110','\'HDA Presents the open Synth Jam Session\'','\'\'','HDA_acb2bef3382c49161f46aa9447a0bb69','\'\'',NULL,615110),('3_Saturday','10','10:00','17:59','N','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_4fe99d2bd9d4c9fc0e6df0bbd2807b62','\'Title: Social Engineering Community Village Hours
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 3/W317-W319 - Map
\n
\nDescription:
\nCome check out the Social Engineering Community Village!
\n\n\'',NULL,615111),('3_Saturday','11','10:00','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_4fe99d2bd9d4c9fc0e6df0bbd2807b62','\'\'',NULL,615112),('3_Saturday','12','10:00','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_4fe99d2bd9d4c9fc0e6df0bbd2807b62','\'\'',NULL,615113),('3_Saturday','13','10:00','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_4fe99d2bd9d4c9fc0e6df0bbd2807b62','\'\'',NULL,615114),('3_Saturday','14','10:00','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_4fe99d2bd9d4c9fc0e6df0bbd2807b62','\'\'',NULL,615115),('3_Saturday','15','10:00','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_4fe99d2bd9d4c9fc0e6df0bbd2807b62','\'\'',NULL,615116),('3_Saturday','16','10:00','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_4fe99d2bd9d4c9fc0e6df0bbd2807b62','\'\'',NULL,615117),('3_Saturday','17','10:00','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_4fe99d2bd9d4c9fc0e6df0bbd2807b62','\'\'',NULL,615118),('4_Sunday','10','10:00','13:59','N','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_d49a77b9c4c239fff29ca3a87c6bd395','\'Title: Social Engineering Community Village Hours
\nWhen: Sunday, Aug 11, 10:00 - 13:59 PDT
\nWhere: LVCC West/Floor 3/W317-W319 - Map
\n
\nDescription:
\nCome check out the Social Engineering Community Village!
\n\n\'',NULL,615119),('4_Sunday','11','10:00','13:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_d49a77b9c4c239fff29ca3a87c6bd395','\'\'',NULL,615120),('4_Sunday','12','10:00','13:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_d49a77b9c4c239fff29ca3a87c6bd395','\'\'',NULL,615121),('4_Sunday','13','10:00','13:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_d49a77b9c4c239fff29ca3a87c6bd395','\'\'',NULL,615122),('2_Friday','08','08:30','17:59','N','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_5d5e07f8773718ae8e91c6e9e87d271c','\'Title: Social Engineering Community Village Hours
\nWhen: Friday, Aug 9, 08:30 - 17:59 PDT
\nWhere: LVCC West/Floor 3/W317-W319 - Map
\n
\nDescription:
\nCome check out the Social Engineering Community Village!
\n\n\'',NULL,615123),('2_Friday','09','08:30','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_5d5e07f8773718ae8e91c6e9e87d271c','\'\'',NULL,615124),('2_Friday','10','08:30','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_5d5e07f8773718ae8e91c6e9e87d271c','\'\'',NULL,615125),('2_Friday','11','08:30','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_5d5e07f8773718ae8e91c6e9e87d271c','\'\'',NULL,615126),('2_Friday','12','08:30','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_5d5e07f8773718ae8e91c6e9e87d271c','\'\'',NULL,615127),('2_Friday','13','08:30','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_5d5e07f8773718ae8e91c6e9e87d271c','\'\'',NULL,615128),('2_Friday','14','08:30','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_5d5e07f8773718ae8e91c6e9e87d271c','\'\'',NULL,615129),('2_Friday','15','08:30','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_5d5e07f8773718ae8e91c6e9e87d271c','\'\'',NULL,615130),('2_Friday','16','08:30','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_5d5e07f8773718ae8e91c6e9e87d271c','\'\'',NULL,615131),('2_Friday','17','08:30','17:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Village Hours\'','\'\'','SEV_5d5e07f8773718ae8e91c6e9e87d271c','\'\'',NULL,615132),('3_Saturday','12','12:30','12:59','N','SEV','LVCC West/Floor 3/W317-W319','\'SECV - Break / Networking\'','\'\'','SEV_2d556a5c6b5bb20201d2da7067f64a03','\'Title: SECV - Break / Networking
\nWhen: Saturday, Aug 10, 12:30 - 12:59 PDT
\nWhere: LVCC West/Floor 3/W317-W319 - Map
\n
\nDescription:
\nTime to mingle! Discover who can tell the best dad jokes. We\'re taking a quick break - be back soon!
\n\n\'',NULL,615133),('3_Saturday','15','15:00','15:30','N','SEV','LVCC West/Floor 3/W317-W319','\'SECV - Break / Networking\'','\'\'','SEV_0910a26d3c71919b1408d4b7ae092c56','\'Title: SECV - Break / Networking
\nWhen: Saturday, Aug 10, 15:00 - 15:30 PDT
\nWhere: LVCC West/Floor 3/W317-W319 - Map
\n
\nDescription:
\nTime to mingle! Discover who can tell the best dad jokes. We\'re taking a quick break - be back soon!
\n\n\'',NULL,615134),('2_Friday','17','17:15','17:59','N','SEV','LVCC West/Floor 3/W317-W319','\'Presentation: The 2024 #SECVC Debrief\'','\'\'','SEV_4efca4681ef0cf31009ab7499cb07e38','\'Title: Presentation: The 2024 #SECVC Debrief
\nWhen: Friday, Aug 9, 17:15 - 17:59 PDT
\nWhere: LVCC West/Floor 3/W317-W319 - Map
\n
\nDescription:
\nJoin the Founders of the Social Engineering Community as they break down this year’s Vishing Competition (#SECVC). They’ll talk about how the competition is organized, and some of the big takeaways, trends, and surprises (both good and bad) from the OSINT and Vishing Plan reports. They’ll also recount some of the highlights from this year’s live calls.
\n\n\'',NULL,615135),('3_Saturday','17','17:30','17:59','N','SEV','LVCC West/Floor 3/W317-W319','\'Presentation: It Takes a Village...\'','\'\'','SEV_5bd43b5fd44863ec17d2153b5a8480eb','\'Title: Presentation: It Takes a Village...
\nWhen: Saturday, Aug 10, 17:30 - 17:59 PDT
\nWhere: LVCC West/Floor 3/W317-W319 - Map
\n
\nDescription:
\nIts time to ask the question: “Where do we go from here?” Join SEC Village founders, Snow & JC to have a heart to heart about how we shape the future of the SEC. If you’re looking for how to get involved, or have ideas for the village, be here! We need you and want to hear from you!
\n\n\n\n\'',NULL,615136),('4_Sunday','10','10:00','11:30','N','SEV','LVCC West/Floor 3/W317-W319','\'SECVC Awards & Competitor Panel + Youth Challenge Awards\'','\'\'','SEV_d8262f28bc7f38130e8d3d2a12e5dcf9','\'Title: SECVC Awards & Competitor Panel + Youth Challenge Awards
\nWhen: Sunday, Aug 11, 10:00 - 11:30 PDT
\nWhere: LVCC West/Floor 3/W317-W319 - Map
\n
\nDescription:
\nSee who won in our village! During this time we’ll present the Youth Challenge winner, the #SECVC 1st and 2nd place winners, as well as the much-coveted Dundies! Then stick around as we have a panel interview with the winners to hear their story about their path to victory!
\n\n\'',NULL,615137),('4_Sunday','11','10:00','11:30','Y','SEV','LVCC West/Floor 3/W317-W319','\'SECVC Awards & Competitor Panel + Youth Challenge Awards\'','\'\'','SEV_d8262f28bc7f38130e8d3d2a12e5dcf9','\'\'',NULL,615138),('3_Saturday','15','15:30','17:30','N','SEV','LVCC West/Floor 3/W317-W319','\'Cold Calls\'','\'\'','SEV_ef11ee352efbf7e4f4c5e70262e85343','\'Title: Cold Calls
\nWhen: Saturday, Aug 10, 15:30 - 17:30 PDT
\nWhere: LVCC West/Floor 3/W317-W319 - Map
\n
\nDescription:
\nCome make a call in front of our soundproof booth. We provide everything, the target company, their phone number, and three objectives to gather (easy, medium, and hard). First come, first serve.
\n\n\'',NULL,615139),('3_Saturday','16','15:30','17:30','Y','SEV','LVCC West/Floor 3/W317-W319','\'Cold Calls\'','\'\'','SEV_ef11ee352efbf7e4f4c5e70262e85343','\'\'',NULL,615140),('3_Saturday','17','15:30','17:30','Y','SEV','LVCC West/Floor 3/W317-W319','\'Cold Calls\'','\'\'','SEV_ef11ee352efbf7e4f4c5e70262e85343','\'\'',NULL,615141),('3_Saturday','13','13:00','14:59','N','SEV','LVCC West/Floor 3/W317-W319','\'Cold Calls\'','\'\'','SEV_869c0ff2d4be5117c089a2918abc869d','\'Title: Cold Calls
\nWhen: Saturday, Aug 10, 13:00 - 14:59 PDT
\nWhere: LVCC West/Floor 3/W317-W319 - Map
\n
\nDescription:
\nCome make a call in front of our soundproof booth. We provide everything, the target company, their phone number, and three objectives to gather (easy, medium, and hard). First come, first serve.
\n\n\'',NULL,615142),('3_Saturday','14','13:00','14:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Cold Calls\'','\'\'','SEV_869c0ff2d4be5117c089a2918abc869d','\'\'',NULL,615143),('4_Sunday','11','11:30','13:59','N','SEV','LVCC West/Floor 3/W317-W319','\'Cold Calls\'','\'\'','SEV_d88de55330d22a630b2332eeb642ae7d','\'Title: Cold Calls
\nWhen: Sunday, Aug 11, 11:30 - 13:59 PDT
\nWhere: LVCC West/Floor 3/W317-W319 - Map
\n
\nDescription:
\nCome make a call in front of our soundproof booth. We provide everything, the target company, their phone number, and three objectives to gather (easy, medium, and hard). First come, first serve.
\n\n\'',NULL,615144),('4_Sunday','12','11:30','13:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Cold Calls\'','\'\'','SEV_d88de55330d22a630b2332eeb642ae7d','\'\'',NULL,615145),('4_Sunday','13','11:30','13:59','Y','SEV','LVCC West/Floor 3/W317-W319','\'Cold Calls\'','\'\'','SEV_d88de55330d22a630b2332eeb642ae7d','\'\'',NULL,615146),('3_Saturday','10','10:00','12:30','N','SEV','LVCC West/Floor 3/W317-W319','\'John Henry Competition - Human vs. AI & Panel Discussion\'','\'\'','SEV_6ad2f11fbf801f340a03792cd615af4a','\'Title: John Henry Competition - Human vs. AI & Panel Discussion
\nWhen: Saturday, Aug 10, 10:00 - 12:30 PDT
\nWhere: LVCC West/Floor 3/W317-W319 - Map
\n
\nDescription:
\nJoin us for the thrilling and BRAND NEW competition where professional social engineers battle a cutting-edge AI team to see who can achieve the most objectives, followed by an insightful panel discussion.
\n\n\'',NULL,615147),('3_Saturday','11','10:00','12:30','Y','SEV','LVCC West/Floor 3/W317-W319','\'John Henry Competition - Human vs. AI & Panel Discussion\'','\'\'','SEV_6ad2f11fbf801f340a03792cd615af4a','\'\'',NULL,615148),('3_Saturday','12','10:00','12:30','Y','SEV','LVCC West/Floor 3/W317-W319','\'John Henry Competition - Human vs. AI & Panel Discussion\'','\'\'','SEV_6ad2f11fbf801f340a03792cd615af4a','\'\'',NULL,615149),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_33cdd2e0404e69beb80fb71efe3e170c','\'Title: Social Engineering Community Youth Challenge
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 3/W317-W319 - Map
\n
\nDescription:
\nDon’t Panic! The Social Engineering Community needs your help save the galaxy! We need brave and creative minds for our Youth Challenge to help us solve a series of challenges that will trigger the implosion failsafe.
\n\n\'',NULL,615150),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_33cdd2e0404e69beb80fb71efe3e170c','\'\'',NULL,615151),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_33cdd2e0404e69beb80fb71efe3e170c','\'\'',NULL,615152),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_33cdd2e0404e69beb80fb71efe3e170c','\'\'',NULL,615153),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_33cdd2e0404e69beb80fb71efe3e170c','\'\'',NULL,615154),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_33cdd2e0404e69beb80fb71efe3e170c','\'\'',NULL,615155),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_33cdd2e0404e69beb80fb71efe3e170c','\'\'',NULL,615156),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_33cdd2e0404e69beb80fb71efe3e170c','\'\'',NULL,615157),('2_Friday','09','09:00','17:59','N','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_b2fd275e9f03ecd8c76967211e02ac85','\'Title: Social Engineering Community Youth Challenge
\nWhen: Friday, Aug 9, 09:00 - 17:59 PDT
\nWhere: LVCC West/Floor 3/W317-W319 - Map
\n
\nDescription:
\nDon’t Panic! The Social Engineering Community needs your help save the galaxy! We need brave and creative minds for our Youth Challenge to help us solve a series of challenges that will trigger the implosion failsafe.
\n\n\'',NULL,615158),('2_Friday','10','09:00','17:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_b2fd275e9f03ecd8c76967211e02ac85','\'\'',NULL,615159),('2_Friday','11','09:00','17:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_b2fd275e9f03ecd8c76967211e02ac85','\'\'',NULL,615160),('2_Friday','12','09:00','17:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_b2fd275e9f03ecd8c76967211e02ac85','\'\'',NULL,615161),('2_Friday','13','09:00','17:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_b2fd275e9f03ecd8c76967211e02ac85','\'\'',NULL,615162),('2_Friday','14','09:00','17:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_b2fd275e9f03ecd8c76967211e02ac85','\'\'',NULL,615163),('2_Friday','15','09:00','17:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_b2fd275e9f03ecd8c76967211e02ac85','\'\'',NULL,615164),('2_Friday','16','09:00','17:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_b2fd275e9f03ecd8c76967211e02ac85','\'\'',NULL,615165),('2_Friday','17','09:00','17:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Youth Challenge\'','\'\'','CON_b2fd275e9f03ecd8c76967211e02ac85','\'\'',NULL,615166),('2_Friday','09','09:00','16:59','N','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Vishing Competition (SECVC)\'','\'\'','CON_114a86621696fc285dddfd3e200949bb','\'Title: Social Engineering Community Vishing Competition (SECVC)
\nWhen: Friday, Aug 9, 09:00 - 16:59 PDT
\nWhere: LVCC West/Floor 3/W317-W319 - Map
\n
\nDescription:
\nIn the Social Engineering Community’s Vishing Competition (#SECVC), teams and individuals go toe to toe, placing live phone calls in front of the SEC audience at DEF CON, showcasing the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies.
\n\n\'',NULL,615167),('2_Friday','10','09:00','16:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Vishing Competition (SECVC)\'','\'\'','CON_114a86621696fc285dddfd3e200949bb','\'\'',NULL,615168),('2_Friday','11','09:00','16:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Vishing Competition (SECVC)\'','\'\'','CON_114a86621696fc285dddfd3e200949bb','\'\'',NULL,615169),('2_Friday','12','09:00','16:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Vishing Competition (SECVC)\'','\'\'','CON_114a86621696fc285dddfd3e200949bb','\'\'',NULL,615170),('2_Friday','13','09:00','16:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Vishing Competition (SECVC)\'','\'\'','CON_114a86621696fc285dddfd3e200949bb','\'\'',NULL,615171),('2_Friday','14','09:00','16:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Vishing Competition (SECVC)\'','\'\'','CON_114a86621696fc285dddfd3e200949bb','\'\'',NULL,615172),('2_Friday','15','09:00','16:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Vishing Competition (SECVC)\'','\'\'','CON_114a86621696fc285dddfd3e200949bb','\'\'',NULL,615173),('2_Friday','16','09:00','16:59','Y','CON','LVCC West/Floor 3/W317-W319','\'Social Engineering Community Vishing Competition (SECVC)\'','\'\'','CON_114a86621696fc285dddfd3e200949bb','\'\'',NULL,615174),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_c7a0b6a9d82f9920baa519a0fbfc44b9','\'Title: Radio Frequency Capture the Flag
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nIn this game capture the flag you will be presented with real configurations of real wireless and radio technologies to attack. Practice your skill and learn new ones from Radio Frequency IDentification (RFID) through Software Defined Radio (SDR) and up to Bluetooth and WiFi. There may even be Infrared, if you have the eye for it.
\n\nRF Hackers Sanctuary is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 32. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.
\n\nWe cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.
\n\nThis game doesn’t let you sit still either, as there are numerous fox hunts, testing your skill in tracking various signals. If running around the conference looking for WiFi, Bluetooth, or even a Tire Pressure Monitoring System (TPMS) device sounds like fun, we are your source of a higher step count.
\n\nThere will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.
\n\n\'',NULL,615175),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_c7a0b6a9d82f9920baa519a0fbfc44b9','\'\'',NULL,615176),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_c7a0b6a9d82f9920baa519a0fbfc44b9','\'\'',NULL,615177),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_c7a0b6a9d82f9920baa519a0fbfc44b9','\'\'',NULL,615178),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_c7a0b6a9d82f9920baa519a0fbfc44b9','\'\'',NULL,615179),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_c7a0b6a9d82f9920baa519a0fbfc44b9','\'\'',NULL,615180),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_c7a0b6a9d82f9920baa519a0fbfc44b9','\'\'',NULL,615181),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_c7a0b6a9d82f9920baa519a0fbfc44b9','\'\'',NULL,615182),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_ccf89fc80be3f8bf68fd7b10d50df448','\'Title: Radio Frequency Capture the Flag
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nIn this game capture the flag you will be presented with real configurations of real wireless and radio technologies to attack. Practice your skill and learn new ones from Radio Frequency IDentification (RFID) through Software Defined Radio (SDR) and up to Bluetooth and WiFi. There may even be Infrared, if you have the eye for it.
\n\nRF Hackers Sanctuary is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 32. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.
\n\nWe cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.
\n\nThis game doesn’t let you sit still either, as there are numerous fox hunts, testing your skill in tracking various signals. If running around the conference looking for WiFi, Bluetooth, or even a Tire Pressure Monitoring System (TPMS) device sounds like fun, we are your source of a higher step count.
\n\nThere will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.
\n\n\'',NULL,615183),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_ccf89fc80be3f8bf68fd7b10d50df448','\'\'',NULL,615184),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_ccf89fc80be3f8bf68fd7b10d50df448','\'\'',NULL,615185),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_ccf89fc80be3f8bf68fd7b10d50df448','\'\'',NULL,615186),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_ccf89fc80be3f8bf68fd7b10d50df448','\'\'',NULL,615187),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_ccf89fc80be3f8bf68fd7b10d50df448','\'\'',NULL,615188),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_ccf89fc80be3f8bf68fd7b10d50df448','\'\'',NULL,615189),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_ccf89fc80be3f8bf68fd7b10d50df448','\'\'',NULL,615190),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_2fb7fb25fff9db0d0ac29acf8ccce826','\'Title: Radio Frequency Capture the Flag
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nIn this game capture the flag you will be presented with real configurations of real wireless and radio technologies to attack. Practice your skill and learn new ones from Radio Frequency IDentification (RFID) through Software Defined Radio (SDR) and up to Bluetooth and WiFi. There may even be Infrared, if you have the eye for it.
\n\nRF Hackers Sanctuary is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 32. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.
\n\nWe cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.
\n\nThis game doesn’t let you sit still either, as there are numerous fox hunts, testing your skill in tracking various signals. If running around the conference looking for WiFi, Bluetooth, or even a Tire Pressure Monitoring System (TPMS) device sounds like fun, we are your source of a higher step count.
\n\nThere will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.
\n\n\'',NULL,615191),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_2fb7fb25fff9db0d0ac29acf8ccce826','\'\'',NULL,615192),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Capture the Flag\'','\'\'','CON_2fb7fb25fff9db0d0ac29acf8ccce826','\'\'',NULL,615193),('2_Friday','10','10:00','12:59','N','CON','Virtual','\'Radio Frequency Capture the Flag\'','\'\'','CON_00e2cd73d4698c09b5d085fcf2397272','\'Title: Radio Frequency Capture the Flag
\nWhen: Friday, Aug 9, 10:00 - 12:59 PDT
\nWhere: Virtual
\n
\nDescription:
\nIn this game capture the flag you will be presented with real configurations of real wireless and radio technologies to attack. Practice your skill and learn new ones from Radio Frequency IDentification (RFID) through Software Defined Radio (SDR) and up to Bluetooth and WiFi. There may even be Infrared, if you have the eye for it.
\n\nRF Hackers Sanctuary is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 32. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.
\n\nWe cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.
\n\nThis game doesn’t let you sit still either, as there are numerous fox hunts, testing your skill in tracking various signals. If running around the conference looking for WiFi, Bluetooth, or even a Tire Pressure Monitoring System (TPMS) device sounds like fun, we are your source of a higher step count.
\n\nThere will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.
\n\n\'',NULL,615194),('2_Friday','11','10:00','12:59','Y','CON','Virtual','\'Radio Frequency Capture the Flag\'','\'\'','CON_00e2cd73d4698c09b5d085fcf2397272','\'\'',NULL,615195),('2_Friday','12','10:00','12:59','Y','CON','Virtual','\'Radio Frequency Capture the Flag\'','\'\'','CON_00e2cd73d4698c09b5d085fcf2397272','\'\'',NULL,615196),('3_Saturday','14','14:00','15:45','N','DL','LVCC West/Floor 3/W308','\'Farming Ndays with GreyNoise\'','\'Andrew Morris\'','DL_2b7f03d64943a074b77007f4fe2023d3','\'Title: Farming Ndays with GreyNoise
\nWhen: Saturday, Aug 10, 14:00 - 15:45 PDT
\nWhere: LVCC West/Floor 3/W308 - Map
\n
\nDescription:
\nGnarly vulnerabilities in devices and services that typically face the internet are being disclosed every week. You can use GreyNoise\'s new free community analysis platform to deploy honeypot sensors, collect PCAPs of in-the-wild exploitation of software vulnerabilities, discover the source IPs of mass scanners, botnets, and compromised devices, and compare attacks across networks. In this presentation we\'re demonstrating GreyNoise\' new sensor deployment, SQL explorer, and rules engine.
\n\nSpeakerBio: Andrew Morris
\nNo BIO available
\n\n\'',NULL,615197),('3_Saturday','15','14:00','15:45','Y','DL','LVCC West/Floor 3/W308','\'Farming Ndays with GreyNoise\'','\'Andrew Morris\'','DL_2b7f03d64943a074b77007f4fe2023d3','\'\'',NULL,615198),('2_Friday','08','08:00','17:59','N','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_54d26df927cadbddbb9aaa6bbbc0c139','\'Title: Merch (formerly swag) Area Open -- README
\nWhen: Friday, Aug 9, 08:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W212 - Map
\n
\nDescription:
\nAll merch sales are USD CASH ONLY. No cards will be accepted.
\n\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)
\n\nNote that the closing hours here are when sales must have ended. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can\'t predict the length of the line or when doors will be closed.
\n\n\'',NULL,615199),('2_Friday','09','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_54d26df927cadbddbb9aaa6bbbc0c139','\'\'',NULL,615200),('2_Friday','10','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_54d26df927cadbddbb9aaa6bbbc0c139','\'\'',NULL,615201),('2_Friday','11','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_54d26df927cadbddbb9aaa6bbbc0c139','\'\'',NULL,615202),('2_Friday','12','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_54d26df927cadbddbb9aaa6bbbc0c139','\'\'',NULL,615203),('2_Friday','13','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_54d26df927cadbddbb9aaa6bbbc0c139','\'\'',NULL,615204),('2_Friday','14','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_54d26df927cadbddbb9aaa6bbbc0c139','\'\'',NULL,615205),('2_Friday','15','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_54d26df927cadbddbb9aaa6bbbc0c139','\'\'',NULL,615206),('2_Friday','16','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_54d26df927cadbddbb9aaa6bbbc0c139','\'\'',NULL,615207),('2_Friday','17','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_54d26df927cadbddbb9aaa6bbbc0c139','\'\'',NULL,615208),('3_Saturday','09','09:00','14:59','N','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_0090b1ac628eefef75d5c43ac0e8288b','\'Title: Merch (formerly swag) Area Open -- README
\nWhen: Saturday, Aug 10, 09:00 - 14:59 PDT
\nWhere: LVCC West/Floor 2/W212 - Map
\n
\nDescription:
\nAll merch sales are USD CASH ONLY. No cards will be accepted.
\n\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)
\n\nNote that the closing hours here are when sales must have ended. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can\'t predict the length of the line or when doors will be closed.
\n\n\'',NULL,615209),('3_Saturday','10','09:00','14:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_0090b1ac628eefef75d5c43ac0e8288b','\'\'',NULL,615210),('3_Saturday','11','09:00','14:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_0090b1ac628eefef75d5c43ac0e8288b','\'\'',NULL,615211),('3_Saturday','12','09:00','14:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_0090b1ac628eefef75d5c43ac0e8288b','\'\'',NULL,615212),('3_Saturday','13','09:00','14:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_0090b1ac628eefef75d5c43ac0e8288b','\'\'',NULL,615213),('3_Saturday','14','09:00','14:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_0090b1ac628eefef75d5c43ac0e8288b','\'\'',NULL,615214),('1_Thursday','08','08:00','17:59','N','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_e2646c071da13107ec5568bb2fef1ef8','\'Title: Merch (formerly swag) Area Open -- README
\nWhen: Thursday, Aug 8, 08:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W212 - Map
\n
\nDescription:
\nAll merch sales are USD CASH ONLY. No cards will be accepted.
\n\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)
\n\nNote that the closing hours here are when sales must have ended. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can\'t predict the length of the line or when doors will be closed.
\n\n\'',NULL,615215),('1_Thursday','09','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_e2646c071da13107ec5568bb2fef1ef8','\'\'',NULL,615216),('1_Thursday','10','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_e2646c071da13107ec5568bb2fef1ef8','\'\'',NULL,615217),('1_Thursday','11','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_e2646c071da13107ec5568bb2fef1ef8','\'\'',NULL,615218),('1_Thursday','12','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_e2646c071da13107ec5568bb2fef1ef8','\'\'',NULL,615219),('1_Thursday','13','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_e2646c071da13107ec5568bb2fef1ef8','\'\'',NULL,615220),('1_Thursday','14','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_e2646c071da13107ec5568bb2fef1ef8','\'\'',NULL,615221),('1_Thursday','15','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_e2646c071da13107ec5568bb2fef1ef8','\'\'',NULL,615222),('1_Thursday','16','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_e2646c071da13107ec5568bb2fef1ef8','\'\'',NULL,615223),('1_Thursday','17','08:00','17:59','Y','MISC','LVCC West/Floor 2/W212','\'Merch (formerly swag) Area Open -- README\'','\'\'','MISC_e2646c071da13107ec5568bb2fef1ef8','\'\'',NULL,615224),('2_Friday','10','10:00','17:59','N','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_a24024212874646f3ede19c93fd8acfa','\'Title: All content areas generally open
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West - Map
\n
\nDescription:
\n\n\n\'',NULL,615225),('2_Friday','11','10:00','17:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_a24024212874646f3ede19c93fd8acfa','\'\'',NULL,615226),('2_Friday','12','10:00','17:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_a24024212874646f3ede19c93fd8acfa','\'\'',NULL,615227),('2_Friday','13','10:00','17:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_a24024212874646f3ede19c93fd8acfa','\'\'',NULL,615228),('2_Friday','14','10:00','17:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_a24024212874646f3ede19c93fd8acfa','\'\'',NULL,615229),('2_Friday','15','10:00','17:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_a24024212874646f3ede19c93fd8acfa','\'\'',NULL,615230),('2_Friday','16','10:00','17:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_a24024212874646f3ede19c93fd8acfa','\'\'',NULL,615231),('2_Friday','17','10:00','17:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_a24024212874646f3ede19c93fd8acfa','\'\'',NULL,615232),('4_Sunday','10','10:00','12:59','N','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_5b14b57a05816d8bf3b6999b9abe05c2','\'Title: All content areas generally open
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West - Map
\n
\nDescription:
\n\n\n\'',NULL,615233),('4_Sunday','11','10:00','12:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_5b14b57a05816d8bf3b6999b9abe05c2','\'\'',NULL,615234),('4_Sunday','12','10:00','12:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_5b14b57a05816d8bf3b6999b9abe05c2','\'\'',NULL,615235),('3_Saturday','10','10:00','17:59','N','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_b16e1d6003f1b7d9d99c4c078894afdd','\'Title: All content areas generally open
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West - Map
\n
\nDescription:
\n\n\n\'',NULL,615236),('3_Saturday','11','10:00','17:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_b16e1d6003f1b7d9d99c4c078894afdd','\'\'',NULL,615237),('3_Saturday','12','10:00','17:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_b16e1d6003f1b7d9d99c4c078894afdd','\'\'',NULL,615238),('3_Saturday','13','10:00','17:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_b16e1d6003f1b7d9d99c4c078894afdd','\'\'',NULL,615239),('3_Saturday','14','10:00','17:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_b16e1d6003f1b7d9d99c4c078894afdd','\'\'',NULL,615240),('3_Saturday','15','10:00','17:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_b16e1d6003f1b7d9d99c4c078894afdd','\'\'',NULL,615241),('3_Saturday','16','10:00','17:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_b16e1d6003f1b7d9d99c4c078894afdd','\'\'',NULL,615242),('3_Saturday','17','10:00','17:59','Y','MISC','LVCC West','\'All content areas generally open\'','\'\'','MISC_b16e1d6003f1b7d9d99c4c078894afdd','\'\'',NULL,615243),('2_Friday','08','08:00','01:59','N','MISC','LVCC West/Floor 2/W238','\'Lost & Found\'','\'\'','MISC_eabfbd39f915e21b0f6e4db2fa241f58','\'Title: Lost & Found
\nWhen: Friday, Aug 9, 08:00 - 01:59 PDT
\nWhere: LVCC West/Floor 2/W238 - Map
\n
\nDescription:
\nIf you find something that seems to have been lost, please take that item to the nearest NFO Node. The item will enter the DEF CON Lost & Found system.
\n\nIf you\'ve lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in room LVCC - L2 - W238. You may also call Lost & Found at +1 (725) 377-5045.
\n\nThe Lost & Found department plans to be open Thursday - Saturday, during all hours that the conference operates. On Sunday, the Lost & Found department will open with the venue at 08:00, but will close at the beginning of DEF CON 32 Closing Ceremonies (15:00). Shortly thereafter, all remaining lost items will be transferred to the LVCC West Lobby Security Office. If you need to reach LVCC\'s West Lobby Security Office, you may call +1 (702) 943-3532.
\n\n\'',NULL,615244),('1_Thursday','07','07:00','01:59','N','MISC','LVCC West/Floor 2/W238','\'Lost & Found\'','\'\'','MISC_28b2839736165f6fcbfad1961dadb81a','\'Title: Lost & Found
\nWhen: Thursday, Aug 8, 07:00 - 01:59 PDT
\nWhere: LVCC West/Floor 2/W238 - Map
\n
\nDescription:
\nIf you find something that seems to have been lost, please take that item to the nearest NFO Node. The item will enter the DEF CON Lost & Found system.
\n\nIf you\'ve lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in room LVCC - L2 - W238. You may also call Lost & Found at +1 (725) 377-5045.
\n\nThe Lost & Found department plans to be open Thursday - Saturday, during all hours that the conference operates. On Sunday, the Lost & Found department will open with the venue at 08:00, but will close at the beginning of DEF CON 32 Closing Ceremonies (15:00). Shortly thereafter, all remaining lost items will be transferred to the LVCC West Lobby Security Office. If you need to reach LVCC\'s West Lobby Security Office, you may call +1 (702) 943-3532.
\n\n\'',NULL,615245),('4_Sunday','08','08:00','14:59','N','MISC','LVCC West/Floor 2/W238','\'Lost & Found\'','\'\'','MISC_f4f070e1b0687b29a5fa01010ab54212','\'Title: Lost & Found
\nWhen: Sunday, Aug 11, 08:00 - 14:59 PDT
\nWhere: LVCC West/Floor 2/W238 - Map
\n
\nDescription:
\nIf you find something that seems to have been lost, please take that item to the nearest NFO Node. The item will enter the DEF CON Lost & Found system.
\n\nIf you\'ve lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in room LVCC - L2 - W238. You may also call Lost & Found at +1 (725) 377-5045.
\n\nThe Lost & Found department plans to be open Thursday - Saturday, during all hours that the conference operates. On Sunday, the Lost & Found department will open with the venue at 08:00, but will close at the beginning of DEF CON 32 Closing Ceremonies (15:00). Shortly thereafter, all remaining lost items will be transferred to the LVCC West Lobby Security Office. If you need to reach LVCC\'s West Lobby Security Office, you may call +1 (702) 943-3532.
\n\n\'',NULL,615246),('4_Sunday','09','08:00','14:59','Y','MISC','LVCC West/Floor 2/W238','\'Lost & Found\'','\'\'','MISC_f4f070e1b0687b29a5fa01010ab54212','\'\'',NULL,615247),('4_Sunday','10','08:00','14:59','Y','MISC','LVCC West/Floor 2/W238','\'Lost & Found\'','\'\'','MISC_f4f070e1b0687b29a5fa01010ab54212','\'\'',NULL,615248),('4_Sunday','11','08:00','14:59','Y','MISC','LVCC West/Floor 2/W238','\'Lost & Found\'','\'\'','MISC_f4f070e1b0687b29a5fa01010ab54212','\'\'',NULL,615249),('4_Sunday','12','08:00','14:59','Y','MISC','LVCC West/Floor 2/W238','\'Lost & Found\'','\'\'','MISC_f4f070e1b0687b29a5fa01010ab54212','\'\'',NULL,615250),('4_Sunday','13','08:00','14:59','Y','MISC','LVCC West/Floor 2/W238','\'Lost & Found\'','\'\'','MISC_f4f070e1b0687b29a5fa01010ab54212','\'\'',NULL,615251),('4_Sunday','14','08:00','14:59','Y','MISC','LVCC West/Floor 2/W238','\'Lost & Found\'','\'\'','MISC_f4f070e1b0687b29a5fa01010ab54212','\'\'',NULL,615252),('3_Saturday','08','08:00','01:59','N','MISC','LVCC West/Floor 2/W238','\'Lost & Found\'','\'\'','MISC_17c314b8a4b0986b183d753ff52c7120','\'Title: Lost & Found
\nWhen: Saturday, Aug 10, 08:00 - 01:59 PDT
\nWhere: LVCC West/Floor 2/W238 - Map
\n
\nDescription:
\nIf you find something that seems to have been lost, please take that item to the nearest NFO Node. The item will enter the DEF CON Lost & Found system.
\n\nIf you\'ve lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in room LVCC - L2 - W238. You may also call Lost & Found at +1 (725) 377-5045.
\n\nThe Lost & Found department plans to be open Thursday - Saturday, during all hours that the conference operates. On Sunday, the Lost & Found department will open with the venue at 08:00, but will close at the beginning of DEF CON 32 Closing Ceremonies (15:00). Shortly thereafter, all remaining lost items will be transferred to the LVCC West Lobby Security Office. If you need to reach LVCC\'s West Lobby Security Office, you may call +1 (702) 943-3532.
\n\n\'',NULL,615253),('2_Friday','10','10:30','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_0bb87e9b4c1b24378598331dc8f67911','\'Title: Ham Radio Fox Hunt
\nWhen: Friday, Aug 9, 10:30 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-A - Map
\n
\nDescription:
\nThis contest is simple, and is designed to teach you the basics of transmitter direction finding and “fox hunting”. We offer multiple levels of difficulty – whether you’ve never done a fox hunt before or are a seasoned pro, you can participate in the hunt! Learning how to locate the source of radio signals is an important tool you can add to your hacker arsenal. Whether you’re hunting for a source of interference, a rogue wireless AP, or tracking down the FCC’s monitoring vans, the real-world skills you will gain from this contest will be invaluable.
\n\nTo participate in the beginner IR foxhunt you will need a device that can receive IR light in the 900nm range – such as many cell phones and digital cameras!
\n\nTo participate in the RF foxhunt(s) you will need a radio or a scanner that can receive signals in the 2m and/or 70cm Amateur Radio Bands (144.000 MHz - 146.000 MHz, 420.000 MHZ - 450.000 MHz)
\n\nSpeakerBio: Ham Radio Village Staff
\nNo BIO available
\n\n\'',NULL,615254),('2_Friday','11','10:30','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_0bb87e9b4c1b24378598331dc8f67911','\'\'',NULL,615255),('2_Friday','12','10:30','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_0bb87e9b4c1b24378598331dc8f67911','\'\'',NULL,615256),('2_Friday','13','10:30','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_0bb87e9b4c1b24378598331dc8f67911','\'\'',NULL,615257),('2_Friday','14','10:30','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_0bb87e9b4c1b24378598331dc8f67911','\'\'',NULL,615258),('2_Friday','15','10:30','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_0bb87e9b4c1b24378598331dc8f67911','\'\'',NULL,615259),('2_Friday','16','10:30','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_0bb87e9b4c1b24378598331dc8f67911','\'\'',NULL,615260),('2_Friday','17','10:30','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_0bb87e9b4c1b24378598331dc8f67911','\'\'',NULL,615261),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_3c2bc7fcd9c6997710b2ef37cd4f5cd0','\'Title: Ham Radio Fox Hunt
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-A - Map
\n
\nDescription:
\nThis contest is simple, and is designed to teach you the basics of transmitter direction finding and “fox hunting”. We offer multiple levels of difficulty – whether you’ve never done a fox hunt before or are a seasoned pro, you can participate in the hunt! Learning how to locate the source of radio signals is an important tool you can add to your hacker arsenal. Whether you’re hunting for a source of interference, a rogue wireless AP, or tracking down the FCC’s monitoring vans, the real-world skills you will gain from this contest will be invaluable.
\n\nTo participate in the beginner IR foxhunt you will need a device that can receive IR light in the 900nm range – such as many cell phones and digital cameras!
\n\nTo participate in the RF foxhunt(s) you will need a radio or a scanner that can receive signals in the 2m and/or 70cm Amateur Radio Bands (144.000 MHz - 146.000 MHz, 420.000 MHZ - 450.000 MHz)
\n\nSpeakerBio: Ham Radio Village Staff
\nNo BIO available
\n\n\'',NULL,615262),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_3c2bc7fcd9c6997710b2ef37cd4f5cd0','\'\'',NULL,615263),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_3c2bc7fcd9c6997710b2ef37cd4f5cd0','\'\'',NULL,615264),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_3c2bc7fcd9c6997710b2ef37cd4f5cd0','\'\'',NULL,615265),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_3c2bc7fcd9c6997710b2ef37cd4f5cd0','\'\'',NULL,615266),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_3c2bc7fcd9c6997710b2ef37cd4f5cd0','\'\'',NULL,615267),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_3c2bc7fcd9c6997710b2ef37cd4f5cd0','\'\'',NULL,615268),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_3c2bc7fcd9c6997710b2ef37cd4f5cd0','\'\'',NULL,615269),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_17cea17bf26f147160856e99cab31111','\'Title: Ham Radio Fox Hunt
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-A - Map
\n
\nDescription:
\nThis contest is simple, and is designed to teach you the basics of transmitter direction finding and “fox hunting”. We offer multiple levels of difficulty – whether you’ve never done a fox hunt before or are a seasoned pro, you can participate in the hunt! Learning how to locate the source of radio signals is an important tool you can add to your hacker arsenal. Whether you’re hunting for a source of interference, a rogue wireless AP, or tracking down the FCC’s monitoring vans, the real-world skills you will gain from this contest will be invaluable.
\n\nTo participate in the beginner IR foxhunt you will need a device that can receive IR light in the 900nm range – such as many cell phones and digital cameras!
\n\nTo participate in the RF foxhunt(s) you will need a radio or a scanner that can receive signals in the 2m and/or 70cm Amateur Radio Bands (144.000 MHz - 146.000 MHz, 420.000 MHZ - 450.000 MHz)
\n\nSpeakerBio: Ham Radio Village Staff
\nNo BIO available
\n\n\'',NULL,615270),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_17cea17bf26f147160856e99cab31111','\'\'',NULL,615271),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-A','\'Ham Radio Fox Hunt\'','\'Ham Radio Village Staff\'','CON_17cea17bf26f147160856e99cab31111','\'\'',NULL,615272),('1_Thursday','10','10:00','16:59','N','HRV','Other / See Description','\'Ham in a Day Class\'','\'Dan \"dan_kb6nu\" Romanchik\'','HRV_703743369285dcebcdcea89c4d57eac0','\'Title: Ham in a Day Class
\nWhen: Thursday, Aug 8, 10:00 - 16:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nLearn and earn your Amateur (Ham) License @ DEF CON 32 with this free class offered by Dan KB6NU and the Ham Radio Village!
\n\nAlways been interested in getting your ham license but never had the time to study? Now\'s your chance! The Ham Radio Village is offering a one-day class where you can learn all the required knowledge to pass the exam.
\n\nTopics include:\n- Electrical Principles\n- Electronic principles and components\n- Radio and electromagnetic wave properties\n- Antennas and Feedlines\n- Amateur Radio Signals\n- Safety\n- Station Setup and Operation\n- Operating Procedures\n- Rules and Regulations
\n\nAfter the class, you can earn your license by taking the exam (for free) at DEF CON on your choice of Friday, Saturday, or Sunday. (Online testing is also available post-conference)
\n\nThe class will run from 10 A.M. to 5 P.M. on Thursday, August 8th at the Clark County Library** located nearby to the LVCC at 1401 E Flamingo Rd. A lunch break will be provided.
\n\nBest of all, this class is completely free, thanks to a grant from the Amateur Radio Digital Communications.
\n\nLast year, we sold out of capacity and had to turn folks away. We highly recommend placing a deposit to reserve your seat. The deposit will be refunded upon attendance of the class.
\n\nNote: this event is not located at the Las Vegas Convention Center but at the nearby Clark County Library. If you\'re planning on taking public transit, it is directly served by bus routes CX, 109, 202. Free parking (with EV charging) is available onsite.
\n\nClark County Library, 1401 E Flamingo Rd, Las Vegas, NV 89119 Google Maps Apple Maps
\n\nThis program is not a Library District event. The views expressed and other information presented are solely those of the producing entity.
\n\nSpeakerBio: Dan \"dan_kb6nu\" Romanchik, Ham Radio Village
\nNo BIO available
\n\n\'',NULL,615273),('1_Thursday','11','10:00','16:59','Y','HRV','Other / See Description','\'Ham in a Day Class\'','\'Dan \"dan_kb6nu\" Romanchik\'','HRV_703743369285dcebcdcea89c4d57eac0','\'\'',NULL,615274),('1_Thursday','12','10:00','16:59','Y','HRV','Other / See Description','\'Ham in a Day Class\'','\'Dan \"dan_kb6nu\" Romanchik\'','HRV_703743369285dcebcdcea89c4d57eac0','\'\'',NULL,615275),('1_Thursday','13','10:00','16:59','Y','HRV','Other / See Description','\'Ham in a Day Class\'','\'Dan \"dan_kb6nu\" Romanchik\'','HRV_703743369285dcebcdcea89c4d57eac0','\'\'',NULL,615276),('1_Thursday','14','10:00','16:59','Y','HRV','Other / See Description','\'Ham in a Day Class\'','\'Dan \"dan_kb6nu\" Romanchik\'','HRV_703743369285dcebcdcea89c4d57eac0','\'\'',NULL,615277),('1_Thursday','15','10:00','16:59','Y','HRV','Other / See Description','\'Ham in a Day Class\'','\'Dan \"dan_kb6nu\" Romanchik\'','HRV_703743369285dcebcdcea89c4d57eac0','\'\'',NULL,615278),('1_Thursday','16','10:00','16:59','Y','HRV','Other / See Description','\'Ham in a Day Class\'','\'Dan \"dan_kb6nu\" Romanchik\'','HRV_703743369285dcebcdcea89c4d57eac0','\'\'',NULL,615279),('2_Friday','11','11:30','12:30','N','HRV','LVCC West/Floor 3/W321','\'SSTV: How To Send Cat Memes Via Ham Radio\'','\'Hamster\'','HRV_a4b2faa5a7c21bbfbee68b086c98b8ce','\'Title: SSTV: How To Send Cat Memes Via Ham Radio
\nWhen: Friday, Aug 9, 11:30 - 12:30 PDT
\nWhere: LVCC West/Floor 3/W321 - Map
\n
\nDescription:
\nSSTV - what the heck is slow scan TV and can you send cat memes with it? In this talk, hamster dives into the history, development and use of SSTV. From this, he will present the design for a wearable device to decode SSTV images and why he thought that was a good idea.
\n\nSpeakerBio: Hamster
\nHamster is an engineer who watched too much MacGyver as a kid and is now doomed to invent more and more complicated ways to make the Angry Pixies dance.
\n\n\n\'',NULL,615280),('2_Friday','12','11:30','12:30','Y','HRV','LVCC West/Floor 3/W321','\'SSTV: How To Send Cat Memes Via Ham Radio\'','\'Hamster\'','HRV_a4b2faa5a7c21bbfbee68b086c98b8ce','\'\'',NULL,615281),('2_Friday','14','14:00','14:59','N','HRV','LVCC West/Floor 3/W321','\'Hacking the Quansheng UV-K5\'','\'Jon Marler\'','HRV_67716da4bff7ced29144dfc27de88b9b','\'Title: Hacking the Quansheng UV-K5
\nWhen: Friday, Aug 9, 14:00 - 14:59 PDT
\nWhere: LVCC West/Floor 3/W321 - Map
\n
\nDescription:
\nThe Quansheng UV-K5 has quickly become the hot new budget radio for new hams and old hams that love to tinker. In this presentation, I will talk about the capabilities of the radio, open source firmware mods, and hardware mods. I\'ll also show why transmitting with a radio on frequencies it can\'t properly filter can be a bad idea!
\n\nSpeakerBio: Jon Marler
\nNo BIO available
\n\n\'',NULL,615282),('3_Saturday','11','11:00','11:59','N','HRV','LVCC West/Floor 3/W321','\'Ham Radio for Hackers\'','\'Dan \"dan_kb6nu\" Romanchik\'','HRV_ac62aad01597c4116827182ef59fca79','\'Title: Ham Radio for Hackers
\nWhen: Saturday, Aug 10, 11:00 - 11:59 PDT
\nWhere: LVCC West/Floor 3/W321 - Map
\n
\nDescription:
\nLots of fun things are happening in amateur radio for those who like to hack on hardware and software. This talk is an introduction to some of them.
\n\nSpeakerBio: Dan \"dan_kb6nu\" Romanchik, Ham Radio Village
\nNo BIO available
\n\n\'',NULL,615283),('3_Saturday','13','13:00','13:30','N','HRV','LVCC West/Floor 3/W321','\'Staying alive off the grid - using APRS and Lambdas to monitor temperature remotely\'','\'Kamikazi\'','HRV_b0cde5f294ed6c87290a7f3bbf0fd24e','\'Title: Staying alive off the grid - using APRS and Lambdas to monitor temperature remotely
\nWhen: Saturday, Aug 10, 13:00 - 13:30 PDT
\nWhere: LVCC West/Floor 3/W321 - Map
\n
\nDescription:
\nWe love our furry friends, but they can\'t always join us - leaving a pet in a vehicle can be very risky, but may also be a necessity. Commercial solutions exist, however these all require monthly subscriptions and cell coverage in order to work. We are hackers! We can do better.
\n\nUsing the Automatic Packet Reporting System (APRS), a digital communications standard that utilizes the 2 meter amateur radio band, I\'ve built a monitoring platform that can alert on high or low temperatures even when cell service isn\'t available. By broadcasting a signal that can be picked up with commercial hand-held radios, backcountry monitoring is possible, and when inside coverage areas, an AWS Lambda, combined with the APRS.FI service enables real-time alerts through SMS messages.
\n\nIn this talk, we\'ll go through the journey of building this off-the-grid temperature monitoring system, including evaluation of off-the-shelf tools commonly used for high-altitude ballooning, discussion of online APIs related to APRS and their limitations, and the risk modelling process related to a system designed for life safety. Attendees will be able to use this knowledge to build their own monitoring systems for use in vehicles, high-altitude balloons, or anywhere else remote monitoring is desired.
\n\nSpeakerBio: Kamikazi
\nNo BIO available
\n\n\'',NULL,615284),('3_Saturday','15','15:00','15:30','N','HRV','LVCC West/Floor 3/W321','\'Clapping cheeks, aka home brew antennas\'','\'Seth\'','HRV_fdea195dc607f95c52ce359508ca07c4','\'Title: Clapping cheeks, aka home brew antennas
\nWhen: Saturday, Aug 10, 15:00 - 15:30 PDT
\nWhere: LVCC West/Floor 3/W321 - Map
\n
\nDescription:
\nMaking and deploying double bazooka antenna out of commonly available materials.
\n\nSpeakerBio: Seth
\nNo BIO available
\n\n\'',NULL,615285),('3_Saturday','16','16:00','16:30','N','HRV','LVCC West/Floor 3/W321','\'Ham Radio in an HOA: Radio in the Face of Your Oppressor\'','\'Danny Quist\'','HRV_aa4b1ea3b1ae5d96691ed6866e5c5acc','\'Title: Ham Radio in an HOA: Radio in the Face of Your Oppressor
\nWhen: Saturday, Aug 10, 16:00 - 16:30 PDT
\nWhere: LVCC West/Floor 3/W321 - Map
\n
\nDescription:
\nHome Owners Association or HOAs make amateur radio difficult. The good antennas are restricted, requiring a little bit of compromise and creativity to work around. This talk is how I worked around my HOA\'s covenants, conditions, and restrictions to operate my antenna.
\n\nThis talk will present actual proven techniques to allow you to operate on all the amateur bands. I will talk about my personal horizontal loop deployment, as well as talk about all the bad antenna options I tried first before getting here.
\n\nSpeakerBio: Danny Quist
\nNo BIO available
\n\n\'',NULL,615286),('4_Sunday','11','11:00','11:30','N','HRV','LVCC West/Floor 3/W321','\'Basic Packet Radio Operation\'','\'Jeremy\'','HRV_9dab90f9e39d23e9b28368cc27a488a1','\'Title: Basic Packet Radio Operation
\nWhen: Sunday, Aug 11, 11:00 - 11:30 PDT
\nWhere: LVCC West/Floor 3/W321 - Map
\n
\nDescription:
\nDo you ever pine for the days of 1200bps communications? Learn how to leverage the power of amateur radio to send digital data, pictures, and even cat memes using packet radio. This presentation will crack open the basics of packet, explore the tools you need (no soldering iron required!), and show you how to join the network buzzing beneath the surface of the RF spectrum.
\n\nSpeakerBio: Jeremy
\nNo BIO available
\n\n\'',NULL,615287),('4_Sunday','11','11:30','11:59','N','HRV','LVCC West/Floor 3/W321','\'Advanced Packet Radio Operation\'','\'Jeremy\'','HRV_76bee41d9b0c88773ee948818d4176a0','\'Title: Advanced Packet Radio Operation
\nWhen: Sunday, Aug 11, 11:30 - 11:59 PDT
\nWhere: LVCC West/Floor 3/W321 - Map
\n
\nDescription:
\nReady to graduate from basic packet? This presentation dives headfirst into the advanced world of packet radio networking. We\'ll explore routing protocols like NETROM and ROSE, conquer the intricacies of setting up your own packet radio node, and delve into the world of HF packet communication.
\n\nSpeakerBio: Jeremy
\nNo BIO available
\n\n\'',NULL,615288),('2_Friday','10','10:30','11:25','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'RF CTF Kick Off Day 1\'','\'RF Hackers\'','RFV_ec72a9157ffa5de6d1a5b3d021528fcc','\'Title: RF CTF Kick Off Day 1
\nWhen: Friday, Aug 9, 10:30 - 11:25 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nPresentation to kick off the Radio Frequency Village CTF with helpful tips for new folks.
\n\nSpeakerBio: RF Hackers
\nNo BIO available
\n\n\'',NULL,615289),('2_Friday','11','10:30','11:25','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'RF CTF Kick Off Day 1\'','\'RF Hackers\'','RFV_ec72a9157ffa5de6d1a5b3d021528fcc','\'\'',NULL,615290),('4_Sunday','10','10:30','12:20','N','SOC','LVCC West/Floor 1/Hall 3/HW3-05-03','\'WarDriver Meetup\'','\'\'','SOC_008d9a0ff17c104d26962fb2845caa7f','\'Title: WarDriver Meetup
\nWhen: Sunday, Aug 11, 10:30 - 12:20 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\n\n\n\'',NULL,615291),('4_Sunday','11','10:30','12:20','Y','SOC','LVCC West/Floor 1/Hall 3/HW3-05-03','\'WarDriver Meetup\'','\'\'','SOC_008d9a0ff17c104d26962fb2845caa7f','\'\'',NULL,615292),('4_Sunday','12','10:30','12:20','Y','SOC','LVCC West/Floor 1/Hall 3/HW3-05-03','\'WarDriver Meetup\'','\'\'','SOC_008d9a0ff17c104d26962fb2845caa7f','\'\'',NULL,615293),('2_Friday','11','11:30','12:25','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Software Defined Radio 101: Capturing Your First RFCTF Flag\'','\'bkobe\'','RFV_e2aada102a835e9add1cc818009c58a0','\'Title: Software Defined Radio 101: Capturing Your First RFCTF Flag
\nWhen: Friday, Aug 9, 11:30 - 12:25 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nSo you just picked up an RTL-SDR? HackRF? Not sure what to do with it or where to get started? This talk is nothing new or ground–breaking, rather a compilation and lessons learned into the world of software defined radios (SDRs), namely to solve challenges for the RF capture the flag. It will cover topics of SDR basics, hardware comparison and capabilities/limitations, software (focusing on Linux-based operating systems), and the tactics, techniques, and procedures to find your first RF CTF flag and get on the scoreboard. By the end, you will have enough tools and knowledge to start hunting for SDR flags in the ongoing capture the flag.
\n\nSpeakerBio: bkobe
\nbkobe is a formally trained electrical engineer who focuses on all things analog/digital circuits to microcontroller/digital signal processors and software defined radios. Background in hardware printed circuit board design, software/firmware development, radios and repeaters (commercial site installation and maintenance), and recently radio mesh networks. Enjoys the camaraderie in this community with common passions, and the sharing of ideas and knowledge. Member of WhatTheFreq! capture the flag team and the Hard Hat Brigade.
\n\n\n\'',NULL,615294),('2_Friday','12','11:30','12:25','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Software Defined Radio 101: Capturing Your First RFCTF Flag\'','\'bkobe\'','RFV_e2aada102a835e9add1cc818009c58a0','\'\'',NULL,615295),('2_Friday','12','12:30','13:25','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Exploiting insecure OTA updates to create the worlds first Toothbrush Botnet and selfreplicating ESP32 worm\'','\'Lozaning\'','RFV_959581a889e20a130a7d2767b4002667','\'Title: Exploiting insecure OTA updates to create the worlds first Toothbrush Botnet and selfreplicating ESP32 worm
\nWhen: Friday, Aug 9, 12:30 - 13:25 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nThis presentation follows the journey of investigating, conceptualizing, and implementing a Wormable Botnet for the Evowera Planck Mini Smart Manual Toothbrush, as fear-mongered by the team at Fortinet. We\'ll start with a high level overview of how the ESP32 OTA process works, as well as cover issues with the reference implementation released by Espressif. We\'ll then pivot to specifically attacking the Evowera Planck mini, dumping the firmware and doing some lite RE, monitoring the devices wireless traffic, theorizing exploits and fuzzing undocumented PCB, writing botnet software, as well as what is involved in getting an ESP32 to serve the firmware it is running as an OTA update to other Evowera Planck Minis. We\'ll then conclude with some proof that the devices do function as a botnet, complete with a stealthy github based C2.
\n\nSpeakerBio: Lozaning
\nLozaning (they/them) has been wardriving for over 10 years and enjoys designing, building, and assembling unorthodox network observation platforms such as: The Wifydra , The International Wigle Space Balloon, and turning an Amtrak roomette into a mobile radio observation lab. Currently ranked as the 63rd best wardriver in the world on Wigle.net, Lozaning loves all things wifi and high precision GNSS related, and is starting to maybe figure out BLE.
\n\n\n\'',NULL,615296),('2_Friday','13','12:30','13:25','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Exploiting insecure OTA updates to create the worlds first Toothbrush Botnet and selfreplicating ESP32 worm\'','\'Lozaning\'','RFV_959581a889e20a130a7d2767b4002667','\'\'',NULL,615297),('2_Friday','13','13:30','14:25','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'iCLASS - Throwing away the keys\'','\'Tiernan \"nvx\" Messmer\'','RFV_ba74cd4605fabbf9837ac5f3ec45c482','\'Title: iCLASS - Throwing away the keys
\nWhen: Friday, Aug 9, 13:30 - 14:25 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nRFID PACS systems are used to secure doors to airports, server rooms, and other high security facilities, but the security is often more marketing than reality. This talk will reveal a new media authentication bypass vulnerability in HID iCLASS and Signo physical access control system RFID readers that has existed for over a decade and the journey of initial discovery, disbelief, vendor disclosure, and patch. While legacy iCLASS has been known to be compromised for years thanks to the research presented in Milosch Meriac’s “Heart of Darkness” and Flavio D. Garcia’s “Dismantling iCLASS and iCLASS Elite” for standard and elite keys respectively. iCLASS SE systems have had a presumed level of security over legacy iCLASS at least as far as direct attacks that don’t involve additional techniques such as downgrading.
\n\nSpeakerBio: Tiernan \"nvx\" Messmer
\nTiernan grew up watching DEF CON talks online and has always enjoyed breaking and bypassing security for fun. By day he works as a software engineer for a not-for-profit, by night he enjoys tinkering, contributing to open-source software, and reverse engineering things that companies would sometimes rather he didn’t. He prefers to hack on software but doesn’t mind getting his hands dirty with hardware when needed. Tiernan believes the best way to determine if he really understands something is if he can successfully explain it to either someone else or create a working implementation in code. This has led him to develop iCLASS/PicoPass card emulation on the Chameleon Tiny/Mini and the Flipper Zero. In recent years he has become a “Hero” of the “RFID Hacking by Iceman” Discord going by “NVX” and can be found on GitHub as nvx.
\n\n\n\'',NULL,615298),('2_Friday','14','13:30','14:25','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'iCLASS - Throwing away the keys\'','\'Tiernan \"nvx\" Messmer\'','RFV_ba74cd4605fabbf9837ac5f3ec45c482','\'\'',NULL,615299),('2_Friday','14','14:30','15:25','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Yet another way of exfiltrating data from air-gapped systems OR Oh no, everything is a radio\'','\'C$,Endeavors\'','RFV_061d3a43d46b4970a3dfc14e044ce780','\'Title: Yet another way of exfiltrating data from air-gapped systems OR Oh no, everything is a radio
\nWhen: Friday, Aug 9, 14:30 - 15:25 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nDevices with radios are everywhere and sooner or later radios will be in everything, maybe even sooner than you think. During our talk we will be sharing CNLohr\'s research about transmitting RF signals without a radio. We will share our findings on how this these new techniques can be abused by an adversary. Finally, we will highlight how so many amazing tools and techniques are available to us because they are open source and why we need to support and protect these kinds of works to sustain a culture of learning and growing.
\n\nSpeakers:C$,Endeavors
\n
\nSpeakerBio: C$, Founder at DCG862 (DEF CON Group 862)
\nMeat-based, Founder of DCG862
\n\nSpeakerBio: Endeavors, Founding Member at DCG862 (DEF CON Group 862)
\nDCG862 founding member
\n\n\n\'',NULL,615300),('2_Friday','15','14:30','15:25','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Yet another way of exfiltrating data from air-gapped systems OR Oh no, everything is a radio\'','\'C$,Endeavors\'','RFV_061d3a43d46b4970a3dfc14e044ce780','\'\'',NULL,615301),('2_Friday','15','15:30','15:55','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Warwheeling: The Wireless Sk8r\'','\'r1otctrl\'','RFV_c9dcf44fbb120b8f31eb3fe62914d176','\'Title: Warwheeling: The Wireless Sk8r
\nWhen: Friday, Aug 9, 15:30 - 15:55 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nWelcome to the next generation of wardriving, where we encourage you to step outside, breathe in the fresh air, and shred the streets as you’re collecting ALL the WIFI. In this presentation, we\'ll dive into the world of Warwheeling, a novel twist on wardriving that involves using a onewheel or any PEV as your mobile exploration hub.
\n\nSpeakerBio: r1otctrl, SOCC Analyst
\nHi! I’m Riøt, a SOCC analyst by day and a warwheeler by night.
\n\nI\'m active in hacker circles like the #Wardriving group on WiGLE, DCG561/305, and Boca 2600. My Onewheel community includes SoFlow, Float Gang, and Orlando Onewheel.
\n\nMy favorite way to touch grass is by going on long Onewheel rides. It\'s a great opportunity to stress-test new rigs while out in the wild.
\n\nI\'m still new to RF, but the past year has been a valuable learning experience in optimizing wireless capture while staying lightweight. Through posting warwheeling content on Instagram, I\'ve connected with others who also found an interest in wardriving while also choosing a PEV as their mode of transport.
\n\n\n\'',NULL,615302),('2_Friday','16','16:00','16:25','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'A Short Introduction to 802.11ah Long Range WiFi HaLow with TaiXin TXW8301 devices\'','\'Ronald Broberg,Robert Van Etta\'','RFV_8741abf528ef35cc1e650f6c9b3b8563','\'Title: A Short Introduction to 802.11ah Long Range WiFi HaLow with TaiXin TXW8301 devices
\nWhen: Friday, Aug 9, 16:00 - 16:25 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nThis presentation is a practical introduction into 802.11ah HaLow WiFi. It starts with a brief description of the IEEE 802.11ah standard, history, and specification and includes a short survey of currently available 802.11ah chipsets and devices. One of these, the TaiXin TXW8301 chipset, is described in detail including hardware, firmware, configuration, and software tools. The radio waveform characteristics are presented as is information in using SDRs to capture and decode the WiFi frames. The presentation concludes with a brief description of the practical uses of 802.11ah devices.
\n\nSpeakers:Ronald Broberg,Robert Van Etta
\n
\nSpeakerBio: Ronald Broberg, Dark Wolf Solutions
\nRonald Broberg is a cyber security engineer formerly with Lockheed Martin and currently with Dark Wolf Solutions where he hacks drones, clones, and cellular phones.
\n\nSpeakerBio: Robert Van Etta, Senior Penetration Tester at Dark Wolf Solutions
\nRobert Van Etta has 19 years of experience in hacking embedded systems and firmware analysis. He has previously worked in USAF Cyber Defense Operations and is now a Senior Penetration Tester at Dark Wolf Solutions.
\n\n\n\'',NULL,615303),('2_Friday','16','16:30','17:25','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Meshtastic Adventures: Triumphs, Tribulations, and Total Mesh-ups.\'','\'m1ddl3w4r3\'','RFV_0a02d385fa752b196bccbb41589a5a9f','\'Title: Meshtastic Adventures: Triumphs, Tribulations, and Total Mesh-ups.
\nWhen: Friday, Aug 9, 16:30 - 17:25 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nThe submitted talk will include the intro technical details of Meshtastic. However, the majority of this talk is aimed at the planning, mapping, business and personal contacts of site owners (and the headaches involved), success and failures of our project and node builds. As well as some advanced settings to hide your node deployments in some creative ways. More of a how to build out your mesh network rather than a technical deep dive.
\n\nSpeakerBio: m1ddl3w4r3
\nFor the past six years, I\'ve been a Defcon attendee and RFCTF competitor. My passion for RF is only rivaled by my love for teaching people \"stuff and things\" – it\'s a technical term, trust me. I\'m a Co-Organizer for a local meetup for hackers in my area called CAH (Central Arkansas Hackers), where we bond over shared interests and a collective lack of sleep. I\'ve also been creating RF challenges at a local CTF (Jolt Hackathon) for the past few years, turning innocent students and professionals into RF hacking aficionados, or at least into people who know how to spell RF. This would be my first Defcon talk, and I\'d love the chance to dazzle (or at least mildly amuse) the audience with my antics.
\n\n\n\'',NULL,615304),('2_Friday','17','16:30','17:25','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Meshtastic Adventures: Triumphs, Tribulations, and Total Mesh-ups.\'','\'m1ddl3w4r3\'','RFV_0a02d385fa752b196bccbb41589a5a9f','\'\'',NULL,615305),('3_Saturday','10','10:30','11:25','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'RF CTF Kick Off Day 2\'','\'RF Hackers\'','RFV_d0f7c3fac88706c67224056ddd9b88e7','\'Title: RF CTF Kick Off Day 2
\nWhen: Saturday, Aug 10, 10:30 - 11:25 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\n\n\nSpeakerBio: RF Hackers
\nNo BIO available
\n\n\'',NULL,615306),('3_Saturday','11','10:30','11:25','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'RF CTF Kick Off Day 2\'','\'RF Hackers\'','RFV_d0f7c3fac88706c67224056ddd9b88e7','\'\'',NULL,615307),('3_Saturday','12','12:30','12:55','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'DoorSim - making my conference travel easier\'','\'evildaemond (Adam Foster)\'','RFV_a62a567fbbfec2904e44ff6f04fd6ba9','\'Title: DoorSim - making my conference travel easier
\nWhen: Saturday, Aug 10, 12:30 - 12:55 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nEarlier this year, I traveled with 2 full suitcases and shipped a 30lbs box to a conference, just to bring along a few readers, a few EACS and mini-doors for a small RFID village. I wanted to make that easier, so this talk will run through the process of planning, designing, and building a better solution, and hopefully make it easier for others to do the same.
\n\nSpeakerBio: evildaemond (Adam Foster)
\nevildaemond is a person who works in information security, with focuses in hardware, web pentesting and physsec, and regularly teaches lockpicking and physsec at conferences across Australia. They\'ve released projects like the physsec-methodlogy, enjoys bug bounty and vulnerability disclosure, and has spent more money on stickers than some companies.
\n\n\n\'',NULL,615308),('3_Saturday','13','13:00','13:59','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Exploring the Cosmos: Hackable Innovations at the Allen Telescope Array\'','\'Luigi Cruz\'','RFV_8af6819bee49196d0367194fd04e9e7f','\'Title: Exploring the Cosmos: Hackable Innovations at the Allen Telescope Array
\nWhen: Saturday, Aug 10, 13:00 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nThe Allen Telescope Array is a radio interferometer array located in Northern California. Each of the 42 antennas is 6 meters in diameter and is distributed randomly over an area of 350 meters. Each dish is sensitive to an ultra-wideband frequency range from 200 MHz to 12 GHz. While in operation, each dish can produce 1.5 GHz of bandwidth for each polarization adding up to 1.3 Tbps of data to be processed in real-time.
\n\nAlthough it\'s scale, the Allen Telescope Array acts like a gigantic Software Defined Radio. The system design gives us the ability to try new concepts not ever tried with great flexibility. This talk will go deep into how the telescope operates from the antenna\'s cryogenically cooled feeds to the state-of-the-art GPU-accelerated digital signal processing pipeline deployed at our on-site data center. All of this while giving special focus to little details that make it special and hackable.
\n\nSpeakerBio: Luigi Cruz
\nLuigi Cruz is a computer engineer working as a staff engineer at the SETI Institute. He created the CUDA-accelerated digital signal processing backend called BLADE currently in use at the Allen Telescope Array (ATA) and Very Large Array (VLA) for beam forming and high-spectral resolution observations. Luigi is also the maintainer of multiple open-source projects like the PiSDR, an SDR-specialized Raspberry Pi image, CyberEther, a heterogenous accelerated signal visualization library, and Radio Core, a Python library for demodulating SDR signals using the GPU with the help of CuPy.
\n\n\n\'',NULL,615309),('3_Saturday','14','14:00','14:59','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Remote Sensor Node Updates for FISSURE - The RF Framework\'','\'Chris Poore\'','RFV_56829a9160b8ba04d62a111a8d37de6f','\'Title: Remote Sensor Node Updates for FISSURE - The RF Framework
\nWhen: Saturday, Aug 10, 14:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nNew updates to FISSURE, the open-source RF framework and toolbox for all things RF, include the addition of deployable remote sensor nodes consisting of general-purpose computers that support many types of radio peripherals. These remote sensor nodes run a small subset of code that can be controlled over a network through the FISSURE Dashboard GUI to perform traditional FISSURE operations and also execute new types of scripted actions that can be run autonomously on startup or semi-autonomously through user interaction.
\n\nFlexible hardware options inherent to the computers and the radio peripherals allow the operator to weigh varying price points and upgrade options depending on the task at hand. Multiple types of COTS single-board computers (Raspberry Pi, Orange Pi, etc.), mini-PCs, laptops, and desktop computers can be supported along with various RF-enabled devices like software-defined radios or Wi-Fi/Bluetooth/Zigbee adapters. The new updates also include the ability to trigger electromagnetic effects using different types of RF, visual, acoustic, and environmental sensors connected to the nodes.
\n\nThe deployment of multiple sensor nodes on the same network unlocks many geospatial applications for future development of FISSURE. Such applications include direction finding, tracking, intrusion detection, mobile deployment, and perimeter defense. A small form factor and autonomous capabilities grant unique opportunities for stealth deployment and packaging onto existing platforms. These updates can also provide a low-cost mechanism for remote workers to conduct combined RF-cybersecurity testing and access specialized RF environments like international localities of interest, laboratories, and test sites.
\n\nThis talk will provide a brief overview of FISSURE and walk through all the new updates relating to the remote sensor node capabilities. To learn more, read about FISSURE on GitHub: https://github.com/ainfosec/FISSURE
\n\nSpeakerBio: Chris Poore, Senior Reverse Engineer at Assured Information Security
\nChris Poore is a Senior Reverse Engineer at Assured Information Security in Rome, NY and is the lead developer for FISSURE. He has expertise discovering vulnerabilities in wireless systems, gaining access to systems via RF, reverse engineering RF protocols, forensically testing cybersecurity systems, and administering RF collection events.
\n\n\n\'',NULL,615310),('3_Saturday','15','15:00','15:25','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Current EW techniques\'','\'Kent Britain\'','RFV_c48085f459bacd4a0162a0b3997af238','\'Title: Current EW techniques
\nWhen: Saturday, Aug 10, 15:00 - 15:25 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nGPS Jamming and GPS Spoofing.\nVulnerabilities in typical GPS receivers\n Some simple mods that can help\nDirection finding on GPS Jammers.\n Overview of DF techniques\nArtillery Radars\nJam resistance HF Communications.\n (Basically the same thing the Germans did when\n they were in the Ukraine!)
\n\nSpeakerBio: Kent Britain
\nKent has an extensive background in Electronic Warfare and will be discussing some of the techniques being used in the Russia-Ukraine conflict
\n\n\n\'',NULL,615311),('3_Saturday','15','15:30','15:55','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Who\'s Afraid of Synthetic Aperture Radar?\'','\'Abraxas3d\'','RFV_bc87281c1420f6e1e5d619836a94853b','\'Title: Who\'s Afraid of Synthetic Aperture Radar?
\nWhen: Saturday, Aug 10, 15:30 - 15:55 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\n\"Synthetic Aperture Radar (SAR) is one of the most useful and interesting techniques in radar, providing high resolution radar satellite images from relatively small satellites. SAR is not limited by the time of day or by atmospheric conditions. It complements satellite photography and other remote sensing techniques, revealing activity on the Earth that would otherwise be hidden. How does the magic happen? This talk will explain the basics of SAR in an accessible and friendly way. That\'s the good news.
\n\nThe bad news? SAR is controlled by ITAR, the International Traffic in Arms Regulations, and is listed in the USML, the United States Munitions List. ITAR regulates the export of defense articles and services and is administered by the US State Department. This includes both products and services as well as technical data. Such as, catalogs of high resolution radar imagery.
\n\nRegulation of SAR chills commercial activity, creating costly and time-consuming burdens. But why does any of this matter to signals hackers? Because technology has overtaken the rules, and devices used by enthusiasts, researchers, students, and hackers are increasingly likely to have enough capability to fall into or near export-controlled categories. The penalties are harsh. Fear of running afoul of ITAR is enough to stop a promising open source project in its tracks.
\n\nIs there a way forward? Yes. ITAR has a public domain carve out. Information that is published and that is generally accessible or available to the public is excluded from control as ITAR technical data. That\'s great in theory, but how can we increase our confidence that we are interpreting these rules correctly? How can we use and build upon these rules, so that our community can learn and practice modern radio techniques with reduced fear and risk? Can we contribute towards regulatory relief when it comes to SAR? We will describe the process, report on the progress, and enumerate the challenges and roadblocks.\"
\n\nSpeakerBio: Abraxas3d, Technical Specialist and Technical Advisor at ARRL
\nMichelle enjoys thinking and doing. Not necessarily in that order.
\n\nShe completed an MSEE from USC in Information Theory while working at Qualcomm Incorporated. Her IEEE work focuses on industry involvement and citizen science. Michelle is a founder and current CEO of Open Research Institute, a non-profit R&D firm that publishes Open Source work to the general public. She is responsible for major regulatory reform in the amateur satellite service. She represents ORI on the FCC Technological Advisory Council, is a Technical Specialist and Technical Advisor for ARRL, and she also serves as the Vice President of an independent telephone company in rural Mississippi.
\n\n\n\'',NULL,615312),('3_Saturday','16','16:00','16:50','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Tracking Real-Time Locations with Rogue WiFi Packets\'','\'Mikey Awbrey\'','RFV_8bd4f791cbbe74a3ca1b3d6156d56852','\'Title: Tracking Real-Time Locations with Rogue WiFi Packets
\nWhen: Saturday, Aug 10, 16:00 - 16:50 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nTracking of Wifi devices is a common requirement in the cybersecurity world from tracking rogue devices to locating bad actors. This presentation will cover a novel technique of combining passive scanning techniques with active scanning using intended behaviors within the 802.11 protocol. Passive scanning is available through software in suites such as Kali, or in tools like a Pineapple, with the disadvantage of being only as fast as the target is willing to send packets. Active scanning has been traditionally relegated to only devices attached to the same Access Point or other, expensive gadgets while gaining the advantage of eliciting responses on command. Using a technique based on Wifi-Polite packets, cheap ESP32s can be leveraged to gain the advantages of active scanning without the requirement of being connected to the same Access Point. The software code operating this powerful combination of active and passive scanning on an inexpensive platform will be publicly released. Attendees will have a clear understanding of the technology, be given the knowledge and code to implement it themselves, and understand the future implications of using devices like this in a cooperative mesh to track targets in real time.
\n\nSpeakerBio: Mikey Awbrey
\nHaving worked for years as an engineer across multiple industries, such as satellite, radar, and UAV, Mikey has a unique, systems based approach to his work. This has lead to a number of critical zero days, and novel applications of hacking techniques. His most recent years have been working as a penetration tester for government and commercial clients alike.
\n\n\n\'',NULL,615313),('4_Sunday','12','12:30','12:59','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'World Wide War Drive Outbrief\'','\'RF Hackers,WiGLE Staff\'','RFV_c06ec8ceecb8eca17e70bc311cf2ae0f','\'Title: World Wide War Drive Outbrief
\nWhen: Sunday, Aug 11, 12:30 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\n\n\nSpeakers:RF Hackers,WiGLE Staff
\n
\nSpeakerBio: RF Hackers
\nNo BIO available
\nSpeakerBio: WiGLE Staff
\nNo BIO available
\n\n\'',NULL,615314),('4_Sunday','10','10:00','12:59','N','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_d1697ec06be27fdcee01dee943ae1442','\'Title: WISP Community & Inclusion Room
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-04 - Map
\n
\nDescription:
\nChill out space to relax with us in a safe place. Grab a non-alcoholic drink, unleash your creativity and unwind with our art therapy, and connect with women and underrepresented communities working in security and privacy.
\n\n\'',NULL,615315),('4_Sunday','11','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_d1697ec06be27fdcee01dee943ae1442','\'\'',NULL,615316),('4_Sunday','12','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_d1697ec06be27fdcee01dee943ae1442','\'\'',NULL,615317),('3_Saturday','10','10:00','17:59','N','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_e2ebe160eaf28161ee7cc8b7379b79fd','\'Title: WISP Community & Inclusion Room
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-04 - Map
\n
\nDescription:
\nChill out space to relax with us in a safe place. Grab a non-alcoholic drink, unleash your creativity and unwind with our art therapy, and connect with women and underrepresented communities working in security and privacy.
\n\n\'',NULL,615318),('3_Saturday','11','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_e2ebe160eaf28161ee7cc8b7379b79fd','\'\'',NULL,615319),('3_Saturday','12','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_e2ebe160eaf28161ee7cc8b7379b79fd','\'\'',NULL,615320),('3_Saturday','13','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_e2ebe160eaf28161ee7cc8b7379b79fd','\'\'',NULL,615321),('3_Saturday','14','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_e2ebe160eaf28161ee7cc8b7379b79fd','\'\'',NULL,615322),('3_Saturday','15','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_e2ebe160eaf28161ee7cc8b7379b79fd','\'\'',NULL,615323),('3_Saturday','16','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_e2ebe160eaf28161ee7cc8b7379b79fd','\'\'',NULL,615324),('3_Saturday','17','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_e2ebe160eaf28161ee7cc8b7379b79fd','\'\'',NULL,615325),('2_Friday','10','10:00','17:59','N','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_14d461130ad6b3af96cdc4b18601889b','\'Title: WISP Community & Inclusion Room
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-04 - Map
\n
\nDescription:
\nChill out space to relax with us in a safe place. Grab a non-alcoholic drink, unleash your creativity and unwind with our art therapy, and connect with women and underrepresented communities working in security and privacy.
\n\n\'',NULL,615326),('2_Friday','11','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_14d461130ad6b3af96cdc4b18601889b','\'\'',NULL,615327),('2_Friday','12','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_14d461130ad6b3af96cdc4b18601889b','\'\'',NULL,615328),('2_Friday','13','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_14d461130ad6b3af96cdc4b18601889b','\'\'',NULL,615329),('2_Friday','14','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_14d461130ad6b3af96cdc4b18601889b','\'\'',NULL,615330),('2_Friday','15','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_14d461130ad6b3af96cdc4b18601889b','\'\'',NULL,615331),('2_Friday','16','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_14d461130ad6b3af96cdc4b18601889b','\'\'',NULL,615332),('2_Friday','17','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Community & Inclusion Room\'','\'\'','MISC_14d461130ad6b3af96cdc4b18601889b','\'\'',NULL,615333),('2_Friday','14','14:00','15:59','N','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'Friendship Bracelet Making\'','\'\'','MISC_4437547e8b9911ac7f55d82abd993cd0','\'Title: Friendship Bracelet Making
\nWhen: Friday, Aug 9, 14:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-04 - Map
\n
\nDescription:
\nMake a friendship bracelet with an exclusive WISP charm.
\n\n\'',NULL,615334),('2_Friday','15','14:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'Friendship Bracelet Making\'','\'\'','MISC_4437547e8b9911ac7f55d82abd993cd0','\'\'',NULL,615335),('3_Saturday','14','14:00','15:45','N','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'Friendship Bracelet Making\'','\'\'','MISC_15339966c7264cabe09f49c9b924dfc2','\'Title: Friendship Bracelet Making
\nWhen: Saturday, Aug 10, 14:00 - 15:45 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-04 - Map
\n
\nDescription:
\nMake a friendship bracelet with an exclusive WISP charm.
\n\n\'',NULL,615336),('3_Saturday','15','14:00','15:45','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'Friendship Bracelet Making\'','\'\'','MISC_15339966c7264cabe09f49c9b924dfc2','\'\'',NULL,615337),('3_Saturday','15','15:45','15:59','N','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'WISP Group Photo\'','\'\'','MISC_81c5337f6f0d3d3ecdc481f4666f3f46','\'Title: WISP Group Photo
\nWhen: Saturday, Aug 10, 15:45 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-04 - Map
\n
\nDescription:
\nGather with members of the Women in Security and Privacy community for a group picture.
\n\n\'',NULL,615338),('3_Saturday','16','16:00','17:59','N','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'Peer-to-Peer Mentoring and Networking with optional Swag, Pin & Sticker Exchange\'','\'\'','MISC_88596909fcd5224ecdd61a70b98cc8dc','\'Title: Peer-to-Peer Mentoring and Networking with optional Swag, Pin & Sticker Exchange
\nWhen: Saturday, Aug 10, 16:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-04 - Map
\n
\nDescription:
\nJoin us Women in Security and Privacy to mingle and network with privacy and security professionals. You can also bring some swag, pins, or stickers to exchange as part of the networking activities.
\n\n\'',NULL,615339),('3_Saturday','17','16:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 3/HW3-05-04','\'Peer-to-Peer Mentoring and Networking with optional Swag, Pin & Sticker Exchange\'','\'\'','MISC_88596909fcd5224ecdd61a70b98cc8dc','\'\'',NULL,615340),('2_Friday','10','10:00','10:10','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Opening Note\'','\'\'','CLV_7c648e7b3effbecc8a7a6776063b0d6b','\'Title: Opening Note
\nWhen: Friday, Aug 9, 10:00 - 10:10 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\n\n\n\'',NULL,615341),('2_Friday','10','10:10','10:50','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Gone in 60 Seconds… How Azure AD/Entra ID Tenants are Compromised\'','\'Sean Metcalf\'','CLV_ee41de7c65debf75d9870aea60e09cd7','\'Title: Gone in 60 Seconds… How Azure AD/Entra ID Tenants are Compromised
\nWhen: Friday, Aug 9, 10:10 - 10:50 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\n60 seconds. 1 minute.
\n\nThat\'s all it takes for an attacker to compromise an account with access.\nAnd the account doesn\'t even need to have obvious privileged rights for the attacker to own the cloud environment.
\n\nThen, once they get Global Admin rights to Azure AD/Entra ID, it\'s game over since they have full admin rights, access to all data, and can easily pivot to control all Azure subscription services and content.
\n\nThis talk walks through the most common ways that attackers compromise the Microsoft Cloud, specifically Azure AD/Entra ID and how to mitigate these attack techniques.
\n\nJoin me in this journey of attacker methods involving account compromise of admin and user accounts, including interesting pairing of role rights, application permissions, and Conditional Access gaps.
\n\nSo go beyond Global Administrator to better understand the Entra ID roles that really matter in the tenant and how application permissions provide attacker opportunity in most environments!
\n\nAttendees will learn both Azure AD/Entra ID attack and defense during this session.
\n\nSpeakerBio: Sean Metcalf
\nSean Metcalf is founder and CTO at Trimarc (TrimarcSecurity.com), a professional services company which focuses on improving enterprise security. He is one of about 100 people in the world who holds the Microsoft Certified Master Directory Services (MCM) Active Directory certification, is a former Microsoft MVP, and has presented on Active Directory, Azure AD/Entra ID, & Microsoft Cloud attack and defense at security conferences such as Black Hat, Blue Team Con, BSides, DEF CON, DerbyCon, Troopers, & the internal Microsoft BlueHat security conference. Sean is also a co-host on the popular weekly podcast Enterprise Security Weekly streamed live every Thursday with recordings available on YouTube. You may have read some of his Active Directory & Azure AD security articles on his site, ADSecurity.org.
\n\n\n\'',NULL,615342),('2_Friday','10','10:50','11:30','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Catch them all! Detection Engineering and Purple Teaming in the Cloud\'','\'Christophe Tafani-Dereeper\'','CLV_38d7a12c86cfd563ef5da0bc269e3c1b','\'Title: Catch them all! Detection Engineering and Purple Teaming in the Cloud
\nWhen: Friday, Aug 9, 10:50 - 11:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nWhere to start looking for attackers in a cloud environment? In a world where cloud providers have hundreds of services and thousands of API calls, getting started can feel overwhelming.
\n\nIn this talk, we lay out the foundations of a modern detection engineering program built and tailored for the cloud, such as threat-informed defense based on real-world attacker activity, emulating common attacker behavior, shortening feedback loops to validate telemetry, and continuous end-to-end testing of threat detection rules. Additionally, we introduce a new open-source project, Grimoire, which allows leveraging pre-built datasets of AWS CloudTrail logs for common attacks.
\n\nYou\'ll gain a hands-on, actionable understanding of how to start identifying threats in your cloud environment, or improve your existing process.
\n\nSpeakerBio: Christophe Tafani-Dereeper
\nChristophe lives in Switzerland and works on cloud security research and open source at Datadog. He previously worked as a software developer, penetration tester and cloud security engineer. Christophe is the maintainer of several open-source projects such as Stratus Red Team, GuardDog, CloudFlair, Adaz, and the Managed Kubernetes Auditing Toolkit (MKAT).
\n\n\n\'',NULL,615343),('2_Friday','11','10:50','11:30','Y','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Catch them all! Detection Engineering and Purple Teaming in the Cloud\'','\'Christophe Tafani-Dereeper\'','CLV_38d7a12c86cfd563ef5da0bc269e3c1b','\'\'',NULL,615344),('2_Friday','11','11:30','12:10','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'The Oracle Awakens: Demystifying Privilege Escalation in the cloud\'','\'Felipe Pr0teus,Lucas Cioffi\'','CLV_c71ebfc555adb2212c74b9222a3b4e96','\'Title: The Oracle Awakens: Demystifying Privilege Escalation in the cloud
\nWhen: Friday, Aug 9, 11:30 - 12:10 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nIn this talk, we explore privilege escalation mechanisms and paths within Oracle Cloud. Privilege escalation, the process by which an attacker gains elevated access and permissions beyond those intended by the cloud administrator, poses a significant threat in cloud environments and can significantly aid an attacker or pentester.
\n\nOur discussion will focus on identifying privilege escalation paths, understanding how cloud administrators can misconfigure policies, and the methods attackers can use to exploit these vulnerabilities. Through carefully designed scenarios and real-world examples, attendees will learn to recognize signs of privilege escalation, thereby enhancing their security posture.
\n\nSpeakers:Felipe Pr0teus,Lucas Cioffi
\n
\nSpeakerBio: Felipe Pr0teus
\nFelipe Espósito also known as Pr0teus, graduated in Information Technology at UNICAMP and has a master\'s degree in Systems and Computing Engineering from COPPE-UFRJ, both among the top technology universities in Brazil. He has over ten years of experience in information security and IT, with an emphasis on security monitoring, networking, data visualization, threat hunting, and Cloud Security. Over the last years he has worked as a Security Researcher for Tenchi Security, a Startup focused in third-party risk management, he also presented at respected conferences such as Hackers 2 Hackers Conference, BHACK, BSides (Las Vegas and São Paulo), FISL, Latinoware, SecTor, SANS SIEM Summit, and Defcon\'s CloudSec and Recon Village.
\n\nSpeakerBio: Lucas Cioffi
\nLucas Cioffi has been working with cybersecurity for 7 years, and focused in Cloud for the last 3. He has a blog where he shares tips and tricks for Cloud Security, and has published some open-source tools. He was a Cloud Security lecturer for a brazilian college in 2022, and is currently pursuing a Masters degree at USP.
\n\n\n\'',NULL,615345),('2_Friday','12','11:30','12:10','Y','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'The Oracle Awakens: Demystifying Privilege Escalation in the cloud\'','\'Felipe Pr0teus,Lucas Cioffi\'','CLV_c71ebfc555adb2212c74b9222a3b4e96','\'\'',NULL,615346),('2_Friday','12','12:10','12:30','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'One Port to Serve Them All - Google GCP Cloud Shell Abuse\'','\'Hubert Lin\'','CLV_d9be90eabb15aed7dbe296e7ac786ecf','\'Title: One Port to Serve Them All - Google GCP Cloud Shell Abuse
\nWhen: Friday, Aug 9, 12:10 - 12:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nThe Cloud Shell feature from cloud service providers offers a convenient way to access resources within the cloud, significantly improving the user experience for both administrators and developers. However, even though the spawned instance has a short lifespan, granting excessive permissions could still pose security risks to users. This talk reveals an abuse methodology that leverages an unexpected, public-facing port in GCP Cloud Shell discovered during recon. Through manipulation in Linux Netfilter\'s NAT table, it serves various internally running services such as HTTP, SOCKS, and SSH within the Cloud Shell container to the public. This configuration could be exploited by adversaries to bypass the Google authentication needed in its Web Preview feature to leak data, to deliver malicious content, or to pivot attack traffic through the Google network.
\n\nSpeakerBio: Hubert Lin
\nHubert Lin is an offensive security expert, specializing in remote vulnerability exploitation, honeypots, and penetration testing. He previously led the signature team for network threat defense and was a senior staff engineer on the Red Team at Trend Micro. In his roles, he assessed network intrusion prevention systems and conducted sanctioned red team exercises to enhance corporate security. Hubert holds certifications as a Red Hat Certified Engineer (RHCE) and an Offensive Security Certified Professional (OSCP). Currently, he works at Netskope as a Sr. Staff Researcher.
\n\n\n\'',NULL,615347),('2_Friday','12','12:30','12:59','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Offensive Breach and Risk Assessment (COBRA)\'','\'Harsha Koushik,Anand Tiwari\'','CLV_392591cf6810a03a41edb9cc64d8d45b','\'Title: Cloud Offensive Breach and Risk Assessment (COBRA)
\nWhen: Friday, Aug 9, 12:30 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nCloud Offensive Breach and Risk Assessment (COBRA) is an open-source tool designed to empower users to simulate attacks within multi-cloud environments, offering a comprehensive evaluation of security controls. By automating the testing of various threat vectors including external and insider threats, lateral movement, and data exfiltration, COBRA enables organizations to gain insights into their security posture vulnerabilities. COBRA is designed to conduct simulated attacks to assess an organization\'s ability to detect and respond to security threats effectively.
\n\nIt facilitates Proof of Concept (POC) evaluations, assesses security controls, measures maturity levels, and generates comprehensive reports, enabling organizations to enhance their cloud security resilience through lifelike threat scenarios.
\n\nCOBRA Features:
\n\nSeamless Integration for POC and Tool Evaluation: COBRA provides seamless integration for Proof of Concept (POC) and tool evaluation purposes. Whether you\'re exploring new cloud-native applications or evaluating existing solutions, COBRA offers a user-friendly interface and flexible deployment options to facilitate effortless testing and assessment.\nComprehensive Assessment of Cloud-Native Security Posture: Gain unparalleled insights into your organization\'s existing cloud-native security posture with COBRA. Our advanced assessment capabilities enable you to identify vulnerabilities, assess security controls, and pinpoint areas for improvement. By understanding your current security posture, you can proactively address gaps and strengthen your defenses against emerging threats.\nBenchmarking Against Industry Standards and Best Practices: COBRA enables you to benchmark your cloud security controls against industry standards and best practices. With our comprehensive benchmarking framework, you can compare your security posture against established benchmarks, identify areas of strength and weakness, and prioritize remediation efforts accordingly.\nActionable Insights and Recommendations: COBRA goes beyond providing insights by providing a report delivering actionable recommendations tailored to your organization\'s specific needs. Whether it\'s optimizing security configurations, implementing additional controls, or enhancing incident response processes, COBRA equips you with the tools and guidance needed to bolster your cloud security defenses.
\n\nContinuous Threat Simulation: COBRA offers a modular and templatized approach for users to easily integrate additional modules, allowing for continuous threat simulation and adaptability, by providing a flexible framework for adding modules, COBRA ensures that users can tailor their threat simulation capabilities according to evolving security needs, making it an ideal platform for continuous threat simulation.
\n\nSpeakers:Harsha Koushik,Anand Tiwari
\n
\nSpeakerBio: Harsha Koushik
\nHarsha Koushik is a security engineer and researcher, passionate about securing digital systems. Specializing in Cloud-Native Application Platform Protection (CNAPP), tackling emerging cyber threats while working at large scales. Additionally, Harsha hosts the security podcast \'Kernel-Space,\' exploring insightful discussions on the latest trends and issues in cybersecurity.
\n\nSpeakerBio: Anand Tiwari
\nAnand Tiwari is an information security professional with a strong technical background working as a Product Manager (PM), focusing on the more technical aspects of a cloud security product. He tries to fill it in by doing in-depth technical research and competitive analysis, given business issues, strategy, and a deep understanding of what the product should do and how the products actually work. He has authored ArcherySec—an open source-tool and has presented at BlackHat, DEF CON USA, and HITB conferences. He has successfully given workshops at many conferences such as DevOpsDays Istanbul, Boston.
\n\n\n\'',NULL,615348),('2_Friday','13','13:00','13:25','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'ExploitIfNotExists: Privilege Escalation & Persistence with Azure Policy\'','\'Zander Mackie\'','CLV_38700948c06b95c807cf6a908c35073a','\'Title: ExploitIfNotExists: Privilege Escalation & Persistence with Azure Policy
\nWhen: Friday, Aug 9, 13:00 - 13:25 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nThe Microsoft Azure threat matrix contains a mysterious and almost empty item: AZT508 - Azure Policy, which suggests this service can break bad but gives almost no details as to how. To quote Microsoft: “Azure Policy helps to enforce organizational standards and to assess compliance at-scale.“ How does this banal sounding service come to be used for attacking Azure users?
\n\nThis talk aims to fill in the picture. We will explore the Azure Policy service and how it can be used for badness: punching holes in acls, creating persistent backdoors on virtual machines, assigning attacker controlled roles to resources, modifying database encryption, etc. I will demo an abuse scenario, and discuss others that can be used for privilege escalation and persistence. I will also discuss a confused deputy attack on this service. Finally, I will share detection and control recommendations.
\n\nTalk Outline:
\n\nThe Azure Policy service (3 mins):\n- What it is, how it works, and how it is intended to be used. This service is billed as an integral part of the Azure compliance story. Policies examine resources and can block or alert on non-compliance.\n- Introduce the components at play and lay the groundwork for understanding later abuse. -----There are lots of interlocking pieces to understand.\n- Introducing policy effects which go far beyond normal auditing scope. Effects are how policies can make changes to resource configuration.
\n\nEstablishing the abuse case: (7 mins)\n- Discussion of evil that can be done with intended functionality including a demo\n- Policy adds an arbitrary script to every VM, which runs as soon as it starts up, calling a reverse shell home.\n- Policy turns off database encryption\n- Policy to assign an RBAC role to attacker controlled account\n- What privileges and roles are need for the above
\n\nPrivesc scenario (7 mins)\n- Policy initiatives - these are higher level groupings of policies\n- Confused deputy attack via initiative\n- The curious case of append actions\n- Policies can append an attacker IP to every new ACL in your environment\n- Adding attacker ssh keys to all VMs
\n\nSpeakerBio: Zander Mackie
\nZander Mackie is a father, husband, security researcher, and developer. He’s worked across the stack as a software engineer, from fixing CSS bugs to writing systems code for container orchestration. He’s driven by a relentless need to figure out how things work and fixing bugs is his favorite.
\n\n\n\'',NULL,615349),('2_Friday','13','13:25','13:59','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Exploit K8S via Misconfiguration .YAML in CSP environments\'','\'Wooseok Kim,Changhyun Park\'','CLV_ef9f1d763db217fba551e0481f43ce41','\'Title: Exploit K8S via Misconfiguration .YAML in CSP environments
\nWhen: Friday, Aug 9, 13:25 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nIn this presentation, we researched vulnerable security configurations that enable attacks on Kubernetes (K8s) clusters and examined how these settings can be exploited in CNCF projects. Kubernetes (K8s) uses YAML files to manage various security settings, leading to potential attacks such as information leakage, excessive permission acquisition, and container escape.
\n\nInitially, this study focused on three security configuration areas in K8s: RBAC, HostPID, and Security Context. We explained the threats present if vulnerable settings are included.
\n\n- RBAC: Excessive permission in K8s resources allows sensitive information theft or access to other nodes\n- HostPID: Access to node process information enables container escape attacks\n- Security Context: Incorrect security settings enable node escape and host access\n
\n\nNext, we created patterns for identifying weak security settings through YAML files. To do this, we conducted a literature review and expanded the vulnerable patterns centered on RBAC proposed in various papers. Additionally, we included other security settings (HostPID, Security Context).\n[Our Pattern vs Paper Pattern]
\n\n1. RBAC:\n - Our: Daemonset, Deployment SA > node Patch and Secret Get/List\n - Paper: Daemonset > node Patch and Secret Get/List\n2. Kind:\n Our: Cluster Role, Role, Role Binding\n Paper: Cluster Role\n3. Other Security configurations:\n - Our: HostPID, SecurityContext\n - Paper: X\n
\n\nUtilizing these patterns, we examined over 150 widely-used 3rd-party CNCF projects in K8s, discovering more than 50 instances of vulnerable patterns.\nWe provide detailed demonstrations of three scenarios for seizing nodes or clusters by using the discovered patterns to set Base Attack conditions.
\n\n[Base Attack Conditions]
\n\n- RBAC > Demonset / Deployment > Service Account > Secret (Get/List) or Node(Patch)\n[Exploit Scenario]\n- Stealing Tokens using Pods with excessive privileges\n- Node Take over via 1 Day (CVE-2022-42889) or hostPID: True or Security Context\n- Take over of another node or cluster using the Service Account Token on the deodorized node \n
\n\nAdditionally, we are aware that 3rd-Party CNCF projects are widely used for convenience when operating K8S in CSPs (AWS, Azure, GCP). Since scenarios can occur in a CSP environment, we demonstrate in more detail.\nFinally, based on these research results, we share vulnerable patterns with project owners to collaborate on patching and issue tracking. Before the presentation, we plan to share any reporting on CVEs and patch notes.
\n\nSpeakers:Wooseok Kim,Changhyun Park
\n
\nSpeakerBio: Wooseok Kim
\nWooseok Kim - Goorm | Site Reliability Engineer | K8S, CSP | SKKU
\n\nSpeakerBio: Changhyun Park
\nChanghyun Park - MatchGroup | Hyperconnect | Security Compliance Analyst | Cloud, GRC | SKKU
\n\n\n\'',NULL,615350),('2_Friday','14','14:00','14:30','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'UnOAuthorized: Discovering the path to privilege elevation to Global Administrator\'','\'Eric Woodruff\'','CLV_f64932360cff88c244d8f4df5917b830','\'Title: UnOAuthorized: Discovering the path to privilege elevation to Global Administrator
\nWhen: Friday, Aug 9, 14:00 - 14:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nFor customers of Microsoft 365 and Azure, obtaining the role of Global Administrator (GA) is every attacker\'s dream - it is the Domain Administrator of the cloud. This makes Global Administrator every organization\'s nightmare of being owned by a threat group or hacker. Luckily, well-defined role-based access control and a strict application consent model can severely limit who gets their fingers on Global Administrator - or does it?
\n\nThis talk explores a novel discovery that resulted in privilege elevation to Global Administrator in Entra ID (Azure AD). Part conversation about the research background, part discussion of the foundational components involved, this talk will walk step-by-step through the path to privilege elevation, and owning Global Admin.
\n\nSpeakerBio: Eric Woodruff
\nThroughout his 24-year career in the IT field, Eric has sought out and held a diverse range of roles, including technical manager in the public sector, Sr. Premier Field Engineer at Microsoft, and Security and Identity Architect in the Microsoft Partner ecosystem. Currently he is a Sr. Cloud Security Architect working as part of the Security Research team at Semperis. Eric is a Microsoft MVP for security, recognized for his expertise in the Microsoft identity ecosystem. Outside of work, Eric supports the professional community, providing his insights and expertise at conferences, participating on the IDPro Body of Knowledge committee, and blogging about Entra and related cloud security topics.
\n\n\n\'',NULL,615351),('2_Friday','14','14:30','15:10','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Attacking and Defending Software Supply Chains: How we got Admin in your Clouds!\'','\'Mike Ruth\'','CLV_aa1476a16ffa5b50533fa0aebdfbcf99','\'Title: Attacking and Defending Software Supply Chains: How we got Admin in your Clouds!
\nWhen: Friday, Aug 9, 14:30 - 15:10 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nThis talk will explore how default configurations in reference architectures of our most commonly used software supply chain services can lead to a handful of unsavory outcomes including secrets exfiltration, lateral movement, and privilege escalation within production cloud and SaaS environments. We\'ll take a close look at how many of the interactions between people and CI|CD services are not as safe as we think. Some examples we’ll look at:
\n\n- Abusing PRs against Github repositories allows for execution of code prior to code review & merge, for all downstream services (GH Actions, Buildkite, & Terraform)\n- Multi-tenant infrastructures in CI like Buildkite lead to over-authorization & access to production cloud secrets\n- Lacking Pipeline Based Access Control (PBAC) in CI services like Buildkite leads to code execution in production cloud environments\n
\n\nAfter we identify the pitfalls in our by-default configurations, we’ll demonstrate how best to modify them using available tools, services, & best practices.
\n\nSpeakerBio: Mike Ruth
\nMike is a Senior Staff Security Engineer at Rippling, where he works on securing the world’s best All-In-One HR & IT Platform. Previously the technical lead for Infrastructure Security at companies such as Brex & Cruise, Mike has over thirteen years of experience securing, designing, and deploying cloud infrastructure & SaaS services.
\n\n\n\'',NULL,615352),('2_Friday','15','14:30','15:10','Y','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Attacking and Defending Software Supply Chains: How we got Admin in your Clouds!\'','\'Mike Ruth\'','CLV_aa1476a16ffa5b50533fa0aebdfbcf99','\'\'',NULL,615353),('2_Friday','15','15:10','15:40','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Epyon - Attacking DevOps environments\'','\'Victor Pasknel\'','CLV_511f5e7f3c5d9c82c5a0951b00d2e5b1','\'Title: Epyon - Attacking DevOps environments
\nWhen: Friday, Aug 9, 15:10 - 15:40 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nA CI/CD pipeline is a sequence of steps designed to automate the software delivery process. DevOps environments consist of multiple systems that collaborate to facilitate CI/CD pipelines. However, DevOps systems are significant targets for attackers due to their possession of credentials and access keys for various components, including domain accounts, databases, and cloud assets.\nEpyon is a versatile tool for red teamers to target common DevOps systems. It is open source and written entirely in Golang. Moreover, it features multiple modules, such as GitLab, SonarQube, and Azure DevOps.\nDuring this demonstration, I will present examples (based on real project experiences) of how to utilize Epyon for privilege escalation and lateral movement within a DevOps environment.
\n\nSpeakerBio: Victor Pasknel
\nCybersecurity professional with a proven track record of 13 years in executing red-team operations, penetration testing, war games, and vulnerability assessments. Possessing a strong academic background, including a PhD in Applied Informatics from the University of Fortaleza (Brazil) earned in 2022, coupled with over a decade of experience as a university professor specializing in information security.
\n\n\n\'',NULL,615354),('2_Friday','15','15:40','17:40','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Hands-On Container Image Security: Mastering Sigstore for Unbreachable Integrity\'','\'Mohammed Ilyas Ahmed,Syed Aamiruddin\'','CLV_b70cea6f45dc6c311b3bbefee3a9b4fa','\'Title: Hands-On Container Image Security: Mastering Sigstore for Unbreachable Integrity
\nWhen: Friday, Aug 9, 15:40 - 17:40 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nIn the ever-evolving landscape of containerized applications, ensuring the integrity and security of your container images is paramount. Join us for an immersive, hands-on workshop titled \"Hands-On Container Image Security: Mastering Sigstore for Unbreachable Integrity,\" where we\'ll dive deep into securing your container images using the cutting-edge open-source tools Cosign and Rekor from the Sigstore project.
\n\nThis workshop will provide a comprehensive, practical introduction to Sigstore tools, demonstrating how they can be seamlessly integrated into your DevOps workflows. We\'ll begin with a brief overview of the common security challenges associated with container images and how Sigstore addresses these issues by providing automated and tamper-proof signing and verification processes.
\n\nParticipants will then engage in hands-on exercises, where they\'ll:\n1. Learn to sign container images and verify their integrity using Cosign. We\'ll guide you through setting up Cosign, signing your first image, and verifying its signature, ensuring you have a solid understanding of this powerful tool.\n2. Delve into using Rekor, Sigstore\'s transparency log, to record and verify signed image metadata. You\'ll experience firsthand how Rekor enhances security by providing an immutable log of all signed images, ensuring accountability and traceability.\n3. Discover how to seamlessly integrate these tools into your existing DevOps pipelines, automating the signing and verification process, and ensuring that only trusted and verified images make it to production environments.
\n\nBy the end of this workshop, you\'ll have gained hands-on experience with Sigstore tools and a deep understanding of how to implement them in your own environment. This session is tailored for DevOps engineers, security professionals, and software developers who are committed to enhancing their container security practices.
\n\nDon\'t miss this unique opportunity to acquire practical knowledge and skills in securing your container images. Join us and learn how to leverage Sigstore\'s powerful tools to ensure your container images are secure, verified, and trustworthy, safeguarding your applications from potential threats.
\n\nSpeakers:Mohammed Ilyas Ahmed,Syed Aamiruddin
\n
\nSpeakerBio: Mohammed Ilyas Ahmed
\nMohammed Ilyas Ahmed is an industry professional with extensive expertise in security within the DevSecOps domain, where he diligently works to help organizations bolster their security practices. With a fervent dedication to enhancing security posture, Mohammed\'s insights and guidance are invaluable to those navigating the complex landscape of DevSecOps. In addition to his involvement in industry events, Mohammed is an active speaker and judge, lending his expertise to technical sessions at prestigious conferences. His commitment to advancing knowledge is evident through his research contributions at Harvard University, where he contributes to journal publications, enriching the academic discourse surrounding security practices, and as a distinguished member of the Harvard Business Review Advisory Council, underscores his commitment to advancing knowledge and fostering collaboration between academia and industry.\nMohammed Ilyas Ahmed\'s influence extends even further as a Member of the Global Advisory Board at Vigitrust Limited, based in Dublin, Ireland. This additional role highlights his international reach and his involvement in shaping global strategies for cybersecurity and data protection.\nMohammed\'s dedication to excellence is further highlighted by his numerous certifications, which serve as a testament to his proficiency and depth of knowledge in the security domain. However, beyond his professional pursuits, Mohammed is a multifaceted individual with a diverse range of interests, adding richness to his character and perspective.
\n\nSpeakerBio: Syed Aamiruddin
\nAamiruddin Syed is a Senior Product Security Engineer with over eight years of industry experience. Specializing in DevSecOps, Shift-Left Security, cloud security, and internal penetration testing, he excels in automating security within CI/CD pipelines, developing security automation, and integrating security into infrastructure as code. His work involves securing cloud platforms by implementing best infrastructure provisioning and configuration practices. His penetration testing skills enable him to conduct targeted internal assessments of critical applications and systems, proactively identifying risks. He bridges the gap between security and engineering teams, embedding security directly into products, including those in the manufacturing sector.\nAamiruddin holds dual master’s degrees in Cybersecurity from Northeastern University and Jadavpur University. As a recognized security advocate, he frequently speaks at industry conferences, chairs technical conferences such as ICCTICT, and serves as a judge for the Globee Awards for Cybersecurity. He actively contributes to open-source security tools designed to make security seamless for developers. In his free time, Aamiruddin enjoys traveling and photography.
\n\n\n\'',NULL,615355),('2_Friday','16','15:40','17:40','Y','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Hands-On Container Image Security: Mastering Sigstore for Unbreachable Integrity\'','\'Mohammed Ilyas Ahmed,Syed Aamiruddin\'','CLV_b70cea6f45dc6c311b3bbefee3a9b4fa','\'\'',NULL,615356),('2_Friday','17','15:40','17:40','Y','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Hands-On Container Image Security: Mastering Sigstore for Unbreachable Integrity\'','\'Mohammed Ilyas Ahmed,Syed Aamiruddin\'','CLV_b70cea6f45dc6c311b3bbefee3a9b4fa','\'\'',NULL,615357),('3_Saturday','10','10:00','10:30','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'GCPwn: A Pentester\'s GCP Tool\'','\'Scott Weston\'','CLV_cbaf80fa5bffb6393804bc02329ec252','\'Title: GCPwn: A Pentester\'s GCP Tool
\nWhen: Saturday, Aug 10, 10:00 - 10:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nWhen discussing the various cloud providers within the last decade, Google Cloud Platform (GCP) is often seen as the smaller provider following AWS and Azure with regards to market share. While GCP might appear smaller than its rival cloud providers, it still is very much in use today, and with this use comes the opportunities for developing pentesting tools. As I\'ve been learning GCP over the last year, I have been making a framework in python (much like Pacu for AWS) specifically for GCP. This includes enumeration modules for some of the core services (Cloud Storage, Cloud Functions, Cloud Compute, IAM) along with the incorporation of numerous exploit modules, many of them rooted in Rhino Security\'s currently public GCP exploit repository (https://github.com/RhinoSecurityLabs/GCP-IAM-Privilege-Escalation/tree/master). In addition, the framework is built such that it should be easy for a first-time GCP user or beginner to code and develop modules that focus on purely navigating individual resources and easily drop those into the framework. The overall goal is to make an up-to-date, maintained enumeration and exploit toolset for GCP pentesters/red teams/researchers alike that reduces the barrier of entry for learning GCP by allowing average users to make their own modules that easily incorporate with the overall framework.
\n\nSpeakerBio: Scott Weston
\nOriginally from southern CA, I am currently a senior security consultant for NetSPI based out of Minneapolis, MN. My assessment experience includes web applications, AWS, GCP, and external networks. I spoke about AWS organizations at fwd:cloudsec 2023 with most of the talk summarized in the 2 part blogpost here: https://www.netspi.com/blog/technical-blog/cloud-pentesting/pivoting-clouds-aws-organizations-part-1/. I got accepted to speak at fwd:cloudsec 2024 for a new tool I\'ve been making to pentest GCP environments (mirroring Pacu-like structure). In my spare time I like to pursue bug bounties if the opportunity arises, play videogames, assume the role of dungeon master every so often, and just hang out.
\n\n\n\'',NULL,615358),('3_Saturday','10','10:30','11:10','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Terraform Unleashed: Crafting Custom Provider Exploits for Ultimate Control\'','\'Alex Foley,Rupali\'','CLV_e3101c3eb274bc707197a4ab888a032f','\'Title: Terraform Unleashed: Crafting Custom Provider Exploits for Ultimate Control
\nWhen: Saturday, Aug 10, 10:30 - 11:10 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nTerraform is a leading Infrastructure as Code (IaC) solution. It empowers developers to create custom providers for provisioning a wide array of infrastructure resources. Terraform provider functions as binary files on the server and interacts with terraform binary through RPC communication during terraform run. These providers, running as binary files on the Terraform server, enable developers to build custom functions that could be exploited to gain unauthorised access, potentially compromising the Terraform server, and exposing sensitive credentials and data.
\n\nIn this talk, we\'ll explore the inner workings of custom provider modules and how their functions can be leveraged to exploit vulnerabilities in Terraform Enterprise. We will also cover developing a custom provider and utilities the same for gaining access to the terraform server extracting the cloud credentials. We will also present various architectural solutions around TFE and best practices for minimising these attack vectors. Furthermore, the session will provide actionable steps for assessing the security posture of custom providers to ensure a robust defence.
\n\nSpeakers:Alex Foley,Rupali
\n
\nSpeakerBio: Alex Foley
\nAlex Foley is a broadly experienced information technology and security professional with over 25 years of experience planning, managing, implementing, securing, supporting, and scaling diverse technology platforms and teams. He is currently the founder of Axl.net security and serves as Vciso to over 100 Plus startups focusing on cloud security posture management , architecture review and Compliance standards. Over the course of his career, he\'s had the opportunity to wear many hats and do \"all the things\" within product development and operations. This broad experience has enabled Alex to bring this depth of understanding to the CISO role for multiple organizations.
\n\nSpeakerBio: Rupali
\nRupali brings over 8 years of cybersecurity experience, specializing in penetration testing and red teaming. Currently a Lead Security Architect at Axl.net security, she oversees cloud security and penetration testing engagements. Her credentials include notable certifications like OSCP, OSWE, AWS Security Specialist, and GCPN. She has presented at prominent conferences like Black Hat Asia, DevSecCon, and CoCon.
\n\n\n\'',NULL,615359),('3_Saturday','11','10:30','11:10','Y','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Terraform Unleashed: Crafting Custom Provider Exploits for Ultimate Control\'','\'Alex Foley,Rupali\'','CLV_e3101c3eb274bc707197a4ab888a032f','\'\'',NULL,615360),('3_Saturday','11','11:10','11:50','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Identity Theft is not a Joke, Azure!\'','\'Karl Fosaaen\'','CLV_ab4bb991712bba0875e700410709f49d','\'Title: Identity Theft is not a Joke, Azure!
\nWhen: Saturday, Aug 10, 11:10 - 11:50 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nAs Azure services continue to expand and evolve, their associated authentication methodologies have also changed. Having mostly moved away from storing credentials in cleartext, most Azure services utilize Managed Identities to offer a more secure approach to access management. However, Managed Identities can bring their own challenges and risks.\nIn this talk, we delve into the nuanced landscape of Managed Identities across multiple Azure services. We explore how attackers exploit access to services with these identities to escalate privileges, move laterally, and establish persistence within Azure tenants. We will also provide helpful tips for defenders trying to identify these attacks. Finally, we will showcase a tool designed to automate attacks against User-Assigned Managed Identities.
\n\nSpeakerBio: Karl Fosaaen
\nAs a VP of Research, Karl is part of a team developing new services and product offerings at NetSPI. Karl previously oversaw the Cloud Penetration Testing service lines at NetSPI and is one of the founding members of NetSPI\'s Portland, OR team. Karl has a Bachelors of Computer Science from the University of Minnesota and has been in the security consulting industry for 15 years. Karl spends most of his research time focusing on Azure security and contributing to the NetSPI blog. As part of this research, Karl created the MicroBurst toolkit to house many of the PowerShell tools that he uses for testing Azure. In 2021, Karl co-authored the book \"Penetration Testing Azure for Ethical Hackers\" with David Okeyode.
\n\n\n\'',NULL,615361),('3_Saturday','11','11:50','12:15','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'One Click, Six Services: Abusing The Dangerous Multi-service Orchestration Pattern\'','\'Liv Matan\'','CLV_65a0a09ae553a4baef8ccf2c9cb0310c','\'Title: One Click, Six Services: Abusing The Dangerous Multi-service Orchestration Pattern
\nWhen: Saturday, Aug 10, 11:50 - 12:15 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nCloud providers build their services a little like Jenga towers. They use their core services as the foundation of more popular customer-facing offerings. You may think you’re just creating a GCP cloud function in an empty account. In reality, with one click, you’re creating resources in six different services: a Cloud Build instance, a Storage Bucket, an Artifact Registry or a Container Registry, and possibly a Cloud Run instance and Eventarc triggers. The security of the entire stack is only as strong as the weakest link.
\n\nBy looking at the entire stack, we can find privilege escalation techniques and even vulnerabilities that are hidden behind the stack. In my research, I was able to find a novel privilege escalation vulnerability and several privilege escalation techniques in GCP.
\n\nThe talk will showcase a key concept, sometimes not discussed enough: cloud services are built on top of each other, and one click in the console can cause many things to happen behind the scenes. More services mean more risks and a larger attack surface.
\n\nThe next part will dive deep into the vulnerable GCP cloud functions deployment flow. I will showcase the vulnerability I found in this flow, which enables an attacker to run code as the default Cloud Build service account by exploiting the deployment flow and the flawed trust between services resulting in a large fix and change in GCP IAM and Cloud Functions. This would grant an attacker high privileges to key services such as Storage, Artifact Registry, and Cloud Build.
\n\nHowever, this talk is about more than just a vulnerability. By understanding cross-service dependency, we can reveal a broad attack surface for many possible privilege escalation vectors between services. I will demo a simple tool I wrote to find the hidden APIs that are called by the CSP when performing an action.
\n\nBy the end of this talk, the audience will learn the dangers of treating cloud services like a black box. The talk explains the hidden deployment flow behind one important stack, and provides the tools to uncover the risks of many more.
\n\nSpeakerBio: Liv Matan
\nLiv Matan (@terminatorLM) is a Senior Security Researcher at Tenable, where he specializes in application and web security. He previously worked as a Security Researcher at Ermetic and served in the Israeli Intelligence Corps as a Software Developer.\nAs a bug bounty hunter, Liv has found several vulnerabilities in popular software platforms, such as Azure, Google Cloud, AWS, Facebook and Gitlab, was recognized by Microsoft as a Most Valuable Researcher, and has presented at conferences such as DEF CON Cloud Village and fwd:cloudsec.\nLiv studied computer science at the Weizmann Institute of Science, in Israel. In his free time, he boxes, lifts weights and plays Capture the Flag (CTF).
\n\n\n\'',NULL,615362),('3_Saturday','12','11:50','12:15','Y','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'One Click, Six Services: Abusing The Dangerous Multi-service Orchestration Pattern\'','\'Liv Matan\'','CLV_65a0a09ae553a4baef8ccf2c9cb0310c','\'\'',NULL,615363),('3_Saturday','12','12:15','12:40','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Finding Holes in Conditional Access Policies\'','\'Brandon Colley\'','CLV_710bf02cee7b21c92475ca476ca32aea','\'Title: Finding Holes in Conditional Access Policies
\nWhen: Saturday, Aug 10, 12:15 - 12:40 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nMicrosoft Entra Conditional Access sits at the forefront of organization\'s security boundaries. The ever-changing climate of conditional access continues to give administrators more and more security controls. The tradeoff of which is increased complexity when attempting to balance security and productivity. The more policies deployed in a tenant, the greater the chance for misconfigurations that create opportunities for exploitation. Whether you\'re a cloud administrator, security consultant, or adversary, the goal remains the same: to find the holes in conditional access.
\n\nThis talk discusses lessons learned from real-life engagements and identifies multiple strategies for evaluating conditional access. Topics and tooling are explored that view conditional access from several different angles. First, understanding PowerShell and Graph API is vital when combing through policies, finding gaps in user, group, role, location, application, or device configuration. Second, simulation of logon criteria and reporting on authentication events helps to understand where policies fall short. Finally, creating a visual representation of each policy is helpful to better see policy details or build executive reports. Each of these provides an important piece of the puzzle when attempting to identify methods to bypass security controls. Audience members should expect to leave with an arsenal of new tools and techniques to continuously monitor conditional access for risk.
\n\nSpeakerBio: Brandon Colley, Senior Security Consultant at Trimarc
\nBrandon Colley has over fifteen years of experience administering and securing Active Directory (AD) and Windows environments. Brandon is a Senior Security Consultant for Trimarc specializing in providing reality-based AD and Entra ID security assessments. He served as a systems administrator for multiple organizations before shifting career focus to information security. He has published multiple articles through Quest, Practical 365 and Trimarc Hub. Brandon enjoys speaking engagements and has previously presented at BsidesKC, Hackers Teaching Hackers, and PancakesCon. He co-hosts a weekly podcast, interviewing infosec professionals and has appeared on multiple broadcasts, including the Phillip Wylie Show. Brandon delivers material in a humorous, yet effective manner with a focus on content built for a Blue Team through a Red lens.
\n\n\n\'',NULL,615364),('3_Saturday','12','12:40','13:10','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Revealing Choke Points: Practical Tactics for Boosting Cloud Security\'','\'Filipi Pires\'','CLV_c4017ddd65a29a538f92ca36d0c7940f','\'Title: Revealing Choke Points: Practical Tactics for Boosting Cloud Security
\nWhen: Saturday, Aug 10, 12:40 - 13:10 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nDuring this presentation, we will address the critical importance of permission management in Cloud Native integrations and how an inadequate permissions model can create significant advantages for attackers. We will demonstrate how an attacker can exploit standard permissions to achieve privilege escalation, explain what Choke Points are, and illustrate Attack Paths in practice, showing how an attacker can progress towards success in their objectives. As the ultimate goal of this talk, we will present practical actions to enhance the security of your environment in this context and mitigate these threats.
\n\nSpeakerBio: Filipi Pires, Founder at Black&White Technology
\nI’ve been working as Security and Threat Researcher and Cybersecurity Advocate at senhasegura, Founder at Black&White Technology, Cybersecurity Advocate, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US, Canada, France, Spain, Germany, Poland, and others, I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I\'m Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).
\n\n\n\'',NULL,615365),('3_Saturday','13','12:40','13:10','Y','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Revealing Choke Points: Practical Tactics for Boosting Cloud Security\'','\'Filipi Pires\'','CLV_c4017ddd65a29a538f92ca36d0c7940f','\'\'',NULL,615366),('3_Saturday','13','13:10','13:50','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Runtime Reachability: Prioritizing Vulnerabilities with eBPF & Continuous Profiling\'','\'Sam \"Frenchie\" Stewart\'','CLV_0e69cf7894191a0ac1ff8d1f4aaffcc4','\'Title: Runtime Reachability: Prioritizing Vulnerabilities with eBPF & Continuous Profiling
\nWhen: Saturday, Aug 10, 13:10 - 13:50 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nAs security engineers, managing risk means making informed decisions about which vulnerabilities to address first. We are often too time constrained, and the signal-to-noise ratio of current SAST/SCA tooling is too low.
\n\nThis talk introduces \"Runtime Reachability,\" a novel approach that leverages Continuous Profiling via eBPF to quantify how often a vulnerable method/codepath is called, in actual production usage. By understanding the runtime behavior of applications, security teams can effectively filter out low-likelihood vulnerabilities, prioritize fixes more effectively, reduce toil & the overall risk to their organization.
\n\nSpeakerBio: Sam \"Frenchie\" Stewart
\nFrenchie is the founder & CEO of Ensignia Security. Previously: InfraSec @ Brex/Cruise/Culture Amp. He has previously presented on cloud, cluster, container & CI/CD security (anything starting with a C, really) at BSidesSF/Melbourne/Canberra, ProjectDiscovery\'s Hardly Strictly Security and Kiwicon conferences, amongst others. Frenchie is far too biased to answer this question, and instead chooses to break the 4th wall.
\n\n\n\'',NULL,615367),('3_Saturday','13','13:50','15:50','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Connecting the Dots: Mastering Alert Correlation for Proactive Defense in the Cloud\'','\'Ezz Tahoun\'','CLV_289363ba676a870a844ada69482bed04','\'Title: Connecting the Dots: Mastering Alert Correlation for Proactive Defense in the Cloud
\nWhen: Saturday, Aug 10, 13:50 - 15:50 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nInterpret the vast amount of alerts (from different sources) received with a comprehensive, hands-on autonomous attack correlation & false positive detection workshop designed to enhance your proactive defense in the cloud. The workshop aims to demystify the process of identifying coordinated attacks amidst this noise, empowering attendees to improve their efficacy & utilize the cloud cost-effectiveness.
\n\nNo data science expertise is required. Little cloud & secops expertise is required.
\n\nIntro:\n- The session begins with a foundational overview of event analysis challenges and state of the art.\n- Participants will learn about the ATT&CK framework, focusing on its Flows, Tactics, & Techniques to standardize threat detection.
\n\nAI & Data:\n- A deep dive into accessible open-source AI tools will follow, featuring clustering algorithms, natural language processing, & Markov chains.\n- Guidance on importing, cleaning, & normalizing data will ensure accuracy in subsequent analyses.\n- Participants will have access to a demo environment to apply these tools interactively.
\n\nMapping Alerts:\n- Techniques for automated mapping of alerts to ATT&CK will be demonstrated.\n- Attendees will engage in mapping exercises using AI.
\n\nClustering Alerts:\n- The workshop will cover clustering methods based on temporal, spatial, & technical attributes.\n- Participants will engage in clustering sample alerts to form contextualized attack steps.
\n\nCorrelating Alerts:\n- The importance of killchains in cybersecurity will be highlighted, with methods to link attack steps into cohesive killchains.\n- Participants are guided in creating & analyzing killchains to identify coordinated attacks.
\n\nTickets:\n- Criteria for creating FP Tickets, Incident Tickets, & Attack Story Tickets will be outlined.\n- Participants will engage in generating sample tickets, ensuring each type is comprehensive & actionable.
\n\nIntegrating & QA:\n- The session will cover integration into existing SOC setups & automation using scripts & tools.\n- Demonstrations will show how to maintain & update the system for continuous improvement, emphasizing cost-effective cloud automation.\n- QA, troubleshooting, & further resources.
\n\nBy the end of this interactive workshop, participants will have experience with AI tools mapping alerts to Techniques, clustering them into contextualized attack steps, & constructing comprehensive killchains to uncover coordinated attacks. Additionally, they will learn to generate actionable tickets for immediate response & long-term improvements in their security posture, all without needing advanced data science knowledge. This session encourages practical application in participants\' environments & further exploration of the vast capabilities of open-source AI in cybersecurity, & showcases the power of cloud cost-effectiveness in big data analytics (sagemaker, s3, lambda, etc.).
\n\nSpeakerBio: Ezz Tahoun
\nEzz Tahoun, a distinguished cyber-security data scientist, who won AI & innovation awards at Yale, Princeton and Northwestern. He also got innovation awards from Canada’s Communications Security Establishment, Microsoft US, Trustwave US, PIA US, NATO, and more. He ran data science innovation programs and projects for OrangeCyber Defense, Forescout Technologies, Royal bank of Canada, Governments, and Huawei Technologies US. He has published 20 papers, countless articles and 15 open source projects in the domain. When he was 19 years old he started his CS PhD in one of the top 5 labs in the world for cyber & AI, in the prestigious University of Waterloo, where he published numerous papers and became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH. He was an adjunct professor of cyber defense and warfare at Toronto’s school of management.
\n\n\n\'',NULL,615368),('3_Saturday','14','13:50','15:50','Y','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Connecting the Dots: Mastering Alert Correlation for Proactive Defense in the Cloud\'','\'Ezz Tahoun\'','CLV_289363ba676a870a844ada69482bed04','\'\'',NULL,615369),('3_Saturday','15','13:50','15:50','Y','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Connecting the Dots: Mastering Alert Correlation for Proactive Defense in the Cloud\'','\'Ezz Tahoun\'','CLV_289363ba676a870a844ada69482bed04','\'\'',NULL,615370),('3_Saturday','16','16:00','17:59','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Exploiting common vulnerabilities in AWS environments\'','\'Seth Art\'','CLV_4ef05b2981d8a8d2e83d834be58e2fb8','\'Title: Exploiting common vulnerabilities in AWS environments
\nWhen: Saturday, Aug 10, 16:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nWhether you are responsible for attacking or defending cloud environments, you want to know how attackers compromise them and what successful post-exploitation looks like in the cloud.
\n\nThis workshop focuses on learning how attackers typically compromise cloud environments, and what post-exploitation looks like. Each workshop attendee will have access to an AWS account deployed with a collection of intentionally vulnerable cloud resources that represent misconfigurations exploited during real cloud penetration tests.
\n\nIn most cases, attackers gain initial access to cloud environments in one of three ways: They compromise a vulnerable application or service in the cloud, a misconfigured cloud resource, or a user with access to the cloud. In this workshop we will be attacking an intentionally vulnerable cloud environment with all three types of vulnerabilities.
\n\nEach section of the workshop will start with an instructor led introduction followed by hands-on hacking. There is something for everyone, regardless of your offensive skill level. Anyone familiar with Linux commands and the AWS CLI is welcome to attend, and even those who have been in the field for years will find something to challenge them.
\n\nSpeakerBio: Seth Art
\nSeth Art is a Senior Security Advocate at Datadog. Prior to joining Datadog, Seth created and led the Cloud Penetration Testing practice at Bishop Fox. He is the author of multiple cloud focused open source tools including BadPods, IAMVulnerable, and CloudFoxable, and the co-creator of the popular cloud penetration testing tool, CloudFox.
\n\n\n\'',NULL,615371),('3_Saturday','17','16:00','17:59','Y','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Exploiting common vulnerabilities in AWS environments\'','\'Seth Art\'','CLV_4ef05b2981d8a8d2e83d834be58e2fb8','\'\'',NULL,615372),('4_Sunday','10','10:00','10:35','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Tripwires: fighting stealth with stealth\'','\'Jenko Hwong\'','CLV_6f6525da71c874abcd3a338cb05de1d7','\'Title: Cloud Tripwires: fighting stealth with stealth
\nWhen: Sunday, Aug 11, 10:00 - 10:35 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nCloud attacks continue to evolve e.g., AWS enumeration without logging (Fourchette), Azure OAuth tokens used for EoP and persistence (Blizzard), Cloud Shell backdoors, code abuse in GSuite scripting (Bryant), and tool evolution (Rhinolabs pacu), with current defensive approaches of lagging further and further behind.
\n\nThis talk covers research and tooling to improve cloud defenses in AWS, Azure, and GCP, using more stealthy measures which complement existing techniques. We call the approach cloud tripwires, which involves stealthy defensive techniques that can provide low-FP detections of malicious actors.
\n\nThrough analysis of cloud provider IAM design, published attack techniques and common attack tools, we show multiple stealthy detection techniques such as: restricted admin roles that are not used by valid users; seeding of the restricted admin roles in regular user policies; honey resources (buckets, files) with detections to flag access; seeding of honey resources within user policies; cached honey credentials seeded in CLI installations in external client environments, EC2 instances, and Cloud Shells; unrestricted cross-account roles to restricted accounts; metadata proxy/iptables config on EC2 instances that issue restricted temporary tokens; and full CRUD/reporting/auditing functionality.
\n\nSpeakerBio: Jenko Hwong
\nJenko Hwong is a Principal Researcher on Netskope\'s Threat Research Team, focusing on cloud threats/vectors and identity abuse. He\'s spent time in engineering and product roles at various security startups in vulnerability scanning, AV/AS, pen-testing/exploits, L3/4 appliances, threat intel, and windows security.
\n\n\n\'',NULL,615373),('4_Sunday','10','10:35','11:10','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnerabilities for Initial Access\'','\'Nick Frichette\'','CLV_eb40e446b5c440b89719bf2032fd8d7e','\'Title: Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnerabilities for Initial Access
\nWhen: Sunday, Aug 11, 10:35 - 11:10 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nIn this talk we will explore vulnerabilities in Amazon Web Services (AWS) products which allowed us to gain access to cloud environments.
\n\nTraditionally, adversaries have abused misconfigurations and leaked credentials to gain access to AWS workloads. Things like exposed long-lived access keys and exploiting the privileges of virtual machines have allowed adversaries to breach cloud resources. However, these mistakes are on the customer side of the shared responsibility model. In this session, we will cover vulnerabilities in AWS services that have been fixed and that previously allowed us to access cloud resources.
\n\nWe will start with an exploration of how Identity and Access Management (IAM) roles establish trust with AWS services. Covering how roles associated with Amazon Cognito and GitHub Actions could be misconfigured to allow anyone in the world to access them. From here, we’ll cover a vulnerability we found in AWS Amplify which exposed IAM roles associated with the service to takeover, allowing anyone the ability to assume these roles.
\n\nFinally, we will also look at a worst-case scenario: what happens when an attacker finds a confused deputy vulnerability and is able to assume roles in other accounts? Sounds far-fetched? We’ll cover a real world example of a vulnerability we found in AWS AppSync that lets us do just that. We’ll also discuss how security practitioners can secure their environments, even against a zero-day like this one.
\n\nJoin us to learn how attackers search for and exploit vulnerabilities in AWS services to gain access to cloud environments.
\n\nSpeakerBio: Nick Frichette, Staff Security Researcher at Datadog
\nNick Frichette is a Staff Security Researcher at Datadog, where he specializes in offensive AWS security. He is known for finding multiple zero-day vulnerabilities in AWS services and regularly publishing on new attack techniques. In addition to his research, Nick is the creator and primary contributor to Hacking the Cloud, an open source encyclopedia of offensive security capabilities for cloud environments. He is also a part of the AWS Community Builder Program, where he develops content on AWS security.
\n\n\n\'',NULL,615374),('4_Sunday','11','10:35','11:10','Y','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Kicking in the Door to the Cloud: Exploiting Cloud Provider Vulnerabilities for Initial Access\'','\'Nick Frichette\'','CLV_eb40e446b5c440b89719bf2032fd8d7e','\'\'',NULL,615375),('4_Sunday','11','11:10','11:45','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Creating Azure Policy Compliant Backdoor\'','\'Viktor Gazdag\'','CLV_2162f24a97c61902495904f4401a397c','\'Title: Creating Azure Policy Compliant Backdoor
\nWhen: Sunday, Aug 11, 11:10 - 11:45 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nAzure Policy is a built-on service that helps creating security and compliance policies to enforce organizational standards in the cloud environment. It evaluates resources by comparing the properties of the resources and with the help of remediation tasks, it can fix or remediate any issues with those resources. Have you ever wondered if you could abuse or bend these policies? Can you do more than just listing the storage accounts with public access and not be in the logs? How about creating a backdoor?
\n\nIn this talk I will answer these questions by talking about what Azure Policy is, how to write one, what the logs contain, what permission you need, what does resource enumeration could look like etc. At the end I will present a proof-of-concept solution to bend the Azure Policy and create a backdoor account in Azure.
\n\nSpeakerBio: Viktor Gazdag
\nViktor Gazdag has worked as pentester and security consultant for 9 years, lead cloud research working group and M365 capability service. He has reported numerous vulnerabilities in products and plugins from companies such as Oracle, SAP, Atlassian, Jenkins, CloudBees Jenkins, JetBrains, Sonatype. He gave talks about CI/CD security at DevOps World, Black Hat USA, DefCon and DoD CyberDT XSWG. He holds multiple AWS/Azure/GCP, Infra as Code, DevOps and Hacking certs and Jenkins Security MVP award.
\n\n\n\'',NULL,615376),('4_Sunday','11','11:45','12:20','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'The Rise of the Planet of the Agents: LLM-based AI Agents and Cloud Security APIs\'','\'Roberto Rodriguez\'','CLV_863e603f1d0a829e1cef83ab99422f00','\'Title: The Rise of the Planet of the Agents: LLM-based AI Agents and Cloud Security APIs
\nWhen: Sunday, Aug 11, 11:45 - 12:20 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nIn the rapidly evolving domain of cloud security, the ability to dynamically interact with cloud services is crucial for security teams. Understanding cloud APIs is key to effectively managing everything from administrative tasks to security operations. Security researchers often face the challenge of selecting from numerous API definitions. What if there was a system capable of autonomously selecting the right APIs and intelligently chaining them to achieve specific goals?
\n\nIn this presentation, I will share insights from my research on LLM-based AI agents. These agents utilize LLMs as reasoning engines, enabling them to handle complex tasks in natural language and autonomously determine their next actions based on user input and previous interactions. I will explain how we can transform Microsoft Graph API definitions into schemas that align with LLM function-calling capabilities. This transformation allows an LLM to select the appropriate tools and supply the correct arguments for an AI agent to execute. By integrating generative AI with cybersecurity, we can automate tasks and discover new ways to chain APIs for various operations, significantly enhancing the capabilities of security researchers to innovate in security operations and automation.
\n\nSpeakerBio: Roberto Rodriguez
\nRoberto Rodriguez, also known as Cyb3rWard0g in the Infosec community, is a respected security researcher at the Microsoft Security Research organization. He is well-known for his contributions to the field, including the creation of influential open-source projects such as the Threat Hunter Playbook, Security Datasets, OSSEM, SimuLand and ATT&CK Python Client. Roberto\'s work has had a significant impact on the cyber security community, promoting proactive threat hunting and knowledge sharing. His expertise and dedication have made a lasting impact on the industry and has helped shape the future of cyber security.
\n\n\n\'',NULL,615377),('4_Sunday','12','11:45','12:20','Y','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'The Rise of the Planet of the Agents: LLM-based AI Agents and Cloud Security APIs\'','\'Roberto Rodriguez\'','CLV_863e603f1d0a829e1cef83ab99422f00','\'\'',NULL,615378),('4_Sunday','12','12:20','12:40','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Unexpected Leaks in AWS Transit Gateways\'','\'William Taylor\'','CLV_3aa2c43c4784023bc777ed57cbcdfa39','\'Title: Unexpected Leaks in AWS Transit Gateways
\nWhen: Sunday, Aug 11, 12:20 - 12:40 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nEngineers can carefully build their networks, designing the traffic flow explicitly through well constructed controls, even following design best practices from the CSP themselves, only to be let down by unexpected subtleties in the exact way certain technologies operate.
\n\nIn this talk, we will take a look at just such a case study concerning Transit Gateways (TGW) in AWS, where security consultants were able to communicate freely across an apparent network boundary. We will review how TGWs are attached to subnets, and how the documentation implies they should operate. Then we will examine why NACLs appeared to be having no effect on blocking traffic, and allowed an effectively flat network between two peered accounts.
\n\nThis case study will demonstrate the importance and effectiveness of practical testing, either internally by the developers or with an external reviewer, in confirming – or in many cases quite the opposite – that the operation matches the design aims. It isn’t always easy to find that leak, but if there is a puddle of water on the floor then at least you know you need to start looking for the flaw. This talk will show through the TGW case study and a few other examples how we noticed the puddle, how we found the leak, how it was fixed, and how hopefully the same leak won’t spring twice.
\n\nSpeakerBio: William Taylor
\nSecurity consultant with a background in embedded engineering and DevOps, which has lead to an interest in mobile, Cloud, and Kubernetes security. I used to make things work; now I break things, professionally and ethically.
\n\n\n\'',NULL,615379),('4_Sunday','12','12:40','12:59','N','CLV','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Closing Note\'','\'\'','CLV_eed2d1323a6abb76e78ebf50a9d81ddc','\'Title: Closing Note
\nWhen: Sunday, Aug 11, 12:40 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\n\n\n\'',NULL,615380),('2_Friday','13','13:00','15:59','N','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Safecracking Practical Demonstration\'','\'Jared Dygert\'','LPV_03a0982a4108106614a954b1cb9e5a75','\'Title: Safecracking Practical Demonstration
\nWhen: Friday, Aug 9, 13:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03-A - Map
\n
\nDescription:
\nJoin us at the lock pick village tables after Jared\'s talk on safe manipulation for some hands on practice!
\n\nSpeakerBio: Jared Dygert
\nJared is a long time lock sport enthusiast and an instructor at a locksmithing school on safe manipulation and lockpicking. He has been opening locks and breaking security for roughly 15 years. His other hobbies include rock climbing and 3D printing.
\n\n\n\'',NULL,615381),('2_Friday','14','13:00','15:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Safecracking Practical Demonstration\'','\'Jared Dygert\'','LPV_03a0982a4108106614a954b1cb9e5a75','\'\'',NULL,615382),('2_Friday','15','13:00','15:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Safecracking Practical Demonstration\'','\'Jared Dygert\'','LPV_03a0982a4108106614a954b1cb9e5a75','\'\'',NULL,615383),('3_Saturday','12','12:00','14:59','N','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Dozier Drill Tournament\'','\'\'','LPV_01281130f7941e5214154efa437eb794','\'Title: Dozier Drill Tournament
\nWhen: Saturday, Aug 10, 12:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03-A - Map
\n
\nDescription:
\nHave you ever wanted to break out of handcuffs, pick open a closed bag and shoot your buddy in the chest with a nerf gun? So have we, that\'s why TOOOL presents the Dozer Drill. A fast paced skill based game where you have to free yourself from handcuffs, open a closed bag, and retrieve the nerf gun to be the first to hit the target. Join us on Friday for qualifiers, through the con for unofficial games, and on Saturday for an official bracket tournament.
\n\n\'',NULL,615384),('3_Saturday','13','12:00','14:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Dozier Drill Tournament\'','\'\'','LPV_01281130f7941e5214154efa437eb794','\'\'',NULL,615385),('3_Saturday','14','12:00','14:59','Y','LPV','LVCC West/Floor 1/Hall 2/HW2-07-03-A','\'Dozier Drill Tournament\'','\'\'','LPV_01281130f7941e5214154efa437eb794','\'\'',NULL,615386),('2_Friday','10','10:00','17:59','N','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_c432fccb8bed44403ff679b965efb95d','\'Title: Biohacking Village: Device Lab
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-07 - Map
\n
\nDescription:
\nThe Device Lab is highly-collaborative environment where security researchers test medical instruments, applications, and devices in real-time from participating Medical Device Manufacturers. Any potential issues are reported directly to the manufacturer, and coordinated vulnerability disclosures are produced.
\n\nAs part of their product security programs, their proactive initiatives to test their products, and to enhance the cybersecurity of their medical technologies, select medical device makers are teaming up with the Biohacking Village.
\n\nThese manufacturers are inviting security researchers to learn and to test their products in dedicated spaces set aside for them. Their staff will answer questions, educate researchers, and triage any potential security issues. Researchers who perform testing should expect to follow the manufacturers’ published coordinated vulnerability disclosure policy and report any potential issues found so they can be addressed. Security researchers must sign the Hippocratic Oath for Hackers and agree to the framework of boundaries and rules of engagement during and post conference engagement.
\n\nWe have 10 manufacturers with 21 devices. You can find more information about the devices and each manufacturer\'s Vulnerability Disclosure Policy here.
\n\n\'',NULL,615387),('2_Friday','11','10:00','17:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_c432fccb8bed44403ff679b965efb95d','\'\'',NULL,615388),('2_Friday','12','10:00','17:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_c432fccb8bed44403ff679b965efb95d','\'\'',NULL,615389),('2_Friday','13','10:00','17:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_c432fccb8bed44403ff679b965efb95d','\'\'',NULL,615390),('2_Friday','14','10:00','17:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_c432fccb8bed44403ff679b965efb95d','\'\'',NULL,615391),('2_Friday','15','10:00','17:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_c432fccb8bed44403ff679b965efb95d','\'\'',NULL,615392),('2_Friday','16','10:00','17:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_c432fccb8bed44403ff679b965efb95d','\'\'',NULL,615393),('2_Friday','17','10:00','17:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_c432fccb8bed44403ff679b965efb95d','\'\'',NULL,615394),('3_Saturday','10','10:00','17:59','N','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_4c27b0508ebb229907221c4da8b7aed3','\'Title: Biohacking Village: Device Lab
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-07 - Map
\n
\nDescription:
\nThe Device Lab is highly-collaborative environment where security researchers test medical instruments, applications, and devices in real-time from participating Medical Device Manufacturers. Any potential issues are reported directly to the manufacturer, and coordinated vulnerability disclosures are produced.
\n\nAs part of their product security programs, their proactive initiatives to test their products, and to enhance the cybersecurity of their medical technologies, select medical device makers are teaming up with the Biohacking Village.
\n\nThese manufacturers are inviting security researchers to learn and to test their products in dedicated spaces set aside for them. Their staff will answer questions, educate researchers, and triage any potential security issues. Researchers who perform testing should expect to follow the manufacturers’ published coordinated vulnerability disclosure policy and report any potential issues found so they can be addressed. Security researchers must sign the Hippocratic Oath for Hackers and agree to the framework of boundaries and rules of engagement during and post conference engagement.
\n\nWe have 10 manufacturers with 21 devices. You can find more information about the devices and each manufacturer\'s Vulnerability Disclosure Policy here.
\n\n\'',NULL,615395),('3_Saturday','11','10:00','17:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_4c27b0508ebb229907221c4da8b7aed3','\'\'',NULL,615396),('3_Saturday','12','10:00','17:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_4c27b0508ebb229907221c4da8b7aed3','\'\'',NULL,615397),('3_Saturday','13','10:00','17:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_4c27b0508ebb229907221c4da8b7aed3','\'\'',NULL,615398),('3_Saturday','14','10:00','17:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_4c27b0508ebb229907221c4da8b7aed3','\'\'',NULL,615399),('3_Saturday','15','10:00','17:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_4c27b0508ebb229907221c4da8b7aed3','\'\'',NULL,615400),('3_Saturday','16','10:00','17:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_4c27b0508ebb229907221c4da8b7aed3','\'\'',NULL,615401),('3_Saturday','17','10:00','17:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_4c27b0508ebb229907221c4da8b7aed3','\'\'',NULL,615402),('4_Sunday','10','10:00','12:59','N','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_61b6cbd66b091c9a826ace5ea192f2b7','\'Title: Biohacking Village: Device Lab
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-07 - Map
\n
\nDescription:
\nThe Device Lab is highly-collaborative environment where security researchers test medical instruments, applications, and devices in real-time from participating Medical Device Manufacturers. Any potential issues are reported directly to the manufacturer, and coordinated vulnerability disclosures are produced.
\n\nAs part of their product security programs, their proactive initiatives to test their products, and to enhance the cybersecurity of their medical technologies, select medical device makers are teaming up with the Biohacking Village.
\n\nThese manufacturers are inviting security researchers to learn and to test their products in dedicated spaces set aside for them. Their staff will answer questions, educate researchers, and triage any potential security issues. Researchers who perform testing should expect to follow the manufacturers’ published coordinated vulnerability disclosure policy and report any potential issues found so they can be addressed. Security researchers must sign the Hippocratic Oath for Hackers and agree to the framework of boundaries and rules of engagement during and post conference engagement.
\n\nWe have 10 manufacturers with 21 devices. You can find more information about the devices and each manufacturer\'s Vulnerability Disclosure Policy here.
\n\n\'',NULL,615403),('4_Sunday','11','10:00','12:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_61b6cbd66b091c9a826ace5ea192f2b7','\'\'',NULL,615404),('4_Sunday','12','10:00','12:59','Y','BHV','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village: Device Lab\'','\'\'','BHV_61b6cbd66b091c9a826ace5ea192f2b7','\'\'',NULL,615405),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_7dc22d9f5d0b0001078ee15d59739e76','\'Title: Biohacking Village CTF
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-07 - Map
\n
\nDescription:
\nA scenario-driven Capture the Flag contest, pits teams of participants against adversaries and a clock, to protect human life and public safety. Participants compete against each other on both real and simulated medical devices, integrated into the fully immersive Biohacking Village: Device Lab, laid out as a working hospital.
\n\nChallenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others. You will hack actual medical devices and play with protocols like DICOM, HL7 and FHIR.
\n\n2024 Capture the Flag Challenge
\n\nWelcome, elite hackers and cyber sleuths, to a CTF experience like no other - the \"Code D.A.R.K. : Biohacking Village CTF Challenge\".
\n\nMerge the worlds of biology and cybersecurity in an adrenaline-pumping contest that tests your skills in ways you\'ve never imagined. Thrilling and challenging cybersecurity adventure centered around a hospital setting as a scenario where participants engage in a race against time to secure or retrieve critical medical data, navigating through various cybersecurity puzzles and challenges, where participants act as guardians of critical biological data.
\n\nUnravel Biological Mysteries: Dive into a narrative where biotechnology meets cyber-warfare. Decode genetic puzzles, breach virtual lab networks, and outsmart bioinformatics security systems.
\n\nElevate Your Hacking Game: Challenge yourself with unique biocybersecurity scenarios. This isn\'t your typical CTF - it\'s a fusion of biotech intrigue and hardcore hacking.
\n\nCompete and Collaborate: Team up with fellow biohackers and cyber warriors. Share knowledge, strategize, and show off your skills in a community where biology and bits intersect.
\n\nGear Up for a Cyber-Biotech Showdown
\n\nImmersive Scenarios: Each challenge is a step into a world where safeguarding biological data is as critical as securing digital assets.
\n\nSkill Diversity: Whether you\'re a veteran hacker or a biotech enthusiast, Code D.A.R.K. offers a range of puzzles that cater to a wide array of skills and interests.
\n\n\n- OT/IT
\n- Medical devices
\n- Hospital infrastructure
\n- Regulatory and international affairs
\n- Robotics
\n- Data
\n- Mark your calendars and set your alarms because the action kicks off on Friday, August 9th at 1000 PDT.
\n- Play from anywhere in the world! CTF open hours are as follows: \n
\n- Friday, August 9th from 10am PST - 6pm PDT
\n- Saturday, August 10th from 10am PST - 6pm PDT
\n- Sunday, August 11th from 10am PST - 12pm PDT
\n
\n
\n\nRULES
\n\nREGISTRATION
\n\nParticipants may only register once for this challenge. If participants register for this challenge more than once, the whole teams with a participant that registered multiple times will be disqualified.
\n\nBy registering, participants agree that their accounts may be rejected or terminated and all submissions by them and/or their Team may be disqualified if any of the information in their account is incorrect.
\n\nParticipants must agree to and abide by the Code of Conduct while participating in the Biohacking Village Capture the Flag. Anyone who will conduct themselves against the CoC will be eliminated from competition and banned forever.
\n\nTEAMS
\n\nAfter participants register individually, they may work alone (team of one) or on one team with other challenge participants. To work on a team, they may either create a new team or join one that is pre-existing ( if a participant wishes to join a team or offer others to join, they can do so in the #ctf-st-elvis-teambuilding Discord Channel)
\n\nThe maximum number of team members is five (5).
\n\nAll teams must designate a Team Captain. A Team Captain serves as the official contact person for a team: this person should provide accurate and complete contact information to ensure that CTF organizers can reach their team if needed.
\n\nEach member of the team must be a registered participant in the CTF.
\n\nIf participants choose to join a team, then they may not simultaneously participate as an individual or another team.
\n\nCHALLENGE SUBMISSIONS
\n\nAll submissions must be received during the Challenge period. Submissions posted after the posted time frame will be disqualified.
\n\nParticipants may get an answer but it will forfeit their points for that challenge. Even if the flag they tried before was similar. The decision to get the answer is final for zero points.
\n\nCHALLENGE SCORING
\n\nEach submission has set value known beforehand in the challenge description
\n\nThe winning teams will be decided based on the number of the accumulated points during the CTF timeframe. In case two teams accumulate the same amount of points, the team that reached the amount of points in question faster will be the winner.
\n\nCHALLENGE DISQUALIFICATION
\n\nWhole team gets disqualified if any of the following applies:
\n\n\n- One or multiple team members have registered more than once
\n- One or multiple team members will not follow Code of Conduct (applies to any of the Biohacking village platforms or social media)
\n- Any offensive behaviour such as attacking the Biohacking Village infrastructure, denial of service, or escaping the boundaries set by the CTF or Device Lab environment
\n
\n\nPRIVACY
\n\nUnless stated otherwise on the mainsite, we do not share any information about participants with anyone. Some events or conferences might have/require other rules, in that case it will be noted on the CTFd site.
\n\n\'',NULL,615406),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_7dc22d9f5d0b0001078ee15d59739e76','\'\'',NULL,615407),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_7dc22d9f5d0b0001078ee15d59739e76','\'\'',NULL,615408),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_be597c8541d6bff97480e2d682cba28f','\'Title: Biohacking Village CTF
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-07 - Map
\n
\nDescription:
\nA scenario-driven Capture the Flag contest, pits teams of participants against adversaries and a clock, to protect human life and public safety. Participants compete against each other on both real and simulated medical devices, integrated into the fully immersive Biohacking Village: Device Lab, laid out as a working hospital.
\n\nChallenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others. You will hack actual medical devices and play with protocols like DICOM, HL7 and FHIR.
\n\n2024 Capture the Flag Challenge
\n\nWelcome, elite hackers and cyber sleuths, to a CTF experience like no other - the \"Code D.A.R.K. : Biohacking Village CTF Challenge\".
\n\nMerge the worlds of biology and cybersecurity in an adrenaline-pumping contest that tests your skills in ways you\'ve never imagined. Thrilling and challenging cybersecurity adventure centered around a hospital setting as a scenario where participants engage in a race against time to secure or retrieve critical medical data, navigating through various cybersecurity puzzles and challenges, where participants act as guardians of critical biological data.
\n\nUnravel Biological Mysteries: Dive into a narrative where biotechnology meets cyber-warfare. Decode genetic puzzles, breach virtual lab networks, and outsmart bioinformatics security systems.
\n\nElevate Your Hacking Game: Challenge yourself with unique biocybersecurity scenarios. This isn\'t your typical CTF - it\'s a fusion of biotech intrigue and hardcore hacking.
\n\nCompete and Collaborate: Team up with fellow biohackers and cyber warriors. Share knowledge, strategize, and show off your skills in a community where biology and bits intersect.
\n\nGear Up for a Cyber-Biotech Showdown
\n\nImmersive Scenarios: Each challenge is a step into a world where safeguarding biological data is as critical as securing digital assets.
\n\nSkill Diversity: Whether you\'re a veteran hacker or a biotech enthusiast, Code D.A.R.K. offers a range of puzzles that cater to a wide array of skills and interests.
\n\n\n- OT/IT
\n- Medical devices
\n- Hospital infrastructure
\n- Regulatory and international affairs
\n- Robotics
\n- Data
\n- Mark your calendars and set your alarms because the action kicks off on Friday, August 9th at 1000 PDT.
\n- Play from anywhere in the world! CTF open hours are as follows: \n
\n- Friday, August 9th from 10am PST - 6pm PDT
\n- Saturday, August 10th from 10am PST - 6pm PDT
\n- Sunday, August 11th from 10am PST - 12pm PDT
\n
\n
\n\nRULES
\n\nREGISTRATION
\n\nParticipants may only register once for this challenge. If participants register for this challenge more than once, the whole teams with a participant that registered multiple times will be disqualified.
\n\nBy registering, participants agree that their accounts may be rejected or terminated and all submissions by them and/or their Team may be disqualified if any of the information in their account is incorrect.
\n\nParticipants must agree to and abide by the Code of Conduct while participating in the Biohacking Village Capture the Flag. Anyone who will conduct themselves against the CoC will be eliminated from competition and banned forever.
\n\nTEAMS
\n\nAfter participants register individually, they may work alone (team of one) or on one team with other challenge participants. To work on a team, they may either create a new team or join one that is pre-existing ( if a participant wishes to join a team or offer others to join, they can do so in the #ctf-st-elvis-teambuilding Discord Channel)
\n\nThe maximum number of team members is five (5).
\n\nAll teams must designate a Team Captain. A Team Captain serves as the official contact person for a team: this person should provide accurate and complete contact information to ensure that CTF organizers can reach their team if needed.
\n\nEach member of the team must be a registered participant in the CTF.
\n\nIf participants choose to join a team, then they may not simultaneously participate as an individual or another team.
\n\nCHALLENGE SUBMISSIONS
\n\nAll submissions must be received during the Challenge period. Submissions posted after the posted time frame will be disqualified.
\n\nParticipants may get an answer but it will forfeit their points for that challenge. Even if the flag they tried before was similar. The decision to get the answer is final for zero points.
\n\nCHALLENGE SCORING
\n\nEach submission has set value known beforehand in the challenge description
\n\nThe winning teams will be decided based on the number of the accumulated points during the CTF timeframe. In case two teams accumulate the same amount of points, the team that reached the amount of points in question faster will be the winner.
\n\nCHALLENGE DISQUALIFICATION
\n\nWhole team gets disqualified if any of the following applies:
\n\n\n- One or multiple team members have registered more than once
\n- One or multiple team members will not follow Code of Conduct (applies to any of the Biohacking village platforms or social media)
\n- Any offensive behaviour such as attacking the Biohacking Village infrastructure, denial of service, or escaping the boundaries set by the CTF or Device Lab environment
\n
\n\nPRIVACY
\n\nUnless stated otherwise on the mainsite, we do not share any information about participants with anyone. Some events or conferences might have/require other rules, in that case it will be noted on the CTFd site.
\n\n\'',NULL,615409),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_be597c8541d6bff97480e2d682cba28f','\'\'',NULL,615410),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_be597c8541d6bff97480e2d682cba28f','\'\'',NULL,615411),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_be597c8541d6bff97480e2d682cba28f','\'\'',NULL,615412),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_be597c8541d6bff97480e2d682cba28f','\'\'',NULL,615413),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_be597c8541d6bff97480e2d682cba28f','\'\'',NULL,615414),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_be597c8541d6bff97480e2d682cba28f','\'\'',NULL,615415),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_be597c8541d6bff97480e2d682cba28f','\'\'',NULL,615416),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_abd89c11fcbdeb54606bd1b69ddf4846','\'Title: Biohacking Village CTF
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-07 - Map
\n
\nDescription:
\nA scenario-driven Capture the Flag contest, pits teams of participants against adversaries and a clock, to protect human life and public safety. Participants compete against each other on both real and simulated medical devices, integrated into the fully immersive Biohacking Village: Device Lab, laid out as a working hospital.
\n\nChallenges will be tailored for all skill levels and draw from expertise areas including forensics, RF hacking, network exploitation techniques, web security, protocol reverse engineering, hardware hacking, and others. You will hack actual medical devices and play with protocols like DICOM, HL7 and FHIR.
\n\n2024 Capture the Flag Challenge
\n\nWelcome, elite hackers and cyber sleuths, to a CTF experience like no other - the \"Code D.A.R.K. : Biohacking Village CTF Challenge\".
\n\nMerge the worlds of biology and cybersecurity in an adrenaline-pumping contest that tests your skills in ways you\'ve never imagined. Thrilling and challenging cybersecurity adventure centered around a hospital setting as a scenario where participants engage in a race against time to secure or retrieve critical medical data, navigating through various cybersecurity puzzles and challenges, where participants act as guardians of critical biological data.
\n\nUnravel Biological Mysteries: Dive into a narrative where biotechnology meets cyber-warfare. Decode genetic puzzles, breach virtual lab networks, and outsmart bioinformatics security systems.
\n\nElevate Your Hacking Game: Challenge yourself with unique biocybersecurity scenarios. This isn\'t your typical CTF - it\'s a fusion of biotech intrigue and hardcore hacking.
\n\nCompete and Collaborate: Team up with fellow biohackers and cyber warriors. Share knowledge, strategize, and show off your skills in a community where biology and bits intersect.
\n\nGear Up for a Cyber-Biotech Showdown
\n\nImmersive Scenarios: Each challenge is a step into a world where safeguarding biological data is as critical as securing digital assets.
\n\nSkill Diversity: Whether you\'re a veteran hacker or a biotech enthusiast, Code D.A.R.K. offers a range of puzzles that cater to a wide array of skills and interests.
\n\n\n- OT/IT
\n- Medical devices
\n- Hospital infrastructure
\n- Regulatory and international affairs
\n- Robotics
\n- Data
\n- Mark your calendars and set your alarms because the action kicks off on Friday, August 9th at 1000 PDT.
\n- Play from anywhere in the world! CTF open hours are as follows: \n
\n- Friday, August 9th from 10am PST - 6pm PDT
\n- Saturday, August 10th from 10am PST - 6pm PDT
\n- Sunday, August 11th from 10am PST - 12pm PDT
\n
\n
\n\nRULES
\n\nREGISTRATION
\n\nParticipants may only register once for this challenge. If participants register for this challenge more than once, the whole teams with a participant that registered multiple times will be disqualified.
\n\nBy registering, participants agree that their accounts may be rejected or terminated and all submissions by them and/or their Team may be disqualified if any of the information in their account is incorrect.
\n\nParticipants must agree to and abide by the Code of Conduct while participating in the Biohacking Village Capture the Flag. Anyone who will conduct themselves against the CoC will be eliminated from competition and banned forever.
\n\nTEAMS
\n\nAfter participants register individually, they may work alone (team of one) or on one team with other challenge participants. To work on a team, they may either create a new team or join one that is pre-existing ( if a participant wishes to join a team or offer others to join, they can do so in the #ctf-st-elvis-teambuilding Discord Channel)
\n\nThe maximum number of team members is five (5).
\n\nAll teams must designate a Team Captain. A Team Captain serves as the official contact person for a team: this person should provide accurate and complete contact information to ensure that CTF organizers can reach their team if needed.
\n\nEach member of the team must be a registered participant in the CTF.
\n\nIf participants choose to join a team, then they may not simultaneously participate as an individual or another team.
\n\nCHALLENGE SUBMISSIONS
\n\nAll submissions must be received during the Challenge period. Submissions posted after the posted time frame will be disqualified.
\n\nParticipants may get an answer but it will forfeit their points for that challenge. Even if the flag they tried before was similar. The decision to get the answer is final for zero points.
\n\nCHALLENGE SCORING
\n\nEach submission has set value known beforehand in the challenge description
\n\nThe winning teams will be decided based on the number of the accumulated points during the CTF timeframe. In case two teams accumulate the same amount of points, the team that reached the amount of points in question faster will be the winner.
\n\nCHALLENGE DISQUALIFICATION
\n\nWhole team gets disqualified if any of the following applies:
\n\n\n- One or multiple team members have registered more than once
\n- One or multiple team members will not follow Code of Conduct (applies to any of the Biohacking village platforms or social media)
\n- Any offensive behaviour such as attacking the Biohacking Village infrastructure, denial of service, or escaping the boundaries set by the CTF or Device Lab environment
\n
\n\nPRIVACY
\n\nUnless stated otherwise on the mainsite, we do not share any information about participants with anyone. Some events or conferences might have/require other rules, in that case it will be noted on the CTFd site.
\n\n\'',NULL,615417),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_abd89c11fcbdeb54606bd1b69ddf4846','\'\'',NULL,615418),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_abd89c11fcbdeb54606bd1b69ddf4846','\'\'',NULL,615419),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_abd89c11fcbdeb54606bd1b69ddf4846','\'\'',NULL,615420),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_abd89c11fcbdeb54606bd1b69ddf4846','\'\'',NULL,615421),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_abd89c11fcbdeb54606bd1b69ddf4846','\'\'',NULL,615422),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_abd89c11fcbdeb54606bd1b69ddf4846','\'\'',NULL,615423),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-07','\'Biohacking Village CTF\'','\'\'','CON_abd89c11fcbdeb54606bd1b69ddf4846','\'\'',NULL,615424),('2_Friday','10','10:00','17:59','N','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_643473b586a7b3aa0151733c8338697a','\'Title: Car Hacking Village Activities
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-01 - Map
\n
\nDescription:
\nCHV 101
\n\nThis booth will have several reverse engineer demonstrations and an automotive threat intelligence review.
\n\n\n- Reverse Engineering Demonstration(s)
\n- Live vehicle communications via remote controls
\n- EV-based Hardware-in-the-Loop (HIL) demonstrations
\n- Automotive Threat Intelligence
\n- How to gather threat intelligence related to the automotive industry
\n- What the current threat landscape looks like today
\n
\n\nCHV CTF
\n\nThere will be 10-15 automotive security CTF challenges this year ranging from reverse engineering, telemetry, grand theft auto, crypto, vehicle networks, and exploitation.
\n\n1st place prize is a car!
\n\nCHV Kids
\n\nA fun scavenger hunt designed for DCNextGen kids to participate in and learn about the Car Hacking Village.
\n\nThere will be swag items handed out to the kids as they move through the scavenger hunt.
\n\nCHV Mechanics
\n\nThere will be 1 Semi-Truck and 2 Electric Vehicles on site for people to plug into.
\n\nDEFCON attendees must follow the rules for each of the vehicles. There will be large ORANGE signs with the rules detailed on them.
\n\n\'',NULL,615425),('2_Friday','11','10:00','17:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_643473b586a7b3aa0151733c8338697a','\'\'',NULL,615426),('2_Friday','12','10:00','17:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_643473b586a7b3aa0151733c8338697a','\'\'',NULL,615427),('2_Friday','13','10:00','17:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_643473b586a7b3aa0151733c8338697a','\'\'',NULL,615428),('2_Friday','14','10:00','17:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_643473b586a7b3aa0151733c8338697a','\'\'',NULL,615429),('2_Friday','15','10:00','17:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_643473b586a7b3aa0151733c8338697a','\'\'',NULL,615430),('2_Friday','16','10:00','17:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_643473b586a7b3aa0151733c8338697a','\'\'',NULL,615431),('2_Friday','17','10:00','17:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_643473b586a7b3aa0151733c8338697a','\'\'',NULL,615432),('3_Saturday','10','10:00','17:59','N','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_71ff59e57296a68baafb4457f70cf9d4','\'Title: Car Hacking Village Activities
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-01 - Map
\n
\nDescription:
\nCHV 101
\n\nThis booth will have several reverse engineer demonstrations and an automotive threat intelligence review.
\n\n\n- Reverse Engineering Demonstration(s)
\n- Live vehicle communications via remote controls
\n- EV-based Hardware-in-the-Loop (HIL) demonstrations
\n- Automotive Threat Intelligence
\n- How to gather threat intelligence related to the automotive industry
\n- What the current threat landscape looks like today
\n
\n\nCHV CTF
\n\nThere will be 10-15 automotive security CTF challenges this year ranging from reverse engineering, telemetry, grand theft auto, crypto, vehicle networks, and exploitation.
\n\n1st place prize is a car!
\n\nCHV Kids
\n\nA fun scavenger hunt designed for DCNextGen kids to participate in and learn about the Car Hacking Village.
\n\nThere will be swag items handed out to the kids as they move through the scavenger hunt.
\n\nCHV Mechanics
\n\nThere will be 1 Semi-Truck and 2 Electric Vehicles on site for people to plug into.
\n\nDEFCON attendees must follow the rules for each of the vehicles. There will be large ORANGE signs with the rules detailed on them.
\n\n\'',NULL,615433),('3_Saturday','11','10:00','17:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_71ff59e57296a68baafb4457f70cf9d4','\'\'',NULL,615434),('3_Saturday','12','10:00','17:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_71ff59e57296a68baafb4457f70cf9d4','\'\'',NULL,615435),('3_Saturday','13','10:00','17:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_71ff59e57296a68baafb4457f70cf9d4','\'\'',NULL,615436),('3_Saturday','14','10:00','17:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_71ff59e57296a68baafb4457f70cf9d4','\'\'',NULL,615437),('3_Saturday','15','10:00','17:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_71ff59e57296a68baafb4457f70cf9d4','\'\'',NULL,615438),('3_Saturday','16','10:00','17:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_71ff59e57296a68baafb4457f70cf9d4','\'\'',NULL,615439),('3_Saturday','17','10:00','17:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_71ff59e57296a68baafb4457f70cf9d4','\'\'',NULL,615440),('4_Sunday','10','10:00','12:59','N','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_5043406d474890f88bef25ec7dd343f3','\'Title: Car Hacking Village Activities
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-01 - Map
\n
\nDescription:
\nCHV 101
\n\nThis booth will have several reverse engineer demonstrations and an automotive threat intelligence review.
\n\n\n- Reverse Engineering Demonstration(s)
\n- Live vehicle communications via remote controls
\n- EV-based Hardware-in-the-Loop (HIL) demonstrations
\n- Automotive Threat Intelligence
\n- How to gather threat intelligence related to the automotive industry
\n- What the current threat landscape looks like today
\n
\n\nCHV CTF
\n\nThere will be 10-15 automotive security CTF challenges this year ranging from reverse engineering, telemetry, grand theft auto, crypto, vehicle networks, and exploitation.
\n\n1st place prize is a car!
\n\nCHV Kids
\n\nA fun scavenger hunt designed for DCNextGen kids to participate in and learn about the Car Hacking Village.
\n\nThere will be swag items handed out to the kids as they move through the scavenger hunt.
\n\nCHV Mechanics
\n\nThere will be 1 Semi-Truck and 2 Electric Vehicles on site for people to plug into.
\n\nDEFCON attendees must follow the rules for each of the vehicles. There will be large ORANGE signs with the rules detailed on them.
\n\n\'',NULL,615441),('4_Sunday','11','10:00','12:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_5043406d474890f88bef25ec7dd343f3','\'\'',NULL,615442),('4_Sunday','12','10:00','12:59','Y','CHV','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village Activities\'','\'\'','CHV_5043406d474890f88bef25ec7dd343f3','\'\'',NULL,615443),('2_Friday','10','10:00','16:30','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_120ee6e6b16b59c871dd077ea71c3f3e','\'Title: Car Hacking Village CTF
\nWhen: Friday, Aug 9, 10:00 - 16:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-01 - Map
\n
\nDescription:
\nThe Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEMs and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.
\n\nWith the largest collection of hackers in one area, there\'s no better way to understand the security state of an industry without bringing it to security professionals to break. Over the past 10 years, the Car Hacking Village has been the focal point of interest for new hackers entering the automotive industry to learn, be a part of and actually test out automotive technologies. We plan to use this event to keep drawing attention to the automotive security industry through hands-on challenges.
\n\n\'',NULL,615444),('2_Friday','11','10:00','16:30','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_120ee6e6b16b59c871dd077ea71c3f3e','\'\'',NULL,615445),('2_Friday','12','10:00','16:30','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_120ee6e6b16b59c871dd077ea71c3f3e','\'\'',NULL,615446),('2_Friday','13','10:00','16:30','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_120ee6e6b16b59c871dd077ea71c3f3e','\'\'',NULL,615447),('2_Friday','14','10:00','16:30','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_120ee6e6b16b59c871dd077ea71c3f3e','\'\'',NULL,615448),('2_Friday','15','10:00','16:30','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_120ee6e6b16b59c871dd077ea71c3f3e','\'\'',NULL,615449),('2_Friday','16','10:00','16:30','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_120ee6e6b16b59c871dd077ea71c3f3e','\'\'',NULL,615450),('4_Sunday','10','10:00','11:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_5e0e99b93dd52996791608a7588f473a','\'Title: Car Hacking Village CTF
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-01 - Map
\n
\nDescription:
\nThe Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEMs and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.
\n\nWith the largest collection of hackers in one area, there\'s no better way to understand the security state of an industry without bringing it to security professionals to break. Over the past 10 years, the Car Hacking Village has been the focal point of interest for new hackers entering the automotive industry to learn, be a part of and actually test out automotive technologies. We plan to use this event to keep drawing attention to the automotive security industry through hands-on challenges.
\n\n\'',NULL,615451),('4_Sunday','11','10:00','11:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_5e0e99b93dd52996791608a7588f473a','\'\'',NULL,615452),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_015dba50564622af7b140fc83c116a82','\'Title: Car Hacking Village CTF
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-01 - Map
\n
\nDescription:
\nThe Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEMs and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.
\n\nWith the largest collection of hackers in one area, there\'s no better way to understand the security state of an industry without bringing it to security professionals to break. Over the past 10 years, the Car Hacking Village has been the focal point of interest for new hackers entering the automotive industry to learn, be a part of and actually test out automotive technologies. We plan to use this event to keep drawing attention to the automotive security industry through hands-on challenges.
\n\n\'',NULL,615453),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_015dba50564622af7b140fc83c116a82','\'\'',NULL,615454),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_015dba50564622af7b140fc83c116a82','\'\'',NULL,615455),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_015dba50564622af7b140fc83c116a82','\'\'',NULL,615456),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_015dba50564622af7b140fc83c116a82','\'\'',NULL,615457),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_015dba50564622af7b140fc83c116a82','\'\'',NULL,615458),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_015dba50564622af7b140fc83c116a82','\'\'',NULL,615459),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-01','\'Car Hacking Village CTF\'','\'\'','CON_015dba50564622af7b140fc83c116a82','\'\'',NULL,615460),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_85b90275dd7bb484e09cf574c777170c','\'Title: 5N4CK3Y Contest
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-01-B - Map
\n
\nDescription:
\nAND!XOR creates electronic badges filled with hacker challenges. We love doing this, especially coming up with unique ways for hackers to earn them. Introducing the newest member of our hacker-fam: 5N4CK3Y (Snackey). 5N4CK3Y is a vending machine hardware hacking project from AND!XOR. We retrofitted it into an IoT CTF based badge dispensing machine, bling and all. Find a flag on our web hosted CTF platform, you get a 5N4CK3Y dispense code, punch it in, and a badge is vended to you! There are a variety of challenges to earn a badge as well others to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, network security, and cryptography to name a few. There\'s a little bit of everything, so it\'s a perfect way to learn something at one of the many DEF CON villages and talking with people you meet, then attempt one of the CTF challenges to dispense a badge. Hardware hacking is our passion and we want people to learn on badges, but more importantly that there\'s a lot to learn at DEF CON so our CTF will hopefully serve a desire to learn something new and meet new friends while trying to earn a badge and hack it further.
\n\n\'',NULL,615461),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_85b90275dd7bb484e09cf574c777170c','\'\'',NULL,615462),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_85b90275dd7bb484e09cf574c777170c','\'\'',NULL,615463),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_85b90275dd7bb484e09cf574c777170c','\'\'',NULL,615464),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_85b90275dd7bb484e09cf574c777170c','\'\'',NULL,615465),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_85b90275dd7bb484e09cf574c777170c','\'\'',NULL,615466),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_85b90275dd7bb484e09cf574c777170c','\'\'',NULL,615467),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_85b90275dd7bb484e09cf574c777170c','\'\'',NULL,615468),('4_Sunday','10','10:00','11:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_c75f73f5c34c2284fa01c22ca4fa2880','\'Title: 5N4CK3Y Contest
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-01-B - Map
\n
\nDescription:
\nAND!XOR creates electronic badges filled with hacker challenges. We love doing this, especially coming up with unique ways for hackers to earn them. Introducing the newest member of our hacker-fam: 5N4CK3Y (Snackey). 5N4CK3Y is a vending machine hardware hacking project from AND!XOR. We retrofitted it into an IoT CTF based badge dispensing machine, bling and all. Find a flag on our web hosted CTF platform, you get a 5N4CK3Y dispense code, punch it in, and a badge is vended to you! There are a variety of challenges to earn a badge as well others to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, network security, and cryptography to name a few. There\'s a little bit of everything, so it\'s a perfect way to learn something at one of the many DEF CON villages and talking with people you meet, then attempt one of the CTF challenges to dispense a badge. Hardware hacking is our passion and we want people to learn on badges, but more importantly that there\'s a lot to learn at DEF CON so our CTF will hopefully serve a desire to learn something new and meet new friends while trying to earn a badge and hack it further.
\n\n\'',NULL,615469),('4_Sunday','11','10:00','11:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_c75f73f5c34c2284fa01c22ca4fa2880','\'\'',NULL,615470),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_7228bcd67a9d5c02a659ba376a9e6ab8','\'Title: 5N4CK3Y Contest
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-01-B - Map
\n
\nDescription:
\nAND!XOR creates electronic badges filled with hacker challenges. We love doing this, especially coming up with unique ways for hackers to earn them. Introducing the newest member of our hacker-fam: 5N4CK3Y (Snackey). 5N4CK3Y is a vending machine hardware hacking project from AND!XOR. We retrofitted it into an IoT CTF based badge dispensing machine, bling and all. Find a flag on our web hosted CTF platform, you get a 5N4CK3Y dispense code, punch it in, and a badge is vended to you! There are a variety of challenges to earn a badge as well others to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, network security, and cryptography to name a few. There\'s a little bit of everything, so it\'s a perfect way to learn something at one of the many DEF CON villages and talking with people you meet, then attempt one of the CTF challenges to dispense a badge. Hardware hacking is our passion and we want people to learn on badges, but more importantly that there\'s a lot to learn at DEF CON so our CTF will hopefully serve a desire to learn something new and meet new friends while trying to earn a badge and hack it further.
\n\n\'',NULL,615471),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_7228bcd67a9d5c02a659ba376a9e6ab8','\'\'',NULL,615472),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_7228bcd67a9d5c02a659ba376a9e6ab8','\'\'',NULL,615473),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_7228bcd67a9d5c02a659ba376a9e6ab8','\'\'',NULL,615474),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_7228bcd67a9d5c02a659ba376a9e6ab8','\'\'',NULL,615475),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_7228bcd67a9d5c02a659ba376a9e6ab8','\'\'',NULL,615476),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_7228bcd67a9d5c02a659ba376a9e6ab8','\'\'',NULL,615477),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-B','\'5N4CK3Y Contest\'','\'\'','CON_7228bcd67a9d5c02a659ba376a9e6ab8','\'\'',NULL,615478),('4_Sunday','10','10:00','11:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_d7a8c37a7bc9fd106ed00e3377b499ff','\'Title: ? Cube
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02 - Map
\n
\nDescription:
\nIn-Person Contest\nFriday and Saturday: 10:00-18:00; Sunday: 10:00-12:00
\n\nThe Return of ? Cube
\n\n? Cube returns, weaving a tale that transcends the ordinary. This year, engagement is not just a theme—it\'s a journey through the multidimensional realms of hacking. Progressive Puzzles: Unlock the secrets of each compartment as you journey through progressively harder puzzles. From the Front\'s gentle introduction to the Top\'s formidable challenges, the Cube invites you to engage with the spectrum of cybersecurity domains. Physical Entry Unleashed: In a bold evolution, physical entry becomes a key component. Navigate the tangible aspects of physical entry, decoding not only in the digital realm but also as you immerse yourself physically in the enigmatic sides of ? Cube. Cryptic Narratives: As each compartment unfolds, the narrative of engagement takes shape. The puzzles, touching on encryption, penetration testing, and beyond. Silent Intricacies: Engage not only with the puzzles but also with the silent intricacies woven into the physical challenges. Decrypt messages, decipher patterns, and embrace the essence of Defcon as you navigate the unseen and the tangible. Embark on the Engage Journey: ? Cube calls upon the curious and the bold. Embark on a journey where the puzzles transcend the digital divide, demanding both mental acuity and physical prowess. H4QEG5LCMUQEAICEMVTGG33OEAZTEICSMVQWI6JAORXSAZLOM5QWOZJ7
\n\n\'',NULL,615479),('4_Sunday','11','10:00','11:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_d7a8c37a7bc9fd106ed00e3377b499ff','\'\'',NULL,615480),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_4abd21313c2288d466ada9d1b9b968e2','\'Title: ? Cube
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02 - Map
\n
\nDescription:
\nIn-Person Contest\nFriday and Saturday: 10:00-18:00; Sunday: 10:00-12:00
\n\nThe Return of ? Cube
\n\n? Cube returns, weaving a tale that transcends the ordinary. This year, engagement is not just a theme—it\'s a journey through the multidimensional realms of hacking. Progressive Puzzles: Unlock the secrets of each compartment as you journey through progressively harder puzzles. From the Front\'s gentle introduction to the Top\'s formidable challenges, the Cube invites you to engage with the spectrum of cybersecurity domains. Physical Entry Unleashed: In a bold evolution, physical entry becomes a key component. Navigate the tangible aspects of physical entry, decoding not only in the digital realm but also as you immerse yourself physically in the enigmatic sides of ? Cube. Cryptic Narratives: As each compartment unfolds, the narrative of engagement takes shape. The puzzles, touching on encryption, penetration testing, and beyond. Silent Intricacies: Engage not only with the puzzles but also with the silent intricacies woven into the physical challenges. Decrypt messages, decipher patterns, and embrace the essence of Defcon as you navigate the unseen and the tangible. Embark on the Engage Journey: ? Cube calls upon the curious and the bold. Embark on a journey where the puzzles transcend the digital divide, demanding both mental acuity and physical prowess. H4QEG5LCMUQEAICEMVTGG33OEAZTEICSMVQWI6JAORXSAZLOM5QWOZJ7
\n\n\'',NULL,615481),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_4abd21313c2288d466ada9d1b9b968e2','\'\'',NULL,615482),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_4abd21313c2288d466ada9d1b9b968e2','\'\'',NULL,615483),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_4abd21313c2288d466ada9d1b9b968e2','\'\'',NULL,615484),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_4abd21313c2288d466ada9d1b9b968e2','\'\'',NULL,615485),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_4abd21313c2288d466ada9d1b9b968e2','\'\'',NULL,615486),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_4abd21313c2288d466ada9d1b9b968e2','\'\'',NULL,615487),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_4abd21313c2288d466ada9d1b9b968e2','\'\'',NULL,615488),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_be8d15714728ae73f1895c9630da6fa8','\'Title: ? Cube
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02 - Map
\n
\nDescription:
\nIn-Person Contest\nFriday and Saturday: 10:00-18:00; Sunday: 10:00-12:00
\n\nThe Return of ? Cube
\n\n? Cube returns, weaving a tale that transcends the ordinary. This year, engagement is not just a theme—it\'s a journey through the multidimensional realms of hacking. Progressive Puzzles: Unlock the secrets of each compartment as you journey through progressively harder puzzles. From the Front\'s gentle introduction to the Top\'s formidable challenges, the Cube invites you to engage with the spectrum of cybersecurity domains. Physical Entry Unleashed: In a bold evolution, physical entry becomes a key component. Navigate the tangible aspects of physical entry, decoding not only in the digital realm but also as you immerse yourself physically in the enigmatic sides of ? Cube. Cryptic Narratives: As each compartment unfolds, the narrative of engagement takes shape. The puzzles, touching on encryption, penetration testing, and beyond. Silent Intricacies: Engage not only with the puzzles but also with the silent intricacies woven into the physical challenges. Decrypt messages, decipher patterns, and embrace the essence of Defcon as you navigate the unseen and the tangible. Embark on the Engage Journey: ? Cube calls upon the curious and the bold. Embark on a journey where the puzzles transcend the digital divide, demanding both mental acuity and physical prowess. H4QEG5LCMUQEAICEMVTGG33OEAZTEICSMVQWI6JAORXSAZLOM5QWOZJ7
\n\n\'',NULL,615489),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_be8d15714728ae73f1895c9630da6fa8','\'\'',NULL,615490),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_be8d15714728ae73f1895c9630da6fa8','\'\'',NULL,615491),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_be8d15714728ae73f1895c9630da6fa8','\'\'',NULL,615492),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_be8d15714728ae73f1895c9630da6fa8','\'\'',NULL,615493),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_be8d15714728ae73f1895c9630da6fa8','\'\'',NULL,615494),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_be8d15714728ae73f1895c9630da6fa8','\'\'',NULL,615495),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02','\'? Cube\'','\'\'','CON_be8d15714728ae73f1895c9630da6fa8','\'\'',NULL,615496),('3_Saturday','10','10:00','16:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_107055b6df02f3001cf1a852e8ea4177','\'Title: Red Team Village CTF
\nWhen: Saturday, Aug 10, 10:00 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-05-C - Map
\n
\nDescription:
\nThe Red Team Capture the Flag (CTF) competition is back at DEFCON! It is a challenging and exciting event that tests the skills of participants in offensive security.
\n\nThe Red Team CTF is designed to simulate real-world challenges in which attackers are put to the test. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities.
\n\nTeams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities and solve challenges.
\n\nThe Red Team CTF at DEFCON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants\' technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.
\n\n\'',NULL,615497),('3_Saturday','11','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_107055b6df02f3001cf1a852e8ea4177','\'\'',NULL,615498),('3_Saturday','12','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_107055b6df02f3001cf1a852e8ea4177','\'\'',NULL,615499),('3_Saturday','13','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_107055b6df02f3001cf1a852e8ea4177','\'\'',NULL,615500),('3_Saturday','14','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_107055b6df02f3001cf1a852e8ea4177','\'\'',NULL,615501),('3_Saturday','15','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_107055b6df02f3001cf1a852e8ea4177','\'\'',NULL,615502),('3_Saturday','16','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_107055b6df02f3001cf1a852e8ea4177','\'\'',NULL,615503),('4_Sunday','10','10:00','11:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_21b18c68fecf08c2ad95b407181c58d6','\'Title: Red Team Village CTF
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-05-C - Map
\n
\nDescription:
\nThe Red Team Capture the Flag (CTF) competition is back at DEFCON! It is a challenging and exciting event that tests the skills of participants in offensive security.
\n\nThe Red Team CTF is designed to simulate real-world challenges in which attackers are put to the test. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities.
\n\nTeams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities and solve challenges.
\n\nThe Red Team CTF at DEFCON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants\' technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.
\n\n\'',NULL,615504),('4_Sunday','11','10:00','11:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_21b18c68fecf08c2ad95b407181c58d6','\'\'',NULL,615505),('2_Friday','10','10:00','16:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_dfebb2944f612c2924bba0255a7670b7','\'Title: Red Team Village CTF
\nWhen: Friday, Aug 9, 10:00 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-05-C - Map
\n
\nDescription:
\nThe Red Team Capture the Flag (CTF) competition is back at DEFCON! It is a challenging and exciting event that tests the skills of participants in offensive security.
\n\nThe Red Team CTF is designed to simulate real-world challenges in which attackers are put to the test. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities.
\n\nTeams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities and solve challenges.
\n\nThe Red Team CTF at DEFCON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants\' technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.
\n\n\'',NULL,615506),('2_Friday','11','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_dfebb2944f612c2924bba0255a7670b7','\'\'',NULL,615507),('2_Friday','12','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_dfebb2944f612c2924bba0255a7670b7','\'\'',NULL,615508),('2_Friday','13','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_dfebb2944f612c2924bba0255a7670b7','\'\'',NULL,615509),('2_Friday','14','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_dfebb2944f612c2924bba0255a7670b7','\'\'',NULL,615510),('2_Friday','15','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_dfebb2944f612c2924bba0255a7670b7','\'\'',NULL,615511),('2_Friday','16','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-C','\'Red Team Village CTF\'','\'\'','CON_dfebb2944f612c2924bba0255a7670b7','\'\'',NULL,615512),('2_Friday','10','10:00','17:59','N','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_17400ce6a5de1c491481112e44693d8c','\'Title: venator aurum - A Treasure Hunt
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nTravel the seven seas to the seven wonders across time to test your skills across both old and new worlds. Every journey\'s end yields its own reward, but there is only one who can claim to be the first to the summit. Bring your entire tech arsenal or just a phone. Start at the broken compass and push forward into the known to seek the unknown. Wonders, plunder, and glory to those who test the waters and themselves.
\n\n\'',NULL,615513),('2_Friday','11','10:00','17:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_17400ce6a5de1c491481112e44693d8c','\'\'',NULL,615514),('2_Friday','12','10:00','17:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_17400ce6a5de1c491481112e44693d8c','\'\'',NULL,615515),('2_Friday','13','10:00','17:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_17400ce6a5de1c491481112e44693d8c','\'\'',NULL,615516),('2_Friday','14','10:00','17:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_17400ce6a5de1c491481112e44693d8c','\'\'',NULL,615517),('2_Friday','15','10:00','17:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_17400ce6a5de1c491481112e44693d8c','\'\'',NULL,615518),('2_Friday','16','10:00','17:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_17400ce6a5de1c491481112e44693d8c','\'\'',NULL,615519),('2_Friday','17','10:00','17:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_17400ce6a5de1c491481112e44693d8c','\'\'',NULL,615520),('3_Saturday','10','10:00','17:59','N','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_ffb7ca82057afdc550433abcd958f130','\'Title: venator aurum - A Treasure Hunt
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nTravel the seven seas to the seven wonders across time to test your skills across both old and new worlds. Every journey\'s end yields its own reward, but there is only one who can claim to be the first to the summit. Bring your entire tech arsenal or just a phone. Start at the broken compass and push forward into the known to seek the unknown. Wonders, plunder, and glory to those who test the waters and themselves.
\n\n\'',NULL,615521),('3_Saturday','11','10:00','17:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_ffb7ca82057afdc550433abcd958f130','\'\'',NULL,615522),('3_Saturday','12','10:00','17:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_ffb7ca82057afdc550433abcd958f130','\'\'',NULL,615523),('3_Saturday','13','10:00','17:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_ffb7ca82057afdc550433abcd958f130','\'\'',NULL,615524),('3_Saturday','14','10:00','17:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_ffb7ca82057afdc550433abcd958f130','\'\'',NULL,615525),('3_Saturday','15','10:00','17:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_ffb7ca82057afdc550433abcd958f130','\'\'',NULL,615526),('3_Saturday','16','10:00','17:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_ffb7ca82057afdc550433abcd958f130','\'\'',NULL,615527),('3_Saturday','17','10:00','17:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_ffb7ca82057afdc550433abcd958f130','\'\'',NULL,615528),('4_Sunday','10','10:00','12:59','N','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_3572ca6a36ee829a24cbb240fe2d6c7a','\'Title: venator aurum - A Treasure Hunt
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nTravel the seven seas to the seven wonders across time to test your skills across both old and new worlds. Every journey\'s end yields its own reward, but there is only one who can claim to be the first to the summit. Bring your entire tech arsenal or just a phone. Start at the broken compass and push forward into the known to seek the unknown. Wonders, plunder, and glory to those who test the waters and themselves.
\n\n\'',NULL,615529),('4_Sunday','11','10:00','12:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_3572ca6a36ee829a24cbb240fe2d6c7a','\'\'',NULL,615530),('4_Sunday','12','10:00','12:59','Y','CON','Other / See Description','\'venator aurum - A Treasure Hunt\'','\'\'','CON_3572ca6a36ee829a24cbb240fe2d6c7a','\'\'',NULL,615531),('3_Saturday','10','10:00','16:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-D','\'Tinfoil Hat Contest\'','\'\'','CON_aeddd881a2e0df7ddb0e731bd13ec5c6','\'Title: Tinfoil Hat Contest
\nWhen: Saturday, Aug 10, 10:00 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-04-D - Map
\n
\nDescription:
\nWant to protect your noggin from Taylor Swift\'s PsyOps plot for global domination? Have you angered our new AI Overlords, and now need to hide? Or do those alien mind control rays just have you feeling down lately? Fear not, for we here at the Tin Foil Hat Contest have your back for all of these! Come find us in the contest area, and we\'ll have you build a tin foil hat which is guaranteed to provide top quality protection for your cerebellum . How you ask? SCIENCE!
\n\nShow us your skills by building a tin foil hat to shield your subversive thoughts, then test it out for effectiveness.
\n\nThere are 2 categories: stock and unlimited. The hat in each category that causes the most signal attenuation will receive the \"Substance\" award for that category. We all know that hacker culture is all about looking good though, so a single winner will be selected for \"Style\". We provide all contestants a meter of foil, but you\'re welcome to acquire and use as much as you want from other sources.
\n\n\'',NULL,615532),('3_Saturday','11','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-D','\'Tinfoil Hat Contest\'','\'\'','CON_aeddd881a2e0df7ddb0e731bd13ec5c6','\'\'',NULL,615533),('3_Saturday','12','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-D','\'Tinfoil Hat Contest\'','\'\'','CON_aeddd881a2e0df7ddb0e731bd13ec5c6','\'\'',NULL,615534),('3_Saturday','13','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-D','\'Tinfoil Hat Contest\'','\'\'','CON_aeddd881a2e0df7ddb0e731bd13ec5c6','\'\'',NULL,615535),('3_Saturday','14','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-D','\'Tinfoil Hat Contest\'','\'\'','CON_aeddd881a2e0df7ddb0e731bd13ec5c6','\'\'',NULL,615536),('3_Saturday','15','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-D','\'Tinfoil Hat Contest\'','\'\'','CON_aeddd881a2e0df7ddb0e731bd13ec5c6','\'\'',NULL,615537),('3_Saturday','16','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-D','\'Tinfoil Hat Contest\'','\'\'','CON_aeddd881a2e0df7ddb0e731bd13ec5c6','\'\'',NULL,615538),('2_Friday','10','10:00','16:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-D','\'Tinfoil Hat Contest\'','\'\'','CON_e56739cb7a0ed76f2f0b3bf9e01ccf75','\'Title: Tinfoil Hat Contest
\nWhen: Friday, Aug 9, 10:00 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-04-D - Map
\n
\nDescription:
\nWant to protect your noggin from Taylor Swift\'s PsyOps plot for global domination? Have you angered our new AI Overlords, and now need to hide? Or do those alien mind control rays just have you feeling down lately? Fear not, for we here at the Tin Foil Hat Contest have your back for all of these! Come find us in the contest area, and we\'ll have you build a tin foil hat which is guaranteed to provide top quality protection for your cerebellum . How you ask? SCIENCE!
\n\nShow us your skills by building a tin foil hat to shield your subversive thoughts, then test it out for effectiveness.
\n\nThere are 2 categories: stock and unlimited. The hat in each category that causes the most signal attenuation will receive the \"Substance\" award for that category. We all know that hacker culture is all about looking good though, so a single winner will be selected for \"Style\". We provide all contestants a meter of foil, but you\'re welcome to acquire and use as much as you want from other sources.
\n\n\'',NULL,615539),('2_Friday','11','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-D','\'Tinfoil Hat Contest\'','\'\'','CON_e56739cb7a0ed76f2f0b3bf9e01ccf75','\'\'',NULL,615540),('2_Friday','12','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-D','\'Tinfoil Hat Contest\'','\'\'','CON_e56739cb7a0ed76f2f0b3bf9e01ccf75','\'\'',NULL,615541),('2_Friday','13','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-D','\'Tinfoil Hat Contest\'','\'\'','CON_e56739cb7a0ed76f2f0b3bf9e01ccf75','\'\'',NULL,615542),('2_Friday','14','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-D','\'Tinfoil Hat Contest\'','\'\'','CON_e56739cb7a0ed76f2f0b3bf9e01ccf75','\'\'',NULL,615543),('2_Friday','15','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-D','\'Tinfoil Hat Contest\'','\'\'','CON_e56739cb7a0ed76f2f0b3bf9e01ccf75','\'\'',NULL,615544),('2_Friday','16','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-D','\'Tinfoil Hat Contest\'','\'\'','CON_e56739cb7a0ed76f2f0b3bf9e01ccf75','\'\'',NULL,615545),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_57c483ca579e1ab3a09df1cfad5d96d4','\'Title: spyVspy
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-G - Map
\n
\nDescription:
\nEmbark on a thrilling espionage adventure with spyVspy! This contest imagines a world of spy games where contestants employ basic hacking, cryptography, and rogue skills to solve puzzles and uncover hidden caches strategically scattered throughout DEF CON (and beyond).
\n\nContestants will engage in a real-world treasure hunt, where the locations of hidden caches are revealed by solving the types of puzzles you\'d expect to see at DEF CON. Traditional ciphers, lockpicking, OSINT, and very basic hacking/pentesting skills may be required.
\n\nspyVspy is intended for players of all skill levels. Whether you\'re a seasoned double-agent or just learning to be a covert operative, you will be able to compete and have fun in this event. Whatever skills you think you\'re missing can probably be learned on-the-job anyway.
\n\n\'',NULL,615546),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_57c483ca579e1ab3a09df1cfad5d96d4','\'\'',NULL,615547),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_57c483ca579e1ab3a09df1cfad5d96d4','\'\'',NULL,615548),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_57c483ca579e1ab3a09df1cfad5d96d4','\'\'',NULL,615549),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_57c483ca579e1ab3a09df1cfad5d96d4','\'\'',NULL,615550),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_57c483ca579e1ab3a09df1cfad5d96d4','\'\'',NULL,615551),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_57c483ca579e1ab3a09df1cfad5d96d4','\'\'',NULL,615552),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_57c483ca579e1ab3a09df1cfad5d96d4','\'\'',NULL,615553),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_e5b08f8e940bf908eb8d3240116b5803','\'Title: spyVspy
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-G - Map
\n
\nDescription:
\nEmbark on a thrilling espionage adventure with spyVspy! This contest imagines a world of spy games where contestants employ basic hacking, cryptography, and rogue skills to solve puzzles and uncover hidden caches strategically scattered throughout DEF CON (and beyond).
\n\nContestants will engage in a real-world treasure hunt, where the locations of hidden caches are revealed by solving the types of puzzles you\'d expect to see at DEF CON. Traditional ciphers, lockpicking, OSINT, and very basic hacking/pentesting skills may be required.
\n\nspyVspy is intended for players of all skill levels. Whether you\'re a seasoned double-agent or just learning to be a covert operative, you will be able to compete and have fun in this event. Whatever skills you think you\'re missing can probably be learned on-the-job anyway.
\n\n\'',NULL,615554),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_e5b08f8e940bf908eb8d3240116b5803','\'\'',NULL,615555),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_e5b08f8e940bf908eb8d3240116b5803','\'\'',NULL,615556),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_e5b08f8e940bf908eb8d3240116b5803','\'\'',NULL,615557),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_e5b08f8e940bf908eb8d3240116b5803','\'\'',NULL,615558),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_e5b08f8e940bf908eb8d3240116b5803','\'\'',NULL,615559),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_e5b08f8e940bf908eb8d3240116b5803','\'\'',NULL,615560),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-G','\'spyVspy\'','\'\'','CON_e5b08f8e940bf908eb8d3240116b5803','\'\'',NULL,615561),('2_Friday','12','12:00','16:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-07','\'Red Alert ICS CTF\'','\'\'','CON_93f2d6183202433387b903124ea06d5f','\'Title: Red Alert ICS CTF
\nWhen: Friday, Aug 9, 12:00 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-07 - Map
\n
\nDescription:
\nRed Alert ICS CTF is a competition for Hackers by Hackers, organized by the RedAlert Lab of NSHC Security. The event exclusively focuses on having the participants clear a series of challenges and break through several layers of security in our OT environment and eventually take over complete control of the ICS components.
\n\nRed Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF since DEF CON 26. Red Alert ICS CTF is proud to be among the Black Badge contests at DEF CON 31 and DEF CON 26.
\n\nThe contest would house real world ICS (Industrial Control System) equipment from various vendors on showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.
\n\nRed Alert ICS CTF at DEF CON 32 would also be offering players the unique opportunity to compromise the latest cyber ranges on Maritime Cyber Security.
\n\n\'',NULL,615562),('2_Friday','13','12:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-07','\'Red Alert ICS CTF\'','\'\'','CON_93f2d6183202433387b903124ea06d5f','\'\'',NULL,615563),('2_Friday','14','12:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-07','\'Red Alert ICS CTF\'','\'\'','CON_93f2d6183202433387b903124ea06d5f','\'\'',NULL,615564),('2_Friday','15','12:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-07','\'Red Alert ICS CTF\'','\'\'','CON_93f2d6183202433387b903124ea06d5f','\'\'',NULL,615565),('2_Friday','16','12:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-07','\'Red Alert ICS CTF\'','\'\'','CON_93f2d6183202433387b903124ea06d5f','\'\'',NULL,615566),('3_Saturday','10','10:00','16:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-07','\'Red Alert ICS CTF\'','\'\'','CON_52bfb83078e09646a4780990afc5a7c7','\'Title: Red Alert ICS CTF
\nWhen: Saturday, Aug 10, 10:00 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-07 - Map
\n
\nDescription:
\nRed Alert ICS CTF is a competition for Hackers by Hackers, organized by the RedAlert Lab of NSHC Security. The event exclusively focuses on having the participants clear a series of challenges and break through several layers of security in our OT environment and eventually take over complete control of the ICS components.
\n\nRed Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF since DEF CON 26. Red Alert ICS CTF is proud to be among the Black Badge contests at DEF CON 31 and DEF CON 26.
\n\nThe contest would house real world ICS (Industrial Control System) equipment from various vendors on showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.
\n\nRed Alert ICS CTF at DEF CON 32 would also be offering players the unique opportunity to compromise the latest cyber ranges on Maritime Cyber Security.
\n\n\'',NULL,615567),('3_Saturday','11','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-07','\'Red Alert ICS CTF\'','\'\'','CON_52bfb83078e09646a4780990afc5a7c7','\'\'',NULL,615568),('3_Saturday','12','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-07','\'Red Alert ICS CTF\'','\'\'','CON_52bfb83078e09646a4780990afc5a7c7','\'\'',NULL,615569),('3_Saturday','13','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-07','\'Red Alert ICS CTF\'','\'\'','CON_52bfb83078e09646a4780990afc5a7c7','\'\'',NULL,615570),('3_Saturday','14','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-07','\'Red Alert ICS CTF\'','\'\'','CON_52bfb83078e09646a4780990afc5a7c7','\'\'',NULL,615571),('3_Saturday','15','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-07','\'Red Alert ICS CTF\'','\'\'','CON_52bfb83078e09646a4780990afc5a7c7','\'\'',NULL,615572),('3_Saturday','16','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-07','\'Red Alert ICS CTF\'','\'\'','CON_52bfb83078e09646a4780990afc5a7c7','\'\'',NULL,615573),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_c1a886f18cd9b63c01b1c9273b7e67da','\'Title: REALI7Y OVERRUN
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-E - Map
\n
\nDescription:
\nThis is going to be an interactive live game that is driven by a near future storyline in which deepfakes and forgeries are so difficult to detect that bad actors and foreign governments are fully engaged in a war over people\'s minds. At the same time, the world is sitting on the brink of the so-called \"singularity,\" as AI advancements have completely blurred the line between artificial and natural cognition, and the Turing test has been rendered decisively moot.
\n\nTeams will join the game and follow the storyline to clues that will give them hints about who they can trust and who they can\'t. The clues will follow the pattern of deepfakes and forgeries, asking players to figure out what\'s real and what\'s not, focusing on hacker and defcon focus areas such as authentication, trust, social engineering, hardware and software manipulation and more. They will be given a rich story that will lead them to research the underlying issues in trust and anonymous trust systems. They will also encounter challenges and tutorials on video and image validation and cryptographically safe messaging.
\n\n\'',NULL,615574),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_c1a886f18cd9b63c01b1c9273b7e67da','\'\'',NULL,615575),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_c1a886f18cd9b63c01b1c9273b7e67da','\'\'',NULL,615576),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_7e2c1058d569a464fc24bcc6c54c0385','\'Title: REALI7Y OVERRUN
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-E - Map
\n
\nDescription:
\nThis is going to be an interactive live game that is driven by a near future storyline in which deepfakes and forgeries are so difficult to detect that bad actors and foreign governments are fully engaged in a war over people\'s minds. At the same time, the world is sitting on the brink of the so-called \"singularity,\" as AI advancements have completely blurred the line between artificial and natural cognition, and the Turing test has been rendered decisively moot.
\n\nTeams will join the game and follow the storyline to clues that will give them hints about who they can trust and who they can\'t. The clues will follow the pattern of deepfakes and forgeries, asking players to figure out what\'s real and what\'s not, focusing on hacker and defcon focus areas such as authentication, trust, social engineering, hardware and software manipulation and more. They will be given a rich story that will lead them to research the underlying issues in trust and anonymous trust systems. They will also encounter challenges and tutorials on video and image validation and cryptographically safe messaging.
\n\n\'',NULL,615577),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_7e2c1058d569a464fc24bcc6c54c0385','\'\'',NULL,615578),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_7e2c1058d569a464fc24bcc6c54c0385','\'\'',NULL,615579),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_7e2c1058d569a464fc24bcc6c54c0385','\'\'',NULL,615580),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_7e2c1058d569a464fc24bcc6c54c0385','\'\'',NULL,615581),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_7e2c1058d569a464fc24bcc6c54c0385','\'\'',NULL,615582),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_7e2c1058d569a464fc24bcc6c54c0385','\'\'',NULL,615583),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_7e2c1058d569a464fc24bcc6c54c0385','\'\'',NULL,615584),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_234fa771d429f310a15b1de0a35cd6ce','\'Title: REALI7Y OVERRUN
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-E - Map
\n
\nDescription:
\nThis is going to be an interactive live game that is driven by a near future storyline in which deepfakes and forgeries are so difficult to detect that bad actors and foreign governments are fully engaged in a war over people\'s minds. At the same time, the world is sitting on the brink of the so-called \"singularity,\" as AI advancements have completely blurred the line between artificial and natural cognition, and the Turing test has been rendered decisively moot.
\n\nTeams will join the game and follow the storyline to clues that will give them hints about who they can trust and who they can\'t. The clues will follow the pattern of deepfakes and forgeries, asking players to figure out what\'s real and what\'s not, focusing on hacker and defcon focus areas such as authentication, trust, social engineering, hardware and software manipulation and more. They will be given a rich story that will lead them to research the underlying issues in trust and anonymous trust systems. They will also encounter challenges and tutorials on video and image validation and cryptographically safe messaging.
\n\n\'',NULL,615585),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_234fa771d429f310a15b1de0a35cd6ce','\'\'',NULL,615586),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_234fa771d429f310a15b1de0a35cd6ce','\'\'',NULL,615587),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_234fa771d429f310a15b1de0a35cd6ce','\'\'',NULL,615588),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_234fa771d429f310a15b1de0a35cd6ce','\'\'',NULL,615589),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_234fa771d429f310a15b1de0a35cd6ce','\'\'',NULL,615590),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_234fa771d429f310a15b1de0a35cd6ce','\'\'',NULL,615591),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-E','\'REALI7Y OVERRUN\'','\'\'','CON_234fa771d429f310a15b1de0a35cd6ce','\'\'',NULL,615592),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_96b275fefc8e8bc51da9652d5ae2c831','\'Title: QOLOSSUS
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nThere’s a new emerging tech in town, and it’s name is Quantum! Following the past two years of Quantum CTF events held at the Quantum Village, we are pleased, proud, and excited to announce that our Q-CTF is indeed returning as Codename; QOLOSSUS! Pit your wits against the Atom, and come and see what devilish challenges from our Quantum Quizmasters await. Come and show your quantum prowess, and mastery of superposition and entanglement - design algorithms to break cryptography, hack our simulated quantum communications, and score points in our IRL activities. |Good Luck!〉
\n\n\'',NULL,615593),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_96b275fefc8e8bc51da9652d5ae2c831','\'\'',NULL,615594),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_96b275fefc8e8bc51da9652d5ae2c831','\'\'',NULL,615595),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_96b275fefc8e8bc51da9652d5ae2c831','\'\'',NULL,615596),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_96b275fefc8e8bc51da9652d5ae2c831','\'\'',NULL,615597),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_96b275fefc8e8bc51da9652d5ae2c831','\'\'',NULL,615598),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_96b275fefc8e8bc51da9652d5ae2c831','\'\'',NULL,615599),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_96b275fefc8e8bc51da9652d5ae2c831','\'\'',NULL,615600),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_fd1d27d04b99f64faa5af376061264ff','\'Title: QOLOSSUS
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nThere’s a new emerging tech in town, and it’s name is Quantum! Following the past two years of Quantum CTF events held at the Quantum Village, we are pleased, proud, and excited to announce that our Q-CTF is indeed returning as Codename; QOLOSSUS! Pit your wits against the Atom, and come and see what devilish challenges from our Quantum Quizmasters await. Come and show your quantum prowess, and mastery of superposition and entanglement - design algorithms to break cryptography, hack our simulated quantum communications, and score points in our IRL activities. |Good Luck!〉
\n\n\'',NULL,615601),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_fd1d27d04b99f64faa5af376061264ff','\'\'',NULL,615602),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_fd1d27d04b99f64faa5af376061264ff','\'\'',NULL,615603),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_5d40f62b937791eaeb29b74b860dd17b','\'Title: QOLOSSUS
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nThere’s a new emerging tech in town, and it’s name is Quantum! Following the past two years of Quantum CTF events held at the Quantum Village, we are pleased, proud, and excited to announce that our Q-CTF is indeed returning as Codename; QOLOSSUS! Pit your wits against the Atom, and come and see what devilish challenges from our Quantum Quizmasters await. Come and show your quantum prowess, and mastery of superposition and entanglement - design algorithms to break cryptography, hack our simulated quantum communications, and score points in our IRL activities. |Good Luck!〉
\n\n\'',NULL,615604),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_5d40f62b937791eaeb29b74b860dd17b','\'\'',NULL,615605),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_5d40f62b937791eaeb29b74b860dd17b','\'\'',NULL,615606),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_5d40f62b937791eaeb29b74b860dd17b','\'\'',NULL,615607),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_5d40f62b937791eaeb29b74b860dd17b','\'\'',NULL,615608),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_5d40f62b937791eaeb29b74b860dd17b','\'\'',NULL,615609),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_5d40f62b937791eaeb29b74b860dd17b','\'\'',NULL,615610),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS\'','\'\'','CON_5d40f62b937791eaeb29b74b860dd17b','\'\'',NULL,615611),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_e8141704f89ae0f8224549bea76a1245','\'Title: Pinball High Score Contest
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-01-A - Map
\n
\nDescription:
\nThe inaugural Pinball High Score contest at DEF CON will run Friday and Saturday:
\n\nAchieving a high score may sound simple but pinball rulesets are very complex and the skill to complete a “Wizard Mode” or achieve a high score requires research, practice, knowledge and execution. Out of the box thinking, analytical skills and pattern recognition are traits that pinball players must exhibit to be successful and some games have rule sets that can be studied and exploited to achieve a high score. Hackers are at an advantage here and while this is just a pinball contest, I expect that the community is ready for this challenge.
\n\nStern Pinball has prepared an exclusive DEF CON 32 digital badge that will be available for any attendee to earn for playing in this event. Additional DEF CON specific Insider Connect badges may be unlocked during game play.
\n\nPinball developers have a long history of including Easter Eggs/COWS in games. Easter eggs “may” also be available for attendees to discover during the conference. Undocumented Easter eggs found by players during the event will be documented, verified and recognized.
\n\n\'',NULL,615612),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_e8141704f89ae0f8224549bea76a1245','\'\'',NULL,615613),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_e8141704f89ae0f8224549bea76a1245','\'\'',NULL,615614),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_664b8ec1d17c66a1ebeebf5431b2bafd','\'Title: Pinball High Score Contest
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-01-A - Map
\n
\nDescription:
\nThe inaugural Pinball High Score contest at DEF CON will run Friday and Saturday:
\n\nAchieving a high score may sound simple but pinball rulesets are very complex and the skill to complete a “Wizard Mode” or achieve a high score requires research, practice, knowledge and execution. Out of the box thinking, analytical skills and pattern recognition are traits that pinball players must exhibit to be successful and some games have rule sets that can be studied and exploited to achieve a high score. Hackers are at an advantage here and while this is just a pinball contest, I expect that the community is ready for this challenge.
\n\nStern Pinball has prepared an exclusive DEF CON 32 digital badge that will be available for any attendee to earn for playing in this event. Additional DEF CON specific Insider Connect badges may be unlocked during game play.
\n\nPinball developers have a long history of including Easter Eggs/COWS in games. Easter eggs “may” also be available for attendees to discover during the conference. Undocumented Easter eggs found by players during the event will be documented, verified and recognized.
\n\n\'',NULL,615615),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_664b8ec1d17c66a1ebeebf5431b2bafd','\'\'',NULL,615616),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_664b8ec1d17c66a1ebeebf5431b2bafd','\'\'',NULL,615617),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_664b8ec1d17c66a1ebeebf5431b2bafd','\'\'',NULL,615618),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_664b8ec1d17c66a1ebeebf5431b2bafd','\'\'',NULL,615619),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_664b8ec1d17c66a1ebeebf5431b2bafd','\'\'',NULL,615620),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_664b8ec1d17c66a1ebeebf5431b2bafd','\'\'',NULL,615621),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_664b8ec1d17c66a1ebeebf5431b2bafd','\'\'',NULL,615622),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_92d96777d026885b655b5d3ea0781115','\'Title: Pinball High Score Contest
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-01-A - Map
\n
\nDescription:
\nThe inaugural Pinball High Score contest at DEF CON will run Friday and Saturday:
\n\nAchieving a high score may sound simple but pinball rulesets are very complex and the skill to complete a “Wizard Mode” or achieve a high score requires research, practice, knowledge and execution. Out of the box thinking, analytical skills and pattern recognition are traits that pinball players must exhibit to be successful and some games have rule sets that can be studied and exploited to achieve a high score. Hackers are at an advantage here and while this is just a pinball contest, I expect that the community is ready for this challenge.
\n\nStern Pinball has prepared an exclusive DEF CON 32 digital badge that will be available for any attendee to earn for playing in this event. Additional DEF CON specific Insider Connect badges may be unlocked during game play.
\n\nPinball developers have a long history of including Easter Eggs/COWS in games. Easter eggs “may” also be available for attendees to discover during the conference. Undocumented Easter eggs found by players during the event will be documented, verified and recognized.
\n\n\'',NULL,615623),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_92d96777d026885b655b5d3ea0781115','\'\'',NULL,615624),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_92d96777d026885b655b5d3ea0781115','\'\'',NULL,615625),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_92d96777d026885b655b5d3ea0781115','\'\'',NULL,615626),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_92d96777d026885b655b5d3ea0781115','\'\'',NULL,615627),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_92d96777d026885b655b5d3ea0781115','\'\'',NULL,615628),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_92d96777d026885b655b5d3ea0781115','\'\'',NULL,615629),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-A','\'Pinball High Score Contest\'','\'\'','CON_92d96777d026885b655b5d3ea0781115','\'\'',NULL,615630),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_e5e76219128d3c8a649c59c550500cee','\'Title: PhreakMe presented by HackedExistence
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-C - Map
\n
\nDescription:
\nThe contest will be hosted on the Publicly Switched Telephone Network and will be live for access 24/7, with real world PSTN phone numbers to dial into.
\n\nThe Hacked Existence team will be hosting a telecom based CTF. The CTF will be hosted on live VoIP lines routed through a modified asterisk PBX. This will allow participants to dial in to the CTF from a real world telephone routable phone number allowing them to hunt the PBX for flags. The flags will be based around utilizing historically accurate tactics, techniques, and procedures to manipulate emulated old school switching systems.
\n\nThe purpose of our contest is to bring awareness around the still existing weaknesses in our telecom infrastructure and Interactive Voice Response Systems. Ideally visitors to our contest area will participate in the CTF allowing them to get a better understanding of telecom hacking in the year 2024 as well as a respect for the art of phreaking from yesteryears.
\n\n\'',NULL,615631),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_e5e76219128d3c8a649c59c550500cee','\'\'',NULL,615632),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_e5e76219128d3c8a649c59c550500cee','\'\'',NULL,615633),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_7c1540f217365560bd53f025976097a5','\'Title: PhreakMe presented by HackedExistence
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-C - Map
\n
\nDescription:
\nThe contest will be hosted on the Publicly Switched Telephone Network and will be live for access 24/7, with real world PSTN phone numbers to dial into.
\n\nThe Hacked Existence team will be hosting a telecom based CTF. The CTF will be hosted on live VoIP lines routed through a modified asterisk PBX. This will allow participants to dial in to the CTF from a real world telephone routable phone number allowing them to hunt the PBX for flags. The flags will be based around utilizing historically accurate tactics, techniques, and procedures to manipulate emulated old school switching systems.
\n\nThe purpose of our contest is to bring awareness around the still existing weaknesses in our telecom infrastructure and Interactive Voice Response Systems. Ideally visitors to our contest area will participate in the CTF allowing them to get a better understanding of telecom hacking in the year 2024 as well as a respect for the art of phreaking from yesteryears.
\n\n\'',NULL,615634),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_7c1540f217365560bd53f025976097a5','\'\'',NULL,615635),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_7c1540f217365560bd53f025976097a5','\'\'',NULL,615636),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_7c1540f217365560bd53f025976097a5','\'\'',NULL,615637),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_7c1540f217365560bd53f025976097a5','\'\'',NULL,615638),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_7c1540f217365560bd53f025976097a5','\'\'',NULL,615639),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_7c1540f217365560bd53f025976097a5','\'\'',NULL,615640),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_7c1540f217365560bd53f025976097a5','\'\'',NULL,615641),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_88c70ebc33ce30fee282d3ae71ef8589','\'Title: PhreakMe presented by HackedExistence
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-C - Map
\n
\nDescription:
\nThe contest will be hosted on the Publicly Switched Telephone Network and will be live for access 24/7, with real world PSTN phone numbers to dial into.
\n\nThe Hacked Existence team will be hosting a telecom based CTF. The CTF will be hosted on live VoIP lines routed through a modified asterisk PBX. This will allow participants to dial in to the CTF from a real world telephone routable phone number allowing them to hunt the PBX for flags. The flags will be based around utilizing historically accurate tactics, techniques, and procedures to manipulate emulated old school switching systems.
\n\nThe purpose of our contest is to bring awareness around the still existing weaknesses in our telecom infrastructure and Interactive Voice Response Systems. Ideally visitors to our contest area will participate in the CTF allowing them to get a better understanding of telecom hacking in the year 2024 as well as a respect for the art of phreaking from yesteryears.
\n\n\'',NULL,615642),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_88c70ebc33ce30fee282d3ae71ef8589','\'\'',NULL,615643),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_88c70ebc33ce30fee282d3ae71ef8589','\'\'',NULL,615644),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_88c70ebc33ce30fee282d3ae71ef8589','\'\'',NULL,615645),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_88c70ebc33ce30fee282d3ae71ef8589','\'\'',NULL,615646),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_88c70ebc33ce30fee282d3ae71ef8589','\'\'',NULL,615647),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_88c70ebc33ce30fee282d3ae71ef8589','\'\'',NULL,615648),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-C','\'PhreakMe presented by HackedExistence\'','\'\'','CON_88c70ebc33ce30fee282d3ae71ef8589','\'\'',NULL,615649),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_c4039e6c76e83acac2f4cf63a096eaea','\'Title: Octopus Game
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-06-A - Map
\n
\nDescription:
\nGet ready to dive into the excitement of the third annual Octopus Game at DEF CON! Octopus Game is your chance to connect with fellow attendees while exploring all the fun and fascinating aspects of DEF CON. Whether you\'re new to DEF CON, a beginner at code-breaking, or simply seeking a stress-free contest, this is the perfect opportunity for you. Test your skills in clue reading and code-breaking as you join in on the fun!
\n\nYou and your fellow pirates will embark on an exhilarating journey, armed with clues that unveil the path to the lost treasure of a legendary pirate, now guarded by the mighty Kraken. These quests will guide you through the vibrant landscape of the Con, offering a glimpse into the myriad opportunities and experiences awaiting exploration. Designed to welcome newcomers to the hacking world, this contest fosters connections among attendees and contributors alike. Whether you choose to collaborate with a small group or brave the challenge solo, the decision is yours. Yet, amidst the excitement, remember that only one can emerge victorious. With challenges tailored for entry-level participants and a kid-friendly environment, come join us for a thrilling adventure into the depths of the Kraken\'s Conundrum.
\n\n\'',NULL,615650),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_c4039e6c76e83acac2f4cf63a096eaea','\'\'',NULL,615651),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_c4039e6c76e83acac2f4cf63a096eaea','\'\'',NULL,615652),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_c4039e6c76e83acac2f4cf63a096eaea','\'\'',NULL,615653),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_c4039e6c76e83acac2f4cf63a096eaea','\'\'',NULL,615654),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_c4039e6c76e83acac2f4cf63a096eaea','\'\'',NULL,615655),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_c4039e6c76e83acac2f4cf63a096eaea','\'\'',NULL,615656),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_c4039e6c76e83acac2f4cf63a096eaea','\'\'',NULL,615657),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_bc4a0f1e5d0112f517969a3d5d48ded3','\'Title: Octopus Game
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-06-A - Map
\n
\nDescription:
\nGet ready to dive into the excitement of the third annual Octopus Game at DEF CON! Octopus Game is your chance to connect with fellow attendees while exploring all the fun and fascinating aspects of DEF CON. Whether you\'re new to DEF CON, a beginner at code-breaking, or simply seeking a stress-free contest, this is the perfect opportunity for you. Test your skills in clue reading and code-breaking as you join in on the fun!
\n\nYou and your fellow pirates will embark on an exhilarating journey, armed with clues that unveil the path to the lost treasure of a legendary pirate, now guarded by the mighty Kraken. These quests will guide you through the vibrant landscape of the Con, offering a glimpse into the myriad opportunities and experiences awaiting exploration. Designed to welcome newcomers to the hacking world, this contest fosters connections among attendees and contributors alike. Whether you choose to collaborate with a small group or brave the challenge solo, the decision is yours. Yet, amidst the excitement, remember that only one can emerge victorious. With challenges tailored for entry-level participants and a kid-friendly environment, come join us for a thrilling adventure into the depths of the Kraken\'s Conundrum.
\n\n\'',NULL,615658),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_bc4a0f1e5d0112f517969a3d5d48ded3','\'\'',NULL,615659),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_bc4a0f1e5d0112f517969a3d5d48ded3','\'\'',NULL,615660),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_d3cc596659564e89700e8f80162a8b38','\'Title: Octopus Game
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-06-A - Map
\n
\nDescription:
\nGet ready to dive into the excitement of the third annual Octopus Game at DEF CON! Octopus Game is your chance to connect with fellow attendees while exploring all the fun and fascinating aspects of DEF CON. Whether you\'re new to DEF CON, a beginner at code-breaking, or simply seeking a stress-free contest, this is the perfect opportunity for you. Test your skills in clue reading and code-breaking as you join in on the fun!
\n\nYou and your fellow pirates will embark on an exhilarating journey, armed with clues that unveil the path to the lost treasure of a legendary pirate, now guarded by the mighty Kraken. These quests will guide you through the vibrant landscape of the Con, offering a glimpse into the myriad opportunities and experiences awaiting exploration. Designed to welcome newcomers to the hacking world, this contest fosters connections among attendees and contributors alike. Whether you choose to collaborate with a small group or brave the challenge solo, the decision is yours. Yet, amidst the excitement, remember that only one can emerge victorious. With challenges tailored for entry-level participants and a kid-friendly environment, come join us for a thrilling adventure into the depths of the Kraken\'s Conundrum.
\n\n\'',NULL,615661),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_d3cc596659564e89700e8f80162a8b38','\'\'',NULL,615662),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_d3cc596659564e89700e8f80162a8b38','\'\'',NULL,615663),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_d3cc596659564e89700e8f80162a8b38','\'\'',NULL,615664),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_d3cc596659564e89700e8f80162a8b38','\'\'',NULL,615665),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_d3cc596659564e89700e8f80162a8b38','\'\'',NULL,615666),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_d3cc596659564e89700e8f80162a8b38','\'\'',NULL,615667),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-A','\'Octopus Game\'','\'\'','CON_d3cc596659564e89700e8f80162a8b38','\'\'',NULL,615668),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_6f308ba746413235fd653c82c719fdb6','\'Title: Malware Contests: MARC I & BOMBE
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-03 - Map
\n
\nDescription:
\nMARC I: Malware Analysis Report Competition I
\n\nIn MARC I (Malware Analysis Report Competition I), participants collect and analyze real malware, then write an analysis report like a story, covering the entire scope of who, what, when, where, why, and how they found and analyzed the malware.
\n\nMARC I was created by Lena Yu (aka LambdaMamba) to provide malware enthusiasts with an opportunity to learn and showcase their passion and skills. Mastering malware analysis means mastering language. Essentially, we take a highly technical concept and simplify it into something that many can understand, similar to how a compiler translates high-level language into low-level language that a wide range of systems can understand.
\n\nWhen participants open-source and publish their work, it greatly contributes to improving the field of cyber defense. Let\'s make malware analysis knowledge go viral!
\n\nBOMBE: Battle of Malware Bypass and EDR
\n\nTry to capture malware by writing your own EDR, or become the malware to bypass detection! BOMBE (Battle of Malware Bypass and EDR) is a unique match where malware and EDR systems compete against each other inside a single VM boxing ring.
\n\nOur participants can choose if they want to be malware creator or EDR developer. Malware creators aim to exfiltrate credentials and transmit them to our designated server. On the other side, EDR developers will focus on detecting the malware\'s activities and report its findings. Both the malware and EDR, created by our participants, will battle each other directly inside a single VM. As they face off, they’ll earn points for wins, moving up on the leaderboard. We also encourage them to keep improving their malware or EDR systems, system logs will be released after a few rounds.
\n\nBOMBE was created by Wei-Chieh Chao (aka oalieno) and Tien-Chih Lin (aka Dange). It is not just a competition, it\'s a learning platform. Participants engage with real-world scenarios, learning the circumstances between malware and EDR, a never-ending bypass and detect game. Showcase your skills! Whether you\'re a wizard at weaving undetectable malware or a mastermind in sophisticated defenses, this is your stage. Demonstrate your capabilities to a global audience, including potential employers and industry leaders.
\n\n\'',NULL,615669),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_6f308ba746413235fd653c82c719fdb6','\'\'',NULL,615670),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_6f308ba746413235fd653c82c719fdb6','\'\'',NULL,615671),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_6f308ba746413235fd653c82c719fdb6','\'\'',NULL,615672),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_6f308ba746413235fd653c82c719fdb6','\'\'',NULL,615673),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_6f308ba746413235fd653c82c719fdb6','\'\'',NULL,615674),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_6f308ba746413235fd653c82c719fdb6','\'\'',NULL,615675),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_6f308ba746413235fd653c82c719fdb6','\'\'',NULL,615676),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_b0fcc06ef31a8878be5e8890e6a5ce32','\'Title: Malware Contests: MARC I & BOMBE
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-03 - Map
\n
\nDescription:
\nMARC I: Malware Analysis Report Competition I
\n\nIn MARC I (Malware Analysis Report Competition I), participants collect and analyze real malware, then write an analysis report like a story, covering the entire scope of who, what, when, where, why, and how they found and analyzed the malware.
\n\nMARC I was created by Lena Yu (aka LambdaMamba) to provide malware enthusiasts with an opportunity to learn and showcase their passion and skills. Mastering malware analysis means mastering language. Essentially, we take a highly technical concept and simplify it into something that many can understand, similar to how a compiler translates high-level language into low-level language that a wide range of systems can understand.
\n\nWhen participants open-source and publish their work, it greatly contributes to improving the field of cyber defense. Let\'s make malware analysis knowledge go viral!
\n\nBOMBE: Battle of Malware Bypass and EDR
\n\nTry to capture malware by writing your own EDR, or become the malware to bypass detection! BOMBE (Battle of Malware Bypass and EDR) is a unique match where malware and EDR systems compete against each other inside a single VM boxing ring.
\n\nOur participants can choose if they want to be malware creator or EDR developer. Malware creators aim to exfiltrate credentials and transmit them to our designated server. On the other side, EDR developers will focus on detecting the malware\'s activities and report its findings. Both the malware and EDR, created by our participants, will battle each other directly inside a single VM. As they face off, they’ll earn points for wins, moving up on the leaderboard. We also encourage them to keep improving their malware or EDR systems, system logs will be released after a few rounds.
\n\nBOMBE was created by Wei-Chieh Chao (aka oalieno) and Tien-Chih Lin (aka Dange). It is not just a competition, it\'s a learning platform. Participants engage with real-world scenarios, learning the circumstances between malware and EDR, a never-ending bypass and detect game. Showcase your skills! Whether you\'re a wizard at weaving undetectable malware or a mastermind in sophisticated defenses, this is your stage. Demonstrate your capabilities to a global audience, including potential employers and industry leaders.
\n\n\'',NULL,615677),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_b0fcc06ef31a8878be5e8890e6a5ce32','\'\'',NULL,615678),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_b0fcc06ef31a8878be5e8890e6a5ce32','\'\'',NULL,615679),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_b0fcc06ef31a8878be5e8890e6a5ce32','\'\'',NULL,615680),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_b0fcc06ef31a8878be5e8890e6a5ce32','\'\'',NULL,615681),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_b0fcc06ef31a8878be5e8890e6a5ce32','\'\'',NULL,615682),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_b0fcc06ef31a8878be5e8890e6a5ce32','\'\'',NULL,615683),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_b0fcc06ef31a8878be5e8890e6a5ce32','\'\'',NULL,615684),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_67b1f643fd2a4971036dac58aaf888a8','\'Title: Malware Contests: MARC I & BOMBE
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-03 - Map
\n
\nDescription:
\nMARC I: Malware Analysis Report Competition I
\n\nIn MARC I (Malware Analysis Report Competition I), participants collect and analyze real malware, then write an analysis report like a story, covering the entire scope of who, what, when, where, why, and how they found and analyzed the malware.
\n\nMARC I was created by Lena Yu (aka LambdaMamba) to provide malware enthusiasts with an opportunity to learn and showcase their passion and skills. Mastering malware analysis means mastering language. Essentially, we take a highly technical concept and simplify it into something that many can understand, similar to how a compiler translates high-level language into low-level language that a wide range of systems can understand.
\n\nWhen participants open-source and publish their work, it greatly contributes to improving the field of cyber defense. Let\'s make malware analysis knowledge go viral!
\n\nBOMBE: Battle of Malware Bypass and EDR
\n\nTry to capture malware by writing your own EDR, or become the malware to bypass detection! BOMBE (Battle of Malware Bypass and EDR) is a unique match where malware and EDR systems compete against each other inside a single VM boxing ring.
\n\nOur participants can choose if they want to be malware creator or EDR developer. Malware creators aim to exfiltrate credentials and transmit them to our designated server. On the other side, EDR developers will focus on detecting the malware\'s activities and report its findings. Both the malware and EDR, created by our participants, will battle each other directly inside a single VM. As they face off, they’ll earn points for wins, moving up on the leaderboard. We also encourage them to keep improving their malware or EDR systems, system logs will be released after a few rounds.
\n\nBOMBE was created by Wei-Chieh Chao (aka oalieno) and Tien-Chih Lin (aka Dange). It is not just a competition, it\'s a learning platform. Participants engage with real-world scenarios, learning the circumstances between malware and EDR, a never-ending bypass and detect game. Showcase your skills! Whether you\'re a wizard at weaving undetectable malware or a mastermind in sophisticated defenses, this is your stage. Demonstrate your capabilities to a global audience, including potential employers and industry leaders.
\n\n\'',NULL,615685),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_67b1f643fd2a4971036dac58aaf888a8','\'\'',NULL,615686),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-03','\'Malware Contests: MARC I & BOMBE\'','\'\'','CON_67b1f643fd2a4971036dac58aaf888a8','\'\'',NULL,615687),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_5053240a8a3305d9336463432d857359','\'Title: Lonely Tag
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-F - Map
\n
\nDescription:
\nHow far will you go? Or, more accurately, how far was your tag\'s last reported location? Pre-register your team to receive one of a dozen tags, and check out our socials (@LonelyHardDrive) to watch the tags move across the map!
\n\n\'',NULL,615688),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_5053240a8a3305d9336463432d857359','\'\'',NULL,615689),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_5053240a8a3305d9336463432d857359','\'\'',NULL,615690),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_5053240a8a3305d9336463432d857359','\'\'',NULL,615691),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_5053240a8a3305d9336463432d857359','\'\'',NULL,615692),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_5053240a8a3305d9336463432d857359','\'\'',NULL,615693),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_5053240a8a3305d9336463432d857359','\'\'',NULL,615694),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_5053240a8a3305d9336463432d857359','\'\'',NULL,615695),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_ef53ebad86f0602a6fe87c07b7f0b192','\'Title: Lonely Tag
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-F - Map
\n
\nDescription:
\nHow far will you go? Or, more accurately, how far was your tag\'s last reported location? Pre-register your team to receive one of a dozen tags, and check out our socials (@LonelyHardDrive) to watch the tags move across the map!
\n\n\'',NULL,615696),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_ef53ebad86f0602a6fe87c07b7f0b192','\'\'',NULL,615697),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_ef53ebad86f0602a6fe87c07b7f0b192','\'\'',NULL,615698),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_4f339175ec0debf05164fb79905fb5fb','\'Title: Lonely Tag
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-F - Map
\n
\nDescription:
\nHow far will you go? Or, more accurately, how far was your tag\'s last reported location? Pre-register your team to receive one of a dozen tags, and check out our socials (@LonelyHardDrive) to watch the tags move across the map!
\n\n\'',NULL,615699),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_4f339175ec0debf05164fb79905fb5fb','\'\'',NULL,615700),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_4f339175ec0debf05164fb79905fb5fb','\'\'',NULL,615701),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_4f339175ec0debf05164fb79905fb5fb','\'\'',NULL,615702),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_4f339175ec0debf05164fb79905fb5fb','\'\'',NULL,615703),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_4f339175ec0debf05164fb79905fb5fb','\'\'',NULL,615704),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_4f339175ec0debf05164fb79905fb5fb','\'\'',NULL,615705),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Tag\'','\'\'','CON_4f339175ec0debf05164fb79905fb5fb','\'\'',NULL,615706),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_7eb4f09a7653ed58da2bd2f567bdbbbd','\'Title: Lonely Hard Drive
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-F - Map
\n
\nDescription:
\nYou have been randomly selected for additional security training. Be on the look out for one of our drives, USBs or surprise devices out here in Vegas, and follow along on @LonelyHardDrive for further clues to start hacking away at the puzzles. This is required for all LonelyCorp employees and Betty Pagefile is counting on you!
\n\n\'',NULL,615707),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_7eb4f09a7653ed58da2bd2f567bdbbbd','\'\'',NULL,615708),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_7eb4f09a7653ed58da2bd2f567bdbbbd','\'\'',NULL,615709),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_7eb4f09a7653ed58da2bd2f567bdbbbd','\'\'',NULL,615710),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_7eb4f09a7653ed58da2bd2f567bdbbbd','\'\'',NULL,615711),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_7eb4f09a7653ed58da2bd2f567bdbbbd','\'\'',NULL,615712),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_7eb4f09a7653ed58da2bd2f567bdbbbd','\'\'',NULL,615713),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_7eb4f09a7653ed58da2bd2f567bdbbbd','\'\'',NULL,615714),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_59509a4ff9ac44ece9067d53c1c63000','\'Title: Lonely Hard Drive
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-F - Map
\n
\nDescription:
\nYou have been randomly selected for additional security training. Be on the look out for one of our drives, USBs or surprise devices out here in Vegas, and follow along on @LonelyHardDrive for further clues to start hacking away at the puzzles. This is required for all LonelyCorp employees and Betty Pagefile is counting on you!
\n\n\'',NULL,615715),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_59509a4ff9ac44ece9067d53c1c63000','\'\'',NULL,615716),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_59509a4ff9ac44ece9067d53c1c63000','\'\'',NULL,615717),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_3248b8bb5b885c668930d681b88908a1','\'Title: Lonely Hard Drive
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-F - Map
\n
\nDescription:
\nYou have been randomly selected for additional security training. Be on the look out for one of our drives, USBs or surprise devices out here in Vegas, and follow along on @LonelyHardDrive for further clues to start hacking away at the puzzles. This is required for all LonelyCorp employees and Betty Pagefile is counting on you!
\n\n\'',NULL,615718),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_3248b8bb5b885c668930d681b88908a1','\'\'',NULL,615719),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_3248b8bb5b885c668930d681b88908a1','\'\'',NULL,615720),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_3248b8bb5b885c668930d681b88908a1','\'\'',NULL,615721),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_3248b8bb5b885c668930d681b88908a1','\'\'',NULL,615722),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_3248b8bb5b885c668930d681b88908a1','\'\'',NULL,615723),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_3248b8bb5b885c668930d681b88908a1','\'\'',NULL,615724),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'Lonely Hard Drive\'','\'\'','CON_3248b8bb5b885c668930d681b88908a1','\'\'',NULL,615725),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Contest in Progress\'','\'\'','CON_d7c2ef2a7a22a6b8c497677905047f18','\'Title: Live Recon Contest in Progress
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nDo you fancy doing live recon on Real Organizations? Then activate Yourself. And compete in a unique HACKER challenge.
\n\nThis year we are launching a new nail biting Contest, i.e Live Recon where participants will compete with each other to perform a deep osint and recon on the target organization. Here are the details:
\n\nAbout the contest:
\n\nJoin us for an electrifying two-day Live Reconnaissance Event. Whether you\'re a seasoned security expert, a curious newcomer or a bugbounty pro, this is your chance to test your skills in a high-octane environment.
\n\nYour Mission
\n\nGet ready to perform live reconnaissance on a curated list of companies. Dig deep and unearth critical information that could be game-changing. Use your analytical prowess and sharp instincts to explore, probe, and uncover hidden data.
\n\nWhy Join the Hunt?
\n\nExperience Real-World Challenges: Face off against real-world scenarios.\nCompete and Collaborate: Work with the best minds in the field.\nLearn from the Masters: Recon on a massive scale.\nScore Epic Prizes: Walk away with cool rewards.
\n\nWho\'s Invited?
\n\nIf you’ve got a passion for cybersecurity and Recon, this event is for you. Whether you’re a university student, a pro pentester, or a hobbyist eager to sharpen your skills, we want you! Teams are encouraged to register and bring a mix of talents to tackle these challenges head-on.
\n\nGet Ready to Recon!
\n\nUnleash your inner hacker and join us for a reconnaissance adventure you won’t forget!
\n\nPlease note that this is an in-person event, and winners need to be at DEFCON to collect their prizes. However, once we have announced the targets, participants can play it from anywhere online (as this is Recon on public and live targets).
\n\n\'',NULL,615726),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Contest in Progress\'','\'\'','CON_d7c2ef2a7a22a6b8c497677905047f18','\'\'',NULL,615727),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Contest in Progress\'','\'\'','CON_d7c2ef2a7a22a6b8c497677905047f18','\'\'',NULL,615728),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Contest in Progress\'','\'\'','CON_d7c2ef2a7a22a6b8c497677905047f18','\'\'',NULL,615729),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Contest in Progress\'','\'\'','CON_d7c2ef2a7a22a6b8c497677905047f18','\'\'',NULL,615730),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Contest in Progress\'','\'\'','CON_d7c2ef2a7a22a6b8c497677905047f18','\'\'',NULL,615731),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Contest in Progress\'','\'\'','CON_d7c2ef2a7a22a6b8c497677905047f18','\'\'',NULL,615732),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Contest in Progress\'','\'\'','CON_d7c2ef2a7a22a6b8c497677905047f18','\'\'',NULL,615733),('3_Saturday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Contest in Progress\'','\'\'','CON_3e242a161c6d8202facae3576c6243b9','\'Title: Live Recon Contest in Progress
\nWhen: Saturday, Aug 10, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nDo you fancy doing live recon on Real Organizations? Then activate Yourself. And compete in a unique HACKER challenge.
\n\nThis year we are launching a new nail biting Contest, i.e Live Recon where participants will compete with each other to perform a deep osint and recon on the target organization. Here are the details:
\n\nAbout the contest:
\n\nJoin us for an electrifying two-day Live Reconnaissance Event. Whether you\'re a seasoned security expert, a curious newcomer or a bugbounty pro, this is your chance to test your skills in a high-octane environment.
\n\nYour Mission
\n\nGet ready to perform live reconnaissance on a curated list of companies. Dig deep and unearth critical information that could be game-changing. Use your analytical prowess and sharp instincts to explore, probe, and uncover hidden data.
\n\nWhy Join the Hunt?
\n\nExperience Real-World Challenges: Face off against real-world scenarios.\nCompete and Collaborate: Work with the best minds in the field.\nLearn from the Masters: Recon on a massive scale.\nScore Epic Prizes: Walk away with cool rewards.
\n\nWho\'s Invited?
\n\nIf you’ve got a passion for cybersecurity and Recon, this event is for you. Whether you’re a university student, a pro pentester, or a hobbyist eager to sharpen your skills, we want you! Teams are encouraged to register and bring a mix of talents to tackle these challenges head-on.
\n\nGet Ready to Recon!
\n\nUnleash your inner hacker and join us for a reconnaissance adventure you won’t forget!
\n\nPlease note that this is an in-person event, and winners need to be at DEFCON to collect their prizes. However, once we have announced the targets, participants can play it from anywhere online (as this is Recon on public and live targets).
\n\n\'',NULL,615734),('3_Saturday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Contest in Progress\'','\'\'','CON_3e242a161c6d8202facae3576c6243b9','\'\'',NULL,615735),('3_Saturday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Contest in Progress\'','\'\'','CON_3e242a161c6d8202facae3576c6243b9','\'\'',NULL,615736),('3_Saturday','10','10:00','17:59','N','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_929b7db125d1832da3e226086c0d846f','\'Title: It\'s In That Place Where I Put That Thing That Time
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nYour friend called. They had their place raided. They swear it\'s a setup. But now they\'re in jail and you\'re the only hope they have. Can you collect the evidence that will let them walk free? Where should you look? The evidence is everywhere, and it could be anywhere. You might be sitting on it. You might be standing near it. It might be stuck to something. It might be lying in plain sight. Find the disks and bring them to us. All they said to you before they hung up was \"It\'s in that place where I put that thing that time.\" Good luck.
\n\n\'',NULL,615737),('3_Saturday','11','10:00','17:59','Y','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_929b7db125d1832da3e226086c0d846f','\'\'',NULL,615738),('3_Saturday','12','10:00','17:59','Y','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_929b7db125d1832da3e226086c0d846f','\'\'',NULL,615739),('3_Saturday','13','10:00','17:59','Y','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_929b7db125d1832da3e226086c0d846f','\'\'',NULL,615740),('3_Saturday','14','10:00','17:59','Y','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_929b7db125d1832da3e226086c0d846f','\'\'',NULL,615741),('3_Saturday','15','10:00','17:59','Y','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_929b7db125d1832da3e226086c0d846f','\'\'',NULL,615742),('3_Saturday','16','10:00','17:59','Y','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_929b7db125d1832da3e226086c0d846f','\'\'',NULL,615743),('3_Saturday','17','10:00','17:59','Y','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_929b7db125d1832da3e226086c0d846f','\'\'',NULL,615744),('2_Friday','10','10:00','17:59','N','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_0ae3041b0dc26205f8380ff4b36c0d7a','\'Title: It\'s In That Place Where I Put That Thing That Time
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nYour friend called. They had their place raided. They swear it\'s a setup. But now they\'re in jail and you\'re the only hope they have. Can you collect the evidence that will let them walk free? Where should you look? The evidence is everywhere, and it could be anywhere. You might be sitting on it. You might be standing near it. It might be stuck to something. It might be lying in plain sight. Find the disks and bring them to us. All they said to you before they hung up was \"It\'s in that place where I put that thing that time.\" Good luck.
\n\n\'',NULL,615745),('2_Friday','11','10:00','17:59','Y','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_0ae3041b0dc26205f8380ff4b36c0d7a','\'\'',NULL,615746),('2_Friday','12','10:00','17:59','Y','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_0ae3041b0dc26205f8380ff4b36c0d7a','\'\'',NULL,615747),('2_Friday','13','10:00','17:59','Y','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_0ae3041b0dc26205f8380ff4b36c0d7a','\'\'',NULL,615748),('2_Friday','14','10:00','17:59','Y','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_0ae3041b0dc26205f8380ff4b36c0d7a','\'\'',NULL,615749),('2_Friday','15','10:00','17:59','Y','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_0ae3041b0dc26205f8380ff4b36c0d7a','\'\'',NULL,615750),('2_Friday','16','10:00','17:59','Y','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_0ae3041b0dc26205f8380ff4b36c0d7a','\'\'',NULL,615751),('2_Friday','17','10:00','17:59','Y','CON','Other / See Description','\'It\'s In That Place Where I Put That Thing That Time\'','\'\'','CON_0ae3041b0dc26205f8380ff4b36c0d7a','\'\'',NULL,615752),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_bfbc6194e0cb8ceed5456a76b60a020e','\'Title: IoT Village CTF
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nThe IoT village pi eating contest is a challenge where participants put their hardwear hacking experience to the test by going head to head with other hackers. Participants will be provided all the tooling necessary to get a root shell on an IoT device. Whoever roots the device in the shortest time wins.
\n\nIn this brand new challenge, participants put their hardware hacking experience to the test by going head to head with other hackers. Participants will be provided all the tooling necessary to get a root shell on an IoT device. Whoever roots the device in the shortest time wins!
\n\n\'',NULL,615753),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_bfbc6194e0cb8ceed5456a76b60a020e','\'\'',NULL,615754),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_bfbc6194e0cb8ceed5456a76b60a020e','\'\'',NULL,615755),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_bfbc6194e0cb8ceed5456a76b60a020e','\'\'',NULL,615756),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_bfbc6194e0cb8ceed5456a76b60a020e','\'\'',NULL,615757),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_bfbc6194e0cb8ceed5456a76b60a020e','\'\'',NULL,615758),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_bfbc6194e0cb8ceed5456a76b60a020e','\'\'',NULL,615759),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_bfbc6194e0cb8ceed5456a76b60a020e','\'\'',NULL,615760),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_109df52a27920a22f9b23b0ad36e7259','\'Title: IoT Village CTF
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nThe IoT village pi eating contest is a challenge where participants put their hardwear hacking experience to the test by going head to head with other hackers. Participants will be provided all the tooling necessary to get a root shell on an IoT device. Whoever roots the device in the shortest time wins.
\n\nIn this brand new challenge, participants put their hardware hacking experience to the test by going head to head with other hackers. Participants will be provided all the tooling necessary to get a root shell on an IoT device. Whoever roots the device in the shortest time wins!
\n\n\'',NULL,615761),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_109df52a27920a22f9b23b0ad36e7259','\'\'',NULL,615762),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_109df52a27920a22f9b23b0ad36e7259','\'\'',NULL,615763),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_a5bb020088dafcfec47776feb6b149f6','\'Title: IoT Village CTF
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nThe IoT village pi eating contest is a challenge where participants put their hardwear hacking experience to the test by going head to head with other hackers. Participants will be provided all the tooling necessary to get a root shell on an IoT device. Whoever roots the device in the shortest time wins.
\n\nIn this brand new challenge, participants put their hardware hacking experience to the test by going head to head with other hackers. Participants will be provided all the tooling necessary to get a root shell on an IoT device. Whoever roots the device in the shortest time wins!
\n\n\'',NULL,615764),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_a5bb020088dafcfec47776feb6b149f6','\'\'',NULL,615765),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_a5bb020088dafcfec47776feb6b149f6','\'\'',NULL,615766),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_a5bb020088dafcfec47776feb6b149f6','\'\'',NULL,615767),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_a5bb020088dafcfec47776feb6b149f6','\'\'',NULL,615768),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_a5bb020088dafcfec47776feb6b149f6','\'\'',NULL,615769),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_a5bb020088dafcfec47776feb6b149f6','\'\'',NULL,615770),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village CTF\'','\'\'','CON_a5bb020088dafcfec47776feb6b149f6','\'\'',NULL,615771),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_62f2251df5d835a1603a01bd4d4a60fb','\'Title: ICS CTF
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nThe ICS Village CTF offers hands-on experiences with industrial control systems, which bridge technology with physics. Attendees engage with industry experts while solving challenges like a red vs blue manufacturing network process coupled with OT-specific jeopardy-stye challenges. This contest highlights vulnerabilities in industrial equipment and OT protocols. By simulating attacks on critical infrastructure, participants develop and practice DEFCON-level skills, enhancing their understanding with critical infrastructure and the world we rely on.
\n\n\'',NULL,615772),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_62f2251df5d835a1603a01bd4d4a60fb','\'\'',NULL,615773),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_62f2251df5d835a1603a01bd4d4a60fb','\'\'',NULL,615774),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_7b6cd256ddcc216fc8b26cf6ad542f0d','\'Title: ICS CTF
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nThe ICS Village CTF offers hands-on experiences with industrial control systems, which bridge technology with physics. Attendees engage with industry experts while solving challenges like a red vs blue manufacturing network process coupled with OT-specific jeopardy-stye challenges. This contest highlights vulnerabilities in industrial equipment and OT protocols. By simulating attacks on critical infrastructure, participants develop and practice DEFCON-level skills, enhancing their understanding with critical infrastructure and the world we rely on.
\n\n\'',NULL,615775),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_7b6cd256ddcc216fc8b26cf6ad542f0d','\'\'',NULL,615776),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_7b6cd256ddcc216fc8b26cf6ad542f0d','\'\'',NULL,615777),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_7b6cd256ddcc216fc8b26cf6ad542f0d','\'\'',NULL,615778),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_7b6cd256ddcc216fc8b26cf6ad542f0d','\'\'',NULL,615779),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_7b6cd256ddcc216fc8b26cf6ad542f0d','\'\'',NULL,615780),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_7b6cd256ddcc216fc8b26cf6ad542f0d','\'\'',NULL,615781),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_7b6cd256ddcc216fc8b26cf6ad542f0d','\'\'',NULL,615782),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_233e2e3f47705bb1dbe6aaae80b6c912','\'Title: ICS CTF
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nThe ICS Village CTF offers hands-on experiences with industrial control systems, which bridge technology with physics. Attendees engage with industry experts while solving challenges like a red vs blue manufacturing network process coupled with OT-specific jeopardy-stye challenges. This contest highlights vulnerabilities in industrial equipment and OT protocols. By simulating attacks on critical infrastructure, participants develop and practice DEFCON-level skills, enhancing their understanding with critical infrastructure and the world we rely on.
\n\n\'',NULL,615783),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_233e2e3f47705bb1dbe6aaae80b6c912','\'\'',NULL,615784),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_233e2e3f47705bb1dbe6aaae80b6c912','\'\'',NULL,615785),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_233e2e3f47705bb1dbe6aaae80b6c912','\'\'',NULL,615786),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_233e2e3f47705bb1dbe6aaae80b6c912','\'\'',NULL,615787),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_233e2e3f47705bb1dbe6aaae80b6c912','\'\'',NULL,615788),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_233e2e3f47705bb1dbe6aaae80b6c912','\'\'',NULL,615789),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-06-05','\'ICS CTF\'','\'\'','CON_233e2e3f47705bb1dbe6aaae80b6c912','\'\'',NULL,615790),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_9f4c7766045e205ed2116eb8338a4b7b','\'Title: HTB CTF: Data Dystopia
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-06 - Map
\n
\nDescription:
\nA powerful corporation, notorious for its unethical practices, leveraged their extensive data resources gathered from users, and their psychological profiles, to subdue the population into compliance. The immune few, realizing the extent of the corporate conspiracy, band together to expose and dismantle the corporation\'s grip on society. These individuals must navigate a dangerous world of surveillance and betrayal. Their mission is to ignite a global awakening and reclaim freedom from corporate domination.
\n\nPlayers will have to join the mission and participate in a CTF that would be beneficial for beginners and experienced players alike. The challenge categories will be Web, Cryptography, Forensics, PWN(binary exploitation) and Reverse Engineering. Various difficulty challenges from each category will be featured.
\n\n\'',NULL,615791),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_9f4c7766045e205ed2116eb8338a4b7b','\'\'',NULL,615792),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_9f4c7766045e205ed2116eb8338a4b7b','\'\'',NULL,615793),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_f5c778ee1b1714f3002444aae2581a9d','\'Title: HTB CTF: Data Dystopia
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-06 - Map
\n
\nDescription:
\nA powerful corporation, notorious for its unethical practices, leveraged their extensive data resources gathered from users, and their psychological profiles, to subdue the population into compliance. The immune few, realizing the extent of the corporate conspiracy, band together to expose and dismantle the corporation\'s grip on society. These individuals must navigate a dangerous world of surveillance and betrayal. Their mission is to ignite a global awakening and reclaim freedom from corporate domination.
\n\nPlayers will have to join the mission and participate in a CTF that would be beneficial for beginners and experienced players alike. The challenge categories will be Web, Cryptography, Forensics, PWN(binary exploitation) and Reverse Engineering. Various difficulty challenges from each category will be featured.
\n\n\'',NULL,615794),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_f5c778ee1b1714f3002444aae2581a9d','\'\'',NULL,615795),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_f5c778ee1b1714f3002444aae2581a9d','\'\'',NULL,615796),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_f5c778ee1b1714f3002444aae2581a9d','\'\'',NULL,615797),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_f5c778ee1b1714f3002444aae2581a9d','\'\'',NULL,615798),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_f5c778ee1b1714f3002444aae2581a9d','\'\'',NULL,615799),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_f5c778ee1b1714f3002444aae2581a9d','\'\'',NULL,615800),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_f5c778ee1b1714f3002444aae2581a9d','\'\'',NULL,615801),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_2cfaaea031907defe429e43217f97ae8','\'Title: HTB CTF: Data Dystopia
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-06 - Map
\n
\nDescription:
\nA powerful corporation, notorious for its unethical practices, leveraged their extensive data resources gathered from users, and their psychological profiles, to subdue the population into compliance. The immune few, realizing the extent of the corporate conspiracy, band together to expose and dismantle the corporation\'s grip on society. These individuals must navigate a dangerous world of surveillance and betrayal. Their mission is to ignite a global awakening and reclaim freedom from corporate domination.
\n\nPlayers will have to join the mission and participate in a CTF that would be beneficial for beginners and experienced players alike. The challenge categories will be Web, Cryptography, Forensics, PWN(binary exploitation) and Reverse Engineering. Various difficulty challenges from each category will be featured.
\n\n\'',NULL,615802),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_2cfaaea031907defe429e43217f97ae8','\'\'',NULL,615803),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_2cfaaea031907defe429e43217f97ae8','\'\'',NULL,615804),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_2cfaaea031907defe429e43217f97ae8','\'\'',NULL,615805),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_2cfaaea031907defe429e43217f97ae8','\'\'',NULL,615806),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_2cfaaea031907defe429e43217f97ae8','\'\'',NULL,615807),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_2cfaaea031907defe429e43217f97ae8','\'\'',NULL,615808),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06','\'HTB CTF: Data Dystopia\'','\'\'','CON_2cfaaea031907defe429e43217f97ae8','\'\'',NULL,615809),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_170b8bea91ab4d4c2af76bf6386aa6f3','\'Title: HardWired
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nThis event was born out of the desire to teach an often-overlooked hardware and networking skill, and to provide the opportunity for experienced people to mentor others as they learn. DEF CON provides the perfect environment for people with no prior training to learn something useful and new. Hardwired networks are often overlooked in today’s world of cellular connection and Wi-Fi, but they still play an important part in the backbone of information sharing. We believe that while cutting-edge technologies are thrilling, traditional skills-building still has its place, and we want to provide that opportunity to the DEF CON community.
\n\nDon\'t know how to make a network cable and want to learn? Has it been years? Or do you think you\'re a pro? Come see if you can... make the best cable at con by cut/wire/crimp.
\n\n\'',NULL,615810),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_170b8bea91ab4d4c2af76bf6386aa6f3','\'\'',NULL,615811),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_170b8bea91ab4d4c2af76bf6386aa6f3','\'\'',NULL,615812),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_170b8bea91ab4d4c2af76bf6386aa6f3','\'\'',NULL,615813),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_170b8bea91ab4d4c2af76bf6386aa6f3','\'\'',NULL,615814),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_170b8bea91ab4d4c2af76bf6386aa6f3','\'\'',NULL,615815),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_170b8bea91ab4d4c2af76bf6386aa6f3','\'\'',NULL,615816),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_170b8bea91ab4d4c2af76bf6386aa6f3','\'\'',NULL,615817),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_75031fd10c05e808c8b2a65961c824fc','\'Title: HardWired
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nThis event was born out of the desire to teach an often-overlooked hardware and networking skill, and to provide the opportunity for experienced people to mentor others as they learn. DEF CON provides the perfect environment for people with no prior training to learn something useful and new. Hardwired networks are often overlooked in today’s world of cellular connection and Wi-Fi, but they still play an important part in the backbone of information sharing. We believe that while cutting-edge technologies are thrilling, traditional skills-building still has its place, and we want to provide that opportunity to the DEF CON community.
\n\nDon\'t know how to make a network cable and want to learn? Has it been years? Or do you think you\'re a pro? Come see if you can... make the best cable at con by cut/wire/crimp.
\n\n\'',NULL,615818),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_75031fd10c05e808c8b2a65961c824fc','\'\'',NULL,615819),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_75031fd10c05e808c8b2a65961c824fc','\'\'',NULL,615820),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_75031fd10c05e808c8b2a65961c824fc','\'\'',NULL,615821),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_75031fd10c05e808c8b2a65961c824fc','\'\'',NULL,615822),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_75031fd10c05e808c8b2a65961c824fc','\'\'',NULL,615823),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_75031fd10c05e808c8b2a65961c824fc','\'\'',NULL,615824),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_75031fd10c05e808c8b2a65961c824fc','\'\'',NULL,615825),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_e74b36f76a59641b0d8a6a3b3c652af1','\'Title: HardWired
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nThis event was born out of the desire to teach an often-overlooked hardware and networking skill, and to provide the opportunity for experienced people to mentor others as they learn. DEF CON provides the perfect environment for people with no prior training to learn something useful and new. Hardwired networks are often overlooked in today’s world of cellular connection and Wi-Fi, but they still play an important part in the backbone of information sharing. We believe that while cutting-edge technologies are thrilling, traditional skills-building still has its place, and we want to provide that opportunity to the DEF CON community.
\n\nDon\'t know how to make a network cable and want to learn? Has it been years? Or do you think you\'re a pro? Come see if you can... make the best cable at con by cut/wire/crimp.
\n\n\'',NULL,615826),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_e74b36f76a59641b0d8a6a3b3c652af1','\'\'',NULL,615827),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 2/W216-W221','\'HardWired\'','\'\'','CON_e74b36f76a59641b0d8a6a3b3c652af1','\'\'',NULL,615828),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_de6db550042d64530cfe93801b12d85d','\'Title: Hardware Hacking Village CTF
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-10-01 - Map
\n
\nDescription:
\nGrab some solder and update your JTAGulator! The Hardware Hacking Village (HHV) is back with another DEF CON hardware hacking-focused Capture the Flag (CTF) competition. This is a jeopardy style CTF, designed to challenge participants in various aspects of hardware hacking. Whether you\'re new to hardware hacking or experienced and just looking for something to do while you wait for your fault injection to trigger, all are welcome and challenges range from beginner to advanced.
\n\n\'',NULL,615829),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_de6db550042d64530cfe93801b12d85d','\'\'',NULL,615830),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_de6db550042d64530cfe93801b12d85d','\'\'',NULL,615831),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_de6db550042d64530cfe93801b12d85d','\'\'',NULL,615832),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_de6db550042d64530cfe93801b12d85d','\'\'',NULL,615833),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_de6db550042d64530cfe93801b12d85d','\'\'',NULL,615834),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_de6db550042d64530cfe93801b12d85d','\'\'',NULL,615835),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_de6db550042d64530cfe93801b12d85d','\'\'',NULL,615836),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_01db7c1af3e853b7a7636acbd2c69947','\'Title: Hardware Hacking Village CTF
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-10-01 - Map
\n
\nDescription:
\nGrab some solder and update your JTAGulator! The Hardware Hacking Village (HHV) is back with another DEF CON hardware hacking-focused Capture the Flag (CTF) competition. This is a jeopardy style CTF, designed to challenge participants in various aspects of hardware hacking. Whether you\'re new to hardware hacking or experienced and just looking for something to do while you wait for your fault injection to trigger, all are welcome and challenges range from beginner to advanced.
\n\n\'',NULL,615837),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_01db7c1af3e853b7a7636acbd2c69947','\'\'',NULL,615838),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_01db7c1af3e853b7a7636acbd2c69947','\'\'',NULL,615839),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_01db7c1af3e853b7a7636acbd2c69947','\'\'',NULL,615840),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_01db7c1af3e853b7a7636acbd2c69947','\'\'',NULL,615841),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_01db7c1af3e853b7a7636acbd2c69947','\'\'',NULL,615842),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_01db7c1af3e853b7a7636acbd2c69947','\'\'',NULL,615843),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking Village CTF\'','\'\'','CON_01db7c1af3e853b7a7636acbd2c69947','\'\'',NULL,615844),('2_Friday','13','13:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-E','\'Hacking Boundary Terminal\'','\'\'','CON_fbc18cb245c0f2e3f499147b5baa429f','\'Title: Hacking Boundary Terminal
\nWhen: Friday, Aug 9, 13:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-06-E - Map
\n
\nDescription:
\nIn this MarSec event we will engage convention goers with a number of different tabletop games to help them understand the operational issues surrounding offensive and defensive cyber operations in a port complex. Players will become familiar with the various network components that support port and shipping operations from the underlying infrastructure to the system components at ports and commercial ships. A fictional terminal, Boundary Terminal part of the Port Elizabeth New Jersey complex, and a fictional shipping line, Worldwide Shipping Operations form the basis for all of three of our games. The games are: a short game designed to show the basic target set and linkages, a longer role-playing game where players can engage in detail with port systems, and a card driven game focused on detection, forensics, and counter-forensics. The role-playing game has been conducted as part of the MarSec portion of the ICS Village for the past two years, while the shorter version was added last year. This year we will add the counter-forensics game. All of the games are designed to be entertaining and engaging with prizes provided to the winners and best players (usually everyone gets a prize).
\n\n\'',NULL,615845),('2_Friday','14','13:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-E','\'Hacking Boundary Terminal\'','\'\'','CON_fbc18cb245c0f2e3f499147b5baa429f','\'\'',NULL,615846),('2_Friday','15','13:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-E','\'Hacking Boundary Terminal\'','\'\'','CON_fbc18cb245c0f2e3f499147b5baa429f','\'\'',NULL,615847),('2_Friday','16','13:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-E','\'Hacking Boundary Terminal\'','\'\'','CON_fbc18cb245c0f2e3f499147b5baa429f','\'\'',NULL,615848),('2_Friday','17','13:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-E','\'Hacking Boundary Terminal\'','\'\'','CON_fbc18cb245c0f2e3f499147b5baa429f','\'\'',NULL,615849),('3_Saturday','13','13:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-E','\'Hacking Boundary Terminal\'','\'\'','CON_4c454bb808a9734b5cd7702c7663b2a4','\'Title: Hacking Boundary Terminal
\nWhen: Saturday, Aug 10, 13:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-06-E - Map
\n
\nDescription:
\nIn this MarSec event we will engage convention goers with a number of different tabletop games to help them understand the operational issues surrounding offensive and defensive cyber operations in a port complex. Players will become familiar with the various network components that support port and shipping operations from the underlying infrastructure to the system components at ports and commercial ships. A fictional terminal, Boundary Terminal part of the Port Elizabeth New Jersey complex, and a fictional shipping line, Worldwide Shipping Operations form the basis for all of three of our games. The games are: a short game designed to show the basic target set and linkages, a longer role-playing game where players can engage in detail with port systems, and a card driven game focused on detection, forensics, and counter-forensics. The role-playing game has been conducted as part of the MarSec portion of the ICS Village for the past two years, while the shorter version was added last year. This year we will add the counter-forensics game. All of the games are designed to be entertaining and engaging with prizes provided to the winners and best players (usually everyone gets a prize).
\n\n\'',NULL,615850),('3_Saturday','14','13:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-E','\'Hacking Boundary Terminal\'','\'\'','CON_4c454bb808a9734b5cd7702c7663b2a4','\'\'',NULL,615851),('3_Saturday','15','13:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-E','\'Hacking Boundary Terminal\'','\'\'','CON_4c454bb808a9734b5cd7702c7663b2a4','\'\'',NULL,615852),('3_Saturday','16','13:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-E','\'Hacking Boundary Terminal\'','\'\'','CON_4c454bb808a9734b5cd7702c7663b2a4','\'\'',NULL,615853),('3_Saturday','17','13:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-E','\'Hacking Boundary Terminal\'','\'\'','CON_4c454bb808a9734b5cd7702c7663b2a4','\'\'',NULL,615854),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_ceb92c5c06821091023fffbfb7e005ff','\'Title: HackFortress
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-04-A - Map
\n
\nDescription:
\nFriday: Free play 10:00 - 15:00,
\nPrelim Round 1: 16:00 - 17:00,
\nPrelim Round 2: 17:00 - 18:00,
\nRegistration closes: 18:00
\n\nSaturday: Prelim Round 3: 11:00, \nPrelim Round 4: 12:00,\nSemi Finals Round 1: 14:00,\nSemi Finals Round 2: 15:00,\nFinals: 17:00
\n\nHackFortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers. TF2 players duke it out while hackers are busy with challenges like application security, network security, social engineering, or reverse engineering. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store. HackFortress challenges range from beginner to advanced, from serious to absurd.
\n\n\'',NULL,615855),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_ceb92c5c06821091023fffbfb7e005ff','\'\'',NULL,615856),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_ceb92c5c06821091023fffbfb7e005ff','\'\'',NULL,615857),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_ceb92c5c06821091023fffbfb7e005ff','\'\'',NULL,615858),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_ceb92c5c06821091023fffbfb7e005ff','\'\'',NULL,615859),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_ceb92c5c06821091023fffbfb7e005ff','\'\'',NULL,615860),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_ceb92c5c06821091023fffbfb7e005ff','\'\'',NULL,615861),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_ceb92c5c06821091023fffbfb7e005ff','\'\'',NULL,615862),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_e138a0abe21910ae439a83608d3d77c4','\'Title: HackFortress
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-04-A - Map
\n
\nDescription:
\nFriday: Free play 10:00 - 15:00,
\nPrelim Round 1: 16:00 - 17:00,
\nPrelim Round 2: 17:00 - 18:00,
\nRegistration closes: 18:00
\n\nSaturday: Prelim Round 3: 11:00, \nPrelim Round 4: 12:00,\nSemi Finals Round 1: 14:00,\nSemi Finals Round 2: 15:00,\nFinals: 17:00
\n\nHackFortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers. TF2 players duke it out while hackers are busy with challenges like application security, network security, social engineering, or reverse engineering. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store. HackFortress challenges range from beginner to advanced, from serious to absurd.
\n\n\'',NULL,615863),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_e138a0abe21910ae439a83608d3d77c4','\'\'',NULL,615864),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_e138a0abe21910ae439a83608d3d77c4','\'\'',NULL,615865),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_e138a0abe21910ae439a83608d3d77c4','\'\'',NULL,615866),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_e138a0abe21910ae439a83608d3d77c4','\'\'',NULL,615867),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_e138a0abe21910ae439a83608d3d77c4','\'\'',NULL,615868),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_e138a0abe21910ae439a83608d3d77c4','\'\'',NULL,615869),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-A','\'HackFortress\'','\'\'','CON_e138a0abe21910ae439a83608d3d77c4','\'\'',NULL,615870),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_05f55e3238b73df6cc8b83780d0b26ee','\'Title: Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-B - Map
\n
\nDescription:
\nWe would like to see cancer become a thing of the past, and you can help. How? Join the Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge. Here\'s how it works:
\n\n\n- Accept our Challenge. If you accept the Challenge, you\'re also committing to nominate three people to join you.
\n- Take a video of yourself dumping a bucket of ice water over your head in combination with a Contraption of your construction to lower your temperature and raise awareness of cancer. Trust us, it\'s way easier to do this during the summer in Vegas than at Halifax Analytica headquarters in the winter.
\n- Post the audio to the TeleChallenge voice BBS challenging up to three others using their phone number, or post a video to https://defcon.social or your social media of choice using the hashtag #HackerCoolingContraption and the following:\n
\n- Your handle
\n- Who challenged you
\n- A statement of acceptance (\"I agree that I am responsible for my own hacker cooling actions, I understand that water is wet, and I promise not to sue the TeleChallenge or DEF CON\" or something to that effect)
\n- The handles of 3 people you are nominating
\n- A link to a nonprofit cancer research project or charity of your choice that you have chosen to support
\n- A mention of your contribution (including cash, cryptocurrency, volunteer hours, or computing resources), if any
\n
\n
\n\nSuggested: Make a contribution of your choice to support cancer research. You may want to check nonprofit and charity quality here: https://www.charitynavigator.org/
\n\nRULES
\n\n\n- You can use up to 4 items obtained either from the TeleChallenge booth or at a dollar store costing no more than $5 plus tax, plus duct tape, along with a single one-gallon bucket or container full of conventional ice and water (solely H2O!) to build your Contraption.
\n- Only hand tools may be used.
\n- No hackers may be harmed in the execution of the Challenge. Contraption may cool to no colder than -3 degrees Celcius.
\n- You may wear no less than a bathing suit (due to dress code requirements at pools).
\n- Contraptions will be judged only for full participants of the Challenge, meaning you have made three nominations and at least two nominees have also participated.
\n- Judging criteria: Efficacy, creativity, flair, hax.
\n
\n\n\'',NULL,615871),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_05f55e3238b73df6cc8b83780d0b26ee','\'\'',NULL,615872),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_05f55e3238b73df6cc8b83780d0b26ee','\'\'',NULL,615873),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_05f55e3238b73df6cc8b83780d0b26ee','\'\'',NULL,615874),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_05f55e3238b73df6cc8b83780d0b26ee','\'\'',NULL,615875),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_05f55e3238b73df6cc8b83780d0b26ee','\'\'',NULL,615876),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_05f55e3238b73df6cc8b83780d0b26ee','\'\'',NULL,615877),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_05f55e3238b73df6cc8b83780d0b26ee','\'\'',NULL,615878),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_870e7f98b1d4849c18cf97de3d6f6461','\'Title: Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-B - Map
\n
\nDescription:
\nWe would like to see cancer become a thing of the past, and you can help. How? Join the Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge. Here\'s how it works:
\n\n\n- Accept our Challenge. If you accept the Challenge, you\'re also committing to nominate three people to join you.
\n- Take a video of yourself dumping a bucket of ice water over your head in combination with a Contraption of your construction to lower your temperature and raise awareness of cancer. Trust us, it\'s way easier to do this during the summer in Vegas than at Halifax Analytica headquarters in the winter.
\n- Post the audio to the TeleChallenge voice BBS challenging up to three others using their phone number, or post a video to https://defcon.social or your social media of choice using the hashtag #HackerCoolingContraption and the following:\n
\n- Your handle
\n- Who challenged you
\n- A statement of acceptance (\"I agree that I am responsible for my own hacker cooling actions, I understand that water is wet, and I promise not to sue the TeleChallenge or DEF CON\" or something to that effect)
\n- The handles of 3 people you are nominating
\n- A link to a nonprofit cancer research project or charity of your choice that you have chosen to support
\n- A mention of your contribution (including cash, cryptocurrency, volunteer hours, or computing resources), if any
\n
\n
\n\nSuggested: Make a contribution of your choice to support cancer research. You may want to check nonprofit and charity quality here: https://www.charitynavigator.org/
\n\nRULES
\n\n\n- You can use up to 4 items obtained either from the TeleChallenge booth or at a dollar store costing no more than $5 plus tax, plus duct tape, along with a single one-gallon bucket or container full of conventional ice and water (solely H2O!) to build your Contraption.
\n- Only hand tools may be used.
\n- No hackers may be harmed in the execution of the Challenge. Contraption may cool to no colder than -3 degrees Celcius.
\n- You may wear no less than a bathing suit (due to dress code requirements at pools).
\n- Contraptions will be judged only for full participants of the Challenge, meaning you have made three nominations and at least two nominees have also participated.
\n- Judging criteria: Efficacy, creativity, flair, hax.
\n
\n\n\'',NULL,615879),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_870e7f98b1d4849c18cf97de3d6f6461','\'\'',NULL,615880),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_870e7f98b1d4849c18cf97de3d6f6461','\'\'',NULL,615881),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_24183a9ea374ac398e13cb74da339a9e','\'Title: Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-B - Map
\n
\nDescription:
\nWe would like to see cancer become a thing of the past, and you can help. How? Join the Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge. Here\'s how it works:
\n\n\n- Accept our Challenge. If you accept the Challenge, you\'re also committing to nominate three people to join you.
\n- Take a video of yourself dumping a bucket of ice water over your head in combination with a Contraption of your construction to lower your temperature and raise awareness of cancer. Trust us, it\'s way easier to do this during the summer in Vegas than at Halifax Analytica headquarters in the winter.
\n- Post the audio to the TeleChallenge voice BBS challenging up to three others using their phone number, or post a video to https://defcon.social or your social media of choice using the hashtag #HackerCoolingContraption and the following:\n
\n- Your handle
\n- Who challenged you
\n- A statement of acceptance (\"I agree that I am responsible for my own hacker cooling actions, I understand that water is wet, and I promise not to sue the TeleChallenge or DEF CON\" or something to that effect)
\n- The handles of 3 people you are nominating
\n- A link to a nonprofit cancer research project or charity of your choice that you have chosen to support
\n- A mention of your contribution (including cash, cryptocurrency, volunteer hours, or computing resources), if any
\n
\n
\n\nSuggested: Make a contribution of your choice to support cancer research. You may want to check nonprofit and charity quality here: https://www.charitynavigator.org/
\n\nRULES
\n\n\n- You can use up to 4 items obtained either from the TeleChallenge booth or at a dollar store costing no more than $5 plus tax, plus duct tape, along with a single one-gallon bucket or container full of conventional ice and water (solely H2O!) to build your Contraption.
\n- Only hand tools may be used.
\n- No hackers may be harmed in the execution of the Challenge. Contraption may cool to no colder than -3 degrees Celcius.
\n- You may wear no less than a bathing suit (due to dress code requirements at pools).
\n- Contraptions will be judged only for full participants of the Challenge, meaning you have made three nominations and at least two nominees have also participated.
\n- Judging criteria: Efficacy, creativity, flair, hax.
\n
\n\n\'',NULL,615882),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_24183a9ea374ac398e13cb74da339a9e','\'\'',NULL,615883),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_24183a9ea374ac398e13cb74da339a9e','\'\'',NULL,615884),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_24183a9ea374ac398e13cb74da339a9e','\'\'',NULL,615885),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_24183a9ea374ac398e13cb74da339a9e','\'\'',NULL,615886),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_24183a9ea374ac398e13cb74da339a9e','\'\'',NULL,615887),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_24183a9ea374ac398e13cb74da339a9e','\'\'',NULL,615888),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-B','\'Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge\'','\'\'','CON_24183a9ea374ac398e13cb74da339a9e','\'\'',NULL,615889),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_2d59e4c6f17d591a73f52b5a960548d4','\'Title: Hac-Man
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-01-C - Map
\n
\nDescription:
\nHybrid Contest\nOn-site Hours: Friday and Saturday 10:00-18:00; Sunday: 10:00-12:00\nBecomes available online Thursday 12:00\nOnline and In-Person platforms will close Sunday 12:00\nPlayers will only be able to turn in scavenger hunt items during On-site Hours.
\n\nThis Pac-Man themed set of challenges takes Players on a journey through learning and demonstrating hacker and information security skills to earn points. With multiple subject-matter specific challenge groups and tracks, this hacker challenge game has something for everyone. You, dear Player, are Hac-Man (or Ms. Hac-Man, or Hac-Person), making your way through various dark mazes eating pellets, fruit, and ghosts. Each ghost represents a hacker puzzle or skills challenge. Upon completing each challenge, you’ll be awarded points and can continue on to attempt further challenges. Many challenges have unlockable hints and location information, which you can unlock by spending your collected fruit.
\n\nThere is a leaderboard! As you collect points, you’ll show up on this leaderboard. The top 10 Players at the end of the game will be awarded various prizes from a prize pool.
\n\n\'',NULL,615890),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_2d59e4c6f17d591a73f52b5a960548d4','\'\'',NULL,615891),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_2d59e4c6f17d591a73f52b5a960548d4','\'\'',NULL,615892),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_2d59e4c6f17d591a73f52b5a960548d4','\'\'',NULL,615893),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_2d59e4c6f17d591a73f52b5a960548d4','\'\'',NULL,615894),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_2d59e4c6f17d591a73f52b5a960548d4','\'\'',NULL,615895),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_2d59e4c6f17d591a73f52b5a960548d4','\'\'',NULL,615896),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_2d59e4c6f17d591a73f52b5a960548d4','\'\'',NULL,615897),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_dd77f6ccd25f0f679d369e37a9cfb955','\'Title: Hac-Man
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-01-C - Map
\n
\nDescription:
\nHybrid Contest\nOn-site Hours: Friday and Saturday 10:00-18:00; Sunday: 10:00-12:00\nBecomes available online Thursday 12:00\nOnline and In-Person platforms will close Sunday 12:00\nPlayers will only be able to turn in scavenger hunt items during On-site Hours.
\n\nThis Pac-Man themed set of challenges takes Players on a journey through learning and demonstrating hacker and information security skills to earn points. With multiple subject-matter specific challenge groups and tracks, this hacker challenge game has something for everyone. You, dear Player, are Hac-Man (or Ms. Hac-Man, or Hac-Person), making your way through various dark mazes eating pellets, fruit, and ghosts. Each ghost represents a hacker puzzle or skills challenge. Upon completing each challenge, you’ll be awarded points and can continue on to attempt further challenges. Many challenges have unlockable hints and location information, which you can unlock by spending your collected fruit.
\n\nThere is a leaderboard! As you collect points, you’ll show up on this leaderboard. The top 10 Players at the end of the game will be awarded various prizes from a prize pool.
\n\n\'',NULL,615898),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_dd77f6ccd25f0f679d369e37a9cfb955','\'\'',NULL,615899),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_dd77f6ccd25f0f679d369e37a9cfb955','\'\'',NULL,615900),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_dd77f6ccd25f0f679d369e37a9cfb955','\'\'',NULL,615901),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_dd77f6ccd25f0f679d369e37a9cfb955','\'\'',NULL,615902),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_dd77f6ccd25f0f679d369e37a9cfb955','\'\'',NULL,615903),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_dd77f6ccd25f0f679d369e37a9cfb955','\'\'',NULL,615904),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_dd77f6ccd25f0f679d369e37a9cfb955','\'\'',NULL,615905),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_e941bb0aaf46d21776b38d8f6842a86d','\'Title: Hac-Man
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-01-C - Map
\n
\nDescription:
\nHybrid Contest\nOn-site Hours: Friday and Saturday 10:00-18:00; Sunday: 10:00-12:00\nBecomes available online Thursday 12:00\nOnline and In-Person platforms will close Sunday 12:00\nPlayers will only be able to turn in scavenger hunt items during On-site Hours.
\n\nThis Pac-Man themed set of challenges takes Players on a journey through learning and demonstrating hacker and information security skills to earn points. With multiple subject-matter specific challenge groups and tracks, this hacker challenge game has something for everyone. You, dear Player, are Hac-Man (or Ms. Hac-Man, or Hac-Person), making your way through various dark mazes eating pellets, fruit, and ghosts. Each ghost represents a hacker puzzle or skills challenge. Upon completing each challenge, you’ll be awarded points and can continue on to attempt further challenges. Many challenges have unlockable hints and location information, which you can unlock by spending your collected fruit.
\n\nThere is a leaderboard! As you collect points, you’ll show up on this leaderboard. The top 10 Players at the end of the game will be awarded various prizes from a prize pool.
\n\n\'',NULL,615906),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_e941bb0aaf46d21776b38d8f6842a86d','\'\'',NULL,615907),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-C','\'Hac-Man\'','\'\'','CON_e941bb0aaf46d21776b38d8f6842a86d','\'\'',NULL,615908),('1_Thursday','12','12:00','12:59','N','CON','Virtual','\'Hac-Man\'','\'\'','CON_8fed04fc9ebb9bac543886f8d1084dcc','\'Title: Hac-Man
\nWhen: Thursday, Aug 8, 12:00 - 12:59 PDT
\nWhere: Virtual
\n
\nDescription:
\nHybrid Contest\nOn-site Hours: Friday and Saturday 10:00-18:00; Sunday: 10:00-12:00\nBecomes available online Thursday 12:00\nOnline and In-Person platforms will close Sunday 12:00\nPlayers will only be able to turn in scavenger hunt items during On-site Hours.
\n\nThis Pac-Man themed set of challenges takes Players on a journey through learning and demonstrating hacker and information security skills to earn points. With multiple subject-matter specific challenge groups and tracks, this hacker challenge game has something for everyone. You, dear Player, are Hac-Man (or Ms. Hac-Man, or Hac-Person), making your way through various dark mazes eating pellets, fruit, and ghosts. Each ghost represents a hacker puzzle or skills challenge. Upon completing each challenge, you’ll be awarded points and can continue on to attempt further challenges. Many challenges have unlockable hints and location information, which you can unlock by spending your collected fruit.
\n\nThere is a leaderboard! As you collect points, you’ll show up on this leaderboard. The top 10 Players at the end of the game will be awarded various prizes from a prize pool.
\n\n\'',NULL,615909),('4_Sunday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_6604f78d3d1cce77c29f5497e84c0689','\'Title: Gold Bug Challenge
\nWhen: Sunday, Aug 11, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-04-F - Map
\n
\nDescription:
\nLove puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle can keep you intrigued and busy throughout DEF CON - and questioning how deep the layers of cryptography go.
\n\nThe Gold Bug is an annual puzzle hunt at DEF CON, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto.
\n\nThe Gold Bug is accessible to all, with some simpler puzzles for warmup or beginners (even kids!), and some that will require you to dig a little deeper. Whether you want to hack on puzzles solo or with a team, join us at https://goldbug.cryptovillage.org to get started!
\n\n\'',NULL,615910),('4_Sunday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_6604f78d3d1cce77c29f5497e84c0689','\'\'',NULL,615911),('4_Sunday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_6604f78d3d1cce77c29f5497e84c0689','\'\'',NULL,615912),('4_Sunday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_6604f78d3d1cce77c29f5497e84c0689','\'\'',NULL,615913),('4_Sunday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_6604f78d3d1cce77c29f5497e84c0689','\'\'',NULL,615914),('4_Sunday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_6604f78d3d1cce77c29f5497e84c0689','\'\'',NULL,615915),('4_Sunday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_6604f78d3d1cce77c29f5497e84c0689','\'\'',NULL,615916),('4_Sunday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_6604f78d3d1cce77c29f5497e84c0689','\'\'',NULL,615917),('4_Sunday','10','10:00','11:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_8ff5a7c7ee62f884022e4e0de75bd2d9','\'Title: Gold Bug Challenge
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-04-F - Map
\n
\nDescription:
\nLove puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle can keep you intrigued and busy throughout DEF CON - and questioning how deep the layers of cryptography go.
\n\nThe Gold Bug is an annual puzzle hunt at DEF CON, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto.
\n\nThe Gold Bug is accessible to all, with some simpler puzzles for warmup or beginners (even kids!), and some that will require you to dig a little deeper. Whether you want to hack on puzzles solo or with a team, join us at https://goldbug.cryptovillage.org to get started!
\n\n\'',NULL,615918),('4_Sunday','11','10:00','11:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_8ff5a7c7ee62f884022e4e0de75bd2d9','\'\'',NULL,615919),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_af699e54951b542afa9067c2267b69a5','\'Title: Gold Bug Challenge
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-04-F - Map
\n
\nDescription:
\nLove puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle can keep you intrigued and busy throughout DEF CON - and questioning how deep the layers of cryptography go.
\n\nThe Gold Bug is an annual puzzle hunt at DEF CON, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto.
\n\nThe Gold Bug is accessible to all, with some simpler puzzles for warmup or beginners (even kids!), and some that will require you to dig a little deeper. Whether you want to hack on puzzles solo or with a team, join us at https://goldbug.cryptovillage.org to get started!
\n\n\'',NULL,615920),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_af699e54951b542afa9067c2267b69a5','\'\'',NULL,615921),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_af699e54951b542afa9067c2267b69a5','\'\'',NULL,615922),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_af699e54951b542afa9067c2267b69a5','\'\'',NULL,615923),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_af699e54951b542afa9067c2267b69a5','\'\'',NULL,615924),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_af699e54951b542afa9067c2267b69a5','\'\'',NULL,615925),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_af699e54951b542afa9067c2267b69a5','\'\'',NULL,615926),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-F','\'Gold Bug Challenge\'','\'\'','CON_af699e54951b542afa9067c2267b69a5','\'\'',NULL,615927),('2_Friday','10','10:00','11:59','N','CON','Virtual','\'Gold Bug Challenge\'','\'\'','CON_e92bb742ad2aa1ecf303b6799fa1bdac','\'Title: Gold Bug Challenge
\nWhen: Friday, Aug 9, 10:00 - 11:59 PDT
\nWhere: Virtual
\n
\nDescription:
\nLove puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle can keep you intrigued and busy throughout DEF CON - and questioning how deep the layers of cryptography go.
\n\nThe Gold Bug is an annual puzzle hunt at DEF CON, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto.
\n\nThe Gold Bug is accessible to all, with some simpler puzzles for warmup or beginners (even kids!), and some that will require you to dig a little deeper. Whether you want to hack on puzzles solo or with a team, join us at https://goldbug.cryptovillage.org to get started!
\n\n\'',NULL,615928),('2_Friday','11','10:00','11:59','Y','CON','Virtual','\'Gold Bug Challenge\'','\'\'','CON_e92bb742ad2aa1ecf303b6799fa1bdac','\'\'',NULL,615929),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_808c401471f7258f1541d067ca7f5992','\'Title: DEF CON Scavenger Hunt
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-02 - Map
\n
\nDescription:
\nWhether you\'re a seasoned DEFCON veteran or a curious newcomer, the DEFCON Scavenger Hunt promises to challenge your skills, tickle your wits, and ignite your hacker spirit. Our list is a portal to mystery, mischief, and mayhem. Assemble your team of up to five members, interpret the items, and submit your findings at the booth to our esteemed judges. Go beyond the basics for bonus points. Legends are born here.
\n\nCasual players will enjoy doing a handful of items, but you will need to devote your entire weekend if you want to win. It\'s not just about fame, glory, or boxes of swag; the true allure is the camaraderie of fellow hackers, the knowledge that you\'ve etched your mark on DEFCON history, and the ultimate badge of honor: bragging rights. Nothing says \"I\'m a hacker\" quite like being triumphant at the DEFCON Scavenger Hunt contest.
\n\nSee you at the booth!
\n\n\'',NULL,615930),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_808c401471f7258f1541d067ca7f5992','\'\'',NULL,615931),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_808c401471f7258f1541d067ca7f5992','\'\'',NULL,615932),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_808c401471f7258f1541d067ca7f5992','\'\'',NULL,615933),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_808c401471f7258f1541d067ca7f5992','\'\'',NULL,615934),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_808c401471f7258f1541d067ca7f5992','\'\'',NULL,615935),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_808c401471f7258f1541d067ca7f5992','\'\'',NULL,615936),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_808c401471f7258f1541d067ca7f5992','\'\'',NULL,615937),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_0901423d4312d9cb66d0f2058e488f01','\'Title: DEF CON Scavenger Hunt
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-02 - Map
\n
\nDescription:
\nWhether you\'re a seasoned DEFCON veteran or a curious newcomer, the DEFCON Scavenger Hunt promises to challenge your skills, tickle your wits, and ignite your hacker spirit. Our list is a portal to mystery, mischief, and mayhem. Assemble your team of up to five members, interpret the items, and submit your findings at the booth to our esteemed judges. Go beyond the basics for bonus points. Legends are born here.
\n\nCasual players will enjoy doing a handful of items, but you will need to devote your entire weekend if you want to win. It\'s not just about fame, glory, or boxes of swag; the true allure is the camaraderie of fellow hackers, the knowledge that you\'ve etched your mark on DEFCON history, and the ultimate badge of honor: bragging rights. Nothing says \"I\'m a hacker\" quite like being triumphant at the DEFCON Scavenger Hunt contest.
\n\nSee you at the booth!
\n\n\'',NULL,615938),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_0901423d4312d9cb66d0f2058e488f01','\'\'',NULL,615939),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_0901423d4312d9cb66d0f2058e488f01','\'\'',NULL,615940),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_0901423d4312d9cb66d0f2058e488f01','\'\'',NULL,615941),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_0901423d4312d9cb66d0f2058e488f01','\'\'',NULL,615942),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_0901423d4312d9cb66d0f2058e488f01','\'\'',NULL,615943),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_0901423d4312d9cb66d0f2058e488f01','\'\'',NULL,615944),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_0901423d4312d9cb66d0f2058e488f01','\'\'',NULL,615945),('4_Sunday','10','10:00','11:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_41c9127eeac3271a1f9a2218196351b6','\'Title: DEF CON Scavenger Hunt
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-02 - Map
\n
\nDescription:
\nWhether you\'re a seasoned DEFCON veteran or a curious newcomer, the DEFCON Scavenger Hunt promises to challenge your skills, tickle your wits, and ignite your hacker spirit. Our list is a portal to mystery, mischief, and mayhem. Assemble your team of up to five members, interpret the items, and submit your findings at the booth to our esteemed judges. Go beyond the basics for bonus points. Legends are born here.
\n\nCasual players will enjoy doing a handful of items, but you will need to devote your entire weekend if you want to win. It\'s not just about fame, glory, or boxes of swag; the true allure is the camaraderie of fellow hackers, the knowledge that you\'ve etched your mark on DEFCON history, and the ultimate badge of honor: bragging rights. Nothing says \"I\'m a hacker\" quite like being triumphant at the DEFCON Scavenger Hunt contest.
\n\nSee you at the booth!
\n\n\'',NULL,615946),('4_Sunday','11','10:00','11:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-02','\'DEF CON Scavenger Hunt\'','\'\'','CON_41c9127eeac3271a1f9a2218196351b6','\'\'',NULL,615947),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_8e3646a4a300b2de69467f5cd4389145','\'Title: DC’s Next Top Threat Model (DCNTTM)
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-05-A - Map
\n
\nDescription:
\nThreat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist.
\n\nAs part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model(er).
\n\n\'',NULL,615948),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_8e3646a4a300b2de69467f5cd4389145','\'\'',NULL,615949),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_8e3646a4a300b2de69467f5cd4389145','\'\'',NULL,615950),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_8e3646a4a300b2de69467f5cd4389145','\'\'',NULL,615951),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_8e3646a4a300b2de69467f5cd4389145','\'\'',NULL,615952),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_8e3646a4a300b2de69467f5cd4389145','\'\'',NULL,615953),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_8e3646a4a300b2de69467f5cd4389145','\'\'',NULL,615954),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_8e3646a4a300b2de69467f5cd4389145','\'\'',NULL,615955),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_462ef6777871b98cbc90c2d0ee2298b9','\'Title: DC’s Next Top Threat Model (DCNTTM)
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-05-A - Map
\n
\nDescription:
\nThreat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist.
\n\nAs part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model(er).
\n\n\'',NULL,615956),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_462ef6777871b98cbc90c2d0ee2298b9','\'\'',NULL,615957),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_462ef6777871b98cbc90c2d0ee2298b9','\'\'',NULL,615958),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_462ef6777871b98cbc90c2d0ee2298b9','\'\'',NULL,615959),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_462ef6777871b98cbc90c2d0ee2298b9','\'\'',NULL,615960),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_462ef6777871b98cbc90c2d0ee2298b9','\'\'',NULL,615961),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_462ef6777871b98cbc90c2d0ee2298b9','\'\'',NULL,615962),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-A','\'DC’s Next Top Threat Model (DCNTTM)\'','\'\'','CON_462ef6777871b98cbc90c2d0ee2298b9','\'\'',NULL,615963),('2_Friday','12','12:00','19:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-E','\'DC Kubernetes Capture the Flag (CTF)\'','\'\'','CON_883036c7207a8d4fee48edfb0575e4de','\'Title: DC Kubernetes Capture the Flag (CTF)
\nWhen: Friday, Aug 9, 12:00 - 19:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-01-E - Map
\n
\nDescription:
\nThe DEF CON Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.
\n\nA scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.
\n\n\'',NULL,615964),('2_Friday','13','12:00','19:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-E','\'DC Kubernetes Capture the Flag (CTF)\'','\'\'','CON_883036c7207a8d4fee48edfb0575e4de','\'\'',NULL,615965),('2_Friday','14','12:00','19:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-E','\'DC Kubernetes Capture the Flag (CTF)\'','\'\'','CON_883036c7207a8d4fee48edfb0575e4de','\'\'',NULL,615966),('2_Friday','15','12:00','19:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-E','\'DC Kubernetes Capture the Flag (CTF)\'','\'\'','CON_883036c7207a8d4fee48edfb0575e4de','\'\'',NULL,615967),('2_Friday','16','12:00','19:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-E','\'DC Kubernetes Capture the Flag (CTF)\'','\'\'','CON_883036c7207a8d4fee48edfb0575e4de','\'\'',NULL,615968),('2_Friday','17','12:00','19:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-E','\'DC Kubernetes Capture the Flag (CTF)\'','\'\'','CON_883036c7207a8d4fee48edfb0575e4de','\'\'',NULL,615969),('2_Friday','18','12:00','19:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-E','\'DC Kubernetes Capture the Flag (CTF)\'','\'\'','CON_883036c7207a8d4fee48edfb0575e4de','\'\'',NULL,615970),('2_Friday','19','12:00','19:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-E','\'DC Kubernetes Capture the Flag (CTF)\'','\'\'','CON_883036c7207a8d4fee48edfb0575e4de','\'\'',NULL,615971),('3_Saturday','10','10:00','16:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-E','\'DC Kubernetes Capture the Flag (CTF)\'','\'\'','CON_160846dbd8a13b94b160ffdfcc311036','\'Title: DC Kubernetes Capture the Flag (CTF)
\nWhen: Saturday, Aug 10, 10:00 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-01-E - Map
\n
\nDescription:
\nThe DEF CON Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.
\n\nA scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.
\n\n\'',NULL,615972),('3_Saturday','11','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-E','\'DC Kubernetes Capture the Flag (CTF)\'','\'\'','CON_160846dbd8a13b94b160ffdfcc311036','\'\'',NULL,615973),('3_Saturday','12','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-E','\'DC Kubernetes Capture the Flag (CTF)\'','\'\'','CON_160846dbd8a13b94b160ffdfcc311036','\'\'',NULL,615974),('3_Saturday','13','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-E','\'DC Kubernetes Capture the Flag (CTF)\'','\'\'','CON_160846dbd8a13b94b160ffdfcc311036','\'\'',NULL,615975),('3_Saturday','14','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-E','\'DC Kubernetes Capture the Flag (CTF)\'','\'\'','CON_160846dbd8a13b94b160ffdfcc311036','\'\'',NULL,615976),('3_Saturday','15','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-E','\'DC Kubernetes Capture the Flag (CTF)\'','\'\'','CON_160846dbd8a13b94b160ffdfcc311036','\'\'',NULL,615977),('3_Saturday','16','10:00','16:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-E','\'DC Kubernetes Capture the Flag (CTF)\'','\'\'','CON_160846dbd8a13b94b160ffdfcc311036','\'\'',NULL,615978),('4_Sunday','10','10:00','13:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_ba71b32f3ce5b55fc52a036663828535','\'Title: DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)
\nWhen: Sunday, Aug 11, 10:00 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06 - Map
\n
\nDescription:
\nDARPA and ARPA-H’s Artificial Intelligence Cyber Challenge (AIxCC) will bring together the foremost experts in AI and cybersecurity to safeguard the software critical to all Americans. AIxCC is a two-year competition that asks competitors to design novel AI systems to secure this critical code and will award a cumulative $29.5 million in prizes to Teams with the best systems. In 2024, top teams will be awarded prizes of $2 million each, and will advance to the finals at DEF CON 33. The AIxCC Experience at DEF CON 32 is an immersive and interactive competition environment and educational space to inspire people and organizations to accelerate the development of AI-enabled cyber defenses. Attendees will explore a futuristic city where they can learn all about the competition, the technology, and the power of AI to help secure the software we all depend on.
\n\nRegistration for AIxCC is no longer open to new contestants. AIxCC Preliminary Events were held March – July 2024.
\n\nSemifinalists will be announced here: https://aicyberchallenge.com/
\n\n\'',NULL,615979),('4_Sunday','11','10:00','13:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_ba71b32f3ce5b55fc52a036663828535','\'\'',NULL,615980),('4_Sunday','12','10:00','13:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_ba71b32f3ce5b55fc52a036663828535','\'\'',NULL,615981),('4_Sunday','13','10:00','13:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_ba71b32f3ce5b55fc52a036663828535','\'\'',NULL,615982),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_7ba2ae0a73c0a08ba3981e2f73822813','\'Title: DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06 - Map
\n
\nDescription:
\nDARPA and ARPA-H’s Artificial Intelligence Cyber Challenge (AIxCC) will bring together the foremost experts in AI and cybersecurity to safeguard the software critical to all Americans. AIxCC is a two-year competition that asks competitors to design novel AI systems to secure this critical code and will award a cumulative $29.5 million in prizes to Teams with the best systems. In 2024, top teams will be awarded prizes of $2 million each, and will advance to the finals at DEF CON 33. The AIxCC Experience at DEF CON 32 is an immersive and interactive competition environment and educational space to inspire people and organizations to accelerate the development of AI-enabled cyber defenses. Attendees will explore a futuristic city where they can learn all about the competition, the technology, and the power of AI to help secure the software we all depend on.
\n\nRegistration for AIxCC is no longer open to new contestants. AIxCC Preliminary Events were held March – July 2024.
\n\nSemifinalists will be announced here: https://aicyberchallenge.com/
\n\n\'',NULL,615983),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_7ba2ae0a73c0a08ba3981e2f73822813','\'\'',NULL,615984),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_7ba2ae0a73c0a08ba3981e2f73822813','\'\'',NULL,615985),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_7ba2ae0a73c0a08ba3981e2f73822813','\'\'',NULL,615986),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_7ba2ae0a73c0a08ba3981e2f73822813','\'\'',NULL,615987),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_7ba2ae0a73c0a08ba3981e2f73822813','\'\'',NULL,615988),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_7ba2ae0a73c0a08ba3981e2f73822813','\'\'',NULL,615989),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_7ba2ae0a73c0a08ba3981e2f73822813','\'\'',NULL,615990),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_b5989d8ef8163d2992f7c0684c3fb013','\'Title: DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06 - Map
\n
\nDescription:
\nDARPA and ARPA-H’s Artificial Intelligence Cyber Challenge (AIxCC) will bring together the foremost experts in AI and cybersecurity to safeguard the software critical to all Americans. AIxCC is a two-year competition that asks competitors to design novel AI systems to secure this critical code and will award a cumulative $29.5 million in prizes to Teams with the best systems. In 2024, top teams will be awarded prizes of $2 million each, and will advance to the finals at DEF CON 33. The AIxCC Experience at DEF CON 32 is an immersive and interactive competition environment and educational space to inspire people and organizations to accelerate the development of AI-enabled cyber defenses. Attendees will explore a futuristic city where they can learn all about the competition, the technology, and the power of AI to help secure the software we all depend on.
\n\nRegistration for AIxCC is no longer open to new contestants. AIxCC Preliminary Events were held March – July 2024.
\n\nSemifinalists will be announced here: https://aicyberchallenge.com/
\n\n\'',NULL,615991),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_b5989d8ef8163d2992f7c0684c3fb013','\'\'',NULL,615992),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_b5989d8ef8163d2992f7c0684c3fb013','\'\'',NULL,615993),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_b5989d8ef8163d2992f7c0684c3fb013','\'\'',NULL,615994),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_b5989d8ef8163d2992f7c0684c3fb013','\'\'',NULL,615995),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_b5989d8ef8163d2992f7c0684c3fb013','\'\'',NULL,615996),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_b5989d8ef8163d2992f7c0684c3fb013','\'\'',NULL,615997),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 3/HW3-05-06','\'DARPA\'s Artificial Intelligence Cyber Challenge (AIxCC)\'','\'\'','CON_b5989d8ef8163d2992f7c0684c3fb013','\'\'',NULL,615998),('4_Sunday','10','10:00','11:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_63e7c425fde033b4d20424ee5da74087','\'Title: Darknet-NG
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-01-D - Map
\n
\nDescription:
\nDarknet-NG is an Alternate Reality Game (ARG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The \"Learning Quests\" help the agent gather knowledge from all across the other villages at the conference, while the \"Challenge Quests\" help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year\'s final challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!
\n\n\'',NULL,615999),('4_Sunday','11','10:00','11:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_63e7c425fde033b4d20424ee5da74087','\'\'',NULL,616000),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_503c1b18362023729d9ade0de211546a','\'Title: Darknet-NG
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-01-D - Map
\n
\nDescription:
\nDarknet-NG is an Alternate Reality Game (ARG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The \"Learning Quests\" help the agent gather knowledge from all across the other villages at the conference, while the \"Challenge Quests\" help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year\'s final challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!
\n\n\'',NULL,616001),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_503c1b18362023729d9ade0de211546a','\'\'',NULL,616002),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_503c1b18362023729d9ade0de211546a','\'\'',NULL,616003),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_503c1b18362023729d9ade0de211546a','\'\'',NULL,616004),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_503c1b18362023729d9ade0de211546a','\'\'',NULL,616005),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_503c1b18362023729d9ade0de211546a','\'\'',NULL,616006),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_503c1b18362023729d9ade0de211546a','\'\'',NULL,616007),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_503c1b18362023729d9ade0de211546a','\'\'',NULL,616008),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_a02d6c84d213e58ea343ef7fbc42d53e','\'Title: Darknet-NG
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-01-D - Map
\n
\nDescription:
\nDarknet-NG is an Alternate Reality Game (ARG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The \"Learning Quests\" help the agent gather knowledge from all across the other villages at the conference, while the \"Challenge Quests\" help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year\'s final challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!
\n\n\'',NULL,616009),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_a02d6c84d213e58ea343ef7fbc42d53e','\'\'',NULL,616010),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_a02d6c84d213e58ea343ef7fbc42d53e','\'\'',NULL,616011),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_a02d6c84d213e58ea343ef7fbc42d53e','\'\'',NULL,616012),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_a02d6c84d213e58ea343ef7fbc42d53e','\'\'',NULL,616013),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_a02d6c84d213e58ea343ef7fbc42d53e','\'\'',NULL,616014),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_a02d6c84d213e58ea343ef7fbc42d53e','\'\'',NULL,616015),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-01-D','\'Darknet-NG\'','\'\'','CON_a02d6c84d213e58ea343ef7fbc42d53e','\'\'',NULL,616016),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_0e216b0bfd864b108d9531715dca0f45','\'Title: Cyber Defender - The Game
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-06-C - Map
\n
\nDescription:
\nVarious cyber tools and techniques have been utilized based on information from past attacks. Game players will learn about different cyber security frameworks, cyber-attack processes, and how they can use utilised in a fun way. The game is built to teach key cyber terms, theory and apply techniques based on real-world scenarios.
\n\nAs a player, you are part of a Global Cyber Protection Team (GCPT) assigned to the mission to prevent various attacks on critical infrastructure. Your task is to use the available information that your team has at your disposal to stop the adversary from achieving their objective.
\n\nPlayers will find themselves in a variety of future scenarios based on a specific industry/sector focus e.g. manufacturing, utilities, defense, finance. The task will be to defend each individual network/system to govern, identify, detect, respond and recover against abnormal/suspicious activities on the network. You will be working against a global hacker network who are threatening to disrupt the overall operations of global critical infrastructure sites for their own nefarious means.
\n\nYour team must protect various networks/systems as part of a global environment. If 5 or more systems are compromised and deactivated, the hacker network successfully disabled the global environment and can assume control of the entire environment. It is your mission to protect the environment and ensure the availability of the global system.
\n\n\'',NULL,616017),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_0e216b0bfd864b108d9531715dca0f45','\'\'',NULL,616018),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_0e216b0bfd864b108d9531715dca0f45','\'\'',NULL,616019),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_0e216b0bfd864b108d9531715dca0f45','\'\'',NULL,616020),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_0e216b0bfd864b108d9531715dca0f45','\'\'',NULL,616021),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_0e216b0bfd864b108d9531715dca0f45','\'\'',NULL,616022),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_0e216b0bfd864b108d9531715dca0f45','\'\'',NULL,616023),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_0e216b0bfd864b108d9531715dca0f45','\'\'',NULL,616024),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_70c3f9092a4042d910e909cbe50d6d41','\'Title: Cyber Defender - The Game
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-06-C - Map
\n
\nDescription:
\nVarious cyber tools and techniques have been utilized based on information from past attacks. Game players will learn about different cyber security frameworks, cyber-attack processes, and how they can use utilised in a fun way. The game is built to teach key cyber terms, theory and apply techniques based on real-world scenarios.
\n\nAs a player, you are part of a Global Cyber Protection Team (GCPT) assigned to the mission to prevent various attacks on critical infrastructure. Your task is to use the available information that your team has at your disposal to stop the adversary from achieving their objective.
\n\nPlayers will find themselves in a variety of future scenarios based on a specific industry/sector focus e.g. manufacturing, utilities, defense, finance. The task will be to defend each individual network/system to govern, identify, detect, respond and recover against abnormal/suspicious activities on the network. You will be working against a global hacker network who are threatening to disrupt the overall operations of global critical infrastructure sites for their own nefarious means.
\n\nYour team must protect various networks/systems as part of a global environment. If 5 or more systems are compromised and deactivated, the hacker network successfully disabled the global environment and can assume control of the entire environment. It is your mission to protect the environment and ensure the availability of the global system.
\n\n\'',NULL,616025),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_70c3f9092a4042d910e909cbe50d6d41','\'\'',NULL,616026),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_70c3f9092a4042d910e909cbe50d6d41','\'\'',NULL,616027),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_70c3f9092a4042d910e909cbe50d6d41','\'\'',NULL,616028),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_70c3f9092a4042d910e909cbe50d6d41','\'\'',NULL,616029),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_70c3f9092a4042d910e909cbe50d6d41','\'\'',NULL,616030),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_70c3f9092a4042d910e909cbe50d6d41','\'\'',NULL,616031),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_70c3f9092a4042d910e909cbe50d6d41','\'\'',NULL,616032),('4_Sunday','10','10:00','11:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_7c92d1eb6db67a3fa6ccd1d99edfd6e8','\'Title: Cyber Defender - The Game
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-06-C - Map
\n
\nDescription:
\nVarious cyber tools and techniques have been utilized based on information from past attacks. Game players will learn about different cyber security frameworks, cyber-attack processes, and how they can use utilised in a fun way. The game is built to teach key cyber terms, theory and apply techniques based on real-world scenarios.
\n\nAs a player, you are part of a Global Cyber Protection Team (GCPT) assigned to the mission to prevent various attacks on critical infrastructure. Your task is to use the available information that your team has at your disposal to stop the adversary from achieving their objective.
\n\nPlayers will find themselves in a variety of future scenarios based on a specific industry/sector focus e.g. manufacturing, utilities, defense, finance. The task will be to defend each individual network/system to govern, identify, detect, respond and recover against abnormal/suspicious activities on the network. You will be working against a global hacker network who are threatening to disrupt the overall operations of global critical infrastructure sites for their own nefarious means.
\n\nYour team must protect various networks/systems as part of a global environment. If 5 or more systems are compromised and deactivated, the hacker network successfully disabled the global environment and can assume control of the entire environment. It is your mission to protect the environment and ensure the availability of the global system.
\n\n\'',NULL,616033),('4_Sunday','11','10:00','11:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-C','\'Cyber Defender - The Game\'','\'\'','CON_7c92d1eb6db67a3fa6ccd1d99edfd6e8','\'\'',NULL,616034),('2_Friday','11','11:00','11:59','N','CON','Virtual','\'CrackMeIfYouCan\'','\'\'','CON_5d195774f92bf21c1ccdd7ea1525c6ac','\'Title: CrackMeIfYouCan
\nWhen: Friday, Aug 9, 11:00 - 11:59 PDT
\nWhere: Virtual
\n
\nDescription:
\nZoogleta has been scheming to corporatize and enshittify the Internet through regulatory capture, squashing indy devs, and commodifying users.
\n\nYou\'ve been contacted by journalists and whistleblowers who need help sifting through some big dumps of encrypted data and password hashes.
\n\nHelp them so they can publish the smoking gun, crash Zoogleta\'s stock price, and get their leadership and the corrupt politicians they own arrested by exposing their internal dirt, for great justice.
\n\nTime is of the essence! You will have 48 hours to crack as many files and hashes as possible.
\n\nOpen to all; preregistration is recommended. Compete in the Street class for individuals or small teams, or in Pro if you do not want to sleep all weekend. Check out past years\' contests at https://contest.korelogic.com/ , and the Password Village at https://passwordvillage.org/
\n\n\'',NULL,616035),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_2521d55a778bee8ecfabbfb85d5ae343','\'Title: CrackMeIfYouCan
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-05 - Map
\n
\nDescription:
\nZoogleta has been scheming to corporatize and enshittify the Internet through regulatory capture, squashing indy devs, and commodifying users.
\n\nYou\'ve been contacted by journalists and whistleblowers who need help sifting through some big dumps of encrypted data and password hashes.
\n\nHelp them so they can publish the smoking gun, crash Zoogleta\'s stock price, and get their leadership and the corrupt politicians they own arrested by exposing their internal dirt, for great justice.
\n\nTime is of the essence! You will have 48 hours to crack as many files and hashes as possible.
\n\nOpen to all; preregistration is recommended. Compete in the Street class for individuals or small teams, or in Pro if you do not want to sleep all weekend. Check out past years\' contests at https://contest.korelogic.com/ , and the Password Village at https://passwordvillage.org/
\n\n\'',NULL,616036),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_2521d55a778bee8ecfabbfb85d5ae343','\'\'',NULL,616037),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_2521d55a778bee8ecfabbfb85d5ae343','\'\'',NULL,616038),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_2521d55a778bee8ecfabbfb85d5ae343','\'\'',NULL,616039),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_2521d55a778bee8ecfabbfb85d5ae343','\'\'',NULL,616040),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_2521d55a778bee8ecfabbfb85d5ae343','\'\'',NULL,616041),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_2521d55a778bee8ecfabbfb85d5ae343','\'\'',NULL,616042),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_2521d55a778bee8ecfabbfb85d5ae343','\'\'',NULL,616043),('4_Sunday','10','10:00','10:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_ed6d00889e61bb34d76180ef2a623b5d','\'Title: CrackMeIfYouCan
\nWhen: Sunday, Aug 11, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-05 - Map
\n
\nDescription:
\nZoogleta has been scheming to corporatize and enshittify the Internet through regulatory capture, squashing indy devs, and commodifying users.
\n\nYou\'ve been contacted by journalists and whistleblowers who need help sifting through some big dumps of encrypted data and password hashes.
\n\nHelp them so they can publish the smoking gun, crash Zoogleta\'s stock price, and get their leadership and the corrupt politicians they own arrested by exposing their internal dirt, for great justice.
\n\nTime is of the essence! You will have 48 hours to crack as many files and hashes as possible.
\n\nOpen to all; preregistration is recommended. Compete in the Street class for individuals or small teams, or in Pro if you do not want to sleep all weekend. Check out past years\' contests at https://contest.korelogic.com/ , and the Password Village at https://passwordvillage.org/
\n\n\'',NULL,616044),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_8cad2c02025c163eb25f7ca0a7c6a64b','\'Title: CrackMeIfYouCan
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-05 - Map
\n
\nDescription:
\nZoogleta has been scheming to corporatize and enshittify the Internet through regulatory capture, squashing indy devs, and commodifying users.
\n\nYou\'ve been contacted by journalists and whistleblowers who need help sifting through some big dumps of encrypted data and password hashes.
\n\nHelp them so they can publish the smoking gun, crash Zoogleta\'s stock price, and get their leadership and the corrupt politicians they own arrested by exposing their internal dirt, for great justice.
\n\nTime is of the essence! You will have 48 hours to crack as many files and hashes as possible.
\n\nOpen to all; preregistration is recommended. Compete in the Street class for individuals or small teams, or in Pro if you do not want to sleep all weekend. Check out past years\' contests at https://contest.korelogic.com/ , and the Password Village at https://passwordvillage.org/
\n\n\'',NULL,616045),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_8cad2c02025c163eb25f7ca0a7c6a64b','\'\'',NULL,616046),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_8cad2c02025c163eb25f7ca0a7c6a64b','\'\'',NULL,616047),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_8cad2c02025c163eb25f7ca0a7c6a64b','\'\'',NULL,616048),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_8cad2c02025c163eb25f7ca0a7c6a64b','\'\'',NULL,616049),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_8cad2c02025c163eb25f7ca0a7c6a64b','\'\'',NULL,616050),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_8cad2c02025c163eb25f7ca0a7c6a64b','\'\'',NULL,616051),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05','\'CrackMeIfYouCan\'','\'\'','CON_8cad2c02025c163eb25f7ca0a7c6a64b','\'\'',NULL,616052),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_7421c6f4658a965eccc6ab4fecdec37a','\'Title: CMD+CTRL at DEF CON 32
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-06-D - Map
\n
\nDescription:
\nCMD+CTRL Web App Hacking Challenge gives you the opportunity to showcase your red team skills by attacking real web applications. The CMD+CTRL platform is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you\'ll have a better understanding of the vulnerabilities that put real world systems at risk.
\n\nAt DEF CON 32: We will be replaying some of our Cyber Range Greatest Hits. We will be running 4 different Ranges with over a 150 challenges possible!
\n\n\'',NULL,616053),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_7421c6f4658a965eccc6ab4fecdec37a','\'\'',NULL,616054),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_7421c6f4658a965eccc6ab4fecdec37a','\'\'',NULL,616055),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_7421c6f4658a965eccc6ab4fecdec37a','\'\'',NULL,616056),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_7421c6f4658a965eccc6ab4fecdec37a','\'\'',NULL,616057),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_7421c6f4658a965eccc6ab4fecdec37a','\'\'',NULL,616058),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_7421c6f4658a965eccc6ab4fecdec37a','\'\'',NULL,616059),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_7421c6f4658a965eccc6ab4fecdec37a','\'\'',NULL,616060),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_38d1ccdff443e094575466623d3d2adc','\'Title: CMD+CTRL at DEF CON 32
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-06-D - Map
\n
\nDescription:
\nCMD+CTRL Web App Hacking Challenge gives you the opportunity to showcase your red team skills by attacking real web applications. The CMD+CTRL platform is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you\'ll have a better understanding of the vulnerabilities that put real world systems at risk.
\n\nAt DEF CON 32: We will be replaying some of our Cyber Range Greatest Hits. We will be running 4 different Ranges with over a 150 challenges possible!
\n\n\'',NULL,616061),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_38d1ccdff443e094575466623d3d2adc','\'\'',NULL,616062),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_38d1ccdff443e094575466623d3d2adc','\'\'',NULL,616063),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_38d1ccdff443e094575466623d3d2adc','\'\'',NULL,616064),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_38d1ccdff443e094575466623d3d2adc','\'\'',NULL,616065),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_38d1ccdff443e094575466623d3d2adc','\'\'',NULL,616066),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_38d1ccdff443e094575466623d3d2adc','\'\'',NULL,616067),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_38d1ccdff443e094575466623d3d2adc','\'\'',NULL,616068),('4_Sunday','10','10:00','11:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_ac8b3bc1bc18efd7a73c6e97a398eb94','\'Title: CMD+CTRL at DEF CON 32
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-06-D - Map
\n
\nDescription:
\nCMD+CTRL Web App Hacking Challenge gives you the opportunity to showcase your red team skills by attacking real web applications. The CMD+CTRL platform is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you\'ll have a better understanding of the vulnerabilities that put real world systems at risk.
\n\nAt DEF CON 32: We will be replaying some of our Cyber Range Greatest Hits. We will be running 4 different Ranges with over a 150 challenges possible!
\n\n\'',NULL,616069),('4_Sunday','11','10:00','11:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-06-D','\'CMD+CTRL at DEF CON 32\'','\'\'','CON_ac8b3bc1bc18efd7a73c6e97a398eb94','\'\'',NULL,616070),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_4a37315f5006460ac8d7572e541113ae','\'Title: Cloud Village CTF
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nIf you ever wanted to break stuff on the cloud, or if you like rabbit holes that take you places you did not think you would go to, follow complicated story lines to only find you could have reached to the flag without scratching your head so much - then this CTF is for you!
\n\nOur CTF is a two days jeopardy style contest where we have a bunch of challenges hosted across multiple Cloud providers across multiple categories of difficulty.
\n\nYou can register as teams or go solo, use hints or stay away from them, in the end it will be all for glory or nothing. Plus the prizes. Did we not mention the prizes? :D
\n\n\'',NULL,616071),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_4a37315f5006460ac8d7572e541113ae','\'\'',NULL,616072),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_4a37315f5006460ac8d7572e541113ae','\'\'',NULL,616073),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_4a37315f5006460ac8d7572e541113ae','\'\'',NULL,616074),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_4a37315f5006460ac8d7572e541113ae','\'\'',NULL,616075),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_4a37315f5006460ac8d7572e541113ae','\'\'',NULL,616076),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_4a37315f5006460ac8d7572e541113ae','\'\'',NULL,616077),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_4a37315f5006460ac8d7572e541113ae','\'\'',NULL,616078),('2_Friday','10','10:00','23:59','N','CON','Virtual','\'Cloud Village CTF\'','\'\'','CON_9e22b549594cd2e7c3767a4f321ad706','\'Title: Cloud Village CTF
\nWhen: Friday, Aug 9, 10:00 - 23:59 PDT
\nWhere: Virtual
\n
\nDescription:
\nIf you ever wanted to break stuff on the cloud, or if you like rabbit holes that take you places you did not think you would go to, follow complicated story lines to only find you could have reached to the flag without scratching your head so much - then this CTF is for you!
\n\nOur CTF is a two days jeopardy style contest where we have a bunch of challenges hosted across multiple Cloud providers across multiple categories of difficulty.
\n\nYou can register as teams or go solo, use hints or stay away from them, in the end it will be all for glory or nothing. Plus the prizes. Did we not mention the prizes? :D
\n\n\'',NULL,616079),('2_Friday','11','10:00','23:59','Y','CON','Virtual','\'Cloud Village CTF\'','\'\'','CON_9e22b549594cd2e7c3767a4f321ad706','\'\'',NULL,616080),('2_Friday','12','10:00','23:59','Y','CON','Virtual','\'Cloud Village CTF\'','\'\'','CON_9e22b549594cd2e7c3767a4f321ad706','\'\'',NULL,616081),('2_Friday','13','10:00','23:59','Y','CON','Virtual','\'Cloud Village CTF\'','\'\'','CON_9e22b549594cd2e7c3767a4f321ad706','\'\'',NULL,616082),('2_Friday','14','10:00','23:59','Y','CON','Virtual','\'Cloud Village CTF\'','\'\'','CON_9e22b549594cd2e7c3767a4f321ad706','\'\'',NULL,616083),('2_Friday','15','10:00','23:59','Y','CON','Virtual','\'Cloud Village CTF\'','\'\'','CON_9e22b549594cd2e7c3767a4f321ad706','\'\'',NULL,616084),('2_Friday','16','10:00','23:59','Y','CON','Virtual','\'Cloud Village CTF\'','\'\'','CON_9e22b549594cd2e7c3767a4f321ad706','\'\'',NULL,616085),('2_Friday','17','10:00','23:59','Y','CON','Virtual','\'Cloud Village CTF\'','\'\'','CON_9e22b549594cd2e7c3767a4f321ad706','\'\'',NULL,616086),('2_Friday','18','10:00','23:59','Y','CON','Virtual','\'Cloud Village CTF\'','\'\'','CON_9e22b549594cd2e7c3767a4f321ad706','\'\'',NULL,616087),('2_Friday','19','10:00','23:59','Y','CON','Virtual','\'Cloud Village CTF\'','\'\'','CON_9e22b549594cd2e7c3767a4f321ad706','\'\'',NULL,616088),('2_Friday','20','10:00','23:59','Y','CON','Virtual','\'Cloud Village CTF\'','\'\'','CON_9e22b549594cd2e7c3767a4f321ad706','\'\'',NULL,616089),('2_Friday','21','10:00','23:59','Y','CON','Virtual','\'Cloud Village CTF\'','\'\'','CON_9e22b549594cd2e7c3767a4f321ad706','\'\'',NULL,616090),('2_Friday','22','10:00','23:59','Y','CON','Virtual','\'Cloud Village CTF\'','\'\'','CON_9e22b549594cd2e7c3767a4f321ad706','\'\'',NULL,616091),('2_Friday','23','10:00','23:59','Y','CON','Virtual','\'Cloud Village CTF\'','\'\'','CON_9e22b549594cd2e7c3767a4f321ad706','\'\'',NULL,616092),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_cd61b59368a4de8c869165a97aaab0dc','\'Title: Cloud Village CTF
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-01 - Map
\n
\nDescription:
\nIf you ever wanted to break stuff on the cloud, or if you like rabbit holes that take you places you did not think you would go to, follow complicated story lines to only find you could have reached to the flag without scratching your head so much - then this CTF is for you!
\n\nOur CTF is a two days jeopardy style contest where we have a bunch of challenges hosted across multiple Cloud providers across multiple categories of difficulty.
\n\nYou can register as teams or go solo, use hints or stay away from them, in the end it will be all for glory or nothing. Plus the prizes. Did we not mention the prizes? :D
\n\n\'',NULL,616093),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_cd61b59368a4de8c869165a97aaab0dc','\'\'',NULL,616094),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_cd61b59368a4de8c869165a97aaab0dc','\'\'',NULL,616095),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_cd61b59368a4de8c869165a97aaab0dc','\'\'',NULL,616096),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_cd61b59368a4de8c869165a97aaab0dc','\'\'',NULL,616097),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_cd61b59368a4de8c869165a97aaab0dc','\'\'',NULL,616098),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_cd61b59368a4de8c869165a97aaab0dc','\'\'',NULL,616099),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 2/HW2-09-01','\'Cloud Village CTF\'','\'\'','CON_cd61b59368a4de8c869165a97aaab0dc','\'\'',NULL,616100),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_07af4bf9279797844406d10ced3fd370','\'Title: Chasse Partie Systems CTF
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-04-E - Map
\n
\nDescription:
\nThe inception of this distinctive event occurred at DEF CON 31, initiated by a fortuitous encounter with CookieT while participating in LineCon for merch. Our shared passions fostered an immediate bond, and it was amidst this camaraderie that the idea for a future challenge germinated. Having previously engaged participants with puzzle-embedded challenge coins, I (Chasse) was inspired to expand the concept beyond a mere cipher. The aim was to design a contest that would appeal across a broad spectrum of skill levels by integrating a variety of puzzles, both modern and traditional, to attract a wider audience from a complete beginner new to the hackerspace to the more seasoned and advanced hacker. Observing the collective enthusiasm as participants unraveled the first simple coin puzzle was exhilarating, yet the quick resolution of the puzzle occasionally detracted from the overall experience for more advanced puzzle solvers. Throughout DEF CON 31, CookieT and I explored the feasibility of a web-based challenge CTF, laying the foundation for what would evolve into a pioneering contest and experience. Later Raven emerged from the shadows of cyberspace to help us chisel out the contest from Zeroes and Ones
\n\nWith the announcement of DEF CON 32\'s theme, our concept was honed, ready to blend our creative talents into this year\'s challenge. We crafted an innovative combination of a narrative-driven journey game, scavenger hunt, and web-based Capture The Flag (CTF) challenges, all meticulously aligned with the DEC CON 32 \"Engage\" theme. This contest emerges as a holistic platform, introducing DEF CON newcomers to core security principles through an engaging narrative. Spanning a variety of fields including OSINT, cryptography, radio, telephony, password, and web security. It promises a rich, diverse experience! Participants, automatically divided into teams, are propelled on a quest to decode puzzles and unearth flags, with challenges designed to suit everyone from novices to veterans seeking sophisticated, intricate challenges. This contest transcends the conventional competition framework, evolving into an artful endeavor that illustrates the symbiosis of storytelling and technical puzzles to create a deeply immersive learning adventure. Imagined as an interactive storybook, it invites attendees to navigate their own routes, making their own choices that lead them through a story-rich exploration of security concepts and engagement even with each other.
\n\nThe technical infrastructure of this experience is built on varied technologies. The main website, https://www.chassepartie.com, is developed with Ruby on Rails 7.1 and hosted on Heroku, with CloudFlare acting as our Web Application Firewall (WAF). This site functions as the scoreboard and narrative hub of the contest. Additionally, we have set up an XCP-NG hypervisor to host approximately 10 to 15 virtual machines as targets for participant engagement. Augmented reality markers are also in place, intended for deployment in communal areas like sticker boards, to enhance the experience. These elements are interwoven with the storyline, guiding attendees through what we believe is an unprecedented adventure-style CTF challenge named Chasse Partie Systems – Dystopian Apocalypse Resistance Terminal.
\n\nSo come and join us on our deviant journey, what are you waiting for?
\n\n\'',NULL,616101),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_07af4bf9279797844406d10ced3fd370','\'\'',NULL,616102),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_07af4bf9279797844406d10ced3fd370','\'\'',NULL,616103),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_07af4bf9279797844406d10ced3fd370','\'\'',NULL,616104),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_07af4bf9279797844406d10ced3fd370','\'\'',NULL,616105),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_07af4bf9279797844406d10ced3fd370','\'\'',NULL,616106),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_07af4bf9279797844406d10ced3fd370','\'\'',NULL,616107),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_07af4bf9279797844406d10ced3fd370','\'\'',NULL,616108),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_ae3e659e81052c4080b08ff250fb33ab','\'Title: Chasse Partie Systems CTF
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-04-E - Map
\n
\nDescription:
\nThe inception of this distinctive event occurred at DEF CON 31, initiated by a fortuitous encounter with CookieT while participating in LineCon for merch. Our shared passions fostered an immediate bond, and it was amidst this camaraderie that the idea for a future challenge germinated. Having previously engaged participants with puzzle-embedded challenge coins, I (Chasse) was inspired to expand the concept beyond a mere cipher. The aim was to design a contest that would appeal across a broad spectrum of skill levels by integrating a variety of puzzles, both modern and traditional, to attract a wider audience from a complete beginner new to the hackerspace to the more seasoned and advanced hacker. Observing the collective enthusiasm as participants unraveled the first simple coin puzzle was exhilarating, yet the quick resolution of the puzzle occasionally detracted from the overall experience for more advanced puzzle solvers. Throughout DEF CON 31, CookieT and I explored the feasibility of a web-based challenge CTF, laying the foundation for what would evolve into a pioneering contest and experience. Later Raven emerged from the shadows of cyberspace to help us chisel out the contest from Zeroes and Ones
\n\nWith the announcement of DEF CON 32\'s theme, our concept was honed, ready to blend our creative talents into this year\'s challenge. We crafted an innovative combination of a narrative-driven journey game, scavenger hunt, and web-based Capture The Flag (CTF) challenges, all meticulously aligned with the DEC CON 32 \"Engage\" theme. This contest emerges as a holistic platform, introducing DEF CON newcomers to core security principles through an engaging narrative. Spanning a variety of fields including OSINT, cryptography, radio, telephony, password, and web security. It promises a rich, diverse experience! Participants, automatically divided into teams, are propelled on a quest to decode puzzles and unearth flags, with challenges designed to suit everyone from novices to veterans seeking sophisticated, intricate challenges. This contest transcends the conventional competition framework, evolving into an artful endeavor that illustrates the symbiosis of storytelling and technical puzzles to create a deeply immersive learning adventure. Imagined as an interactive storybook, it invites attendees to navigate their own routes, making their own choices that lead them through a story-rich exploration of security concepts and engagement even with each other.
\n\nThe technical infrastructure of this experience is built on varied technologies. The main website, https://www.chassepartie.com, is developed with Ruby on Rails 7.1 and hosted on Heroku, with CloudFlare acting as our Web Application Firewall (WAF). This site functions as the scoreboard and narrative hub of the contest. Additionally, we have set up an XCP-NG hypervisor to host approximately 10 to 15 virtual machines as targets for participant engagement. Augmented reality markers are also in place, intended for deployment in communal areas like sticker boards, to enhance the experience. These elements are interwoven with the storyline, guiding attendees through what we believe is an unprecedented adventure-style CTF challenge named Chasse Partie Systems – Dystopian Apocalypse Resistance Terminal.
\n\nSo come and join us on our deviant journey, what are you waiting for?
\n\n\'',NULL,616109),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_ae3e659e81052c4080b08ff250fb33ab','\'\'',NULL,616110),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_ae3e659e81052c4080b08ff250fb33ab','\'\'',NULL,616111),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_ae3e659e81052c4080b08ff250fb33ab','\'\'',NULL,616112),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_ae3e659e81052c4080b08ff250fb33ab','\'\'',NULL,616113),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_ae3e659e81052c4080b08ff250fb33ab','\'\'',NULL,616114),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_ae3e659e81052c4080b08ff250fb33ab','\'\'',NULL,616115),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_ae3e659e81052c4080b08ff250fb33ab','\'\'',NULL,616116),('4_Sunday','10','10:00','12:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_97c5dbde4201ce8511a36623ad0548ff','\'Title: Chasse Partie Systems CTF
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-04-E - Map
\n
\nDescription:
\nThe inception of this distinctive event occurred at DEF CON 31, initiated by a fortuitous encounter with CookieT while participating in LineCon for merch. Our shared passions fostered an immediate bond, and it was amidst this camaraderie that the idea for a future challenge germinated. Having previously engaged participants with puzzle-embedded challenge coins, I (Chasse) was inspired to expand the concept beyond a mere cipher. The aim was to design a contest that would appeal across a broad spectrum of skill levels by integrating a variety of puzzles, both modern and traditional, to attract a wider audience from a complete beginner new to the hackerspace to the more seasoned and advanced hacker. Observing the collective enthusiasm as participants unraveled the first simple coin puzzle was exhilarating, yet the quick resolution of the puzzle occasionally detracted from the overall experience for more advanced puzzle solvers. Throughout DEF CON 31, CookieT and I explored the feasibility of a web-based challenge CTF, laying the foundation for what would evolve into a pioneering contest and experience. Later Raven emerged from the shadows of cyberspace to help us chisel out the contest from Zeroes and Ones
\n\nWith the announcement of DEF CON 32\'s theme, our concept was honed, ready to blend our creative talents into this year\'s challenge. We crafted an innovative combination of a narrative-driven journey game, scavenger hunt, and web-based Capture The Flag (CTF) challenges, all meticulously aligned with the DEC CON 32 \"Engage\" theme. This contest emerges as a holistic platform, introducing DEF CON newcomers to core security principles through an engaging narrative. Spanning a variety of fields including OSINT, cryptography, radio, telephony, password, and web security. It promises a rich, diverse experience! Participants, automatically divided into teams, are propelled on a quest to decode puzzles and unearth flags, with challenges designed to suit everyone from novices to veterans seeking sophisticated, intricate challenges. This contest transcends the conventional competition framework, evolving into an artful endeavor that illustrates the symbiosis of storytelling and technical puzzles to create a deeply immersive learning adventure. Imagined as an interactive storybook, it invites attendees to navigate their own routes, making their own choices that lead them through a story-rich exploration of security concepts and engagement even with each other.
\n\nThe technical infrastructure of this experience is built on varied technologies. The main website, https://www.chassepartie.com, is developed with Ruby on Rails 7.1 and hosted on Heroku, with CloudFlare acting as our Web Application Firewall (WAF). This site functions as the scoreboard and narrative hub of the contest. Additionally, we have set up an XCP-NG hypervisor to host approximately 10 to 15 virtual machines as targets for participant engagement. Augmented reality markers are also in place, intended for deployment in communal areas like sticker boards, to enhance the experience. These elements are interwoven with the storyline, guiding attendees through what we believe is an unprecedented adventure-style CTF challenge named Chasse Partie Systems – Dystopian Apocalypse Resistance Terminal.
\n\nSo come and join us on our deviant journey, what are you waiting for?
\n\n\'',NULL,616117),('4_Sunday','11','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_97c5dbde4201ce8511a36623ad0548ff','\'\'',NULL,616118),('4_Sunday','12','10:00','12:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-E','\'Chasse Partie Systems CTF\'','\'\'','CON_97c5dbde4201ce8511a36623ad0548ff','\'\'',NULL,616119),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_72c148a578891502d9a41c08bf28e907','\'Title: Capture the Packet
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nThis event was born out of the fires of DEF CON. Through years of analyzing network traffic for the Wall of Sheep and teaching others how to do the same, we built this system as a way to help the growing numbers in our community learn (fast). Then it quickly turned into the first defensive based CTF at DEF CON and is one of the longer running competitions at con with a twist... Each year we practically re-invent ourselves, bringing the latest tools & techniques along with never seen before content across 17 categories to unleash hell on the mostly-unsuspecting attendees. For ’24 we have added tons of new content, and new types of challenges never seen before.
\n\nCome compete in the world\'s most challenging cyber defense competition based on the Aries Security Cyber Range. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth, so only the best prepared and battle hardened will escape the crucible.
\n\n\'',NULL,616120),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_72c148a578891502d9a41c08bf28e907','\'\'',NULL,616121),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_72c148a578891502d9a41c08bf28e907','\'\'',NULL,616122),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_72c148a578891502d9a41c08bf28e907','\'\'',NULL,616123),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_72c148a578891502d9a41c08bf28e907','\'\'',NULL,616124),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_72c148a578891502d9a41c08bf28e907','\'\'',NULL,616125),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_72c148a578891502d9a41c08bf28e907','\'\'',NULL,616126),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_72c148a578891502d9a41c08bf28e907','\'\'',NULL,616127),('4_Sunday','10','10:00','11:59','N','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_1b6eb3faced8c79e2c60ce6a8a9e39d4','\'Title: Capture the Packet
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nThis event was born out of the fires of DEF CON. Through years of analyzing network traffic for the Wall of Sheep and teaching others how to do the same, we built this system as a way to help the growing numbers in our community learn (fast). Then it quickly turned into the first defensive based CTF at DEF CON and is one of the longer running competitions at con with a twist... Each year we practically re-invent ourselves, bringing the latest tools & techniques along with never seen before content across 17 categories to unleash hell on the mostly-unsuspecting attendees. For ’24 we have added tons of new content, and new types of challenges never seen before.
\n\nCome compete in the world\'s most challenging cyber defense competition based on the Aries Security Cyber Range. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth, so only the best prepared and battle hardened will escape the crucible.
\n\n\'',NULL,616128),('4_Sunday','11','10:00','11:59','Y','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_1b6eb3faced8c79e2c60ce6a8a9e39d4','\'\'',NULL,616129),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_28445f6fec0ef4af6224f4e034b529ff','\'Title: Capture the Packet
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nThis event was born out of the fires of DEF CON. Through years of analyzing network traffic for the Wall of Sheep and teaching others how to do the same, we built this system as a way to help the growing numbers in our community learn (fast). Then it quickly turned into the first defensive based CTF at DEF CON and is one of the longer running competitions at con with a twist... Each year we practically re-invent ourselves, bringing the latest tools & techniques along with never seen before content across 17 categories to unleash hell on the mostly-unsuspecting attendees. For ’24 we have added tons of new content, and new types of challenges never seen before.
\n\nCome compete in the world\'s most challenging cyber defense competition based on the Aries Security Cyber Range. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth, so only the best prepared and battle hardened will escape the crucible.
\n\n\'',NULL,616130),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_28445f6fec0ef4af6224f4e034b529ff','\'\'',NULL,616131),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_28445f6fec0ef4af6224f4e034b529ff','\'\'',NULL,616132),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_28445f6fec0ef4af6224f4e034b529ff','\'\'',NULL,616133),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_28445f6fec0ef4af6224f4e034b529ff','\'\'',NULL,616134),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_28445f6fec0ef4af6224f4e034b529ff','\'\'',NULL,616135),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_28445f6fec0ef4af6224f4e034b529ff','\'\'',NULL,616136),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 2/W216-W221','\'Capture the Packet\'','\'\'','CON_28445f6fec0ef4af6224f4e034b529ff','\'\'',NULL,616137),('2_Friday','10','10:30','17:59','N','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_e3331137615c95373a8c114e62c9ff50','\'Title: Blue Team Village CTF
\nWhen: Friday, Aug 9, 10:30 - 17:59 PDT
\nWhere: LVCC West/Floor 3/W311-W313 - Map
\n
\nDescription:
\nIn-Person Contest\nFriday and Saturday: 10:30-18:00\nCTF begins Friday 10:30; CTF ends Saturday 18:00
\n\nThe Blue Team Village (BTV) CTF is a cyber defense Capture the Flag inspired by a mix of trending nation-state actor kill chains and at least one custom insider threat story. You are an incident responder tasked to investigate several incidents involving different operating systems and OT devices. You will have access to SIEM and Packet captures; however, just like in real life, these tools have issues you must overcome to uncover what happened.
\n\nExpect indexes to telemetry issues, raw data not extracted properly, and missing fields. Regex may be helpful. In addition, Arkime, the network monitoring tool, will only work partially and correctly. You must find ways to make the best of the telemetry provided, and remember that you can always extract the resulting pcaps!
\n\nThe CTF challenges contestants to leverage diverse cyber defense skills, including Incident Response, Forensics, and Threat Hunting. Both host and network telemetry are required to solve all the flags.
\n\nBTV’s Project Obsidian crew developed the CTF to allow anyone, regardless of skill or knowledge, to participate and sharpen their cyber defense skills. We recommend creating or joining a team if you are new to cyber defense. We highly recommend participating in the BTV’s Project Obsidian workshop sessions if you are new to cyber defense. Sessions cover many of the topics on the CTF and will help you along the way.
\n\n\'',NULL,616138),('2_Friday','11','10:30','17:59','Y','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_e3331137615c95373a8c114e62c9ff50','\'\'',NULL,616139),('2_Friday','12','10:30','17:59','Y','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_e3331137615c95373a8c114e62c9ff50','\'\'',NULL,616140),('2_Friday','13','10:30','17:59','Y','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_e3331137615c95373a8c114e62c9ff50','\'\'',NULL,616141),('2_Friday','14','10:30','17:59','Y','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_e3331137615c95373a8c114e62c9ff50','\'\'',NULL,616142),('2_Friday','15','10:30','17:59','Y','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_e3331137615c95373a8c114e62c9ff50','\'\'',NULL,616143),('2_Friday','16','10:30','17:59','Y','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_e3331137615c95373a8c114e62c9ff50','\'\'',NULL,616144),('2_Friday','17','10:30','17:59','Y','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_e3331137615c95373a8c114e62c9ff50','\'\'',NULL,616145),('3_Saturday','10','10:30','17:59','N','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_7ce249c7667eb022238dec762b4024d9','\'Title: Blue Team Village CTF
\nWhen: Saturday, Aug 10, 10:30 - 17:59 PDT
\nWhere: LVCC West/Floor 3/W311-W313 - Map
\n
\nDescription:
\nIn-Person Contest\nFriday and Saturday: 10:30-18:00\nCTF begins Friday 10:30; CTF ends Saturday 18:00
\n\nThe Blue Team Village (BTV) CTF is a cyber defense Capture the Flag inspired by a mix of trending nation-state actor kill chains and at least one custom insider threat story. You are an incident responder tasked to investigate several incidents involving different operating systems and OT devices. You will have access to SIEM and Packet captures; however, just like in real life, these tools have issues you must overcome to uncover what happened.
\n\nExpect indexes to telemetry issues, raw data not extracted properly, and missing fields. Regex may be helpful. In addition, Arkime, the network monitoring tool, will only work partially and correctly. You must find ways to make the best of the telemetry provided, and remember that you can always extract the resulting pcaps!
\n\nThe CTF challenges contestants to leverage diverse cyber defense skills, including Incident Response, Forensics, and Threat Hunting. Both host and network telemetry are required to solve all the flags.
\n\nBTV’s Project Obsidian crew developed the CTF to allow anyone, regardless of skill or knowledge, to participate and sharpen their cyber defense skills. We recommend creating or joining a team if you are new to cyber defense. We highly recommend participating in the BTV’s Project Obsidian workshop sessions if you are new to cyber defense. Sessions cover many of the topics on the CTF and will help you along the way.
\n\n\'',NULL,616146),('3_Saturday','11','10:30','17:59','Y','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_7ce249c7667eb022238dec762b4024d9','\'\'',NULL,616147),('3_Saturday','12','10:30','17:59','Y','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_7ce249c7667eb022238dec762b4024d9','\'\'',NULL,616148),('3_Saturday','13','10:30','17:59','Y','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_7ce249c7667eb022238dec762b4024d9','\'\'',NULL,616149),('3_Saturday','14','10:30','17:59','Y','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_7ce249c7667eb022238dec762b4024d9','\'\'',NULL,616150),('3_Saturday','15','10:30','17:59','Y','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_7ce249c7667eb022238dec762b4024d9','\'\'',NULL,616151),('3_Saturday','16','10:30','17:59','Y','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_7ce249c7667eb022238dec762b4024d9','\'\'',NULL,616152),('3_Saturday','17','10:30','17:59','Y','CON','LVCC West/Floor 3/W311-W313','\'Blue Team Village CTF\'','\'\'','CON_7ce249c7667eb022238dec762b4024d9','\'\'',NULL,616153),('2_Friday','12','12:00','16:59','N','CON','Virtual','\'Blacks in Cyber CTF\'','\'\'','CON_383d911c6526016de3bdcee497c8802f','\'Title: Blacks in Cyber CTF
\nWhen: Friday, Aug 9, 12:00 - 16:59 PDT
\nWhere: Virtual
\n
\nDescription:
\nThe BIC Village Capture The Flag is a jeopardy style event designed to practice solving challenges in multiple categories. This event seeks to not only be a series of puzzles and challenges to solve, but a gamified way to learn concepts of social justice and Black history. This event will highlight previous, current and up & coming Black individuals and their contributions to technology. This year we are excited to bring back our physical challenge room with a variety of interactive components for players to interface with.
\n\nThis event also aims to bring to the forefront a range of technologies that we will expose to the community that operate in our day-to-day lives and examine their capabilities; contributing to the discussion of privacy, social justice and civil rights. Our event will allow the DEF CON community to fully engage in “Reading all the stories, learning all the technologies, and hacking all the things.”
\n\n\'',NULL,616154),('2_Friday','13','12:00','16:59','Y','CON','Virtual','\'Blacks in Cyber CTF\'','\'\'','CON_383d911c6526016de3bdcee497c8802f','\'\'',NULL,616155),('2_Friday','14','12:00','16:59','Y','CON','Virtual','\'Blacks in Cyber CTF\'','\'\'','CON_383d911c6526016de3bdcee497c8802f','\'\'',NULL,616156),('2_Friday','15','12:00','16:59','Y','CON','Virtual','\'Blacks in Cyber CTF\'','\'\'','CON_383d911c6526016de3bdcee497c8802f','\'\'',NULL,616157),('2_Friday','16','12:00','16:59','Y','CON','Virtual','\'Blacks in Cyber CTF\'','\'\'','CON_383d911c6526016de3bdcee497c8802f','\'\'',NULL,616158),('3_Saturday','10','10:00','16:59','N','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_b371fe863385ae2e84cc28557819c6d3','\'Title: Blacks in Cyber CTF
\nWhen: Saturday, Aug 10, 10:00 - 16:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nThe BIC Village Capture The Flag is a jeopardy style event designed to practice solving challenges in multiple categories. This event seeks to not only be a series of puzzles and challenges to solve, but a gamified way to learn concepts of social justice and Black history. This event will highlight previous, current and up & coming Black individuals and their contributions to technology. This year we are excited to bring back our physical challenge room with a variety of interactive components for players to interface with.
\n\nThis event also aims to bring to the forefront a range of technologies that we will expose to the community that operate in our day-to-day lives and examine their capabilities; contributing to the discussion of privacy, social justice and civil rights. Our event will allow the DEF CON community to fully engage in “Reading all the stories, learning all the technologies, and hacking all the things.”
\n\n\'',NULL,616159),('3_Saturday','11','10:00','16:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_b371fe863385ae2e84cc28557819c6d3','\'\'',NULL,616160),('3_Saturday','12','10:00','16:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_b371fe863385ae2e84cc28557819c6d3','\'\'',NULL,616161),('3_Saturday','13','10:00','16:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_b371fe863385ae2e84cc28557819c6d3','\'\'',NULL,616162),('3_Saturday','14','10:00','16:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_b371fe863385ae2e84cc28557819c6d3','\'\'',NULL,616163),('3_Saturday','15','10:00','16:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_b371fe863385ae2e84cc28557819c6d3','\'\'',NULL,616164),('3_Saturday','16','10:00','16:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_b371fe863385ae2e84cc28557819c6d3','\'\'',NULL,616165),('2_Friday','12','12:00','17:59','N','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_0df71f8755b9484ec7a6fe44485f8eff','\'Title: Blacks in Cyber CTF
\nWhen: Friday, Aug 9, 12:00 - 17:59 PDT
\nWhere: LVCC West/Floor 3/W314-W316 - Map
\n
\nDescription:
\nThe BIC Village Capture The Flag is a jeopardy style event designed to practice solving challenges in multiple categories. This event seeks to not only be a series of puzzles and challenges to solve, but a gamified way to learn concepts of social justice and Black history. This event will highlight previous, current and up & coming Black individuals and their contributions to technology. This year we are excited to bring back our physical challenge room with a variety of interactive components for players to interface with.
\n\nThis event also aims to bring to the forefront a range of technologies that we will expose to the community that operate in our day-to-day lives and examine their capabilities; contributing to the discussion of privacy, social justice and civil rights. Our event will allow the DEF CON community to fully engage in “Reading all the stories, learning all the technologies, and hacking all the things.”
\n\n\'',NULL,616166),('2_Friday','13','12:00','17:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_0df71f8755b9484ec7a6fe44485f8eff','\'\'',NULL,616167),('2_Friday','14','12:00','17:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_0df71f8755b9484ec7a6fe44485f8eff','\'\'',NULL,616168),('2_Friday','15','12:00','17:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_0df71f8755b9484ec7a6fe44485f8eff','\'\'',NULL,616169),('2_Friday','16','12:00','17:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_0df71f8755b9484ec7a6fe44485f8eff','\'\'',NULL,616170),('2_Friday','17','12:00','17:59','Y','CON','LVCC West/Floor 3/W314-W316','\'Blacks in Cyber CTF\'','\'\'','CON_0df71f8755b9484ec7a6fe44485f8eff','\'\'',NULL,616171),('2_Friday','10','10:00','15:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-B','\'Beverage Chilling Contraption Contest\'','\'\'','CON_c039e136ac1501b852297cf0c600f0ba','\'Title: Beverage Chilling Contraption Contest
\nWhen: Friday, Aug 9, 10:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-04-B - Map
\n
\nDescription:
\nThe Beverage Chilling Contraption Contest has been un-canceled! After a fantastic afternoon of day drinking celebrating the start of the 20th BCCC we\'ve run out of beer. It\'s a disaster, a catastrophe! Fortunately, we had the wherewithal to scramble a crack beverage acquisition team to the streets of Las Vegas and found more! Don\'t ask where. Unfortunately, like the streets of Las Vegas, it\'s HOT and kinda sticky. We need you to help us fix this and get that beer as cold as the barren wasteland that is our generation\'s dreams of home ownership!
\n\n\'',NULL,616172),('2_Friday','11','10:00','15:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-B','\'Beverage Chilling Contraption Contest\'','\'\'','CON_c039e136ac1501b852297cf0c600f0ba','\'\'',NULL,616173),('2_Friday','12','10:00','15:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-B','\'Beverage Chilling Contraption Contest\'','\'\'','CON_c039e136ac1501b852297cf0c600f0ba','\'\'',NULL,616174),('2_Friday','13','10:00','15:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-B','\'Beverage Chilling Contraption Contest\'','\'\'','CON_c039e136ac1501b852297cf0c600f0ba','\'\'',NULL,616175),('2_Friday','14','10:00','15:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-B','\'Beverage Chilling Contraption Contest\'','\'\'','CON_c039e136ac1501b852297cf0c600f0ba','\'\'',NULL,616176),('2_Friday','15','10:00','15:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-B','\'Beverage Chilling Contraption Contest\'','\'\'','CON_c039e136ac1501b852297cf0c600f0ba','\'\'',NULL,616177),('3_Saturday','12','12:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-B','\'Beverage Chilling Contraption Contest\'','\'\'','CON_2ad00ad44c16adaae2771c052f32ecde','\'Title: Beverage Chilling Contraption Contest
\nWhen: Saturday, Aug 10, 12:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-04-B - Map
\n
\nDescription:
\nThe Beverage Chilling Contraption Contest has been un-canceled! After a fantastic afternoon of day drinking celebrating the start of the 20th BCCC we\'ve run out of beer. It\'s a disaster, a catastrophe! Fortunately, we had the wherewithal to scramble a crack beverage acquisition team to the streets of Las Vegas and found more! Don\'t ask where. Unfortunately, like the streets of Las Vegas, it\'s HOT and kinda sticky. We need you to help us fix this and get that beer as cold as the barren wasteland that is our generation\'s dreams of home ownership!
\n\n\'',NULL,616178),('3_Saturday','13','12:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-B','\'Beverage Chilling Contraption Contest\'','\'\'','CON_2ad00ad44c16adaae2771c052f32ecde','\'\'',NULL,616179),('3_Saturday','14','12:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-B','\'Beverage Chilling Contraption Contest\'','\'\'','CON_2ad00ad44c16adaae2771c052f32ecde','\'\'',NULL,616180),('3_Saturday','15','12:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-B','\'Beverage Chilling Contraption Contest\'','\'\'','CON_2ad00ad44c16adaae2771c052f32ecde','\'\'',NULL,616181),('3_Saturday','16','12:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-B','\'Beverage Chilling Contraption Contest\'','\'\'','CON_2ad00ad44c16adaae2771c052f32ecde','\'\'',NULL,616182),('3_Saturday','17','12:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-04-B','\'Beverage Chilling Contraption Contest\'','\'\'','CON_2ad00ad44c16adaae2771c052f32ecde','\'\'',NULL,616183),('2_Friday','10','10:00','17:59','N','CON','Virtual','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_4b607edfb7e8f0e947010218da0fe807','\'Title: [CANCELED] AutoDriving CTF
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: Virtual
\n
\nDescription:
\nThe AutoDriving CTF contest focuses on the emerging security challenges in autonomous driving systems. Various levels of self-driving functionalities, such as AI-powered perception, sensor fusion and route planning, are entering the product portfolio of automobile companies. From the security perspective, these AI-powered components not only contain common security problems such as memory safety bugs, but also introduce new threats such as physical adversarial attacks and sensor manipulations. Two popular examples of physical adversarial attacks are camouflage stickers that interfere with vehicle detection systems, and road graffitis that disturb lane keeping systems. The AI-powered navigation and control relies on the fusion of multiple sensor inputs, and many of the sensor inputs can be manipulated by malicious attackers. These manipulations combined with logical bugs in autonomous driving systems pose severe threats to road safety.
\n\nWe design autonomous driving CTF (AutoDriving CTF) contests around the security challenges specific to these self-driving functions and components.
\n\nThe goals of the AutoDriving CTF are the followings:
\n\n\n- Demonstrate security implications of autonomous driving system design decisions through hands-on challenges, increase the awareness of potential risks in security professionals, and encourage them to propose defense solutions and tools to detect such risks.
\n- Provide CTF challenges that allow players to learn attack and defense practices related to autonomous driving in a well-controlled, repeatable, and visible environment.
\n- Build a set of vulnerable autonomous driving components that can be used for security research and defense evaluation.
\n
\n\nThe contest is based on a Jeopardy style of CTF game with a set of independent challenges. A typical contest challenge includes a backend that runs autonomous driving components in simulated or real environments, and a frontend that interacts with the players. This year\'s contest will follow the style of last year and includes the following types of challenges:
\n\n\n- “attack”: such as constructing adversarial patches and spoofing fake sensor inputs,
\n- “forensics”: such as investigating a security incident related to autonomous driving,
\n- “detection”: such as detecting spoofed sensor inputs and fake obstacles,
\n- “crashme on road!”: such as creating dangerous traffic scenarios to expose logical errors in autonomous driving systems.
\n- “smart planner”: such as creating intelligent path planners for dangerous tasks that are difficult for human drivers
\n
\n\nMost of these challenges will be developed using game-engine based autonomous driving simulators, such as CARLA and SVL. The following link contains some challenge videos, summaries from AutoDriving CTF at DEF CON 29 and DEF CON 30\nhttps://drive.google.com/drive/folders/1JSVarIaQBmseLC9XqkfrxnRQto4WM225?usp=sharing\nhttps://www.youtube.com/channel/UCPPsKbVpxwk-464KIzr8xKw
\n\nWhat\'s new in 2024
\n\nThis year, we will unlock new traffic conflict scenarios that are observed from real-world driving logs such as Jaywalk and double parked vehicles. New difficulty levels will be added to challenges in such scenarios by integrating real downstream AI modules such as object tracking from open-source autonomous driving software like Apollo, Autoware and OpenPilot.
\n\nIn order to enable the audience to experience the challenges more directly, we plan to set up a vehicle wheel controller on site and provide a driving game this year. Audiences can drive themselves to compete with the self-driving vehicle in some of the challenges. Driving game demo:\nhttps://drive.google.com/drive/folders/1LIzJJ1I3Eqj_e0_ntX5eFu82U9ObiEYB?usp=sharing
\n\nFor players
\n\n\nWhat do players need to do to participate AutoDriving CTF?\nMost of the challenges do not require domain knowledge of autonomous driving software or adversarial machine learning, although knowledge of those helps. For example, the players can generate images the way they like (e.g., drawing, photoshopping) to fool the AI-components or write a short python script to control the vehicle. Some challenges, such as incident forensics likely would require players to learn domain knowledge such as sensor information format and how fusion works.
What do we expect players to learn through the CTF event?\nPlayers can (1) gain a deep understanding of real-world autonomous driving systems\' design, implementation, and their corresponding security properties and characteristics; and (2) learn the attack and defense practices related to autonomous driving in a well-controlled, repeatable, visible, and engaging environment.
\n\n\'',NULL,616184),('2_Friday','11','10:00','17:59','Y','CON','Virtual','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_4b607edfb7e8f0e947010218da0fe807','\'\'',NULL,616185),('2_Friday','12','10:00','17:59','Y','CON','Virtual','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_4b607edfb7e8f0e947010218da0fe807','\'\'',NULL,616186),('2_Friday','13','10:00','17:59','Y','CON','Virtual','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_4b607edfb7e8f0e947010218da0fe807','\'\'',NULL,616187),('2_Friday','14','10:00','17:59','Y','CON','Virtual','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_4b607edfb7e8f0e947010218da0fe807','\'\'',NULL,616188),('2_Friday','15','10:00','17:59','Y','CON','Virtual','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_4b607edfb7e8f0e947010218da0fe807','\'\'',NULL,616189),('2_Friday','16','10:00','17:59','Y','CON','Virtual','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_4b607edfb7e8f0e947010218da0fe807','\'\'',NULL,616190),('2_Friday','17','10:00','17:59','Y','CON','Virtual','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_4b607edfb7e8f0e947010218da0fe807','\'\'',NULL,616191),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d5045bb8e3473d24729d3a1abf5a5f70','\'Title: [CANCELED] AutoDriving CTF
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-05-B - Map
\n
\nDescription:
\nThe AutoDriving CTF contest focuses on the emerging security challenges in autonomous driving systems. Various levels of self-driving functionalities, such as AI-powered perception, sensor fusion and route planning, are entering the product portfolio of automobile companies. From the security perspective, these AI-powered components not only contain common security problems such as memory safety bugs, but also introduce new threats such as physical adversarial attacks and sensor manipulations. Two popular examples of physical adversarial attacks are camouflage stickers that interfere with vehicle detection systems, and road graffitis that disturb lane keeping systems. The AI-powered navigation and control relies on the fusion of multiple sensor inputs, and many of the sensor inputs can be manipulated by malicious attackers. These manipulations combined with logical bugs in autonomous driving systems pose severe threats to road safety.
\n\nWe design autonomous driving CTF (AutoDriving CTF) contests around the security challenges specific to these self-driving functions and components.
\n\nThe goals of the AutoDriving CTF are the followings:
\n\n\n- Demonstrate security implications of autonomous driving system design decisions through hands-on challenges, increase the awareness of potential risks in security professionals, and encourage them to propose defense solutions and tools to detect such risks.
\n- Provide CTF challenges that allow players to learn attack and defense practices related to autonomous driving in a well-controlled, repeatable, and visible environment.
\n- Build a set of vulnerable autonomous driving components that can be used for security research and defense evaluation.
\n
\n\nThe contest is based on a Jeopardy style of CTF game with a set of independent challenges. A typical contest challenge includes a backend that runs autonomous driving components in simulated or real environments, and a frontend that interacts with the players. This year\'s contest will follow the style of last year and includes the following types of challenges:
\n\n\n- “attack”: such as constructing adversarial patches and spoofing fake sensor inputs,
\n- “forensics”: such as investigating a security incident related to autonomous driving,
\n- “detection”: such as detecting spoofed sensor inputs and fake obstacles,
\n- “crashme on road!”: such as creating dangerous traffic scenarios to expose logical errors in autonomous driving systems.
\n- “smart planner”: such as creating intelligent path planners for dangerous tasks that are difficult for human drivers
\n
\n\nMost of these challenges will be developed using game-engine based autonomous driving simulators, such as CARLA and SVL. The following link contains some challenge videos, summaries from AutoDriving CTF at DEF CON 29 and DEF CON 30\nhttps://drive.google.com/drive/folders/1JSVarIaQBmseLC9XqkfrxnRQto4WM225?usp=sharing\nhttps://www.youtube.com/channel/UCPPsKbVpxwk-464KIzr8xKw
\n\nWhat\'s new in 2024
\n\nThis year, we will unlock new traffic conflict scenarios that are observed from real-world driving logs such as Jaywalk and double parked vehicles. New difficulty levels will be added to challenges in such scenarios by integrating real downstream AI modules such as object tracking from open-source autonomous driving software like Apollo, Autoware and OpenPilot.
\n\nIn order to enable the audience to experience the challenges more directly, we plan to set up a vehicle wheel controller on site and provide a driving game this year. Audiences can drive themselves to compete with the self-driving vehicle in some of the challenges. Driving game demo:\nhttps://drive.google.com/drive/folders/1LIzJJ1I3Eqj_e0_ntX5eFu82U9ObiEYB?usp=sharing
\n\nFor players
\n\n\nWhat do players need to do to participate AutoDriving CTF?\nMost of the challenges do not require domain knowledge of autonomous driving software or adversarial machine learning, although knowledge of those helps. For example, the players can generate images the way they like (e.g., drawing, photoshopping) to fool the AI-components or write a short python script to control the vehicle. Some challenges, such as incident forensics likely would require players to learn domain knowledge such as sensor information format and how fusion works.
What do we expect players to learn through the CTF event?\nPlayers can (1) gain a deep understanding of real-world autonomous driving systems\' design, implementation, and their corresponding security properties and characteristics; and (2) learn the attack and defense practices related to autonomous driving in a well-controlled, repeatable, visible, and engaging environment.
\n\n\'',NULL,616192),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d5045bb8e3473d24729d3a1abf5a5f70','\'\'',NULL,616193),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d5045bb8e3473d24729d3a1abf5a5f70','\'\'',NULL,616194),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d5045bb8e3473d24729d3a1abf5a5f70','\'\'',NULL,616195),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d5045bb8e3473d24729d3a1abf5a5f70','\'\'',NULL,616196),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d5045bb8e3473d24729d3a1abf5a5f70','\'\'',NULL,616197),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d5045bb8e3473d24729d3a1abf5a5f70','\'\'',NULL,616198),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d5045bb8e3473d24729d3a1abf5a5f70','\'\'',NULL,616199),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d66e07be8c001ddec890d0b0a93f4cf9','\'Title: [CANCELED] AutoDriving CTF
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-05-B - Map
\n
\nDescription:
\nThe AutoDriving CTF contest focuses on the emerging security challenges in autonomous driving systems. Various levels of self-driving functionalities, such as AI-powered perception, sensor fusion and route planning, are entering the product portfolio of automobile companies. From the security perspective, these AI-powered components not only contain common security problems such as memory safety bugs, but also introduce new threats such as physical adversarial attacks and sensor manipulations. Two popular examples of physical adversarial attacks are camouflage stickers that interfere with vehicle detection systems, and road graffitis that disturb lane keeping systems. The AI-powered navigation and control relies on the fusion of multiple sensor inputs, and many of the sensor inputs can be manipulated by malicious attackers. These manipulations combined with logical bugs in autonomous driving systems pose severe threats to road safety.
\n\nWe design autonomous driving CTF (AutoDriving CTF) contests around the security challenges specific to these self-driving functions and components.
\n\nThe goals of the AutoDriving CTF are the followings:
\n\n\n- Demonstrate security implications of autonomous driving system design decisions through hands-on challenges, increase the awareness of potential risks in security professionals, and encourage them to propose defense solutions and tools to detect such risks.
\n- Provide CTF challenges that allow players to learn attack and defense practices related to autonomous driving in a well-controlled, repeatable, and visible environment.
\n- Build a set of vulnerable autonomous driving components that can be used for security research and defense evaluation.
\n
\n\nThe contest is based on a Jeopardy style of CTF game with a set of independent challenges. A typical contest challenge includes a backend that runs autonomous driving components in simulated or real environments, and a frontend that interacts with the players. This year\'s contest will follow the style of last year and includes the following types of challenges:
\n\n\n- “attack”: such as constructing adversarial patches and spoofing fake sensor inputs,
\n- “forensics”: such as investigating a security incident related to autonomous driving,
\n- “detection”: such as detecting spoofed sensor inputs and fake obstacles,
\n- “crashme on road!”: such as creating dangerous traffic scenarios to expose logical errors in autonomous driving systems.
\n- “smart planner”: such as creating intelligent path planners for dangerous tasks that are difficult for human drivers
\n
\n\nMost of these challenges will be developed using game-engine based autonomous driving simulators, such as CARLA and SVL. The following link contains some challenge videos, summaries from AutoDriving CTF at DEF CON 29 and DEF CON 30\nhttps://drive.google.com/drive/folders/1JSVarIaQBmseLC9XqkfrxnRQto4WM225?usp=sharing\nhttps://www.youtube.com/channel/UCPPsKbVpxwk-464KIzr8xKw
\n\nWhat\'s new in 2024
\n\nThis year, we will unlock new traffic conflict scenarios that are observed from real-world driving logs such as Jaywalk and double parked vehicles. New difficulty levels will be added to challenges in such scenarios by integrating real downstream AI modules such as object tracking from open-source autonomous driving software like Apollo, Autoware and OpenPilot.
\n\nIn order to enable the audience to experience the challenges more directly, we plan to set up a vehicle wheel controller on site and provide a driving game this year. Audiences can drive themselves to compete with the self-driving vehicle in some of the challenges. Driving game demo:\nhttps://drive.google.com/drive/folders/1LIzJJ1I3Eqj_e0_ntX5eFu82U9ObiEYB?usp=sharing
\n\nFor players
\n\n\nWhat do players need to do to participate AutoDriving CTF?\nMost of the challenges do not require domain knowledge of autonomous driving software or adversarial machine learning, although knowledge of those helps. For example, the players can generate images the way they like (e.g., drawing, photoshopping) to fool the AI-components or write a short python script to control the vehicle. Some challenges, such as incident forensics likely would require players to learn domain knowledge such as sensor information format and how fusion works.
What do we expect players to learn through the CTF event?\nPlayers can (1) gain a deep understanding of real-world autonomous driving systems\' design, implementation, and their corresponding security properties and characteristics; and (2) learn the attack and defense practices related to autonomous driving in a well-controlled, repeatable, visible, and engaging environment.
\n\n\'',NULL,616200),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d66e07be8c001ddec890d0b0a93f4cf9','\'\'',NULL,616201),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d66e07be8c001ddec890d0b0a93f4cf9','\'\'',NULL,616202),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d66e07be8c001ddec890d0b0a93f4cf9','\'\'',NULL,616203),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d66e07be8c001ddec890d0b0a93f4cf9','\'\'',NULL,616204),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d66e07be8c001ddec890d0b0a93f4cf9','\'\'',NULL,616205),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d66e07be8c001ddec890d0b0a93f4cf9','\'\'',NULL,616206),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-01-05-B','\'[CANCELED] AutoDriving CTF\'','\'\'','CON_d66e07be8c001ddec890d0b0a93f4cf9','\'\'',NULL,616207),('3_Saturday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_f347cbff188bb8bac482f57547c4101c','\'Title: Adversary Wars CTF
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05 - Map
\n
\nDescription:
\nAdversary Village proudly presents \"Adversary Wars CTF\", an official contest at DEF CON, where the participants will have to pose as adversaries and replicate adversarial actions against each element of a “target” organization. Adversary Wars would have real world simulation of CTF scenarios and challenges, where the participants can perform various attacks and learn new attack vectors, TTPs, techniques, etc. To visualize the CTF environment, the contest area will feature a miniature model of the city made using interlocking-plastic-bricks. The breached components OR organization buildings will be physically marked in the city model as the CTF progresses.
\n\nWe are excited to be back at DEF CON as an official contest this year. Adversary Wars CTF will be located in the contest area for DEF CON 32.
\n\n\'',NULL,616208),('3_Saturday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_f347cbff188bb8bac482f57547c4101c','\'\'',NULL,616209),('3_Saturday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_f347cbff188bb8bac482f57547c4101c','\'\'',NULL,616210),('3_Saturday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_f347cbff188bb8bac482f57547c4101c','\'\'',NULL,616211),('3_Saturday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_f347cbff188bb8bac482f57547c4101c','\'\'',NULL,616212),('3_Saturday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_f347cbff188bb8bac482f57547c4101c','\'\'',NULL,616213),('3_Saturday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_f347cbff188bb8bac482f57547c4101c','\'\'',NULL,616214),('3_Saturday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_f347cbff188bb8bac482f57547c4101c','\'\'',NULL,616215),('2_Friday','10','10:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_d723113a0dc3b6fc7e9bfceb1b412e53','\'Title: Adversary Wars CTF
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05 - Map
\n
\nDescription:
\nAdversary Village proudly presents \"Adversary Wars CTF\", an official contest at DEF CON, where the participants will have to pose as adversaries and replicate adversarial actions against each element of a “target” organization. Adversary Wars would have real world simulation of CTF scenarios and challenges, where the participants can perform various attacks and learn new attack vectors, TTPs, techniques, etc. To visualize the CTF environment, the contest area will feature a miniature model of the city made using interlocking-plastic-bricks. The breached components OR organization buildings will be physically marked in the city model as the CTF progresses.
\n\nWe are excited to be back at DEF CON as an official contest this year. Adversary Wars CTF will be located in the contest area for DEF CON 32.
\n\n\'',NULL,616216),('2_Friday','11','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_d723113a0dc3b6fc7e9bfceb1b412e53','\'\'',NULL,616217),('2_Friday','12','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_d723113a0dc3b6fc7e9bfceb1b412e53','\'\'',NULL,616218),('2_Friday','13','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_d723113a0dc3b6fc7e9bfceb1b412e53','\'\'',NULL,616219),('2_Friday','14','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_d723113a0dc3b6fc7e9bfceb1b412e53','\'\'',NULL,616220),('2_Friday','15','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_d723113a0dc3b6fc7e9bfceb1b412e53','\'\'',NULL,616221),('2_Friday','16','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_d723113a0dc3b6fc7e9bfceb1b412e53','\'\'',NULL,616222),('2_Friday','17','10:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_d723113a0dc3b6fc7e9bfceb1b412e53','\'\'',NULL,616223),('4_Sunday','10','10:00','11:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_3480fb4c4de5985b727bea18160ce10e','\'Title: Adversary Wars CTF
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05 - Map
\n
\nDescription:
\nAdversary Village proudly presents \"Adversary Wars CTF\", an official contest at DEF CON, where the participants will have to pose as adversaries and replicate adversarial actions against each element of a “target” organization. Adversary Wars would have real world simulation of CTF scenarios and challenges, where the participants can perform various attacks and learn new attack vectors, TTPs, techniques, etc. To visualize the CTF environment, the contest area will feature a miniature model of the city made using interlocking-plastic-bricks. The breached components OR organization buildings will be physically marked in the city model as the CTF progresses.
\n\nWe are excited to be back at DEF CON as an official contest this year. Adversary Wars CTF will be located in the contest area for DEF CON 32.
\n\n\'',NULL,616224),('4_Sunday','11','10:00','11:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-05','\'Adversary Wars CTF\'','\'\'','CON_3480fb4c4de5985b727bea18160ce10e','\'\'',NULL,616225),('4_Sunday','10','10:00','11:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'A Wall of Bribes\'','\'\'','CON_a68b61510b6e6142ffaa61816d11dfd8','\'Title: A Wall of Bribes
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-F - Map
\n
\nDescription:
\nThis is a contest about bribery. Bribery is not only allowed, it is required as part of the contest, since it\'s the only way to move up the leaderboard. Judges will evaluate the value of any given bribe (for example, an unusual sticker, etc.), and award points accordingly. Boring bribes will be rejected (i.e. cash). Players can expect to learn how to make a persuasive argument, and the nature of value in an (often) pay-to-win world that we live in.
\n\n\'',NULL,616226),('4_Sunday','11','10:00','11:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'A Wall of Bribes\'','\'\'','CON_a68b61510b6e6142ffaa61816d11dfd8','\'\'',NULL,616227),('3_Saturday','10','10:00','15:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'A Wall of Bribes\'','\'\'','CON_9579a788a5ac902ce6cb067fe7f9c8e8','\'Title: A Wall of Bribes
\nWhen: Saturday, Aug 10, 10:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-02-02-F - Map
\n
\nDescription:
\nThis is a contest about bribery. Bribery is not only allowed, it is required as part of the contest, since it\'s the only way to move up the leaderboard. Judges will evaluate the value of any given bribe (for example, an unusual sticker, etc.), and award points accordingly. Boring bribes will be rejected (i.e. cash). Players can expect to learn how to make a persuasive argument, and the nature of value in an (often) pay-to-win world that we live in.
\n\n\'',NULL,616228),('3_Saturday','11','10:00','15:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'A Wall of Bribes\'','\'\'','CON_9579a788a5ac902ce6cb067fe7f9c8e8','\'\'',NULL,616229),('3_Saturday','12','10:00','15:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'A Wall of Bribes\'','\'\'','CON_9579a788a5ac902ce6cb067fe7f9c8e8','\'\'',NULL,616230),('3_Saturday','13','10:00','15:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'A Wall of Bribes\'','\'\'','CON_9579a788a5ac902ce6cb067fe7f9c8e8','\'\'',NULL,616231),('3_Saturday','14','10:00','15:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'A Wall of Bribes\'','\'\'','CON_9579a788a5ac902ce6cb067fe7f9c8e8','\'\'',NULL,616232),('3_Saturday','15','10:00','15:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-02-02-F','\'A Wall of Bribes\'','\'\'','CON_9579a788a5ac902ce6cb067fe7f9c8e8','\'\'',NULL,616233),('2_Friday','11','11:00','11:59','N','CON','Other / See Description','\'Betting on Your Digital Rights: 3rd Annual EFF Benefit Poker Tournament at DEF CON 32\'','\'\'','CON_5f56e3452b8cedd0a8a6cd86d305a670','\'Title: Betting on Your Digital Rights: 3rd Annual EFF Benefit Poker Tournament at DEF CON 32
\nWhen: Friday, Aug 9, 11:00 - 11:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nBegins Friday at 12: 00 (11:00 for the pre-tournament poker clinic)
\n\nWe’re going all in on internet freedom. Take a break from hacking the Gibson to face off with your competition at the tables—and benefit EFF! Your buy-in is paired with a donation to support EFF’s mission to protect online privacy and free expression for all. Play for glory. Play for money. Play for the future of the web. Seating is limited, so reserve your spot today.
\n\n\'',NULL,616234),('2_Friday','10','10:00','10:59','N','TCV','LVCC West/Floor 2/W201','\'Telecom Village Inauguration\'','\'\'','TCV_4a08779049fe08dc47638721276b4e70','\'Title: Telecom Village Inauguration
\nWhen: Friday, Aug 9, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 2/W201 - Map
\n
\nDescription:
\n\n\n\'',NULL,616235),('3_Saturday','10','10:00','10:59','N','TCV','LVCC West/Floor 2/W201','\'AI-Driven Cyber Resilience: Surviving the 5G Threat Landscape\'','\'Shina Liu,Niklas Lindroos,Ezz Tahoun,Akib Sayyed\'','TCV_1cc3921e8ef2f597f6dd997321d9db42','\'Title: AI-Driven Cyber Resilience: Surviving the 5G Threat Landscape
\nWhen: Saturday, Aug 10, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 2/W201 - Map
\n
\nDescription:
\nThis panel discussion will delve into the critical intersection of artificial intelligence and cybersecurity in the context of the rapidly evolving 5G network environment. By bringing together experts in AI, 5G network security, and AI-driven solutions
\n\nSpeakers:Shina Liu,Niklas Lindroos,Ezz Tahoun,Akib Sayyed
\n
\nSpeakerBio: Shina Liu
\nShina Liu has over two decades of experience in the telecom industry, beginning as a software developer for 3G networks. Since receiving her CISSP certification in 2007, she led product security verification for 4G and 5G networks and currently serve as a senior security analyst. Based in Naperville, she is a member of Nokia\'s Technical Leadership Council Committee and has been actively involved in ML/AI/GenAI initiatives since 2019.
\n\nSpeakerBio: Niklas Lindroos, Head of PSIRT and Advanced Security Testing lab at Nokia Corporation
\nNiklas is the Head of PSIRT and Advanced Security Testing lab - the red and blue teams of Nokia Corporation. He and his team manage the response to serious vulnerabilities and incidents in telecommunication networks globally and conduct security simulations and testing of essential network functions. He has over 30 years of experience in network and telecommunications security.
\n\nSpeakerBio: Ezz Tahoun
\nEzz Tahoun, a distinguished cyber-security data scientist, who won AI & innovation awards at Yale, Princeton and Northwestern. He also got innovation awards from Canada’s Communications Security Establishment, Microsoft US, Trustwave US, PIA US, NATO, and more. He ran data science innovation programs and projects for OrangeCyber Defense, Forescout Technologies, Royal bank of Canada, Governments, and Huawei Technologies US. He has published 20 papers, countless articles and 15 open source projects in the domain. When he was 19 years old he started his CS PhD in one of the top 5 labs in the world for cyber & AI, in the prestigious University of Waterloo, where he published numerous papers and became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH. He was an adjunct professor of cyber defense and warfare at Toronto’s school of management.
\n\nSpeakerBio: Akib Sayyed, Founder and Director at Matrix Shell Technologies
\nAkib, Founder and Director of Matrix Shell Technologies, has over 12 years of experience in Telecom Security. He has served diverse telecom operators across India, Africa, and the Middle East, specializing in signaling protocols and technologies like GSM, UMTS, LTE, 5G, and VoLTE. He has led numerous penetration testing projects, disclosed a GSM vulnerability in 2012, and worked with various open-source telecom platforms. Akib has also delivered training at Black Hat and DEFCON, contributing significantly to the cybersecurity community. His education includes a Bachelor\'s in Engineering (CSE) and certifications in ISO 17025:2017 and 5G.
\n\n\n\'',NULL,616236),('4_Sunday','10','10:00','13:59','N','TCV','LVCC West/Floor 2/W201','\'Telecom Tinkerer CTF\'','\'\'','TCV_5847b490b0f62137584ea295588b38d6','\'Title: Telecom Tinkerer CTF
\nWhen: Sunday, Aug 11, 10:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W201 - Map
\n
\nDescription:
\nTelecom Village is excited to announce \"Telecom Tinkerer,\" Capture The Flag (CTF) event. Participants, known as Tinkerers, will simulate actions against various elements of a dummy target organization. Telecom Tinkerer will feature real-world simulation scenarios and challenges, allowing Tinkerers to simulate attacks and explore new attack vectors, tactics, techniques, and procedures (TTPs). The event will include combined exercises with different levels of threat/emulation and purple teaming, promoting a collaborative learning environment for both offensive and defensive strategies.
\n\n\'',NULL,616237),('4_Sunday','11','10:00','13:59','Y','TCV','LVCC West/Floor 2/W201','\'Telecom Tinkerer CTF\'','\'\'','TCV_5847b490b0f62137584ea295588b38d6','\'\'',NULL,616238),('4_Sunday','12','10:00','13:59','Y','TCV','LVCC West/Floor 2/W201','\'Telecom Tinkerer CTF\'','\'\'','TCV_5847b490b0f62137584ea295588b38d6','\'\'',NULL,616239),('4_Sunday','13','10:00','13:59','Y','TCV','LVCC West/Floor 2/W201','\'Telecom Tinkerer CTF\'','\'\'','TCV_5847b490b0f62137584ea295588b38d6','\'\'',NULL,616240),('2_Friday','11','11:00','13:59','N','TCV','LVCC West/Floor 2/W201','\'5G Fortress\'','\'Akib Sayyed\'','TCV_d9431d6f7a58231f5f590018e376dad9','\'Title: 5G Fortress
\nWhen: Friday, Aug 9, 11:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W201 - Map
\n
\nDescription:
\nThe \"5G Security Infrastructure\" workshop at DEFCON begins with an overview of 5G infrastructure security. Module 1 covers 5G security architecture, RAN architecture, deployment models, critical components, and assessment methods. Module 2 examines new 5G protocols and their security impacts, including SBA, HTTP2, JSON API, N32 interface, PFCP, and SEPP. Module 3 explores network access security, SIM card security, 5G AKA, SUPI, and SUCI. Module 4 presents a 5G threat case study, with hands-on activities in UE & PT configuration, RAN security, and API testing
\n\nSpeakerBio: Akib Sayyed, Founder and Director at Matrix Shell Technologies
\nAkib, Founder and Director of Matrix Shell Technologies, has over 12 years of experience in Telecom Security. He has served diverse telecom operators across India, Africa, and the Middle East, specializing in signaling protocols and technologies like GSM, UMTS, LTE, 5G, and VoLTE. He has led numerous penetration testing projects, disclosed a GSM vulnerability in 2012, and worked with various open-source telecom platforms. Akib has also delivered training at Black Hat and DEFCON, contributing significantly to the cybersecurity community. His education includes a Bachelor\'s in Engineering (CSE) and certifications in ISO 17025:2017 and 5G.
\n\n\n\'',NULL,616241),('2_Friday','12','11:00','13:59','Y','TCV','LVCC West/Floor 2/W201','\'5G Fortress\'','\'Akib Sayyed\'','TCV_d9431d6f7a58231f5f590018e376dad9','\'\'',NULL,616242),('2_Friday','13','11:00','13:59','Y','TCV','LVCC West/Floor 2/W201','\'5G Fortress\'','\'Akib Sayyed\'','TCV_d9431d6f7a58231f5f590018e376dad9','\'\'',NULL,616243),('2_Friday','15','15:00','16:59','N','TCV','LVCC West/Floor 2/W201','\'Telecom Time Machine\'','\'Nadeem Bagwan\'','TCV_964c5ace2e4324b3301ad2a50a720c21','\'Title: Telecom Time Machine
\nWhen: Friday, Aug 9, 15:00 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W201 - Map
\n
\nDescription:
\nJoin us at Telecom Village, DEFCON for a workshop on 2G and 3G network architectures and SS7 protocols. Gain a deep understanding of GSM and 3G networks, discover SS7 vulnerabilities, and engage in hands-on activities to simulate and analyze SS7 attacks. Designed for telecom professionals, cybersecurity enthusiasts, and researchers, this session aims to enhance your knowledge and security awareness in legacy telecom infrastructures
\n\nSpeakerBio: Nadeem Bagwan
\nWith over 5 years of experience in telecom signaling security, Nadeem specialize in performing penetration testing for Radio Access Networks (RAN), SS7, Diameter, and GTP protocols, as well as telecom signaling forensics. He has extensive experience working in international environments, including the Middle East, South Asia, and Africa. His expertise spans various technologies, including SS7, Diameter, GTP, and 2G/3G/4G/5G core and radio access networks.
\n\n\n\'',NULL,616244),('2_Friday','16','15:00','16:59','Y','TCV','LVCC West/Floor 2/W201','\'Telecom Time Machine\'','\'Nadeem Bagwan\'','TCV_964c5ace2e4324b3301ad2a50a720c21','\'\'',NULL,616245),('2_Friday','17','17:00','17:59','N','TCV','LVCC West/Floor 2/W201','\'SIMply Secure\'','\'Zibran Sayyed\'','TCV_91986fb3c8d8254f75382e62b494eb0c','\'Title: SIMply Secure
\nWhen: Friday, Aug 9, 17:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W201 - Map
\n
\nDescription:
\nJoin us at Telecom Village, DEFCON for the SIM Card Testing Workshop. We\'ll cover SIM card functionality, communication protocols, reading and writing techniques, and introduce SIM card algorithms and authentication. Explore emerging eSIM technology and its communication methods. This hands-on workshop equips participants with practical skills in testing and manipulating SIM cards, providing a comprehensive understanding of both traditional SIM and eSIM technologies
\n\nSpeakerBio: Zibran Sayyed
\nSeasoned professional with extensive experience in RAN, VoLTE, and VoWiFi security assessment, demonstrating expertise in safeguarding telecommunications networks. Proficient in a wide range of technologies, including GSM, UMTS, LTE, VoLTE, and 5G.
\n\n\n\'',NULL,616246),('3_Saturday','11','11:00','13:59','N','TCV','LVCC West/Floor 2/W201','\'GPON Unplugged\'','\'Akib Sayyed\'','TCV_5ae0e789294c608d7088b542052826fb','\'Title: GPON Unplugged
\nWhen: Saturday, Aug 10, 11:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W201 - Map
\n
\nDescription:
\nJoin us at Telecom Village, DEFCON for an in-depth GPON workshop. We\'ll explore GPON technology basics, standards, capabilities, and deployment methods, while identifying vulnerabilities and advanced mitigation strategies. The workshop features a live GPON setup and performance test for hands-on experience. Ideal for telecom professionals, network engineers, cybersecurity experts, and tech enthusiasts eager to deepen their understanding of modern telecommunications.
\n\nSpeakerBio: Akib Sayyed, Founder and Director at Matrix Shell Technologies
\nAkib, Founder and Director of Matrix Shell Technologies, has over 12 years of experience in Telecom Security. He has served diverse telecom operators across India, Africa, and the Middle East, specializing in signaling protocols and technologies like GSM, UMTS, LTE, 5G, and VoLTE. He has led numerous penetration testing projects, disclosed a GSM vulnerability in 2012, and worked with various open-source telecom platforms. Akib has also delivered training at Black Hat and DEFCON, contributing significantly to the cybersecurity community. His education includes a Bachelor\'s in Engineering (CSE) and certifications in ISO 17025:2017 and 5G.
\n\n\n\'',NULL,616247),('3_Saturday','12','11:00','13:59','Y','TCV','LVCC West/Floor 2/W201','\'GPON Unplugged\'','\'Akib Sayyed\'','TCV_5ae0e789294c608d7088b542052826fb','\'\'',NULL,616248),('3_Saturday','13','11:00','13:59','Y','TCV','LVCC West/Floor 2/W201','\'GPON Unplugged\'','\'Akib Sayyed\'','TCV_5ae0e789294c608d7088b542052826fb','\'\'',NULL,616249),('3_Saturday','15','15:00','16:59','N','TCV','LVCC West/Floor 2/W201','\'4G Frenzy\'','\'Vinod Shrimali\'','TCV_ae5f12b054311c9f9315852a32abc173','\'Title: 4G Frenzy
\nWhen: Saturday, Aug 10, 15:00 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W201 - Map
\n
\nDescription:
\n\"4G Frenzy: Delving into Advanced Telecom Security\" explores telecom network security with a focus on 4G. It covers the basics of 2G, 3G, and 4G, highlighting key differences and advancements. The workshop examines legacy telecom threats, vulnerabilities, and historical attacks, then delves into 4G\'s security improvements. Topics include protocols, RAN and core security, authentication, encryption, voice services, roaming, and Diameter protocol weaknesses. Includes hands-on demos of 4G weaknesses, prevention techniques, and open-source 4G network setup
\n\nSpeakerBio: Vinod Shrimali
\nVinod is a telecom security expert with over 8.5 years of experience, specializing in 5G security, penetration testing, satellite and maritime security, and developing cost-effective security strategies. He is dedicated to securing data, networks, and systems to ensure safe communication, staying ahead of industry trends, delivering robust defense against cyber-attacks, and maintaining compliance with industry standards.
\n\n\n\'',NULL,616250),('3_Saturday','16','15:00','16:59','Y','TCV','LVCC West/Floor 2/W201','\'4G Frenzy\'','\'Vinod Shrimali\'','TCV_ae5f12b054311c9f9315852a32abc173','\'\'',NULL,616251),('2_Friday','13','13:00','13:59','N','PYV','LVCC West/Floor 2/W202','\'Attacking and defending card present transactions\'','\'Yurii Zadoianchuk,Stephan Viljoen,Sebastiaan Pierrot\'','PYV_4795b1510d65f74aa23d0c649250e7f3','\'Title: Attacking and defending card present transactions
\nWhen: Friday, Aug 9, 13:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W202 - Map
\n
\nDescription:
\nIn this workshop we present two perspectives on card present attacks - attacker\'s and defender\'s. What typical banks and card processors think of modern card present attacks?\nHow easy is it to mitigate those without compromising on user experience?
\n\nSpeakers:Yurii Zadoianchuk,Stephan Viljoen,Sebastiaan Pierrot
\n
\nSpeakerBio: Yurii Zadoianchuk, Adyen
\nNo BIO available
\nSpeakerBio: Stephan Viljoen, Adyen
\nNo BIO available
\nSpeakerBio: Sebastiaan Pierrot, Adyen
\nNo BIO available
\n\n\'',NULL,616252),('3_Saturday','13','13:00','13:59','N','PYV','LVCC West/Floor 2/W202','\'Breaking software protected crypto implementations\'','\'Adrian Garcia\'','PYV_b628d5332f099745db1ec07c03d1fada','\'Title: Breaking software protected crypto implementations
\nWhen: Saturday, Aug 10, 13:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W202 - Map
\n
\nDescription:
\nBy the end of the session, attendees will gain a comprehensive understanding of the security mechanisms protecting mobile payment applications, the inherent vulnerabilities, and the sophisticated techniques employed by attackers to exploit these systems. This talk is designed to provide industry insights, maintaining a vendor-neutral perspective while focusing on the broader security landscape.
\n\nSpeakerBio: Adrian Garcia, Senior Security Expert at Adyen
\nAdrian Garcia serves as a Senior Security Expert at Adyen. With over ten years of experience in software security, Adrian specializes in mobile payment security, focusing on securing mobile products such as wallets and mobile points of sale. Passionate about reverse engineering, Adrian brings extensive knowledge of cryptography and payment security standards to his work.
\n\n\n\'',NULL,616253),('3_Saturday','11','11:30','12:10','N','PYV','LVCC West/Floor 2/W202','\'Emulating Magstripe with Arduino\'','\'Leigh-Anne Galloway\'','PYV_e56c583f172971356ee77bced694c201','\'Title: Emulating Magstripe with Arduino
\nWhen: Saturday, Aug 10, 11:30 - 12:10 PDT
\nWhere: LVCC West/Floor 2/W202 - Map
\n
\nDescription:
\nLearn how to build a device to emulate magstripe using data intercepted from EMV chip and contactless interfaces
\n\nSpeakerBio: Leigh-Anne Galloway, Director of Research at UNDERLE LTD
\nLeigh-Anne Galloway is the Payment Village Lead and Director of Research at UNDERLE LTD. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. This is where she discovered her passion for security advisory and payment technologies. She authored research on ATM security, application security and payment technology vulnerabilities; and has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, and Troopers, Black Hat USA, Black Hat Europe and DEF CON. She also serves on the board for Black Hat Europe.
\n\n\n\'',NULL,616254),('3_Saturday','12','11:30','12:10','Y','PYV','LVCC West/Floor 2/W202','\'Emulating Magstripe with Arduino\'','\'Leigh-Anne Galloway\'','PYV_e56c583f172971356ee77bced694c201','\'\'',NULL,616255),('2_Friday','14','14:30','15:10','N','PYV','LVCC West/Floor 2/W202','\'Emulating Magstripe with Arduino\'','\'Leigh-Anne Galloway\'','PYV_7085317fd1d9cf76a6e38217c809b1ac','\'Title: Emulating Magstripe with Arduino
\nWhen: Friday, Aug 9, 14:30 - 15:10 PDT
\nWhere: LVCC West/Floor 2/W202 - Map
\n
\nDescription:
\nLearn how to build a device to emulate magstripe using data intercepted from EMV chip and contactless interfaces
\n\nSpeakerBio: Leigh-Anne Galloway, Director of Research at UNDERLE LTD
\nLeigh-Anne Galloway is the Payment Village Lead and Director of Research at UNDERLE LTD. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. This is where she discovered her passion for security advisory and payment technologies. She authored research on ATM security, application security and payment technology vulnerabilities; and has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, and Troopers, Black Hat USA, Black Hat Europe and DEF CON. She also serves on the board for Black Hat Europe.
\n\n\n\'',NULL,616256),('2_Friday','15','14:30','15:10','Y','PYV','LVCC West/Floor 2/W202','\'Emulating Magstripe with Arduino\'','\'Leigh-Anne Galloway\'','PYV_7085317fd1d9cf76a6e38217c809b1ac','\'\'',NULL,616257),('3_Saturday','10','10:15','10:20','N','PYV','LVCC West/Floor 2/W202','\'Introduction to Payment Village CTF\'','\'Leigh-Anne Galloway\'','PYV_e72b71a026bd398a0c2058661057e5ca','\'Title: Introduction to Payment Village CTF
\nWhen: Saturday, Aug 10, 10:15 - 10:20 PDT
\nWhere: LVCC West/Floor 2/W202 - Map
\n
\nDescription:
\nFind out how to participate in the Payment Village CTF
\n\nSpeakerBio: Leigh-Anne Galloway, Director of Research at UNDERLE LTD
\nLeigh-Anne Galloway is the Payment Village Lead and Director of Research at UNDERLE LTD. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. This is where she discovered her passion for security advisory and payment technologies. She authored research on ATM security, application security and payment technology vulnerabilities; and has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, and Troopers, Black Hat USA, Black Hat Europe and DEF CON. She also serves on the board for Black Hat Europe.
\n\n\n\'',NULL,616258),('2_Friday','10','10:15','10:20','N','PYV','LVCC West/Floor 2/W202','\'Introduction to Payment Village CTF\'','\'Leigh-Anne Galloway\'','PYV_86192046f544431132f4d4e80ab4b70e','\'Title: Introduction to Payment Village CTF
\nWhen: Friday, Aug 9, 10:15 - 10:20 PDT
\nWhere: LVCC West/Floor 2/W202 - Map
\n
\nDescription:
\nFind out how to participate in the Payment Village CTF
\n\nSpeakerBio: Leigh-Anne Galloway, Director of Research at UNDERLE LTD
\nLeigh-Anne Galloway is the Payment Village Lead and Director of Research at UNDERLE LTD. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. This is where she discovered her passion for security advisory and payment technologies. She authored research on ATM security, application security and payment technology vulnerabilities; and has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, and Troopers, Black Hat USA, Black Hat Europe and DEF CON. She also serves on the board for Black Hat Europe.
\n\n\n\'',NULL,616259),('3_Saturday','10','10:45','10:59','N','PYV','LVCC West/Floor 2/W202','\'Introduction to the Payment Village badge\'','\'Leigh-Anne Galloway\'','PYV_84199c08a830ebd84c13c593796669d1','\'Title: Introduction to the Payment Village badge
\nWhen: Saturday, Aug 10, 10:45 - 10:59 PDT
\nWhere: LVCC West/Floor 2/W202 - Map
\n
\nDescription:
\nIn this workshop you will learn how to assemble and use the village badge, and how it can be used to solve challenges in the CTF
\n\nSpeakerBio: Leigh-Anne Galloway, Director of Research at UNDERLE LTD
\nLeigh-Anne Galloway is the Payment Village Lead and Director of Research at UNDERLE LTD. Leigh-Anne started her career in incident response, leading investigations into payment card data breaches. This is where she discovered her passion for security advisory and payment technologies. She authored research on ATM security, application security and payment technology vulnerabilities; and has previously spoken at DevSecCon, BSides, Hacktivity, 8dot8, OWASP, and Troopers, Black Hat USA, Black Hat Europe and DEF CON. She also serves on the board for Black Hat Europe.
\n\n\n\'',NULL,616260),('3_Saturday','15','15:00','15:59','N','PYV','LVCC West/Floor 2/W202','\'Online Payments - Attack and Defense\'','\'Vincent Sloan\'','PYV_01905a3182b92899cb4bb800ac36feec','\'Title: Online Payments - Attack and Defense
\nWhen: Saturday, Aug 10, 15:00 - 15:59 PDT
\nWhere: LVCC West/Floor 2/W202 - Map
\n
\nDescription:
\n\"Learn the basics of how cards are used for payments online, and the risks associated.\nWe’ll explore a number of attacks used by malicious actors against online payment systems and the ways to mitigate them\"
\n\nSpeakerBio: Vincent Sloan, GoFundMe
\nVincent Sloan has been working in software and online payments for over 20 years and enjoys solving problems at the intersection for payments and security.
\n\n\n\'',NULL,616261),('2_Friday','10','10:00','16:30','N','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF\'','\'\'','PYV_7937f0289dcca1269214df87600f716b','\'Title: Payment Village CTF
\nWhen: Friday, Aug 9, 10:00 - 16:30 PDT
\nWhere: LVCC West/Floor 2/W202 - Map
\n
\nDescription:
\nThis year we have more challenges and more prizes!
\n\n\'',NULL,616262),('2_Friday','11','10:00','16:30','Y','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF\'','\'\'','PYV_7937f0289dcca1269214df87600f716b','\'\'',NULL,616263),('2_Friday','12','10:00','16:30','Y','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF\'','\'\'','PYV_7937f0289dcca1269214df87600f716b','\'\'',NULL,616264),('2_Friday','13','10:00','16:30','Y','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF\'','\'\'','PYV_7937f0289dcca1269214df87600f716b','\'\'',NULL,616265),('2_Friday','14','10:00','16:30','Y','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF\'','\'\'','PYV_7937f0289dcca1269214df87600f716b','\'\'',NULL,616266),('2_Friday','15','10:00','16:30','Y','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF\'','\'\'','PYV_7937f0289dcca1269214df87600f716b','\'\'',NULL,616267),('2_Friday','16','10:00','16:30','Y','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF\'','\'\'','PYV_7937f0289dcca1269214df87600f716b','\'\'',NULL,616268),('3_Saturday','10','10:00','16:30','N','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF\'','\'\'','PYV_9e6ea2311076c736dee9114712a47185','\'Title: Payment Village CTF
\nWhen: Saturday, Aug 10, 10:00 - 16:30 PDT
\nWhere: LVCC West/Floor 2/W202 - Map
\n
\nDescription:
\nThis year we have more challenges and more prizes!
\n\n\'',NULL,616269),('3_Saturday','11','10:00','16:30','Y','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF\'','\'\'','PYV_9e6ea2311076c736dee9114712a47185','\'\'',NULL,616270),('3_Saturday','12','10:00','16:30','Y','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF\'','\'\'','PYV_9e6ea2311076c736dee9114712a47185','\'\'',NULL,616271),('3_Saturday','13','10:00','16:30','Y','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF\'','\'\'','PYV_9e6ea2311076c736dee9114712a47185','\'\'',NULL,616272),('3_Saturday','14','10:00','16:30','Y','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF\'','\'\'','PYV_9e6ea2311076c736dee9114712a47185','\'\'',NULL,616273),('3_Saturday','15','10:00','16:30','Y','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF\'','\'\'','PYV_9e6ea2311076c736dee9114712a47185','\'\'',NULL,616274),('3_Saturday','16','10:00','16:30','Y','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF\'','\'\'','PYV_9e6ea2311076c736dee9114712a47185','\'\'',NULL,616275),('2_Friday','16','16:30','16:59','N','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF Day One Results\'','\'\'','PYV_d1c5e206f43312b0633eaae7755dd795','\'Title: Payment Village CTF Day One Results
\nWhen: Friday, Aug 9, 16:30 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W202 - Map
\n
\nDescription:
\nWinners of Day One announced and prizes given out
\n\n\'',NULL,616276),('3_Saturday','16','16:30','16:59','N','PYV','LVCC West/Floor 2/W202','\'Payment Village CTF Day Two Results\'','\'\'','PYV_ba100abbff9bd97b82fdeb126ed4e670','\'Title: Payment Village CTF Day Two Results
\nWhen: Saturday, Aug 10, 16:30 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W202 - Map
\n
\nDescription:
\nWinners of Day Two announced and prizes given out
\n\n\'',NULL,616277),('2_Friday','11','11:30','12:40','N','PYV','LVCC West/Floor 2/W202','\'User Behaviour Analytics in Payments\'','\'Karthik Tadinada\'','PYV_c13b08ecc9e5cee2fe58050c3a50e03d','\'Title: User Behaviour Analytics in Payments
\nWhen: Friday, Aug 9, 11:30 - 12:40 PDT
\nWhere: LVCC West/Floor 2/W202 - Map
\n
\nDescription:
\nUser Behaviour Analytics are powerful predictors of both genuine and anomalous behaviour in payments. This talk will work through a few examples of payment fraud scenarios and is aimed at demonstrating the thought processes of computing effective indicators of fraud. This talk should be of interest to people interested in payments but also analysts using UEBA systems in cybersecurity.
\n\nSpeakerBio: Karthik Tadinada, Founder at Fortify Solutions
\nKarthik Tadinada is the founder of Fortify Solutions, a payment risk prevention company. Karthik has built high performing fraud prevention models for credit and debit card payments, account-to-account transfers, e-commerce merchants and national payment rails. Models he and his teams built score all the debit card transactions in Australia, a double digit percentage of the credit card transactions in the US and the majority of Point of Sale transactions in the UK.
\n\n\n\'',NULL,616278),('2_Friday','12','11:30','12:40','Y','PYV','LVCC West/Floor 2/W202','\'User Behaviour Analytics in Payments\'','\'Karthik Tadinada\'','PYV_c13b08ecc9e5cee2fe58050c3a50e03d','\'\'',NULL,616279),('3_Saturday','13','13:00','14:59','N','DC','LVCC West/Floor 1/Hall 3/HW3-06-03','\'Learn Zero Trust Network Security with Cloudflare\'','\'\'','DC_7b870a31368854abcd9701a0d8f488ac','\'Title: Learn Zero Trust Network Security with Cloudflare
\nWhen: Saturday, Aug 10, 13:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-03 - Map
\n
\nDescription:
\nDo you have any photos, videos, games or apps privately hosted at home that you’d love to easily and securely share with your friends anywhere in the world, for free? Would you like to learn how to secure your family and school’s Internet access against phishing, ransomware, and other Internet risks? In this hands-on class you will learn how to easily build a secure private network over the Internet with Cloudflare Zero Trust services.
\n\n\'',NULL,616280),('3_Saturday','14','13:00','14:59','Y','DC','LVCC West/Floor 1/Hall 3/HW3-06-03','\'Learn Zero Trust Network Security with Cloudflare\'','\'\'','DC_7b870a31368854abcd9701a0d8f488ac','\'\'',NULL,616281),('3_Saturday','15','15:00','15:59','N','DC','LVCC West/Floor 1/Hall 3/HW3-06-03','\'Real life hacking stories (that can’t be recorded!)\'','\'\'','DC_aaed019344028c84cb2e531c88c2bc71','\'Title: Real life hacking stories (that can’t be recorded!)
\nWhen: Saturday, Aug 10, 15:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-03 - Map
\n
\nDescription:
\nPanel - Hacker stories and career Q and A: Stories and adventures from real life hacking engagements. Ask the panel about different career’s in cyber security and getting paid to be a hacker.
\n\n\n\n\'',NULL,616282),('3_Saturday','17','17:00','17:59','N','DC','LVCC West/Floor 1/Hall 3/HW3-06-03','\'Quantum Leap: The future of Computing and the security of your online world\'','\'\'','DC_2186a4010001c7e6e9edffc393626022','\'Title: Quantum Leap: The future of Computing and the security of your online world
\nWhen: Saturday, Aug 10, 17:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-03 - Map
\n
\nDescription:
\nJoin us for a journey into the world of quantum computing, where quantum computers can solve problems in seconds that would take regular computers years to solve. We\'ll explore the principles of quantum mechanics that make this possible, and the implications for cybersecurity. But don\'t worry, we\'ll also cover what\'s being done to keep our online communications safe and how we can stay ahead of the game.
\n\n\'',NULL,616283),('4_Sunday','10','10:00','12:59','N','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_fc80ff18a278f0351772f114e1cbf149','\'Title: Open Events for DCNextGen
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nOpen Events - All Days
\n\nAIxCC - Artificial Intelligence Cyber Challenge
\n\nExperience a dynamic model city with illuminated buildings and projections that bring to life the Semifinals of the AI Cyber Challenge (AIxCC) - a two-year competition to safeguard the software critical to modern life. You\'ll experience the thrill of the game events and the critical stakes of cybersecurity in an immersive setting that also offers an inspiring educational journey.
\n\nSocial Engineering Village - SE Youth Challenge
\n\nThe Social Engineering Community needs your help and it’s not exactly a big deal, but without your help, the entire universe is going to implode. Fortunately, some creative beings designed a failsafe just for this specific purpose, the Def Con Social Engineering Youth Challenge at DEF CON 32!
\n\nAdversary Village - Table top adventure
\n\nTabletop adversary adventure!
\n\nBiohacking Village - Learn about bio-technology and biohacking!
\n\nHands on medical device hacking and village tour
\n\nHam Radio Vilage - Find the Fox, Decode a SSTV broadcast, get your Ham Radio License!
\n\nFox Hunt!: Try to find the fox radio transmitter. SSTV: Send an SSTV broadcast and see it decoded by someone else Ham Radio Exam: Get your ham radio license at DEF CON!
\n\nCrypto Privacy Village - Gold Bug Puzzle
\n\nAn invitation to a house party at the home of the Mysterious Marquise. What does it mean that it’s for those with “an adventurous spirit and enjoyment of puzzles”? And how can the doorknocker reveal anything? Find out in the Junior Cryptographer’s Corner of the CPV Gold Bug Puzzle.
\n\nData Duplication Village - Multiple: HDD Teardown, Decryption Challenge, Error detection and correction
\n\n\n- HDD Teardown: Take apart and see how hard drives work.
\n- Decryption Challenge: Learn how file encryption / decryption works and solve a challenge.
\n- Error Detection and Correction: Use a simple binary code system, errors are introduced in the data string. Teaching basic parity checking or checksum algorithms to identify and correct the errors, demonstrating a fundamental data integrity concept.
\n
\n\nHardware Hacking Village - Open Soldering lessons
\n\nThe folks at the Hardware Hacking Village can teach you soldering! Bring your soldering kits and learn this valuable hacker and life skill.
\n\nFriday, Saturday 13:00 - 16:00
\n\nCar Hacking Village Scavenger Hunt
\n\nThe Car Hacking Village (CHV) put together a wonderland of fun for kids of all ages to explore. Stop by at our CHV Kids Booth during our hours of operation and dive into the rabbit hole of car hacking with our team. As you explore the CHV Village, you will not only learn about car hacking, but will also get to collect fun swag at every stop. Join us on this adventure through the car hacking wonderland and let your scavenger hunt begin.
\n\n\'',NULL,616284),('4_Sunday','11','10:00','12:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_fc80ff18a278f0351772f114e1cbf149','\'\'',NULL,616285),('4_Sunday','12','10:00','12:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_fc80ff18a278f0351772f114e1cbf149','\'\'',NULL,616286),('3_Saturday','10','10:00','17:59','N','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_07e26e4e6093823d83e0f5c33b0ddb1a','\'Title: Open Events for DCNextGen
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nOpen Events - All Days
\n\nAIxCC - Artificial Intelligence Cyber Challenge
\n\nExperience a dynamic model city with illuminated buildings and projections that bring to life the Semifinals of the AI Cyber Challenge (AIxCC) - a two-year competition to safeguard the software critical to modern life. You\'ll experience the thrill of the game events and the critical stakes of cybersecurity in an immersive setting that also offers an inspiring educational journey.
\n\nSocial Engineering Village - SE Youth Challenge
\n\nThe Social Engineering Community needs your help and it’s not exactly a big deal, but without your help, the entire universe is going to implode. Fortunately, some creative beings designed a failsafe just for this specific purpose, the Def Con Social Engineering Youth Challenge at DEF CON 32!
\n\nAdversary Village - Table top adventure
\n\nTabletop adversary adventure!
\n\nBiohacking Village - Learn about bio-technology and biohacking!
\n\nHands on medical device hacking and village tour
\n\nHam Radio Vilage - Find the Fox, Decode a SSTV broadcast, get your Ham Radio License!
\n\nFox Hunt!: Try to find the fox radio transmitter. SSTV: Send an SSTV broadcast and see it decoded by someone else Ham Radio Exam: Get your ham radio license at DEF CON!
\n\nCrypto Privacy Village - Gold Bug Puzzle
\n\nAn invitation to a house party at the home of the Mysterious Marquise. What does it mean that it’s for those with “an adventurous spirit and enjoyment of puzzles”? And how can the doorknocker reveal anything? Find out in the Junior Cryptographer’s Corner of the CPV Gold Bug Puzzle.
\n\nData Duplication Village - Multiple: HDD Teardown, Decryption Challenge, Error detection and correction
\n\n\n- HDD Teardown: Take apart and see how hard drives work.
\n- Decryption Challenge: Learn how file encryption / decryption works and solve a challenge.
\n- Error Detection and Correction: Use a simple binary code system, errors are introduced in the data string. Teaching basic parity checking or checksum algorithms to identify and correct the errors, demonstrating a fundamental data integrity concept.
\n
\n\nHardware Hacking Village - Open Soldering lessons
\n\nThe folks at the Hardware Hacking Village can teach you soldering! Bring your soldering kits and learn this valuable hacker and life skill.
\n\nFriday, Saturday 13:00 - 16:00
\n\nCar Hacking Village Scavenger Hunt
\n\nThe Car Hacking Village (CHV) put together a wonderland of fun for kids of all ages to explore. Stop by at our CHV Kids Booth during our hours of operation and dive into the rabbit hole of car hacking with our team. As you explore the CHV Village, you will not only learn about car hacking, but will also get to collect fun swag at every stop. Join us on this adventure through the car hacking wonderland and let your scavenger hunt begin.
\n\n\'',NULL,616287),('3_Saturday','11','10:00','17:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_07e26e4e6093823d83e0f5c33b0ddb1a','\'\'',NULL,616288),('3_Saturday','12','10:00','17:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_07e26e4e6093823d83e0f5c33b0ddb1a','\'\'',NULL,616289),('3_Saturday','13','10:00','17:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_07e26e4e6093823d83e0f5c33b0ddb1a','\'\'',NULL,616290),('3_Saturday','14','10:00','17:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_07e26e4e6093823d83e0f5c33b0ddb1a','\'\'',NULL,616291),('3_Saturday','15','10:00','17:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_07e26e4e6093823d83e0f5c33b0ddb1a','\'\'',NULL,616292),('3_Saturday','16','10:00','17:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_07e26e4e6093823d83e0f5c33b0ddb1a','\'\'',NULL,616293),('3_Saturday','17','10:00','17:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_07e26e4e6093823d83e0f5c33b0ddb1a','\'\'',NULL,616294),('2_Friday','10','10:00','17:59','N','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_2861a027e6cd5dadb2df1a53d875509d','\'Title: Open Events for DCNextGen
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nOpen Events - All Days
\n\nAIxCC - Artificial Intelligence Cyber Challenge
\n\nExperience a dynamic model city with illuminated buildings and projections that bring to life the Semifinals of the AI Cyber Challenge (AIxCC) - a two-year competition to safeguard the software critical to modern life. You\'ll experience the thrill of the game events and the critical stakes of cybersecurity in an immersive setting that also offers an inspiring educational journey.
\n\nSocial Engineering Village - SE Youth Challenge
\n\nThe Social Engineering Community needs your help and it’s not exactly a big deal, but without your help, the entire universe is going to implode. Fortunately, some creative beings designed a failsafe just for this specific purpose, the Def Con Social Engineering Youth Challenge at DEF CON 32!
\n\nAdversary Village - Table top adventure
\n\nTabletop adversary adventure!
\n\nBiohacking Village - Learn about bio-technology and biohacking!
\n\nHands on medical device hacking and village tour
\n\nHam Radio Vilage - Find the Fox, Decode a SSTV broadcast, get your Ham Radio License!
\n\nFox Hunt!: Try to find the fox radio transmitter. SSTV: Send an SSTV broadcast and see it decoded by someone else Ham Radio Exam: Get your ham radio license at DEF CON!
\n\nCrypto Privacy Village - Gold Bug Puzzle
\n\nAn invitation to a house party at the home of the Mysterious Marquise. What does it mean that it’s for those with “an adventurous spirit and enjoyment of puzzles”? And how can the doorknocker reveal anything? Find out in the Junior Cryptographer’s Corner of the CPV Gold Bug Puzzle.
\n\nData Duplication Village - Multiple: HDD Teardown, Decryption Challenge, Error detection and correction
\n\n\n- HDD Teardown: Take apart and see how hard drives work.
\n- Decryption Challenge: Learn how file encryption / decryption works and solve a challenge.
\n- Error Detection and Correction: Use a simple binary code system, errors are introduced in the data string. Teaching basic parity checking or checksum algorithms to identify and correct the errors, demonstrating a fundamental data integrity concept.
\n
\n\nHardware Hacking Village - Open Soldering lessons
\n\nThe folks at the Hardware Hacking Village can teach you soldering! Bring your soldering kits and learn this valuable hacker and life skill.
\n\nFriday, Saturday 13:00 - 16:00
\n\nCar Hacking Village Scavenger Hunt
\n\nThe Car Hacking Village (CHV) put together a wonderland of fun for kids of all ages to explore. Stop by at our CHV Kids Booth during our hours of operation and dive into the rabbit hole of car hacking with our team. As you explore the CHV Village, you will not only learn about car hacking, but will also get to collect fun swag at every stop. Join us on this adventure through the car hacking wonderland and let your scavenger hunt begin.
\n\n\'',NULL,616295),('2_Friday','11','10:00','17:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_2861a027e6cd5dadb2df1a53d875509d','\'\'',NULL,616296),('2_Friday','12','10:00','17:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_2861a027e6cd5dadb2df1a53d875509d','\'\'',NULL,616297),('2_Friday','13','10:00','17:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_2861a027e6cd5dadb2df1a53d875509d','\'\'',NULL,616298),('2_Friday','14','10:00','17:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_2861a027e6cd5dadb2df1a53d875509d','\'\'',NULL,616299),('2_Friday','15','10:00','17:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_2861a027e6cd5dadb2df1a53d875509d','\'\'',NULL,616300),('2_Friday','16','10:00','17:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_2861a027e6cd5dadb2df1a53d875509d','\'\'',NULL,616301),('2_Friday','17','10:00','17:59','Y','MISC','Other / See Description','\'Open Events for DCNextGen\'','\'\'','MISC_2861a027e6cd5dadb2df1a53d875509d','\'\'',NULL,616302),('4_Sunday','10','10:00','10:30','N','XRV','Other / See Description','\'Evolution of RF Signal Visualization - From Spectrum Analyzers to Augmented Reality\'','\'Suzanne Borders,Jad Meouchy\'','XRV_51ac365c6c83c1b828cd1697c2176c81','\'Title: Evolution of RF Signal Visualization - From Spectrum Analyzers to Augmented Reality
\nWhen: Sunday, Aug 11, 10:00 - 10:30 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nWe are surrounded by invisible radio frequency signals created by human technology like radio, cellular, and satellite. Traditionally, we see these signals through spectrum analyzers. However, the capabilities of existing analysis tools are being outpaced by the rapid modernization of wireless networks and topologies like 5G, IoT, Bluetooth, LoRa, etc. RF is inherently multidimensional, but conventional analyzers display signals in 2D slices, limiting real-world applicability to highly technical users. Emerging technology that combines Augmented Reality displays and AI/ML algorithms is capable of spatializing RF data into its natural 3D location for easier understanding and communication.
\n\nThis talk will provide an overview of the evolution of RF visualization tools from flat interfaces to immersive ones that can be used to discover and map RF signals and networks. The audience will gain a broad understanding of the emergence of immersive interfaces and how they can be applied successfully to spatial data visualization. We will walk participants through challenges with the design and development process, theory behind decisions, and usability issues to overcome in actual deployments. Resulting best practices will be shared openly. Finally, the audience will learn about future applications of these tools and forecasted innovations as the underlying technology matures.
\n\nSpeakers:Suzanne Borders,Jad Meouchy
\n
\nSpeakerBio: Suzanne Borders, Founder and CEO at BadVR
\nSuzanne studied psychology at University of Missouri, Kansas City and previously worked as Lead UX/Product Designer for over 9 years at companies such as Remine (raised $48M) and CREXi (raised $54M) where she specialized in designing intuitive, high-performant data analytic interfaces. In 2019, Suzanne founded BadVR and was awarded a “Rising Stars” innovation award from IEEE. To date, she’s raised over $4M in non-dilutive funding for BadVR, via grants from the National Science Foundation, NOAA, Magic Leap, Qualcomm, and more. Suzanne has grown the company from 2 to 25 people and was awarded 4 patents for innovations she created while leading the BadVR team.
\n\nOver the past 5 years, Suzanne emerged as a thought-leader in the immersive data visualization and analytics space. She has been a keynote speaker at over 25 national and international conferences. In her spare time, Suzanne travels for inspiration (81 countries and counting) and is proud to be a published author and former punk. Suzanne thrives at the intersection of product design, immersive technology, and data; she’s a believer in the artistry of technology and the technicality of art and remains passionately dedicated to democratizing access to data through universally accessible products.
\n\nSpeakerBio: Jad Meouchy, Co-Founder and CTO at BadVR
\nJad Meouchy, CTO + Co-Founder, BadVR, Inc. Jad, originally from northern Virginia, holds dual B.S. degrees in Computer Engineering and Psychology from Virginia Tech, and is a graduate of the Thomas Jefferson High School for Science and Technology. While in college, he engineered and built the data visualization components of an emergency response simulation that went on to receive 2M in public grant funding. Over his 15-year career, Jad has founded five startups and successfully exited three. His professional expertise is in software architecture and development, specifically big data analytics and visualization, and virtual and augmented reality development. Based in Los Angeles since 2010, Jad promotes the community by organizing developer meetups and events, and volunteering time for STEM initiatives.
\n\n\n\'',NULL,616303),('2_Friday','11','11:00','12:59','N','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Trip Through Reality XR for Performances Masterclass with the Glad Scientist\'','\'The Glad Scientist\'','XRV_7f8c79ec461cf974dd75dd3d716f44ef','\'Title: Trip Through Reality XR for Performances Masterclass with the Glad Scientist
\nWhen: Friday, Aug 9, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-06 - Map
\n
\nDescription:
\nThe Glad Scientist will share their experiences and techniques for building out immersive performances, with a specific focus on their unique use of XR and generative AI in their process. Expect VR modular synthesis, weird generative AI hacks, and a lot of talk about breaking things in the name of creativity! This session is beginner-friendly, and attendees are welcome to follow along and test these techniques, or to listen and ask questions.
\n\nSpeakerBio: The Glad Scientist
\nThe Glad Scientist is a Barcelona-based media artist, performer, and professor who has integrated XR into their artistic process since 2017. Their work has been seen in worldwide venues, galleries, and festivals including DreamHack, Ars Electronica, Sonar+D, and Venice Biennale. Commercially, they have worked on immersive projects for several J-Rock bands, Under Armour, and Universal Studios’ Super Nintendo World.
\n\n\n\'',NULL,616304),('2_Friday','12','11:00','12:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Trip Through Reality XR for Performances Masterclass with the Glad Scientist\'','\'The Glad Scientist\'','XRV_7f8c79ec461cf974dd75dd3d716f44ef','\'\'',NULL,616305),('2_Friday','14','14:00','17:59','N','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Extend reality with tabletop RPG OWASP Cornucopia. Play sessions throughout workshop times.\'','\'Stryker\'','XRV_83f06d7ac11e604f10dc384eefbc7f9b','\'Title: Extend reality with tabletop RPG OWASP Cornucopia. Play sessions throughout workshop times.
\nWhen: Friday, Aug 9, 14:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-06 - Map
\n
\nDescription:
\nOWASP Cornucopia is a card game to assist software development teams identify security requirements in agile, conventional, and formal software development processes. It is language, platform, and technology agnostic. Having celebrated its 10th anniversary last year, Cornucopia has been refreshed including an updated full version of the game, a new Website App Edition updated with the OWASP ASVS 4.0 mapping and a Mobile App Edition with the OWASP MASVS 2.0 mapping for mobile development.
\n\nSpeakerBio: Stryker, Head of Security Communications and Planning at Adversary Pursuit Group (APG)
\nStryker is the Head of Security Communications and Planning for the Adversary Pursuit Group (APG), where she translates technical research and qualitative intelligence into the \"so what?\" and \"what now?\" solutions that keep more people safe and secure. Stryker\'s 2023 original cybersecurity research series \"Press Reset\" won multiple industry awards, including best use of original research and best data insights. You can find her on LinkedIn, Mastodon, or in the Lonely Hackers Club (LHC) Telegram chat, where she once (in)famously ranted about how commercial gun safes do not make for secure off-site data storage options. Stryker lives in the Baltimore-DC area, renovating a townhouse with her ancient beagle-hound mix and growing parsley for swallowtail butterfly caterpillars.
\n\n\n\'',NULL,616306),('2_Friday','15','14:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Extend reality with tabletop RPG OWASP Cornucopia. Play sessions throughout workshop times.\'','\'Stryker\'','XRV_83f06d7ac11e604f10dc384eefbc7f9b','\'\'',NULL,616307),('2_Friday','16','14:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Extend reality with tabletop RPG OWASP Cornucopia. Play sessions throughout workshop times.\'','\'Stryker\'','XRV_83f06d7ac11e604f10dc384eefbc7f9b','\'\'',NULL,616308),('2_Friday','17','14:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Extend reality with tabletop RPG OWASP Cornucopia. Play sessions throughout workshop times.\'','\'Stryker\'','XRV_83f06d7ac11e604f10dc384eefbc7f9b','\'\'',NULL,616309),('3_Saturday','11','11:00','12:59','N','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'AR + Art = interactive installations to bring your stories to life\'','\'Zaire Moore\'','XRV_c856a9e10b3ebe96386da9cc7ca7630f','\'Title: AR + Art = interactive installations to bring your stories to life
\nWhen: Saturday, Aug 10, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-06 - Map
\n
\nDescription:
\nLearn how in this hands-on lab with resident AR designer, Zaire Moore
\n\nSpeakerBio: Zaire Moore, BlackTerminus
\nCinematographer | AR Designer | Content Creator
\n\n\n\'',NULL,616310),('3_Saturday','12','11:00','12:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'AR + Art = interactive installations to bring your stories to life\'','\'Zaire Moore\'','XRV_c856a9e10b3ebe96386da9cc7ca7630f','\'\'',NULL,616311),('2_Friday','10','10:00','17:59','N','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_279202edf9039a313d3259514c4ee0b3','\'Title: ICS Village + XR Village Turn the lights on!
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-06 - Map
\n
\nDescription:
\nIdaho National Laboratory in collaboration with the Cybersecurity & Infrastructure Security Agency (CISA) will showcase the critical importance of safeguarding Industrial Control Systems (ICS) against cyber threats. Through a mixed reality game, the interactive VR experience illustrates the impacts of a cybersecurity attack on infrastructure, and highlights the intricate engineering processes that power our communities. By emphasizing the interdependencies within our Nation’s infrastructure, the VR challenges underscore the necessity of robust cybersecurity measures to ensure the reliability and security of essential services. Come restore power back to our city, virtually! (NOTE: this gamified interactive VR experience not technical in nature, and does not require cybersecurity or infrastructure knowledge to participate
\n\n\'',NULL,616312),('2_Friday','11','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_279202edf9039a313d3259514c4ee0b3','\'\'',NULL,616313),('2_Friday','12','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_279202edf9039a313d3259514c4ee0b3','\'\'',NULL,616314),('2_Friday','13','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_279202edf9039a313d3259514c4ee0b3','\'\'',NULL,616315),('2_Friday','14','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_279202edf9039a313d3259514c4ee0b3','\'\'',NULL,616316),('2_Friday','15','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_279202edf9039a313d3259514c4ee0b3','\'\'',NULL,616317),('2_Friday','16','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_279202edf9039a313d3259514c4ee0b3','\'\'',NULL,616318),('2_Friday','17','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_279202edf9039a313d3259514c4ee0b3','\'\'',NULL,616319),('3_Saturday','10','10:00','17:59','N','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_feaef71354f14ffe8ec78b865be46cf2','\'Title: ICS Village + XR Village Turn the lights on!
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-06 - Map
\n
\nDescription:
\nIdaho National Laboratory in collaboration with the Cybersecurity & Infrastructure Security Agency (CISA) will showcase the critical importance of safeguarding Industrial Control Systems (ICS) against cyber threats. Through a mixed reality game, the interactive VR experience illustrates the impacts of a cybersecurity attack on infrastructure, and highlights the intricate engineering processes that power our communities. By emphasizing the interdependencies within our Nation’s infrastructure, the VR challenges underscore the necessity of robust cybersecurity measures to ensure the reliability and security of essential services. Come restore power back to our city, virtually! (NOTE: this gamified interactive VR experience not technical in nature, and does not require cybersecurity or infrastructure knowledge to participate
\n\n\'',NULL,616320),('3_Saturday','11','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_feaef71354f14ffe8ec78b865be46cf2','\'\'',NULL,616321),('3_Saturday','12','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_feaef71354f14ffe8ec78b865be46cf2','\'\'',NULL,616322),('3_Saturday','13','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_feaef71354f14ffe8ec78b865be46cf2','\'\'',NULL,616323),('3_Saturday','14','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_feaef71354f14ffe8ec78b865be46cf2','\'\'',NULL,616324),('3_Saturday','15','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_feaef71354f14ffe8ec78b865be46cf2','\'\'',NULL,616325),('3_Saturday','16','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_feaef71354f14ffe8ec78b865be46cf2','\'\'',NULL,616326),('3_Saturday','17','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'ICS Village + XR Village Turn the lights on!\'','\'\'','XRV_feaef71354f14ffe8ec78b865be46cf2','\'\'',NULL,616327),('2_Friday','10','10:00','17:59','N','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_bc35e29d8e0841c5db09425e99c7f01b','\'Title: Signals Are Everywhere
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-06 - Map
\n
\nDescription:
\nBadVR Data Exploration through VR visualization. See RF signals, cellular signals and step into the data with a hands-on VR experience
\n\n\'',NULL,616328),('2_Friday','11','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_bc35e29d8e0841c5db09425e99c7f01b','\'\'',NULL,616329),('2_Friday','12','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_bc35e29d8e0841c5db09425e99c7f01b','\'\'',NULL,616330),('2_Friday','13','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_bc35e29d8e0841c5db09425e99c7f01b','\'\'',NULL,616331),('2_Friday','14','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_bc35e29d8e0841c5db09425e99c7f01b','\'\'',NULL,616332),('2_Friday','15','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_bc35e29d8e0841c5db09425e99c7f01b','\'\'',NULL,616333),('2_Friday','16','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_bc35e29d8e0841c5db09425e99c7f01b','\'\'',NULL,616334),('2_Friday','17','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_bc35e29d8e0841c5db09425e99c7f01b','\'\'',NULL,616335),('3_Saturday','10','10:00','17:59','N','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_6beafe7e17fe6887fb61324b5aee206e','\'Title: Signals Are Everywhere
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-06 - Map
\n
\nDescription:
\nBadVR Data Exploration through VR visualization. See RF signals, cellular signals and step into the data with a hands-on VR experience
\n\n\'',NULL,616336),('3_Saturday','11','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_6beafe7e17fe6887fb61324b5aee206e','\'\'',NULL,616337),('3_Saturday','12','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_6beafe7e17fe6887fb61324b5aee206e','\'\'',NULL,616338),('3_Saturday','13','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_6beafe7e17fe6887fb61324b5aee206e','\'\'',NULL,616339),('3_Saturday','14','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_6beafe7e17fe6887fb61324b5aee206e','\'\'',NULL,616340),('3_Saturday','15','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_6beafe7e17fe6887fb61324b5aee206e','\'\'',NULL,616341),('3_Saturday','16','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_6beafe7e17fe6887fb61324b5aee206e','\'\'',NULL,616342),('3_Saturday','17','10:00','17:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Signals Are Everywhere\'','\'\'','XRV_6beafe7e17fe6887fb61324b5aee206e','\'\'',NULL,616343),('4_Sunday','10','10:00','11:59','N','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Play All the Things\'','\'\'','XRV_e733b5dfc2bbebd9d1d145221dee4659','\'Title: Play All the Things
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-06 - Map
\n
\nDescription:
\nPlay VR the gear comes out for a casual, hands on demo area to explore the metaverse in VR with games & expoloration in Meta Quest VR and Meta Raybans MR
\n\n\'',NULL,616344),('4_Sunday','11','10:00','11:59','Y','XRV','LVCC West/Floor 1/Hall 4/HW4-01-06','\'Play All the Things\'','\'\'','XRV_e733b5dfc2bbebd9d1d145221dee4659','\'\'',NULL,616345),('2_Friday','18','18:00','18:20','N','DC','LVCC West/Floor 1/Hall 1/Track 4','\'DEF CON Franklin Project\'','\'Jacob H Braun\'','DC_aa64cba30431cbb8b9419f5919cd5333','\'Title: DEF CON Franklin Project
\nWhen: Friday, Aug 9, 18:00 - 18:20 PDT
\nWhere: LVCC West/Floor 1/Hall 1/Track 4 - Map
\n
\nDescription:
\nDEF CON Franklin will infuse research from the hacker community into national security and foreign policy debates. We aim to lift up groundbreaking work happening across villages and deliver this critical research to key policymakers across the globe. Aside from policy work, Franklin will empower individual members of the community to volunteer directly with under-resourced critical infrastructure that support our world.
\n\nSpeakerBio: Jacob H Braun, Acting Principal Deputy National Cyber Director at Office of the National Cyber Director (ONCD)
\nJake Braun served in the White House as Acting Principal Deputy National Cyber Director from May 2023 to July 2024. Prior to joining the White House Office of the National Cyber Director, he was appointed by President Joseph Biden as Senior Counselor to the Secretary of Homeland Security. Braun is also a lecturer at the University of Chicago’s Harris School of Public Policy Studies and Chairman of the Cyber Policy Initiative there.
\n\nFrom 2009 to 2011, Braun served as White House Liaison to the U.S. Department of Homeland Security. Braun is also co-founder of the DEF CON Voting Machine Hacking Village (Voting Village) hacker conference.\"
\n\n\n\'',NULL,616346),('3_Saturday','10','10:00','10:30','N','DCGVR','Virtual','\'Jayson Street - Keynote\'','\'Jayson E. Street\'','DCGVR_682a170d91bbcd5c84c0c717140e53ea','\'Title: Jayson Street - Keynote
\nWhen: Saturday, Aug 10, 10:00 - 10:30 PDT
\nWhere: Virtual
\n
\nDescription:
\n\n\nSpeakerBio: Jayson E. Street
\nJayson E. Street referred to in the past as:
\n\nA \"notorious hacker\" by FOX25 Boston, \"World Class Hacker\" by National Geographic Breakthrough Series and described as a \"paunchy hacker\" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.
\n\nHe\'s a Simulated Adversary for hire. The author of the \"Dissecting the hack: Series\" ( Which has been taught in colleges and Jayson also appears in college text books as well). Also, the DEF CON Groups Global Ambassador. He\'s spoken at DEF CON, DEF CON China, GRRCon, DerbyCon and at several other \'CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.
\n\nHe loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once all others he was supposed to)!
\n\nJayson is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far but if they are please note he was proud to be chosen as one of Time\'s persons of the year for 2006.
\n\n\n\'',NULL,616347),('3_Saturday','10','10:00','10:30','N','DCGVR','LVCC West/Floor 2/W236','\'Jayson Street - Keynote\'','\'Jayson E. Street\'','DCGVR_81b3cbdbcc3ed2329e2e00455774d8ba','\'Title: Jayson Street - Keynote
\nWhen: Saturday, Aug 10, 10:00 - 10:30 PDT
\nWhere: LVCC West/Floor 2/W236 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Jayson E. Street
\nJayson E. Street referred to in the past as:
\n\nA \"notorious hacker\" by FOX25 Boston, \"World Class Hacker\" by National Geographic Breakthrough Series and described as a \"paunchy hacker\" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.
\n\nHe\'s a Simulated Adversary for hire. The author of the \"Dissecting the hack: Series\" ( Which has been taught in colleges and Jayson also appears in college text books as well). Also, the DEF CON Groups Global Ambassador. He\'s spoken at DEF CON, DEF CON China, GRRCon, DerbyCon and at several other \'CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.
\n\nHe loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once all others he was supposed to)!
\n\nJayson is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far but if they are please note he was proud to be chosen as one of Time\'s persons of the year for 2006.
\n\n\n\'',NULL,616348),('3_Saturday','11','11:00','11:40','N','DCGVR','Virtual','\'Breaking and Defending Cloud Infrastructure: Red Team Evasion Tactics and Access Control Solutions\'','\'Amal Joy,Abhishek S\'','DCGVR_a04123a6fd78d4ffd3d9ea3cd9a8950e','\'Title: Breaking and Defending Cloud Infrastructure: Red Team Evasion Tactics and Access Control Solutions
\nWhen: Saturday, Aug 10, 11:00 - 11:40 PDT
\nWhere: Virtual
\n
\nDescription:
\n\n\nSpeakers:Amal Joy,Abhishek S
\n
\nSpeakerBio: Amal Joy, Security Engineer at Highradius
\nAmal Joy is a Security Engineer at Highradius. His area of research falls into Infrastuture Security , Redteaming in Multicloud environments and Corporate Networks. He also loves spending leasure time on malware development. He is an Executive member of DC0471 defcon group He has over 3 years of experience in playing CTF\'s and also hosted many hiring MultiCloud Adversary CTF\'s in Reputed conferences like Seasides 22. With Strong focus on MultiCloud and ActiveDirectory, He currently holds various certifications like CARTP,MCRTA,CCRTA,EJPT.
\n\nSpeakerBio: Abhishek S, Security Engineer at Flipkart
\nAbhishek S is a Security Engineer at Flipkart with primary research focus in application security and red teaming. He is a staff of Adversary Village at (DEF CON) and an executive member of DC0471 group, he has been a speaker for various conferences like C0c0n 23 and Blackhat MEA 23. With over 4 years of experience playing CTF(s) and hunting for vulnerabilities in various VDP programs. He is listed in hall of fames of Google, Facebook, Microsoft and 40+ organizations for finding their security vulnerabilities. He has about four cve(s) from various organizations such as Android, Tenable, StrAPI CMS etc. currently holds various certifications such as OSCP, BSCP, CRTP, GIAC GFACT etc. Other than the technical side, he loves to travel around the world and is a automotive enthusiast.
\n\n\n\'',NULL,616349);
INSERT INTO `events` VALUES ('3_Saturday','12','12:05','13:05','N','DCGVR','Virtual','\'DEF CON Groups Panel #1\'','\'ᗩᒪETᕼE,xray,TX,overcast,Abhishek S\'','DCGVR_537288fd517434ab5976aec3fe6801db','\'Title: DEF CON Groups Panel #1
\nWhen: Saturday, Aug 10, 12:05 - 13:05 PDT
\nWhere: Virtual
\n
\nDescription:
\n\n\nSpeakers:ᗩᒪETᕼE,xray,TX,overcast,Abhishek S
\n
\nSpeakerBio: ᗩᒪETᕼE
\nNo BIO available
\nSpeakerBio: xray
\nNo BIO available
\nSpeakerBio: TX
\nNo BIO available
\nSpeakerBio: overcast
\nNo BIO available
\nSpeakerBio: Abhishek S, Security Engineer at Flipkart
\nAbhishek S is a Security Engineer at Flipkart with primary research focus in application security and red teaming. He is a staff of Adversary Village at (DEF CON) and an executive member of DC0471 group, he has been a speaker for various conferences like C0c0n 23 and Blackhat MEA 23. With over 4 years of experience playing CTF(s) and hunting for vulnerabilities in various VDP programs. He is listed in hall of fames of Google, Facebook, Microsoft and 40+ organizations for finding their security vulnerabilities. He has about four cve(s) from various organizations such as Android, Tenable, StrAPI CMS etc. currently holds various certifications such as OSCP, BSCP, CRTP, GIAC GFACT etc. Other than the technical side, he loves to travel around the world and is a automotive enthusiast.
\n\n\n\'',NULL,616350),('3_Saturday','13','12:05','13:05','Y','DCGVR','Virtual','\'DEF CON Groups Panel #1\'','\'ᗩᒪETᕼE,xray,TX,overcast,Abhishek S\'','DCGVR_537288fd517434ab5976aec3fe6801db','\'\'',NULL,616351),('3_Saturday','13','13:05','14:05','N','DCGVR','Virtual','\'The Sand Castle - The State of the MacOS Sandbox\'','\'Jonathan \"JBO\" Bar Or\'','DCGVR_0384371e2142ebd05a46acc0d379cdce','\'Title: The Sand Castle - The State of the MacOS Sandbox
\nWhen: Saturday, Aug 10, 13:05 - 14:05 PDT
\nWhere: Virtual
\n
\nDescription:
\n\n\nSpeakerBio: Jonathan \"JBO\" Bar Or, Principal Security Researcher at Microsoft
\nJonathan Bar Or (\"JBO\") is a Principal Security Researcher at Microsoft, working as the Microsoft Defender research architect for cross-platform. Jonathan has rich experience in vulnerability research, exploitation, cryptoanalysis, and offensive security in general.
\n\n\n\'',NULL,616352),('3_Saturday','14','13:05','14:05','Y','DCGVR','Virtual','\'The Sand Castle - The State of the MacOS Sandbox\'','\'Jonathan \"JBO\" Bar Or\'','DCGVR_0384371e2142ebd05a46acc0d379cdce','\'\'',NULL,616353),('3_Saturday','14','14:05','14:50','N','DCGVR','Virtual','\'Brief History of GRC\'','\'Allen Baranov\'','DCGVR_57b390a87f68a27173551b2d1120a7fb','\'Title: Brief History of GRC
\nWhen: Saturday, Aug 10, 14:05 - 14:50 PDT
\nWhere: Virtual
\n
\nDescription:
\n\n\nSpeakerBio: Allen Baranov
\nWorld\'s only AAA-rated GRC hacker. DEFCON Group 11613 (Melbourne) founder. Time Magazine\'s Person of the year in 2006. Infinidash expert
\n\n\n\'',NULL,616354),('3_Saturday','15','15:05','16:05','N','DCGVR','Virtual','\'How I Learned to Stop Worrying and Love the Ban\'','\'Manfred\'','DCGVR_09f3d956a39be123ca32cb2f0307dc1a','\'Title: How I Learned to Stop Worrying and Love the Ban
\nWhen: Saturday, Aug 10, 15:05 - 16:05 PDT
\nWhere: Virtual
\n
\nDescription:
\n\n\nSpeakerBio: Manfred
\nManfred started out by taking apart toasters and breaking things to find out how they worked. That curiosity moved to client-server authoritative online games and snowballed into a 20+ year career operating in the dark alleys of shadow markets. Manfred has been in the trenches of hacking online games while building out a toolbelt to keep an upper hand in the ever changing cheat vs anti cheat arms race.
\n\n\n\'',NULL,616355),('3_Saturday','16','15:05','16:05','Y','DCGVR','Virtual','\'How I Learned to Stop Worrying and Love the Ban\'','\'Manfred\'','DCGVR_09f3d956a39be123ca32cb2f0307dc1a','\'\'',NULL,616356),('3_Saturday','16','16:05','17:05','N','DCGVR','Virtual','\'Unlocking Hidden Superpowers: Neurodiversity in Infosec\'','\'Xavier \"rubix1138\" Ashe\'','DCGVR_32282dc82bbf5511b20cd6a68af7f0ca','\'Title: Unlocking Hidden Superpowers: Neurodiversity in Infosec
\nWhen: Saturday, Aug 10, 16:05 - 17:05 PDT
\nWhere: Virtual
\n
\nDescription:
\nAre you ready to embark on a journey that celebrates uniqueness, innovation, and untapped potential? It’s time to shine a light on Neurodiversity and what that means to Information Security.
\n\n\n- The Power of Neurodiversity:
\n
\n\nImagine a world where different brains aren’t seen as deficits but as diverse strengths. Neurodiversity embraces the beautiful mosaic of human minds, from ADHD to autism and beyond.\nXavier will unravel the superpowers hidden within neurodivergent individuals—like visual hypersensitivity, out-of-the-box thinking, and encyclopedic knowledge. These aren’t just buzzwords; they’re game-changers for the Infosec field.
\n\n\n- Success Stories and Real Impact:
\n
\n\nBrace yourself for success stories that defy convention. JPMorgan Chase’s neurodiverse hires outperform their peers by leaps and bounds. Productivity spikes, retention soars, and innovation thrives.\nUltra Testing, an IT company with 75% neurodiverse staff, proves that inclusion isn’t charity—it’s smart business. Their mantra? “Staffing fantastically capable talent who just haven’t had a fair shot before.”
\n\n\n- Creating an Inclusive Future:
\n
\n\nXavier won’t stop at inspiration; he’ll equip you with actionable steps including: How to Revisit Hiring Processes, Adapting the Environment, Tailored Career Journeys
\n\n\n- Be Part of the Movement:
\n
\n\nWhether you’re a hacker, an individual seeking help, or just a cat lover (yes, there’s a slide for that!), this presentation is your invitation to change the narrative.
\n\nSo mark your calendar, grab your virtual seat, and let’s celebrate neurodiversity—one mind at a time. Remember, the rising tide lifts all boats. Join us, learn, and be part of a more inclusive future! Don’t miss out—this isn’t your typical tech talk. It’s a revolution waiting to happen. See you there!
\n\nSpeakerBio: Xavier \"rubix1138\" Ashe, Senior Vice President, Cyber Operations and Technology at Truist
\nXavier Ashe is currently a Senior Vice President in Truist’s Cyber Operations and Technology division where he was awarded the Truist Performance Award. He is Chairman of the Board for the Technology Association of Georgia (TAG) Information Security Society. Xavier is a Georgia Institute of Technology alumnus and has over 30 years of leadership experience in information security, working for various vendors and consulting firms including IBM, Gartner, and Carbon Black. Xavier was the first hire at the startup Drawbridge Networks, where he was instrumental in bringing the first microsegmentation solution for servers and workstations to market. Mr. Ashe has plenty of war stories, including the first DDOS attack ever, Target, Sony, Aramco, [REDACTED], and others. Xavier is an accomplished speaker and has presented at many security conferences including DefCon, BlackHat, RSA, BSides, Splunk .conf, SANS, and others.
\n\n\n\'',NULL,616357),('3_Saturday','17','16:05','17:05','Y','DCGVR','Virtual','\'Unlocking Hidden Superpowers: Neurodiversity in Infosec\'','\'Xavier \"rubix1138\" Ashe\'','DCGVR_32282dc82bbf5511b20cd6a68af7f0ca','\'\'',NULL,616358),('3_Saturday','17','17:05','17:50','N','DCGVR','Virtual','\'Front line first aid: Triaging your DFIR emergency responders\'','\'Neumann \"scsideath\" Lim\'','DCGVR_303d9e361591637078bc2f58d8705a17','\'Title: Front line first aid: Triaging your DFIR emergency responders
\nWhen: Saturday, Aug 10, 17:05 - 17:50 PDT
\nWhere: Virtual
\n
\nDescription:
\nDigital forensics and incident responders, as well as other essential emergency workers, often face high stress levels and risk burnout due to their demanding roles. This talk is for professionals, spouses, managers and corporations and will cover the following topics:
\n\nSelf-Care, Hacking Health, maintaining Work-Life Balance, building a Support network, developing Mindfulness and Relaxation Techniques, using technology to Manage Workload, working with management to Create a Positive Work Environment.
\n\nHaving built and lead successful DFIR practices that dealt with some of Canada’s largest data breaches. I wish to impart what I have learnt over the years so others may protect and nurture their most sacred resource, people.
\n\nSpeakerBio: Neumann \"scsideath\" Lim, Manager at Odlum Brown
\nNeumann Lim is a manager at Odlum Brown where he leads the defense against criminals and state sponsored actors targeting the financial industry. Prior to this role, Neumann spent several years working with large enterprises and governments specializing in dig.
\n\nWith more than 15 years of infosec experience, he has delivered numerous cyber risk assessments, coordinated national incident responses across multiple industries. Neumann has been invited to share his research and thought leadership at many security conferences such as Grayhat Con, DefCon BlueTeam Village, HTCIA, BSides, Toronto CISO Summit and CCTX.ital forensics and incident response investigating some of Canada’s largest data breaches from 2018-2023.
\n\n\n\'',NULL,616359),('3_Saturday','18','18:05','19:05','N','DCGVR','Virtual','\'Something something Meshtastic Pip-Boy Personal Mesh with 150 km reach\'','\'Giglio\'','DCGVR_038a0798eb1c36822622a3303791e827','\'Title: Something something Meshtastic Pip-Boy Personal Mesh with 150 km reach
\nWhen: Saturday, Aug 10, 18:05 - 19:05 PDT
\nWhere: Virtual
\n
\nDescription:
\n\n\nSpeakerBio: Giglio
\nThere once was a lad, brave and free\nWhose words I shall craft in glee\n\"Meshtastic\" he\'d say\nWith his Pip-Boy each day\nHe traveled so far with amazing spree\n(limerick bio created by Private LLM)
\n\n\n\'',NULL,616360),('3_Saturday','19','18:05','19:05','Y','DCGVR','Virtual','\'Something something Meshtastic Pip-Boy Personal Mesh with 150 km reach\'','\'Giglio\'','DCGVR_038a0798eb1c36822622a3303791e827','\'\'',NULL,616361),('3_Saturday','19','19:05','19:30','N','DCGVR','Virtual','\'Who cashed my check?! Catching (Very Obvious) Fraudsters\'','\'Squiddy\'','DCGVR_23d844c1baae1eb4dee42f7a1da58759','\'Title: Who cashed my check?! Catching (Very Obvious) Fraudsters
\nWhen: Saturday, Aug 10, 19:05 - 19:30 PDT
\nWhere: Virtual
\n
\nDescription:
\n\n\nSpeakerBio: Squiddy
\nSquiddy is a transmasc lesbian hacker, Desktop Engineer, and small business owner from the cornfields of the midwest. They joined the hacker scene in 2017 as an OSINT newbie, and founded Defcon574, now merged with Michiana InfoSec, in 2019 as a student organization at Indiana University. Since 2017, they\'ve given presentations at local tech meetups, and at DEF CON, covering various topics from medical information systems, to gender-inclusivity, and open source intelligence.
\n\n\n\'',NULL,616362),('3_Saturday','19','19:35','19:50','N','DCGVR','Virtual','\'Shifting left in Reversing apk by converting smali to java\'','\'Just Tulpa\'','DCGVR_45388915dddafb08b9cfd3fdd886798f','\'Title: Shifting left in Reversing apk by converting smali to java
\nWhen: Saturday, Aug 10, 19:35 - 19:50 PDT
\nWhere: Virtual
\n
\nDescription:
\n\n\nSpeakerBio: Just Tulpa
\nHi I\'m currently pursuing Msc In Information Security and I\'m really interested in Android security
\n\n\n\'',NULL,616363),('3_Saturday','20','20:05','20:35','N','DCGVR','Virtual','\'What!? Is my life that fragile?\'','\'hoodiePony\'','DCGVR_df9facdf73b3e31b7012ffe147065b12','\'Title: What!? Is my life that fragile?
\nWhen: Saturday, Aug 10, 20:05 - 20:35 PDT
\nWhere: Virtual
\n
\nDescription:
\nThe increased dependency on the digital life to participate in society means, digital life is real life. With that, the consequences of failure in confidentiality, integrity and availability of our digital self, can have dire consequences. So, I threat modelled living in 2024; and it’s more fragile than I thought!
\n\nHow digitally resilient do you think you are?
\n\nLet’s talk about that, and some things we can do about it.
\n\nSpeakerBio: hoodiePony
\nI\'m just a friendly local cyber security sherpa. Helping people verifiably build a safer, secure, and more resilient world by sharing knowledge and experience. This includes the privilege of presenting here at DCG VR previously, and a keynote at ChCon NZ, amongst many other conferences. I am grounded by the many years of experience spent security advising and assessing critical infrastructure in Australia, and governments, to small startups. That said, I’m just another nerd of figuring out how things work, tinkering, and challenging assumptions; sharing a story so that we can all make better informed decisions through broader perspectives.
\n\n\n\'',NULL,616364),('2_Friday','16','16:15','16:45','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'I\'ve got 99 problems but a prompt injection ain\'t watermelon\'','\'Chloé Messdaghi,Kasimir Schulz\'','APV_3de3abd9f3a15af86851d2a7a0196458','\'Title: I\'ve got 99 problems but a prompt injection ain\'t watermelon
\nWhen: Friday, Aug 9, 16:15 - 16:45 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nThe ethical and secure disclosure of vulnerabilities in AI has emerged as a pivotal challenge, compounded by the need to address biases and misinformation that often cloud the true nature of these vulnerabilities. This talk delves into the intricate dynamics of vulnerability disclosure within AI, balancing transparency with security. We\'ll dissect the unique challenges AI presents, such as data bias exploitation and model manipulation, which can amplify the impact of vulnerabilities. Through a lens of real-world examples and recent disclosures, we\'ll navigate the complexities of responsible vulnerability management in AI. Our discussion will not only aim to shed light on these critical issues but also inspire a unified approach to refining disclosure processes. This concerted effort is vital for enhancing the integrity of AI systems and bolstering public trust in their use.
\n\nSpeakers:Chloé Messdaghi,Kasimir Schulz
\n
\nSpeakerBio: Chloé Messdaghi, Head of Threat Intelligence at HiddenLayer
\nChloé Messdaghi is the Head of Threat Intelligence at HiddenLayer, leading efforts to secure AI measures and promote industry-wide security practices. A sought-after public speaker and trusted authority for journalists, her expertise has been widely featured in the media. Recognized as a Power Player by Business Insider and SC Media, Chloé has made significant contributions to cybersecurity. Outside of work, she is dedicated to philanthropy, advancing industry progress, and promoting societal and environmental well-being.
\n\nChloé Messdaghi serves as the Head of Threat Intelligence at HiddenLayer, where she spearheads efforts to fortify security for AI measures and fosters collaborative initiatives to enhance industry-wide security practices for AI. A highly sought-after public speaker and trusted authority for national and sector-specific journalists, Chloé\'s expertise has been prominently featured across various media platforms. Her impactful contributions to cybersecurity have earned her recognition as a Power Player by esteemed publications such as Business Insider and SC Media.Beyond her professional endeavors, Chloé remains passionately committed to philanthropy aimed at advancing industry progress and fostering societal and environmental well-being.
\n\nSpeakerBio: Kasimir Schulz, Principal Security Researcher at HiddenLayer
\nKasimir Schulz, Principal Security Researcher at HiddenLayer, is a leading expert in uncovering zero-day exploits and supply chain vulnerabilities in AI. His work has been featured in BleepingComputer and Dark Reading, and he has spoken at conferences such as FS-ISAC and Black Hat. Kasimir leads the development of advanced tools for automating vulnerability detection and implementing large-scale patches, fortifying systems against supply chain attacks. His dedication to proactive defense measures sets a new standard in cybersecurity resilience.
\n\n\n\'',NULL,616365),('2_Friday','17','17:00','17:30','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'When Chatbots Go Rogue – Lessons Learned from Building and Defending LLM Applications\'','\'Andra,Javan Rasokat\'','APV_1d61a3b79aa7664754170cba237bd145','\'Title: When Chatbots Go Rogue – Lessons Learned from Building and Defending LLM Applications
\nWhen: Friday, Aug 9, 17:00 - 17:30 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nFrom theory to practice: dive into the lessons learned from building and defending an LLM application. This talk offers firsthand insights into the challenges and breakthroughs experienced while developing and securing large language models in real-world settings. We\'ll explore critical vulnerabilities, innovative defense strategies, and practical tips for enhancing the robustness of AI applications. Join us to gain actionable knowledge that can help you navigate the evolving landscape of AI security with confidence.
\n\n\n\nSpeakers:Andra,Javan Rasokat
\n
\nSpeakerBio: Andra
\nAndra is a Principal Application Security Specialist at Sage, with over seven years of experience in the field of application security. She is responsible for implementing DevSecOps practices, conducting security assessments, and developing secure coding guidelines for software engineering and AI/ML teams. She holds multiple certifications, including AWS Certified Cloud Practitioner and Attacking and Securing APIs. She has a strong background in software development and project management, as well as a master\'s degree in information and computer sciences. She has been co-leading the OWASP London Chapter since 2019, where she organises and delivers events and workshops on various security topics. She is passionate about educating and empowering developers and stakeholders to build and deliver secure software and best practices in a fast-paced, results-driven environment.
\n\nSpeakerBio: Javan Rasokat
\nJavan works as a Senior Application Security Specialist at Sage, helping software teams enhance security throughout the software development lifecycle. In addition to his day job, he lectures on Secure Coding at DHBW University in Germany. Javan’s passion for ethical hacking started young, automating online games and finding security bugs, which he would report to game operators. He turned this passion into a career, first as a security consultant and later specializing in penetration testing. Javan holds a Master’s degree in IT Security Management and several certifications, including GXPN, CISSP, CCSP, and CSSLP. He has shared his expertise at numerous conferences, including OWASP Global AppSec, Ekoparty, and HITB. Last year, Javan gave a talk on the vulnerabilities of large language models, using GitHub Copilot as a case study to examine their impact on secure coding practices.
\n\n\n\'',NULL,616366),('3_Saturday','10','10:15','10:55','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Navigating the Cyber Security Labyrinth: Choose Your Own Security Adventure?\'','\'punkcoder\'','APV_44de7fd12859117d876928286f543122','\'Title: Navigating the Cyber Security Labyrinth: Choose Your Own Security Adventure?
\nWhen: Saturday, Aug 10, 10:15 - 10:55 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nOver the last 36 months, the cybersecurity landscape has evolved with unprecedented complexity, marked by ransomware, supply chain attacks, zero-days, remote work challenges, and more. Amid mass layoffs and pervasive mental burnout, organizations face daunting tasks in defending against escalating cyber threats. Layoffs exacerbate the skills gap, leaving teams stretched thin. Mental burnout hampers practitioners\' abilities. In this talk, we\'ll explore the impacts of recent and chart a path forward for application security. As a lone AppSec professional, your choices will shape the future. Will you navigate through complexity or become lost in redundant complications?
\n\nSpeakerBio: punkcoder
\nJames is a developer and security advocate who has lead developer security practices. He set the standards and procedures for how the engineering practices operate, and lead client engagement efforts with regard to cyber security. He also has lead company staff training to promote best practices with regard to security.
\n\nJames has acted as a system and application architect, and evaluates application design as part of the security audits. In a past James was responsible for Architecture and developing solutions on multi-million implementation efforts. Key clients included the Eight Fortune 500 companies (Seven in the Fortune 100), as well as several well known non-profits and leaders in their industries. Vertices served included geospatial healthcare, transportation, financial services, retail, insurance, and energy.
\n\nIn his free time James is involved with running BSides Boulder and AppSec Village @ DEFCON.
\n\n\n\'',NULL,616367),('3_Saturday','11','11:00','11:30','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'BOLABuster: Harnessing LLMs for Automating BOLA Detection\'','\'Jay Chen,Ravid Mazon\'','APV_8aeaf4bb38bbb0979eec0f82a5bd2cf7','\'Title: BOLABuster: Harnessing LLMs for Automating BOLA Detection
\nWhen: Saturday, Aug 10, 11:00 - 11:30 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nBOLA is a prevalent vulnerability in modern APIs and web applications, topping the OWASP API risk chart, and ranking fourth in HackerOne Global Top 10. Its impact ranges from data exposure to total system control loss.
\n\nWhile manually triggering known BOLAs is relatively straightforward, automatic detection is challenging due to the complexities of application logic, the wide range of inputs, and the stateful nature of modern web applications.
\n\nTo tackle this, we leveraged LLMs to automate manual tasks such as understanding application logic, revealing endpoint dependency relationships, generating test cases, and interpreting results. Our AI-backed approach enables automating BOLA detection at scale, named BOLABuster.
\n\nThough in its early stages, BOLABuster identified numerous vulnerabilities in open-source projects. In one case, we submitted 15 CVEs for a project, some leading to critical privilege escalation. Our latest disclosed vulnerability was CVE-2024-1313, a BOLA in Grafana,
\n\nSpeakers:Jay Chen,Ravid Mazon
\n
\nSpeakerBio: Jay Chen
\nJay Chen is a Cloud Security Researcher with Prisma Cloud and Unit 42 at Palo Alto Networks. He has extensive research experience in cloud security. In his role at Palo Alto Networks, he focuses on investigating the vulnerabilities, design flaws, and adversarial TTPs in cloud-native technologies such as containers and public cloud services. He works to develop methodologies for identifying and remediating security gaps in public clouds and works to protect Prisma Cloud customers from threats.
\n\nIn previous roles, he has researched mobile cloud security and distributed storage security. Jay has authored 25+ academic and industrial papers.
\n\nSpeakerBio: Ravid Mazon
\nRavid:
\nRavid is a Senior Security Researcher at Palo Alto Networks with more than 6 years of hands-on experience in the Application & API Security field. As a Bachelor of Information Systems with a specialization in Cyber, Ravid brings an innovative attitude to the table, while researching different aspects in the AppSec world. He’s eager to experience, experiment, and learn something new every day. In his free time, Ravid likes to travel, exercise, and have a good time with friends and family.
\n\nJay:\nJay Chen is a Cloud Security Researcher with Prisma Cloud and Unit 42 at Palo Alto Networks. He has extensive research experience in cloud security. In his role at Palo Alto Networks, he focuses on investigating the vulnerabilities, design flaws, and adversarial TTPs in cloud-native technologies such as containers and public cloud services. He works to develop methodologies for identifying and remediating security gaps in public clouds and works to protect Prisma customers from threats.
\n\n\n\'',NULL,616368),('3_Saturday','11','11:00','13:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom','\'Application Threat Modeling with Trike\'','\'AreTillery\'','APV_d4644ca0ccba0e7062dc321b20575756','\'Title: Application Threat Modeling with Trike
\nWhen: Saturday, Aug 10, 11:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom - Map
\n
\nDescription:
\nThe earlier we perform security interventions, the better. The best time? While we’re designing an application. This workshop will discuss the importance and use of Application Threat Modeling during app design, how to apply it to existing applications during later phases of development, then perform application threat modeling on an example web application using the Trike methodology.
\n\nThe presented methodology is built on the concept that understanding the design of an application is all that is needed to create a threat model - and doing so can remove the uncertainties and brainstorming that other security threat modeling can require. Rather than requiring a deep security knowledge, all we need is to understand the application - something developers are uniquely suited to do.
\n\nSpeakerBio: AreTillery
\nTillery (they/them) is a co-founder of Neuvik Solutions and serves as their Director of Training & Education. Tillery has been in formal education and professional training roles for the US Department of Defense as well as for commercial companies for more than a decade. They have spent their career in cybersecurity on both sides of the red/blue divide, first focusing on reverse engineering and exploit development, then bringing their offensive mindset to the field of Application Security. Tillery brings deep technical knowledge and pedagogical training to instruction in cybersecurity, computer science, and mathematics.
\n\n\n\'',NULL,616369),('3_Saturday','12','11:00','13:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom','\'Application Threat Modeling with Trike\'','\'AreTillery\'','APV_d4644ca0ccba0e7062dc321b20575756','\'\'',NULL,616370),('3_Saturday','13','11:00','13:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom','\'Application Threat Modeling with Trike\'','\'AreTillery\'','APV_d4644ca0ccba0e7062dc321b20575756','\'\'',NULL,616371),('3_Saturday','11','11:00','11:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 1','\'Arsenal: SCAGoat\'','\'Gaurav Joshi,HK,kvprashant\'','APV_f04a5babe510ddd96cb868eb4d8c91a2','\'Title: Arsenal: SCAGoat
\nWhen: Saturday, Aug 10, 11:00 - 11:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 1 - Map
\n
\nDescription:
\nSCAGoat is a deliberately written vulnerable application designed for performing and learning Software Composition Analysis (SCA). There are many vulnerable web applications available to learn web app pentesting however there are not much resources to learn SCA, essentially applications built on vulnerable Open Source Software(OSS)
\n\nSpeakers:Gaurav Joshi,HK,kvprashant
\n
\nSpeakerBio: Gaurav Joshi
\nI am working extensively with Static Application Security Testing (SAST) as a security professional. My role involved conducting secure code reviews and utilizing SAST techniques to identify and mitigate vulnerabilities in software applications. As well as actively contribute to network focus on safeguarding potential threats.
\n\nSpeakerBio: HK
\nAs a Product Security Engineer, my passion for cybersecurity drives me to excel in various areas. I specialize in conducting penetration testing, actively participate in security Capture The Flag (CTF) competitions, and perform code reviews to ensure secure code development. My expertise extends to leveraging Static Application Security Testing (SAST) techniques in languages like Java, Python, JavaScript, JSP, among others.
\n\nSpeakerBio: kvprashant
\nPrashant Venkatesh is an information security expert with over 20 years of experience. He presently works as Manager, Product security at Poshmark Inc,
\n\nPrashant is an enthusiastic participant in the field who consistently coordinates, reviews papers, and presents his work at numerous InfoSec conferences, including at Nullcon and c0c0n. He is also active through the OWASP Bay Area chapter Leadership and he is co-founder of annual Seasides Conference.
\n\nGaurav Joshi is currently employed as a Product Security Engineer. His passion for cybersecurity propels him to excel in various areas. He specializes in conducting penetration testing, actively participates in security Capture The Flag (CTF) competitions, and performs code reviews to ensure secure code development. His expertise extends to leveraging Static Application Security Testing (SAST) techniques in languages like Java, Python, JavaScript, JSP, among others.
\n\n\n\'',NULL,616372),('3_Saturday','11','11:40','12:10','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Unlocking the Gates - Understanding Authentication Bypass Vulnerabilities\'','\'Vikas Khanna\'','APV_249221aa9d4837dea3f3e6830fbc9ba7','\'Title: Unlocking the Gates - Understanding Authentication Bypass Vulnerabilities
\nWhen: Saturday, Aug 10, 11:40 - 12:10 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nDuring the session, I will present an extensive array of over 15 distinct techniques and vulnerabilities that can be exploited for authentication bypass or account takeover. Some of the vulnerabilities I will cover include Session Puzzling, Session Fixation, Rate Limit Bypasses, Broken Brute-Force Protection, 2FA/OTP Misconfigurations, HTTP-Parameter Pollution, PHP Type Juggling, and many more. These insights will provide attendees with a comprehensive understanding of the various methods used by attackers to compromise authentication mechanisms and take control of user accounts.
\n\nSpeakerBio: Vikas Khanna
\nI specialize in Web Application and API Security Assessments. I have worked with industries spanning Finance, E-Commerce, Employee Management, Food, Beverages, and Fitness. I have a track record of successful bug bounty hunting and have identified major security flaws in prominent organizations such as Apple, Google, Microsoft, Oracle, Verizon, Sony, IBM, Intel, Nokia, and ING Bank.
\n\n\n\'',NULL,616373),('3_Saturday','12','11:40','12:10','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Unlocking the Gates - Understanding Authentication Bypass Vulnerabilities\'','\'Vikas Khanna\'','APV_249221aa9d4837dea3f3e6830fbc9ba7','\'\'',NULL,616374),('3_Saturday','12','12:20','12:50','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Maturing Your Application Security Program\'','\'SheHacksPurple\'','APV_27d1ed52d9925645232c1bbead165380','\'Title: Maturing Your Application Security Program
\nWhen: Saturday, Aug 10, 12:20 - 12:50 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nAfter working with over 400 companies on their application security programs the most common question I receive is “what’s next?”. They want to know how to mature their programs, and when they look at the maturity models available, they find them intimidating and so far beyond their current maturity level that they feel impossible. In this talk I will take you through 3 common AppSec program maturity levels I have encountered over the years, with practical and actionable next steps you could take immediately to improve your security posture.
\n\nSpeakerBio: SheHacksPurple
\nTanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She also is the head of education and community at Semgrep, running their online community and academy which both revolve around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty five years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion and kindness, which shines through in her countless initiatives.
\n\nAdvisor: Nord VPN, Katilyst, ICTC PAC
\n\nFounder: We Hack Purple, WoSEC International (Women of Security), OWASP DevSlop, #CyberMentoringMonday
\n\nFaculty: IANS Research
\n\n\n\'',NULL,616375),('3_Saturday','13','13:00','13:45','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Transforming AppSec: Protecting \'Everything as Code\' & Emerging Tech\'','\'Kunal Bhattacharya,Sara Attarzadeh,Shahar Man,Trupti Shiralkar\'','APV_29fa294e9afcb8e0b69d9e5ec2767410','\'Title: Transforming AppSec: Protecting \'Everything as Code\' & Emerging Tech
\nWhen: Saturday, Aug 10, 13:00 - 13:45 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nThe continuous adoption of emerging technological trends like Mobile, IoT, Cloud, Blockchains, and now GenAI has transformed application security from simple threat modeling and SAST/DAST scans to comprehensive proactive prevention and real-time detection of security anomalies. This panel will discuss the dynamic nature of AppSec as the lines between traditional infrastructure and cloud environments blur. We will explore the importance of maintaining a comprehensive security posture within \'everything as code\' ecosystems, emphasizing proper configuration and secret management to secure infrastructure effectively.
\n\nSpeakers:Kunal Bhattacharya,Sara Attarzadeh,Shahar Man,Trupti Shiralkar
\n
\nSpeakerBio: Kunal Bhattacharya
\nA Security Leader, Organization builder and mentor who helps organizations build robust Cyber defense and detection capabilities. I do this by building Secure SDL processes and machination encapsulating Shiftleft strategy, SecDevOps, Cloud and Penetration testing. My prior experience in all phases of Application development, System and database administration and Quality engineering helps me in building lasting relationships with peers in engineering and product organizations and working towards shared security goals.
\n\nSpeakerBio: Sara Attarzadeh
\nTBA
\n\nSpeakerBio: Shahar Man
\nPassionate about building and leading teams, I have successfully grown Engineering and Product teams from scratch, leveraging Agile methodologies. My focus lies in Application and Cloud Security, advocating for context-driven AppSec decisions.
\n\nSpeakerBio: Trupti Shiralkar
\nTrupti has 18 years of diverse experience, leading security and privacy initiatives in Fortune 500 companies and dynamic startups. Currently she is exploring data security and privacy space as part of her stealth mode startup “TrueNil”. Her journey is marked by cultivating high-performing teams, pioneering product security and privacy engineering strategies, and instilling a progressive mindset. A seasoned public speaker and product security leader, she passionately imparts her insights to drive positive security impacts and mitigate organizational risks. Notably, she holds a patent for a secure and anonymous electronic polling solution.
\n\n\n\'',NULL,616376),('3_Saturday','13','13:00','14:30','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 2','\'Arsenal: SanicDNS\'','\'Jasper Insinger\'','APV_702c56619749ad288a49af2a6a8efe3a','\'Title: Arsenal: SanicDNS
\nWhen: Saturday, Aug 10, 13:00 - 14:30 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 2 - Map
\n
\nDescription:
\nMost hackers have a love-hate relationship with DNS: teleporting a building block of the internet from the 80’s is a recipe for frustration. To give DNS a modern twist, we developed an ultra-fast open-source DNS scanner, SanicDNS, which is two orders of magnitude faster than popular tools.
\n\nThis Arsenal session will give a demonstration of how you can use SanicDNS to superpower your recon workflow using world\'s fastest DNS scanner.
\n\nSpeakerBio: Jasper Insinger
\nJasper Insinger is a security researcher with a background in Electrical Engineering with a passion for low level / embedded computing. Before transitioning into security, Jasper worked on engineering the world’s most efficient solar powered cars.
\n\n\n\'',NULL,616377),('3_Saturday','14','13:00','14:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 2','\'Arsenal: SanicDNS\'','\'Jasper Insinger\'','APV_702c56619749ad288a49af2a6a8efe3a','\'\'',NULL,616378),('3_Saturday','14','14:00','14:30','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Web2 Meets Web3: Hacking Decentralized Applications\'','\'Peiyu Wang\'','APV_d9edbdb069aab6d15a9192e18c3fcba8','\'Title: Web2 Meets Web3: Hacking Decentralized Applications
\nWhen: Saturday, Aug 10, 14:00 - 14:30 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nDapps (decentralized applications) are a type of application in the blockchain space that integrate both Web2 and blockchain components, presenting unique security challenges. Drawing from years of experience hacking Dapps, this session will share real-world examples of Dapp vulnerabilities and attack vectors. Topics covered include an introduction to Dapps, Dapp threat modeling, and Dapp vulnerability case studies, providing valuable insights and resources for newcomers and seasoned Web2 pentesters looking to enhance their Web3 application hacking skills.
\n\nSpeakerBio: Peiyu Wang
\nPeiyu is a Security Engineer at CertiK, a blockchain security company, where he has the chance to hack various blockchain products. Outside of work, he enjoys aping into meme coins, trading, and playing video games.
\n\n\n\'',NULL,616379),('3_Saturday','14','14:40','15:10','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Engineers & Exploits: The Quest for Security\'','\'Andra,Spyros Gasteratos\'','APV_59ff14efa280c7733b6e5e966eb39ef5','\'Title: Engineers & Exploits: The Quest for Security
\nWhen: Saturday, Aug 10, 14:40 - 15:10 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nEfficient threat modelling is essential for finding and fixing vulnerabilities. Yet empowering threat modelling trainers to communicate in a way that ensures actionable solutions, moving beyond the directive to “fix SQLI.” is a common challenge. This talk presents strategies for training threat modelers, ensuring they can communicate techniques and principles needed to better and address vulnerabilities early on in the SDLC
\n\nIntroducing: \"Engineers & Exploits: The Quest for Security\" a derivative of the Cornucopia card game. While Cornucopia is an excellent introductory threat modelling exercise, we found limitations when training our coworkers to subsequently instruct developers. To bridge this gap, we developed a tabletop game designed to improve the learning experience. In this interactive session, we will show game mechanics and explain benefits, \nJoin us to discover how you can transform threat modelling education, making it engaging for trainers and trainees.
\n\nSpeakers:Andra,Spyros Gasteratos
\n
\nSpeakerBio: Andra
\nAndra is a Principal Application Security Specialist at Sage, with over seven years of experience in the field of application security. She is responsible for implementing DevSecOps practices, conducting security assessments, and developing secure coding guidelines for software engineering and AI/ML teams. She holds multiple certifications, including AWS Certified Cloud Practitioner and Attacking and Securing APIs. She has a strong background in software development and project management, as well as a master\'s degree in information and computer sciences. She has been co-leading the OWASP London Chapter since 2019, where she organises and delivers events and workshops on various security topics. She is passionate about educating and empowering developers and stakeholders to build and deliver secure software and best practices in a fast-paced, results-driven environment.
\n\nSpeakerBio: Spyros Gasteratos
\nSpyros has over 15 years of experience in the security world. Since the beginning of his career he has been an avid supporter and contributor of open source software and an OWASP volunteer. Currently he is interested in the harmonization of security tools and information and is currently helping Fintechs setup and automate large parts of their AppSec programmes. He also maintains several Open Source projects including the security automation framework Dracon, and opencre.org, the worlds largest security knowledge graph. Also, he usually doesn’t speak about himself in the third person.
\n\n\n\'',NULL,616380),('3_Saturday','15','14:40','15:10','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Engineers & Exploits: The Quest for Security\'','\'Andra,Spyros Gasteratos\'','APV_59ff14efa280c7733b6e5e966eb39ef5','\'\'',NULL,616381),('3_Saturday','15','15:00','16:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom','\'Injecting and Detecting Backdoors in Code Completion Models\'','\'Ori Ron,Tal Folkman\'','APV_caa06a7b0412ae48c47440b054b8e80c','\'Title: Injecting and Detecting Backdoors in Code Completion Models
\nWhen: Saturday, Aug 10, 15:00 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom - Map
\n
\nDescription:
\nImmerse yourself in a workshop where we guide participants in creating a covert trojan within code completion models. Learn to inject a backdoor discreetly, then explore detection techniques. Gain hands-on experience crafting and identifying hidden threats, unveiling the underbelly of trusted coding.
\n\nSpeakers:Ori Ron,Tal Folkman
\n
\nSpeakerBio: Ori Ron
\nOri Ron, an experienced Application Security Researcher at Checkmarx, joined the company in 2016. With over eight years of expertise in the field, Ori specializes in identifying and mitigating security vulnerabilities in software systems. His research spans the application security aspects of many programming languages, technologies, and environments.
\n\nSpeakerBio: Tal Folkman
\nTal brings over 7 years of experience to her role as a supply chain security research team lead within Checkmarx Supply Chain Security group. She is in charge of detecting tracking and stopping Opensource attacks.
\n\n\n\'',NULL,616382),('3_Saturday','16','15:00','16:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom','\'Injecting and Detecting Backdoors in Code Completion Models\'','\'Ori Ron,Tal Folkman\'','APV_caa06a7b0412ae48c47440b054b8e80c','\'\'',NULL,616383),('3_Saturday','15','15:20','15:50','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Speed Bumps and Speed Hacks: Adventures in Car Manufacturers Security\'','\'David Sopas,Paulo A. Silva\'','APV_e8c24d70c43743e5d2003f4b62d5abb4','\'Title: Speed Bumps and Speed Hacks: Adventures in Car Manufacturers Security
\nWhen: Saturday, Aug 10, 15:20 - 15:50 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nSince the first car hit the road, manufacturers have been obsessed with safety. But hey, as AI wisely points out, determining the absolute \'safest\' car can be as subjective as trying to decide on the best pizza topping! So, we decided to shift gears… into the world of car manufacturers\' (application) security.
\n\nIn this talk, get ready for a wild ride as we unveil the security findings from our research, affecting at least eleven major car manufacturers. Buckle up, folks, because your favorite brand might be on our list—along with your personal info!
\n\nBring popcorn to watch some proof-of-concept videos.
\n\nWith this talk we aim to demonstrate:
\n\n\n- that modern Web Applications are still affected by old/traditional vulnerabilities,
\n- how security issues can be chained together to build real attacks/demonstrate impact,
\n- highlight a common pattern on running unpatched third-party software,
\n- how organizations benefit from a responsible disclosure policy.
\n
\n\nSpeakers:David Sopas,Paulo A. Silva
\n
\nSpeakerBio: David Sopas
\nDavid Sopas leads a team of security researchers at Checkmarx and co-founder of Char49. With more than 15 years experience in pentesting and vulnerability research, he have been acknowledged by companies like Google, Yahoo!, eBay and Microsoft. Retired from this bug bounty hunting \"career\", Sopas now focus on IoT security and tries to learn new things every day.
\n\nSpeakerBio: Paulo A. Silva
\nWith a bachelor\'s degree in Computer Sciences and 15+ years developing software, in the last 10 years, Paulo has been focused on security research, ethical hacking, and penetration testing. He is a long-term OWASP volunteer and project leader, being one of those responsible for the OWASP API Security Top 10. He has co-/authored several secure coding practices manuals such as the OWASP Go Secure Coding Practices and the Kotlin Secure Coding Practices guide.
\n\n\n\'',NULL,616384),('3_Saturday','16','16:00','16:30','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'The Missing Link - How we collect and leverage SBOMs\'','\'Cassie Crossley\'','APV_8ba38586b27a068061afc8d957e01dd9','\'Title: The Missing Link - How we collect and leverage SBOMs
\nWhen: Saturday, Aug 10, 16:00 - 16:30 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nThere is some debate as to how SBOMs can enhance vulnerability management practices, and some believe that collecting SBOMs from internal teams or suppliers is too difficult and time-consuming. Learn how Schneider Electric has collected thousands of our product SBOMs and how we are leveraging the SBOMs as part of our corporate product CERT to quickly analyze and focus our attention when time is of importance. This presentation describes how we modified our policies and processes to collect, generate, and store thousands of SBOMs. You will hear how we have leveraged SBOMs during the Log4j and OpenSSL vulnerability events. Then we will conclude with key learnings, suggestions, and opportunities for improvement.
\n\nSpeakerBio: Cassie Crossley, Vice President, Supply Chain Security, Cybersecurity & Product Security Office at Schneider Electric
\nCassie Crossley, Vice President, Supply Chain Security in the global Cybersecurity & Product Security Office at Schneider Electric, is an experienced cybersecurity technology executive in Information Technology and Product Development and author of \"Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware.\" She has many years of business and technical leadership experience in supply chain security, cybersecurity, product/application security, software/firmware development, program management, and data privacy. Ms. Crossley has designed frameworks and operating models for end-to-end security in software development lifecycles, third party risk management, cybersecurity governance, and cybersecurity initiatives. She has an M.B.A. from California State University, Fresno, and her Bachelor of Science degree in Technical and Professional Communication with a specialization in Computer Science.
\n\n\n\'',NULL,616385),('3_Saturday','16','16:40','17:10','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'0.0.0.0 Day: Exploiting Localhost APIs From The Browser\'','\'Avi Lumelsky,Gal Elbaz\'','APV_bd423215774decdebbadc1bd923fc911','\'Title: 0.0.0.0 Day: Exploiting Localhost APIs From The Browser
\nWhen: Saturday, Aug 10, 16:40 - 17:10 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nBrowser-based attacks are not new in the malicious landscape of attack patterns. Browsers remain a popular infiltration method for attackers.
\n\nWhile seemingly local, services running on localhost are accessible to the browser using a flaw we found, exposing the ports on the localhost network interface, and leaving the floodgates ajar to remote network attacks.
\n\nIn this live demo and attack simulation we’ll unveil a zero-day vulnerability (still under responsible disclosure) in Chrome and other browsers, and how we use the 0-day to attack developers behind firewalls. We will demonstrate remote code execution on a wildly popular open-source platform serving millions in the data engineering ecosystem, that seems to run on localhost.
\n\nIn our talk, we will present novel attack techniques, targeting developers and employees within an organization, that are behind firewalls. This will be a first-ever deep dive into this newly discovered zero-day vulnerability.
\n\nSpeakers:Avi Lumelsky,Gal Elbaz
\n
\nSpeakerBio: Avi Lumelsky
\nAvi has a relentless curiosity about business, AI, security—and the places where all three connect. An experienced software engineer and architect, Avi’s cybersecurity skills were first honed in elite Israeli intelligence units. His work focuses on privacy in the age of AI and big data.
\n\nSpeakerBio: Gal Elbaz
\nCo-founder & CTO at Oligo Security with 10+ years of experience in vulnerability research and practical hacking. He previously worked as a Security Researcher at CheckPoint and served in the IDF Intelligence. In his free time, he enjoys playing CTFs.
\n\n\n\'',NULL,616386),('3_Saturday','17','16:40','17:10','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'0.0.0.0 Day: Exploiting Localhost APIs From The Browser\'','\'Avi Lumelsky,Gal Elbaz\'','APV_bd423215774decdebbadc1bd923fc911','\'\'',NULL,616387),('3_Saturday','17','17:20','17:50','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'The Dark Side of Bug Bounty\'','\'Jason Haddix\'','APV_2fc13d979d7b7ad7643e11f499d63cae','\'Title: The Dark Side of Bug Bounty
\nWhen: Saturday, Aug 10, 17:20 - 17:50 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nBug bounty is an intricate game between the bug hunter, the clients, and the intermediary.
\n\nLike any game, it can be hacked. Like some games, it can be unfair.
\n\nJoin Jason as he walks you through the darker secrets of bug bounty , tips and tricks to address them, and in some cases, commiserate that there are just bad realities to the game.
\n\nJason will address the problems hardly talked about in the system, from a hacker, program owner, and platform runner.
\n\nSpeakerBio: Jason Haddix, Arcanum Security
\nJason Haddix, leads as CEO and “Hacker in Charge” of Arcanum Information Security, a premier firm specializing in assessments and training. Currently, he is the Field CISO for Flare.io and a Strategic Advisor to Bugcrowd. With a distinguished 20-year tenure in cybersecurity, Jason has previously held notable positions such as CISO at Ubisoft, Head of Trust at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has expertise across nearly all cybersecurity domains and is ranked 57th all-time on Bugcrowd’s bug bounty leaderboards.
\n\n\n\'',NULL,616388),('4_Sunday','10','10:15','10:45','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'The Immortal Retrofuturism of Mainframe Computers and How to Keep Them Safe\'','\'Michelle Eggers\'','APV_2d558eb82b7545c218c00bb2bd9a6b00','\'Title: The Immortal Retrofuturism of Mainframe Computers and How to Keep Them Safe
\nWhen: Sunday, Aug 11, 10:15 - 10:45 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nWhen you used your debit card today, do you know where that transaction was sent? Though it may conjure archival images of a 1950’s IT room stocked with enormous, low-tech machines, Mainframe technology is both modernized and heavily relied upon today.
\n\nMainframe architecture is some of the most reliable tech available, able to manage incredibly large input/output volumes with low risk of downtime and there are few signs of it being sunset in the decades to come. As protectors of the cyber landscape, understanding how mainframes are incorporated into a businesses topology and ways to secure mainframe architecture will remain important for any entity that utilizes this technology.
\n\nIn this talk we\'ll explore the pervasiveness of mainframe technology, why it will remain relevant to the future landscape of mission critical-applications, and several trusted solutions for helping to secure these incredible computers.
\n\nSpeakerBio: Michelle Eggers
\nAs a Security Consultant, Michelle Eggers executes penetration testing for a variety of client environments. After making a strong pivot from operations into proactive security, Michelle focuses on web application, mainframe, and network pentesting.
\n\nMichelle has contributed to the security community by speaking about mainframe and web application security at various cybersecurity conferences, volunteering with Black Girls Hack during Hacker Summer Camp, and driving forward interest in securing mission critical systems and critical infrastructure through authoring blog posts and social media content on the subjects.
\n\nCredentials and certifications earned include CompTIA Security+ and ISC2 Certified in Cybersecurity. She also holds a Bachelor of Science degree in Accounting, a Project Management Certificate from Cornell University, and an Evolve Security Certified Professional credential.
\n\n\n\'',NULL,616389),('4_Sunday','10','10:45','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom','\'Kubernetes Security: Hands-On Attack and Defense\'','\'alevsk\'','APV_a91190b3b4a87abd66f8a5f662e7dbe4','\'Title: Kubernetes Security: Hands-On Attack and Defense
\nWhen: Sunday, Aug 11, 10:45 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom - Map
\n
\nDescription:
\nKubernetes is the de facto operating system of the cloud, more organizations are running their workloads on Kubernetes. While Kubernetes offers many benefits, new users may introduce security risks like cluster misconfiguration, leaked credentials, cryptojacking, container escapes, and vulnerable clusters.
\n\nThis workshop will teach you the fundamentals of Kubernetes security, from protecting your cluster to securing your workloads. You\'ll learn about RBAC, OPA, Security Contexts, Network Policies, and other security features. You\'ll also learn how to exploit workloads running on a Kubernetes environment using Living Off the Land (LotL) techniques like exploiting Insecure APIs, Secrets Theft, Container Escape and Pod Privilege Escalation, similar to the ones used by real-world threat actors.
\n\nThis workshop is designed for both beginners and advanced students. By the end of the workshop, you\'ll have a deep understanding of Kubernetes security and the skills to protect your K8S clusters.
\n\nSpeakerBio: alevsk
\nLenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog https://www.alevsk.com.
\n\n\n\'',NULL,616390),('4_Sunday','11','10:45','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom','\'Kubernetes Security: Hands-On Attack and Defense\'','\'alevsk\'','APV_a91190b3b4a87abd66f8a5f662e7dbe4','\'\'',NULL,616391),('4_Sunday','12','10:45','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom','\'Kubernetes Security: Hands-On Attack and Defense\'','\'alevsk\'','APV_a91190b3b4a87abd66f8a5f662e7dbe4','\'\'',NULL,616392),('4_Sunday','11','11:00','11:30','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Gridlock: The Dual-Edged Sword of EV and Solar APIs in Grid Security\'','\'Vangelis Stykas\'','APV_9cddfea7d62ae023da35b72b033550df','\'Title: Gridlock: The Dual-Edged Sword of EV and Solar APIs in Grid Security
\nWhen: Sunday, Aug 11, 11:00 - 11:30 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nIn this talk, we delve deep into the increasingly interconnected world of electronic vehicles (EVs), photovoltaic (PV) solar systems, and the broader power grid infrastructure—a nexus that is becoming a fertile ground for potential large-scale cyber disruptions. As we navigate through this complex interplay of technology and infrastructure, we will uncover the critical vulnerabilities lurking within the API connections that bind these systems together. Our exploration will not only highlight these weaknesses but will also demonstrate, through real-world scenarios and potential attack vectors, how they can be exploited to launch sophisticated cyber-attacks, emphasizing the urgent need for robust security frameworks and proactive cybersecurity measures to safeguard our collective future.\nThe advent of PV inverters and EV charging systems has been marred by the industry\'s \"rush to market\" mentality, leading to overlooked security considerations.
\n\nSpeakerBio: Vangelis Stykas, Chief Technology Officer at Atropos
\nVangelis began as a developer from Greece. Six years ago he realized that only his dog didn’t have an API, so he decided to steer his focus towards security.
\n\nThat led him to pursue a PhD in Web Application Security with an extra focus on machine learning. He’s still actively pursuing it.
\n\nHe currently applies his skills as a Chief Technology Officer at Atropos, and during his free time, Vangelis is helping start-ups secure themselves on the internet and get a leg up in security terms.
\n\nHis love of a simplistic approach to hacking by exploiting vulnerable APIs led him to publish research regarding API controlling ships, smart locks, IP cameras, car alarms, EV chargers, and many other IoT devices. Since our lives are nowadays extremely cyber-dependent, his goal is to convince all companies to never neglect their API security as rush-to-market mentality is almost certain to lead to catastrophic security failure.
\n\n\n\'',NULL,616393),('4_Sunday','11','11:00','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2','\'Activity: Threat modelling fun session with OWASP Cornucopia\'','\'Andra\'','APV_d44f62d54ff3e1cc060c30aa0bbd0b23','\'Title: Activity: Threat modelling fun session with OWASP Cornucopia
\nWhen: Sunday, Aug 11, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2 - Map
\n
\nDescription:
\nJoin us into this collaborative game of OWASP Cornucopia! Over the course of two hours we will create a Threat Model of an example target infrastructure using the OWASP Cornucopia game! Winner keeps the deck!
\n\nSpeakerBio: Andra
\nAndra is a Principal Application Security Specialist at Sage, with over seven years of experience in the field of application security. She is responsible for implementing DevSecOps practices, conducting security assessments, and developing secure coding guidelines for software engineering and AI/ML teams. She holds multiple certifications, including AWS Certified Cloud Practitioner and Attacking and Securing APIs. She has a strong background in software development and project management, as well as a master\'s degree in information and computer sciences. She has been co-leading the OWASP London Chapter since 2019, where she organises and delivers events and workshops on various security topics. She is passionate about educating and empowering developers and stakeholders to build and deliver secure software and best practices in a fast-paced, results-driven environment.
\n\n\n\'',NULL,616394),('4_Sunday','12','11:00','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2','\'Activity: Threat modelling fun session with OWASP Cornucopia\'','\'Andra\'','APV_d44f62d54ff3e1cc060c30aa0bbd0b23','\'\'',NULL,616395),('4_Sunday','11','11:00','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3','\'Activity: Threat modelling fun session with OWASP Cornucopia\'','\'Konstantinos Papapanagiotou\'','APV_63e0e5c8a4e9ce5504af3030a34053b8','\'Title: Activity: Threat modelling fun session with OWASP Cornucopia
\nWhen: Sunday, Aug 11, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3 - Map
\n
\nDescription:
\nJoin us into this collaborative game of OWASP Cornucopia! Over the course of two hours we will create a Threat Model of an example target infrastructure using the OWASP Cornucopia game! Winner keeps the deck!
\n\nSpeakerBio: Konstantinos Papapanagiotou
\nKonstantinos is the Advisory Services Director at Census Labs S.A. Prior to that, he worked for OTE S.A. (member of Deutsche Telekom Group) where he was responsible for the cyber security solutions offered to corporate customers. In the past he has led cyber security consulting teams in other private sector organizations. He has more than 20 years of experience in the field of cyber security both as a corporate consultant and as a researcher. During that time, he participated in numerous cyber security projects in public and private sector organizations, in Greece, Europe, and the Middle East. He has been an OWASP volunteer since 2004, leading the Greek chapter and contributing to several projects. He holds a PhD and BSc from the Department of Informatics and Telecommunications at the University of Athens, Greece, as well as a MSc in Information Security with distinction from Royal Holloway, University of London. For more than 10 years he served as an Adjunct Lecturer at the Hellenic American University, as well as the University of Athens and University of Piraeus, teaching Information Security to postgraduate and undergraduate students.
\n\n\n\'',NULL,616396),('4_Sunday','12','11:00','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3','\'Activity: Threat modelling fun session with OWASP Cornucopia\'','\'Konstantinos Papapanagiotou\'','APV_63e0e5c8a4e9ce5504af3030a34053b8','\'\'',NULL,616397),('4_Sunday','11','11:45','12:15','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Your CI/CD Pipeline Is Vulnerable, But It\'s Not Your Fault\'','\'Elad Pticha,Oreen Livni\'','APV_6a856edfba7293d3c55bb6ac2910c60c','\'Title: Your CI/CD Pipeline Is Vulnerable, But It\'s Not Your Fault
\nWhen: Sunday, Aug 11, 11:45 - 12:15 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nAre you really sure that the code executed inside your pipelines is secure? Join us as we explore how command injection in a single CI/CD pipeline component can create a major vulnerability in Google\'s flagship project, Bazel.
\n\nOur research reveals a command injection vulnerability within Bazel GitHub Action, showcasing the potential compromise of the entire open-source project. Through live demonstrations, we illustrate how threat actors can exploit seemingly secure pipelines and tamper widely used repositories with malicious code.
\n\nBy attending, you\'ll gain actionable insights into securing your CI/CD pipelines and learn practical strategies to protect your projects from similar vulnerabilities.
\n\nSpeakers:Elad Pticha,Oreen Livni
\n
\nSpeakerBio: Elad Pticha
\nElad is a passionate security researcher with a focus on software supply chain and web application security. He dedicates his time to writing security research tools and finding vulnerabilities across a broad spectrum, from open-source projects and web applications to IoT devices and pretty much anything with an IP address.
\n\nSpeakerBio: Oreen Livni
\nOreen Livni is a passionate security researcher specializing in application and supply chain security, Domain, and networking. With a focus on software supply chain vulnerabilities. Alongside his professional commitments, he immerses himself in art, gardening, and the world of surfing, always seeking new experiences.\nWith an unwavering commitment to staying updated on the latest security trends, he embraces new challenges and strives to make a difference in the cybersecurity landscape.
\n\n\n\'',NULL,616398),('4_Sunday','12','11:45','12:15','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Your CI/CD Pipeline Is Vulnerable, But It\'s Not Your Fault\'','\'Elad Pticha,Oreen Livni\'','APV_6a856edfba7293d3c55bb6ac2910c60c','\'\'',NULL,616399),('4_Sunday','12','12:30','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Using EPSS for Better Vulnerability Management\'','\'jgamblin\'','APV_444f15021060ab1cdc5457430882d805','\'Title: Using EPSS for Better Vulnerability Management
\nWhen: Sunday, Aug 11, 12:30 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nThe Exploit Prediction Scoring System (EPSS) provides efficient, data-driven vulnerability management data that uses current threat information from CVE and real-world exploit that helps understand the probability that a vulnerability will be exploited.
\n\nThis talk will discuss the EPSS model in-depth and demonstrate how to implement EPSS for CI/CD pipelines and more traditional operating systems and application patching.
\n\nSpeakerBio: jgamblin
\nResearcher. Builder. Hacker. Traveler.
\n\n\n\'',NULL,616400),('3_Saturday','10','10:00','17:30','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_a530dbf7148e6b79bdf04e9b2f3ce0e5','\'Title: Fix the Flag Wargame
\nWhen: Saturday, Aug 10, 10:00 - 17:30 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF - Map
\n
\nDescription:
\nAppSec Village is proud to present our DEF CON Contest in partnership with SecDim.
\n\nUnlike a typical CTF, this contest rewards the players who fix security vulnerabilities. You can choose between secure coding challenges or competing against other players in an Attack & Defence AppSec challenge, where you need to secure your app before being given a chance to hack other players’ apps 😈.
\n\nYou can also develop your own AppSec challenge by following challenge contribution guidelines. All approved challenges will be hosted during AppSec Village @ DEF CON.
\n\nThere are two categories of winners:\n- The player with the highest total points by the end of the event (August 11 at 12:00 PM PDT)\n- The best-contributed challenge submission
\n\nThe Award Ceremony will be held at 12:45 PM PDT in the AppSec Village on August 11.
\n\nSpeakerBio: Harley Wilson
\nHarley Wilson is a software engineer (intern) at SecDim, a secure coding wargame platform. With a background as a Police Officer for nine years, Harley is now channelling his expertise into the field of software development. He is pursuing a Bachelor of Computing (Software Engineering) at Curtin University, with an anticipated graduation in 2024.
\n\n\n\'',NULL,616401),('3_Saturday','11','10:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_a530dbf7148e6b79bdf04e9b2f3ce0e5','\'\'',NULL,616402),('3_Saturday','12','10:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_a530dbf7148e6b79bdf04e9b2f3ce0e5','\'\'',NULL,616403),('3_Saturday','13','10:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_a530dbf7148e6b79bdf04e9b2f3ce0e5','\'\'',NULL,616404),('3_Saturday','14','10:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_a530dbf7148e6b79bdf04e9b2f3ce0e5','\'\'',NULL,616405),('3_Saturday','15','10:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_a530dbf7148e6b79bdf04e9b2f3ce0e5','\'\'',NULL,616406),('3_Saturday','16','10:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_a530dbf7148e6b79bdf04e9b2f3ce0e5','\'\'',NULL,616407),('3_Saturday','17','10:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_a530dbf7148e6b79bdf04e9b2f3ce0e5','\'\'',NULL,616408),('2_Friday','10','10:00','17:30','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_70b1e24e2feb98d5532967bbf8ed685d','\'Title: Fix the Flag Wargame
\nWhen: Friday, Aug 9, 10:00 - 17:30 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF - Map
\n
\nDescription:
\nAppSec Village is proud to present our DEF CON Contest in partnership with SecDim.
\n\nUnlike a typical CTF, this contest rewards the players who fix security vulnerabilities. You can choose between secure coding challenges or competing against other players in an Attack & Defence AppSec challenge, where you need to secure your app before being given a chance to hack other players’ apps 😈.
\n\nYou can also develop your own AppSec challenge by following challenge contribution guidelines. All approved challenges will be hosted during AppSec Village @ DEF CON.
\n\nThere are two categories of winners:\n- The player with the highest total points by the end of the event (August 11 at 12:00 PM PDT)\n- The best-contributed challenge submission
\n\nThe Award Ceremony will be held at 12:45 PM PDT in the AppSec Village on August 11.
\n\nSpeakerBio: Harley Wilson
\nHarley Wilson is a software engineer (intern) at SecDim, a secure coding wargame platform. With a background as a Police Officer for nine years, Harley is now channelling his expertise into the field of software development. He is pursuing a Bachelor of Computing (Software Engineering) at Curtin University, with an anticipated graduation in 2024.
\n\n\n\'',NULL,616409),('2_Friday','11','10:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_70b1e24e2feb98d5532967bbf8ed685d','\'\'',NULL,616410),('2_Friday','12','10:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_70b1e24e2feb98d5532967bbf8ed685d','\'\'',NULL,616411),('2_Friday','13','10:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_70b1e24e2feb98d5532967bbf8ed685d','\'\'',NULL,616412),('2_Friday','14','10:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_70b1e24e2feb98d5532967bbf8ed685d','\'\'',NULL,616413),('2_Friday','15','10:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_70b1e24e2feb98d5532967bbf8ed685d','\'\'',NULL,616414),('2_Friday','16','10:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_70b1e24e2feb98d5532967bbf8ed685d','\'\'',NULL,616415),('2_Friday','17','10:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_70b1e24e2feb98d5532967bbf8ed685d','\'\'',NULL,616416),('4_Sunday','10','10:00','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_60338c2ee815bba5ecd58ff25c209155','\'Title: Fix the Flag Wargame
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF - Map
\n
\nDescription:
\nAppSec Village is proud to present our DEF CON Contest in partnership with SecDim.
\n\nUnlike a typical CTF, this contest rewards the players who fix security vulnerabilities. You can choose between secure coding challenges or competing against other players in an Attack & Defence AppSec challenge, where you need to secure your app before being given a chance to hack other players’ apps 😈.
\n\nYou can also develop your own AppSec challenge by following challenge contribution guidelines. All approved challenges will be hosted during AppSec Village @ DEF CON.
\n\nThere are two categories of winners:\n- The player with the highest total points by the end of the event (August 11 at 12:00 PM PDT)\n- The best-contributed challenge submission
\n\nThe Award Ceremony will be held at 12:45 PM PDT in the AppSec Village on August 11.
\n\nSpeakerBio: Harley Wilson
\nHarley Wilson is a software engineer (intern) at SecDim, a secure coding wargame platform. With a background as a Police Officer for nine years, Harley is now channelling his expertise into the field of software development. He is pursuing a Bachelor of Computing (Software Engineering) at Curtin University, with an anticipated graduation in 2024.
\n\n\n\'',NULL,616417),('4_Sunday','11','10:00','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_60338c2ee815bba5ecd58ff25c209155','\'\'',NULL,616418),('4_Sunday','12','10:00','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF','\'Fix the Flag Wargame\'','\'Harley Wilson\'','APV_60338c2ee815bba5ecd58ff25c209155','\'\'',NULL,616419),('2_Friday','10','10:15','10:45','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Winning big: AppSec Considerations From the Casino Industry\'','\'Aleise McGowan,Tennisha Martin\'','APV_da71f728bb3c1936a333d807ab5ad240','\'Title: Winning big: AppSec Considerations From the Casino Industry
\nWhen: Friday, Aug 9, 10:15 - 10:45 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nIn the casino industry, a surge of ransomware attacks has marked an era of unprecedented threats and vulnerabilities. This session will focus on a critical aspect of security within this industry, exploring how ransomware has specifically impacted applications and associated systems. Attendees will gain insights into the methods used by malicious actors to compromise casino applications, the resulting financial and operational disruptions, (i.e., affected customer data security etc.) and responses developed to counter these threats. By researching industry giants like MGM and Caesars, we will highlight the importance of robust application security measures and the future landscape of cybersecurity in this sector. Unique security challenges faced by the casino industry will be explored, along with examples of vulnerabilities and their exploitation. The session will also delve into the interplay between ICT, IoT, and application security in the casino context.
\n\nSpeakers:Aleise McGowan,Tennisha Martin
\n
\nSpeakerBio: Aleise McGowan
\nDr. Aleise H. McGowan is a cybersecurity leader and academic with over 20 years of experience in the field. She serves as the CISO for BlackGirlsHack, an organization dedicated to increasing diversity in cybersecurity, while also holding the position of Assistant Professor at the University of Southern Mississippi.
\n\nSpeakerBio: Tennisha Martin
\nTennisha Martin is the founder and Executive Director of BlackGirlsHack (BGH Foundation), a national cybersecurity nonprofit organization dedicated to providing education and resources to underserved communities and increasing the diversity in cyber. BlackGirlsHack provides its members with resources, mentorship, direction, and training required to enter and excel in the cybersecurity field. Tennisha has a bachelor’s degree in Electrical and Computer Engineering from Carnegie Mellon University and several Master’s Degrees including in Cybersecurity and Business Administration. She has worked in a consulting capacity for over 15 years and is a best selling author, award winning hacker, and an advocate for diversity.
\n\n\n\'',NULL,616420),('2_Friday','11','11:00','11:30','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Securing Frontends at Scale: Paving our Way to the Post-XSS World\'','\'Aaron Shim,jen-ozmen\'','APV_678446590cbf12f7601b6d16b2432c4e','\'Title: Securing Frontends at Scale: Paving our Way to the Post-XSS World
\nWhen: Friday, Aug 9, 11:00 - 11:30 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nCross-site scripting (XSS) remains a top web vulnerability. Google has invested heavily in defenses, and in this talk, we\'ll share our blueprint for protecting your code. We\'ll discuss how we implemented runtime and compile-time protections across hundreds of products used by billions, highlighting technical lessons and best practices. We\'ll also glimpse into the future of anti-XSS defenses and explore how we can make the web safer for everyone.
\n\nSpeakers:Aaron Shim,jen-ozmen
\n
\nSpeakerBio: Aaron Shim
\nAaron is a Senior Software Engineer at Google working on product security across all of Google\'s user facing webapps. Bridging the gap between security and development work, he has worked on product teams at both Google and Microsoft in the past, including Docs, GCP, and Visual Studio. He is extremely passionate about the developer experience and committed to empowering every dev to build the most secure and delightful products.
\n\nSpeakerBio: jen-ozmen
\nJen Ozmen is a Software Engineer at Google, where she works on the Information Security Engineering team, focusing on defense-in-depth mechanisms against common web vulnerabilities. She is passionate about building secure and reliable software, and she is always looking for new ways to improve the security of Google\'s web ecosystem. She is an active member of the tech community and enjoys sharing her knowledge through presentations at conferences like LibertyJS and Frontrunners DC.
\n\n\n\'',NULL,616421),('2_Friday','11','11:00','13:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom','\'Mind-Controlling Other Applications: An intro to intra-process hacking\'','\'ILOVEPIE\'','APV_b718a21ace598db4cf998a9814450732','\'Title: Mind-Controlling Other Applications: An intro to intra-process hacking
\nWhen: Friday, Aug 9, 11:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom - Map
\n
\nDescription:
\nLearn from the ground up how to take over the execution of another process and make it do your bidding! This workshop teaches you the basic to intermediate levels of runtime intra-process hacking on Windows and POSIX systems covering injecting code into another process on windows (and an overview of how this could be done on a POSIX system), locating specific code within an application in a update resistant manner, hooking and redirecting code execution using several techniques, abusing error handlers to disguise code and an overview of mitigation strategies to protect apps from intra-process hacking.
\n\nSpeakerBio: ILOVEPIE
\nEver since I found the only 3 books on programming in my elementary school\'s library I\'ve been captivated by the logical and mathematical problems presented by the field of Computer Science and how the solutions to those problems can go wrong and be exploited. In high-school I discovered a zero day Denial Of Service exploit in all implementations of the Minecraft server at that time. I promptly proceeded to crash, what was at the time, the largest Minecraft server in the world (with permission). From there my interests drifted more towards cybersecurity, particularly with regards to video games. I wrote a tool to dump and partially deobfuscate the RuneScape client while it was loading and have also written proof-of-concept hacks for several games and multiple game-server emulators. I am currently a maintainer for opentypejs/opentype.js (a font library in pure JS) and SABRE-JS/SABRE.js (a GPU accelerated subtitle renderer for the most advanced subtitle format in the world).
\n\n\n\'',NULL,616422),('2_Friday','12','11:00','13:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom','\'Mind-Controlling Other Applications: An intro to intra-process hacking\'','\'ILOVEPIE\'','APV_b718a21ace598db4cf998a9814450732','\'\'',NULL,616423),('2_Friday','13','11:00','13:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom','\'Mind-Controlling Other Applications: An intro to intra-process hacking\'','\'ILOVEPIE\'','APV_b718a21ace598db4cf998a9814450732','\'\'',NULL,616424),('2_Friday','11','11:00','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 1','\'Arsenal: AI Goat\'','\'Ofir Yakobi,Shir Sadon\'','APV_7ffbde0324c7ffe0e22b41087f2bf6ce','\'Title: Arsenal: AI Goat
\nWhen: Friday, Aug 9, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 1 - Map
\n
\nDescription:
\nAI Goat is a deliberately vulnerable AI infrastructure designed to help security enthusiasts and pen-testers understand and exploit AI-specific vulnerabilities based on the OWASP AI Top 10. This arsenal session will demonstrate how to deploy AI Goat, explore various vulnerabilities, and guide participants in exploiting these weaknesses. Attendees will engage hands-on with the tool, gaining practical experience in AI security. Deployment scripts will be open-source and available after the session.
\n\nSpeakers:Ofir Yakobi,Shir Sadon
\n
\nSpeakerBio: Ofir Yakobi
\nOfir Yakobi is a Security Researcher at Orca Security.\nWith almost a decade of experience in detecting cybercriminals, malware research, and unveiling numerous security issues for high-profile companies, she brings her expertise in breaking and strengthening cloud vendors. She\'s as passionate at uncovering vulnerabilities as she is at picking her next travel destination.
\n\nSpeakerBio: Shir Sadon
\nShir is a Cloud Security security and martial arts enthusiast! With a background in endpoints and servers cyber security, Shir once led research ventures to enhance departmental security. Now, Shir blends cybersecurity expertise with martial arts finesse, creating a formidable combination in the digital and physical realms
\n\n\n\'',NULL,616425),('2_Friday','12','11:00','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 1','\'Arsenal: AI Goat\'','\'Ofir Yakobi,Shir Sadon\'','APV_7ffbde0324c7ffe0e22b41087f2bf6ce','\'\'',NULL,616426),('2_Friday','11','11:00','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 2','\'Arsenal: CyberChef like Automation within BurpSuite - Let\'s get cooking with the CSTC\'','\'Matthias Göhring,Florian Haag\'','APV_76bb3aa065001f383a75dff0b609f5f1','\'Title: Arsenal: CyberChef like Automation within BurpSuite - Let\'s get cooking with the CSTC
\nWhen: Friday, Aug 9, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 2 - Map
\n
\nDescription:
\nImagine GCHQ\'s CyberChef integrated in BurpSuite with live modification of requests at your fingertips. That\'s exactly what we had in mind when we built the Cyber Security Transformation Chef (CSTC) a few years ago. The CSTC is an extension to the popular BurpSuite Proxy built for experts working with web applications. It enables users to define recipes that are applied to outgoing or incoming HTTP requests/ responses automatically. Whatever quirks and specialties an application might challenge you with during an assessment, the CSTC has you covered. Furthermore, it allows to quickly apply custom formatting to a chosen message, if a more detailed analysis is needed
\n\nSpeakers:Matthias Göhring,Florian Haag
\n
\nSpeakerBio: Matthias Göhring, Security Consultant and Penetration Tester at usd AG
\nMatthias Göhring is security consultant and penetration tester at usd AG, an information security company based in Germany with the mission #moresecurity. He is Head of usd HeroLab, the division of usd specialized in technical security assessments. In addition, he holds lectures at Technical University Darmstadt and University of Applied Sciences Darmstadt on ethical hacking and penetration testing. In previous scientific work, he focused on network and communication security as well as software security.
\n\nSpeakerBio: Florian Haag, Managing Security Consultant at usd AG
\nFlorian Haag is a managing security consultant at usd AG with experience in penetration testing, software security assessments as well as code reviews. He is specialized in penetration tests of thick client applications, leveraging his background in software development to reverse engineer proprietary client applications and network protocols. In addition, he maintains several open source tools for web application pentesting presented at international conferences like BlackHat and DEF CON.
\n\n\n\'',NULL,616427),('2_Friday','12','11:00','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 2','\'Arsenal: CyberChef like Automation within BurpSuite - Let\'s get cooking with the CSTC\'','\'Matthias Göhring,Florian Haag\'','APV_76bb3aa065001f383a75dff0b609f5f1','\'\'',NULL,616428),('2_Friday','11','11:45','12:15','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Ticking SQLi\'','\'Iggy\'','APV_71158437cd63be0daa39e8a61b19d070','\'Title: Ticking SQLi
\nWhen: Friday, Aug 9, 11:45 - 12:15 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nExplore the intricacies of time-based SQL injection through the lens of Operation GhostShell. This session delves into the methods used by attackers to exploit time delays for data extraction, highlighting real-world examples and the impact of these breaches on major universities. Attendees will gain a deep understanding of the technical aspects, see live demonstrations, and learn practical defense strategies to safeguard against such vulnerabilities. Perfect for security professionals seeking to enhance their knowledge of advanced SQLi techniques and mitigation.
\n\nSpeakerBio: Iggy
\nIgor Stepansky is a Platform Security Engineer at Axonius with two years of experience, specializing in the integration of security within DevSecOps. With a background in cybersecurity analysis in the Defense Aerospace industry, Igor expertly applies open-source tools to enhance software development security against digital threats. He champions a comprehensive security approach, emphasizing static and dynamic analysis, secrets management, and robust infrastructure as code (IaC). Igor is committed to fostering a security-conscious culture, advocating for practices that empower developers and engineers. His pragmatic and visionary perspective on cybersecurity positions him as a key figure in the field, offering actionable and forward-thinking insights.
\n\n\n\'',NULL,616429),('2_Friday','12','11:45','12:15','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Ticking SQLi\'','\'Iggy\'','APV_71158437cd63be0daa39e8a61b19d070','\'\'',NULL,616430),('2_Friday','12','12:30','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Hacking Corporate Banking for Fun and Profit\'','\'Charles Waterhouse,Nikhil \"niks\" Shrivastava\'','APV_9f179be6bced88664d2fd2a2ff07160b','\'Title: Hacking Corporate Banking for Fun and Profit
\nWhen: Friday, Aug 9, 12:30 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nI conducted thorough research on a corporate banking software widely utilized by numerous banks globally. This research was conducted during a bug bounty program for a leading bank in middle east, which employs this software. By examining their marketing brochures, we identified the third party company responsible for its development and after looking at their client we found out, their software is utilized by 60-70% of banks worldwide.
\n\nIn this talk i will explain how did i recon corporate banking application from extracting interesting endpoints and methods. Further used them to find attack surface. Furthermore, I will delve into the methods used to uncover critical vulnerabilities within their application, including SQL injections, bypassing access control mechanisms etc.
\n\nSpeakers:Charles Waterhouse,Nikhil \"niks\" Shrivastava
\n
\nSpeakerBio: Charles Waterhouse
\nAfter spending over 2 decades in the airline industry, I changed careers into cybersecurity. I have helped manage over 2400 engagements with teams of over 1000 researchers across all verticals in commercialand government. I regularly consult with executives in many Global 500 organizations and government to developsecurity and testing plans.
\n\nI have helped develop products around OWASP, NIST, OSINT, API and AI testing. I speak regularly at conferences and help train developers and blue teams to help defend some of the most critical networks worldwide.
\n\nSpeakerBio: Nikhil \"niks\" Shrivastava
\nMy Name is Nikhil Shrivastava AKA niksthehacker. I am an ethical hacker and bug bounty hunter. I have helped over 300 companies to uncover 1500+ Security Vulnerabilities such as Google, Microsoft, Tesla, Mozilla, Salesforce, eBay, Federal Agencies, and many more. I am the #1 hacker in India at Synack Red Team. I was awarded \"Synack Legend Hacker\" Status in 2021. I have also been interviewed by Defcon Red Team Village, Synack, and Indian media such as the Times of India, Economic Times, Indian Express, etc. I was also MSRC (Microsoft Security Response Center) Top 100 Hackers in 2016. I am the founder of Security BSides Ahmedabad, an international hacking conference hosted each year in Ahmedabad, India.
\n\n\n\'',NULL,616431),('2_Friday','13','13:00','13:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 2','\'Arsenal: GraphQL Armor - Open Source GraphQL Security\'','\'Antoine Carossio,Tristan Kalos\'','APV_2e418ffd27a38c51977261ed53a77084','\'Title: Arsenal: GraphQL Armor - Open Source GraphQL Security
\nWhen: Friday, Aug 9, 13:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 2 - Map
\n
\nDescription:
\nWith our open-source tool GraphQL Armor we want to take GraphQL security to the next level. GraphQL Armor is a dead-simple yet highly customizable security middleware for various GraphQL server engines. It offers advanced protection against common vulnerabilities like query depth, complexity, and rate limiting.
\n\nIn this session, we’ll dive into the technical details, demonstrating how to identify GraphQL-specific vulnerabilities, integrate GraphQL Armor into your current setup, and customize it to your needs.
\n\nSpeakers:Antoine Carossio,Tristan Kalos
\n
\nSpeakerBio: Antoine Carossio
\nFormer pentester for the French Intelligence Services.\nFormer Machine Learning Research @ Apple.
\n\nSpeakerBio: Tristan Kalos
\nTristan Kalos, co-founder and CEO at Escape, draws from a background as a software engineer and Machine Learning Researcher at UC Berkeley. Motivated by firsthand experience witnessing a client\'s database stolen through an API in 2018, he has since become an expert in API security, helping security engineers and developers worldwide building secure applications. He is an experienced keynote and conference speaker, presenting at Forum InCyber, bSides, APIdays, GraphQL conf, and other international software development and cyber security conferences.
\n\n\n\'',NULL,616432),('2_Friday','13','13:15','13:45','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'SDLC Nightmares - Defeating Secure Code Review GPT Hallucinations\'','\'Wang Zhilong,Xinzhi Luo\'','APV_2190e005ffbe128871438104e30fa9ce','\'Title: SDLC Nightmares - Defeating Secure Code Review GPT Hallucinations
\nWhen: Friday, Aug 9, 13:15 - 13:45 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nIn this talk, we will discuss the strengths and limitations of LLMs for code analysis tasks like code search and code clone detection. We will show when the LLMs make mistakes and what kinds of mistakes they make. For example, we observe that the performance of popular LLMs heavily relies on the well-defined variable and function names, therefore, they will make mistakes when some misleading variable name is given. Anyone interested in exploring the intersection of AI and code security analysis can attend this talk.
\n\nSpeakers:Wang Zhilong,Xinzhi Luo
\n
\nSpeakerBio: Wang Zhilong
\nNow security engineer in industry.
\n\nPh.D. degree obtained from Penn State University in 2023.
\n\nMaster degree obtained from Nanjing University in 2019.
\n\nSpeakerBio: Xinzhi Luo
\nXinzhi (April) Luo is a Carnegie Mellon University graduate with over three years of experience in information security. She combines technical expertise with a passion for sci-fi, often writing original stories. She is dedicated to innovative cybersecurity solutions.
\n\n\n\'',NULL,616433),('2_Friday','14','14:00','14:30','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Relative Path File Injection: The Next Evolution in RPO\'','\'Ian Hickey\'','APV_3c91aa136d5c11be5a321c6214fe5441','\'Title: Relative Path File Injection: The Next Evolution in RPO
\nWhen: Friday, Aug 9, 14:00 - 14:30 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nMost web security professionals are familiar with Relative Path Overwrite (RPO) attacks that allow injecting malicious CSS via a quirk in how browsers handle paths. But what if you could use a similar technique to get victims to download malicious files by clicking an innocuous looking download link on a trusted site? In this presentation, we\'ll unveil a new attack vector dubbed Relative Path File Injection (RPFI) that abuses path handling to turn benign websites into malware delivery platforms. Attendees will learn the anatomy of an RPFI attack, see demos of it in action, and learn how to detect this overlooked vulnerability class in the wild. We\'ll also release an open source GitHub repo with proof of concepts for users to try for themselves. RPFI represents a new breed of polyglot-based attack that exploits gaps between web specifications and real-world implementations.
\n\nSpeakerBio: Ian Hickey
\nIan Hickey, is a software developer in the Edtech space and devotes some time each week trying to solve problems that have not been solved before. His professional journey has been a unique blend of coding and education. As a software developer, he delved deep into the intricacies of how technology can enhance learning experiences. He mostly dabbles in security as a hobby. I am a lifelong hacker and I\'m an active member of HackerOne and similar bug bounty programs.
\n\n\n\'',NULL,616434),('2_Friday','15','15:00','17:30','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom','\'The Open Source Fortress: Finding Vulnerabilities in Your Codebase Using Open Source Tools\'','\'iosifache\'','APV_5c6dc550dcf70ffaed985f2b03b75891','\'Title: The Open Source Fortress: Finding Vulnerabilities in Your Codebase Using Open Source Tools
\nWhen: Friday, Aug 9, 15:00 - 17:30 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom - Map
\n
\nDescription:
\nRegardless of where it is hosted, a codebase could end up in the hands of malicious actors. Aside from the open source scenario, attackers may utilize sophisticated techniques to access and download it. An example is Okta\'s 2022 breach, in which the source code of the identity and access management platform was obtained from GitHub.
\n\nDevelopers are advised to adopt a shift-left approach, uncovering as many code flaws as possible before releasing it to the public.
\n\n\"The Open Source Fortress\" will provide a framework for detecting vulnerabilities in codebases with open-source tools. The examples imply the discovery of vulnerabilities in a custom, purposefully vulnerable codebase written in C and Python. Static techniques such as symbolic execution, secret scanning, code querying, and dependency scanning will be discussed, as will dynamic techniques such as fuzzing.
\n\nSpeakerBio: iosifache
\nAndrei spent 2022 as a technical leader for a start-up that specialises in automating cybersecurity solutions, as well as being a security engineer in the Romanian Army. After determining that the start-up idea was unviable, he left the public sector and accepted a position at Canonical, working to secure Ubuntu and its open-source components.
\n\nSubsequently, he relocated to Switzerland and joined Snap Inc., where he helps make Snapchat a safer platform for our users, free from spam and abuse.
\n\nAndrei\'s current focus is on software security. He has recently contributed to the open-source space and provided advice to start-ups on cybersecurity matters.
\n\n\n\'',NULL,616435),('2_Friday','16','15:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom','\'The Open Source Fortress: Finding Vulnerabilities in Your Codebase Using Open Source Tools\'','\'iosifache\'','APV_5c6dc550dcf70ffaed985f2b03b75891','\'\'',NULL,616436),('2_Friday','17','15:00','17:30','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Classroom','\'The Open Source Fortress: Finding Vulnerabilities in Your Codebase Using Open Source Tools\'','\'iosifache\'','APV_5c6dc550dcf70ffaed985f2b03b75891','\'\'',NULL,616437),('2_Friday','15','15:00','15:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 1','\'Arsenal: HunterBounter - Swiss Army Knife for Bug Bounty\'','\'Utku Yildirim\'','APV_f1825b41a872ace1a97055919d3503fd','\'Title: Arsenal: HunterBounter - Swiss Army Knife for Bug Bounty
\nWhen: Friday, Aug 9, 15:00 - 15:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 1 - Map
\n
\nDescription:
\nHunterBounter is an open-source tool designed to automate the scanning processes of tools like OpenVAS and ZAP Proxy using multiple Docker containers. Each container establishes a VPN connection to bypass security measures like IP bans during automated scans. The tool simplifies automated scanning for bug bounty hunters and penetration testers. Development is ongoing to integrate more open-source products for mobile, web application, and network scanning.
\n\nMore information about the tool:\nhttps://hunterbounter.com\nSource code:\nhttps://github.com/hunterbounter
\n\nDemo Platform:\nhttps://panel.hunterbounter.com\nUsername:\nAppSecVillage\nPassword:\ngX8Q.Ja7!RMHD.kzSp!Zyu?AWGV
\n\nSpeakerBio: Utku Yildirim
\nUtku Yildirim is an experienced cybersecurity professional with a strong background in penetration testing and security evaluation. Currently working as a Senior Penetration Tester at Hoffmann Cybersecurity in the Netherlands. He also continues his role as a penetration tester at Cobalt.io. Utku has a diverse skill set encompassing network, web, API, and mobile application security testing.
\n\nHis certifications include OSCE, OSCP, OSWP, and CRTO, among others. He has discovered multiple CVEs and has been recognized in international competitions such as NATO Locked Shields.
\n\nUtku is also a seasoned speaker, having presented at notable conferences like DEF CON 30 (Aerospace Village) , DEF CON 31(Telecom Village) and BSides Oslo, where he shared his insights on UAV security and SS7 hacking.
\n\n\n\'',NULL,616438),('2_Friday','15','15:00','15:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 2','\'Arsenal: Introducing RAVEN - Discovering and Analyzing CI/CD Vulnerabilities in Scale\'','\'Elad Pticha,Oreen Livni\'','APV_3a7ef7f274b408ceb40ab55f12dcfaae','\'Title: Arsenal: Introducing RAVEN - Discovering and Analyzing CI/CD Vulnerabilities in Scale
\nWhen: Friday, Aug 9, 15:00 - 15:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 2 - Map
\n
\nDescription:
\nAs the adoption of CI/CD practices continues to grow, securing these pipelines has become increasingly important. However, identifying vulnerabilities in CI/CD pipelines can be daunting, especially at scale. In this talk, we present our tooling, which we intend to release as open-source software to the public that helped us uncover hundreds of vulnerabilities in popular open-source projects\' CI/CD pipelines.
\n\nRAVEN (Risk Analysis and Vulnerability Enumeration for CI/CD) is a powerful security tool designed to perform massive scans for GitHub Actions CI workflows and digest the discovered data into a Neo4j database. With RAVEN, we were able to identify and address potential security vulnerabilities in some of the most popular repositories hosted on GitHub, including FreeCodeCamp, Fluent UI by Microsoft, and much more. \nThis tool provides a reliable and scalable solution for security analysis, enabling users to query the database and gain insights about their codebase\'s security posture
\n\nSpeakers:Elad Pticha,Oreen Livni
\n
\nSpeakerBio: Elad Pticha
\nElad is a passionate security researcher with a focus on software supply chain and web application security. He dedicates his time to writing security research tools and finding vulnerabilities across a broad spectrum, from open-source projects and web applications to IoT devices and pretty much anything with an IP address.
\n\nSpeakerBio: Oreen Livni
\nOreen Livni is a passionate security researcher specializing in application and supply chain security, Domain, and networking. With a focus on software supply chain vulnerabilities. Alongside his professional commitments, he immerses himself in art, gardening, and the world of surfing, always seeking new experiences.\nWith an unwavering commitment to staying updated on the latest security trends, he embraces new challenges and strives to make a difference in the cybersecurity landscape.
\n\n\n\'',NULL,616439),('2_Friday','15','15:30','15:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Fine Grained Authorisation with Relationship-Based Access Control\'','\'Ben Dechrai\'','APV_8c5d8a12a66e202fbdc82a56b6634b67','\'Title: Fine Grained Authorisation with Relationship-Based Access Control
\nWhen: Friday, Aug 9, 15:30 - 15:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nWho can tag me in a post? If I move this file to another folder, who now has access? If my owner breaks up with his friend, will I still get a bone?
\n\nWhether you\'re a human, or a dog, let\'s face it, authorisation is hard. Role-based access control is a great starting point but hard to scale. Attribute-based access control scales better, but neither are much good at answering more complex conditions, like whether friends-of-friends can read your posts. For such situations, we generally have to wrap this up into business logic.
\n\nThis is where relationship-based access control (ReBAC) comes in, offering a nuanced approach to accessing resources without codifying that into the applications.
\n\nIn this session, we\'ll look at how to define these relationships, experience live demos, and discover how we can deploy our own fine-grained authorisation service. Expect some tail-wagging insights and a few laughs as we explore access control from a canine\'s point of view.
\n\nSpeakerBio: Ben Dechrai
\nBen Dechrai is a technologist with a strong focus on security and privacy. At 11 years old he wrote software to stop his parents from breaking the family PC, and now he works as a developer advocate at Sonar, helping developers avoid breaking the internet through better security and coding practices. He enjoys helping others find the joy of problem-solving and experimentation.
\n\n\n\'',NULL,616440),('2_Friday','10','10:00','10:30','N','BTV','LVCC West/Floor 3/W310','\'Incident Response 101: Part 1 (IR Overview, Lifecycles, Frameworks, and Playbooks)\'','\'Jason Romero\'','BTV_9d14941aeb7fcad68441f5c045275c25','\'Title: Incident Response 101: Part 1 (IR Overview, Lifecycles, Frameworks, and Playbooks)
\nWhen: Friday, Aug 9, 10:00 - 10:30 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nThis primer on incident response delves into its components, including the necessary procedures, lifecycles, frameworks, and playbooks. Initially, we\'ll explore the concept of incident response and its requisites. Then, we\'ll examine the stages of the IR lifecycle and explore adaptable frameworks. Finally, we\'ll review the strategies and playbooks employed by IR analysts to effectively address incidents.
\n\nAn introduction to incident response that will focus on a general overview of incident response. Is a security event the same as a security incident? How will I know where to start when a security incident occurs? Although a security incident may unfold swiftly and with intensity, possessing a comprehensive grasp of the Incident Response (IR) process and utilizing frameworks and playbooks can mitigate the pressure inherent in investigating such incidents.
\n\nSpeakerBio: Jason Romero
\nJason is a skilled cybersecurity professional with over five years of experience in incident response. Throughout this period, he has developed a deep understanding of threat detection, mitigation, and recovery processes. Jason\'s expertise includes managing security incidents, conducting forensic analysis, and implementing effective response strategies to protect organizations from cyber threats. Known for his analytical skills and ability to work well under pressure, he has successfully led numerous incident response efforts which include adversary groups such as Scattered Spider. Jason is dedicated to stayed ahead of evolving cyber threats and continually enhances his knowledge through ongoing education and hands-on experience.
\n\n\n\'',NULL,616441),('3_Saturday','12','12:30','13:30','N','BTV','LVCC West/Floor 3/W309','\'Introduction to Creating Osquery Extensions: Enhancing Endpoint Security Visibility\'','\'Kivanc Aydin\'','BTV_8be210260ca25930af6e1cf5b67e1760','\'Title: Introduction to Creating Osquery Extensions: Enhancing Endpoint Security Visibility
\nWhen: Saturday, Aug 10, 12:30 - 13:30 PDT
\nWhere: LVCC West/Floor 3/W309 - Map
\n
\nDescription:
\nThis workshop offers a hands-on introduction to developing Osquery extensions for Linux and macOS, aimed at beginners seeking to enhance endpoint security visibility. Through guided instruction, participants will explore Osquery extension architecture, the Thrift API, SQL-based querying, and module integration. Real-world examples and best practices will be emphasized, providing attendees with the skills to create custom extensions tailored to organizational security needs. By the end of the session, participants will have the confidence to leverage Osquery effectively in bolstering endpoint security defenses. Python will be used during the workshop. Basic knowledge of python will be sufficient to follow workshop.
\n\nOutline:
\n\n\n- Introduction to Osquery and its role in endpoint security
\n- Overview of Osquery extension architecture
\n- First extension
\n- Understanding the basics of Osquery Thrift API
\n- Real-world examples and use cases
\n- Hands-on exercises and practical application
\n- Q&A and interactive discussion
\n
\n\nJoin us for a comprehensive introduction to developing Osquery extensions tailored for Linux and macOS environments. This hands-on training session, designed for beginners, will demystify the process of extending Osquery functionalities, empowering attendees to bolster their endpoint security strategies. Throughout the workshop, participants will learn the fundamentals of Osquery extension development, gain practical insights through real-world examples, and discover how to leverage Osquery\'s capabilities to enhance visibility into their endpoint ecosystems. By the end of this session, attendees will have the confidence and knowledge to create custom Osquery extensions, effectively enriching their organization\'s security posture.
\n\nSpeakerBio: Kivanc Aydin
\nWith a distinguished career spanning multiple sectors, Kivanc is a seasoned cybersecurity expert with a rich background in detection, monitoring, and incident response. Kivanc began their professional journey in the military, where they honed their skills in cyber defense and security strategies. Transitioning from military service, they brought their expertise to academia, delivering lectures at the university level and sharing their deep knowledge with the next generation of cybersecurity professionals.
\n\nCurrently, Kivanc is making significant contributions to the payment industry, where they apply their extensive experience to safeguard critical financial infrastructures. Their focus remains on enhancing detection and response capabilities to address emerging cyber threats effectively.
\n\nIn addition to practical experience, Kivanc holds a Master\'s degree in Cyber Security and multiple industry-standard certifications, underscoring their commitment to excellence and professional development. A strong advocate for open-source solutions, they actively contribute to and utilize open-source tools to drive innovation and community collaboration within the cybersecurity landscape.
\n\nDriven by a passion for continuous learning and knowledge sharing, Kivanc is dedicated to empowering others through education and mentorship, believing that collective effort is key to advancing the field of cybersecurity.
\n\n\n\'',NULL,616442),('3_Saturday','13','12:30','13:30','Y','BTV','LVCC West/Floor 3/W309','\'Introduction to Creating Osquery Extensions: Enhancing Endpoint Security Visibility\'','\'Kivanc Aydin\'','BTV_8be210260ca25930af6e1cf5b67e1760','\'\'',NULL,616443),('3_Saturday','15','15:00','15:59','N','BTV','LVCC West/Floor 3/W310','\'Hot SOC Topics for 2024: Feel the Spice!\'','\'Carson Zimmerman,Russ McRee,Eric Lippart,Enoch Long\'','BTV_ea4935859f2ef8261481eac93f7ae073','\'Title: Hot SOC Topics for 2024: Feel the Spice!
\nWhen: Saturday, Aug 10, 15:00 - 15:59 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nThis panel is a reprisal of the panel I\'ve done for a couple years now. The first two years we were very successful- packed room, high audience engagement. I\'m hoping to come back for a third year.
\n\nThis is not written for public consumption. If you want a longer description that\'s audience-facing, let me know!
\n\n* Topic 1- SOCs vs IT infrastructure / Network Ops, the battle continues\n• Start off by giving some good war stories when we see these groups collide\n• Then tell some stories where they worked together in success\n• What is the intended design: efficiency, collaboration, oversight, secrecy? \n• What techniques makes these relationships successful?\n• Operational models\n• Ticketing and tasking\n• Partnership and interfaces
\n\n* Topic 2- LLMs/ Generative AI in general\n• What are they actually being used for in practice so far\n• What do we see emerging from the market right now\n• What roles can we replace in the SOC / adjust staffing on\n• Let’s speculate on 3 years from now, what do we see showing actual value\n• What’s overhyped, so far\n• Is the SOC going away? (of course it isn’t– why not)\n• Expand scope… what ML techniques outside LLM do we see SOCs getting value out of? What’s not getting the attention that it should?\n• How could we accomplish supervised learning (known / labelled sets) at enough scale? A community driven project might accomplish this.\n• Unsupervised learning approach - could we accomplish threat intelligence attribution where there’s no right answer, but some pretty good basis, and keep refactoring on old campaigns until we have a pretty reasonable approximation? Which leads us to threat intel…
\n\n* Topic 3- Threat Intel\n• Everyone’s got feelings about this one, what do we mean by threat intel beyond simple IOC matching?\n• How much refinement is needed in threat intel reporting?\n• How are folks separating (and handling) Tactical vs Strategic threat intel?\n• Who are SOCs getting the most traction with by sharing? Execs? Constituents? Other SOCs?\n• Work products:\n• Executive facing reporting? (are execs understanding/getting the value out of these reports?)\n• IT briefings? \n• Threat intel production / extraction from investigations?\n• Attribution?
\n\n* Topic 4- Live audience participation\n• Let’s do some live polls of the audience– this worked well last time, let’s expand on that\n• Topics we’re considering:\n• Staffing models\n• Current hiring trends\n• Current detection efforts
\n\n* Topic 5- Cyber risk quantification\n• What do we mean by CRQ?\n• When incidents happen, what CRQ measurement methods actually work?\n• How are folks using CRQ to drive improvements in defensive controls and/or other risk-related initiatives?\n• What is more speculative, low value, hard, or otherwise should the audience stay away from?
\n\nCome hear 5 SOC veterans discuss some of the most challenging topics in security operations today. Carson Zimmerman is joined by SOC veterans Chris Crowley, Eric Lippart, Enoch Long, and Russ McRee. With a total of over a century of SOC experience, we cut the buzzword bingo and get real. This year, we’ll be discussing topics like: resolving conflict with network and IT ops, what value are people really getting out of LLMs, how to get value with threat intel beyond IOC matching, and more! We will be doing live, real-time polling of the audience. We will also take your spicy questions!
\n\nSpeakers:Carson Zimmerman,Russ McRee,Eric Lippart,Enoch Long
\n
\nSpeakerBio: Carson Zimmerman
\nCarson Zimmerman has been working in and around security operations centers (SOCs) for over 20 years. In his current role at Ardalyst, Carson helps clients transform uncertainty into understanding in their digital landscape. In his previous role at Microsoft, Carson led the investigations team responsible for defending the M365 platform and ecosystem. His experiences as a SOC analyst, engineer, and architect led Carson to author Ten Strategies of a World-Class Cybersecurity Operations Center, and co-authored its second edition, Eleven Strategies… which may be downloaded for free at mitre.org/11Strategies.
\n\nSpeakerBio: Russ McRee
\nNo BIO available
\nSpeakerBio: Eric Lippart
\nNo BIO available
\nSpeakerBio: Enoch Long
\nNo BIO available
\n\n\'',NULL,616444),('3_Saturday','10','10:30','10:59','N','BTV','LVCC West/Floor 3/W310','\'Obsidian: Forensics 101 Part 2\'','\'Sarthak Taneja\'','BTV_e976aa5b7545962f8ebb3d26ec4c1b42','\'Title: Obsidian: Forensics 101 Part 2
\nWhen: Saturday, Aug 10, 10:30 - 10:59 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nAn introduction to Digital Forensics: Part2
\n\nThis is Part 2 of the Blue Team Village developed 101 tutorial series. This tutorial, which will be delivered in two parts, covers Digital Forensics basics. If you have ever been interested in Digital Forensics this series is a great place to start learning. The tutorials will cover the basics, and helps answer many of the questions regarding Digital Forensics and it\'s use in modern day digital investigations.
\n\nSpeakerBio: Sarthak Taneja
\nNo BIO available
\n\n\'',NULL,616445),('3_Saturday','10','10:00','11:59','N','BTV','LVCC West/Floor 3/W309','\'Securing the Cloud with Cloud Threat Intelligence and Open Source Security\'','\'Natalie Simpson,Nivedita (Nivu) Jejurikar\'','BTV_5c0eb71d6bdae98b8b7a0117e3a97b7f','\'Title: Securing the Cloud with Cloud Threat Intelligence and Open Source Security
\nWhen: Saturday, Aug 10, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 3/W309 - Map
\n
\nDescription:
\n-Introductions [5 minutes]\n-Cloud Threat Intelligence [5 minutes]\n-Threat Brief on Cloud Focused Adversaries: SCATTERED SPIDER\n-Cloud Security Assessments [5 minutes]\n -Introduction to Prowler\n-SadCloud Introduction [5 minutes]\n-Demo of Running Sadcloud [5 minutes]\n-Hands-On Exercise [40 minutes]\n -Participants given the option:\n -Create AWS Account \n -Use Access Keys
\n -Participants setup AWS CLI\n -Participants run Sadcloud\n-Demo of Running Prowler [10 minutes]\n-Hands-On Exercise [30 minutes]\n -Participants run Prowler\n-Summary Review of Prowler output [10 minutes]
\n-Debrief/Q&A [5 minutes]
\n\nPlease download and install terraform and python requirements noted below for this training:\nSadcloud Requirements:\nTerraform version 0.12 or greater\nTerraform download: https://developer.hashicorp.com/terraform/install
\n\nProwler Requirements:\nPython version 3.9, 3.10, or 3.11\nPython download: https://www.python.org/downloads/
\n\nAttend this talk to get hands-on experience setting up an AWS environment, running cloud security tools to analyze its security, and mapping its security configuration against TTPs of a cloud conscious adversary. Cloud cyberattacks targeting enterprise environments have nearly tripled this past year, and cloud misconfigurations have become an open door to threat actors. Understanding cloud threat actors and how they are breaching cloud environments will help security professionals defend organizations with a cloud footprint. This workshop will showcase how to defend against the top cloud conscious adversaries and the most popular cyber attacks. During the workshop, participants will set up a demo AWS environment, identify security misconfigurations using Prowler, and map those findings to TTPs of a cloud conscious threat actor, SCATTERED SPIDER. Come to this workshop to gain practical skills that empower you to better secure your organization’s cloud environment against the modern adversary.
\n\nSpeakers:Natalie Simpson,Nivedita (Nivu) Jejurikar
\n
\nSpeakerBio: Natalie Simpson
\nNo BIO available
\nSpeakerBio: Nivedita (Nivu) Jejurikar, Senior Consultant at Mandiant
\nNivu Jejurikar is a Senior Consultant at Mandiant, part of Google Cloud. In her role, Nivu advises organizations of various sizes and industry verticals on cybersecurity topics, including cloud security. Nivu has previously worked at CrowdStrike and Deloitte Cyber. She holds the Security+, CEH, and AWS Cloud Practitioner certifications. In her spare time, she enjoys reading fiction books and spending time outdoors.
\n\n\n\'',NULL,616446),('3_Saturday','11','10:00','11:59','Y','BTV','LVCC West/Floor 3/W309','\'Securing the Cloud with Cloud Threat Intelligence and Open Source Security\'','\'Natalie Simpson,Nivedita (Nivu) Jejurikar\'','BTV_5c0eb71d6bdae98b8b7a0117e3a97b7f','\'\'',NULL,616447),('2_Friday','16','16:00','16:59','N','RTV','LVCC West/Floor 3/W310','\'Blue Goes Purple: Purple Teams for Fun and Profit (A BTV & RTV Panel)\'','\'Catherine J. Ullman,Jake Williams,Meaghan Neill,Ralph May,Matthew Nickerson\'','RTV_bff60ed9b72ca2a7be620aed2e067ebe','\'Title: Blue Goes Purple: Purple Teams for Fun and Profit (A BTV & RTV Panel)
\nWhen: Friday, Aug 9, 16:00 - 16:59 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nThis panel will consist of leaders and practitioners from multiple areas of the security and hacking space, working together to unite the Red Team and the Blue Team.
\n\nSpeakers:Catherine J. Ullman,Jake Williams,Meaghan Neill,Ralph May,Matthew Nickerson
\n
\nSpeakerBio: Catherine J. Ullman, Principle Technology Architect, Security at University at Buffalo
\nDr. Catherine J. Ullman is a security researcher, speaker, author, and Principal Technology Architect, Security, at the University at Buffalo with over 20 years of highly technical experience. In her current role, Cathy is a digital forensics and incident response (DFIR) specialist, performing incident management, intrusion detection, investigative services, and personnel case resolution in a dynamic academic environment. She additionally builds security awareness among faculty and staff which educates and informs users about how to prevent and detect social engineering threats, and how to compute and digitally communicate safely. Cathy has presented at numerous information security conferences including DEF CON and Blue Team Con. Cathy is a contributor to the O’Reilly title 97 Things Every Information Professional Should Know and the author of the Wiley title The Active Defender. In her (minimal) spare time, she enjoys visiting her adopted two-toed sloth Flash at the Buffalo Zoo, researching death and the dead, and learning more about hacking things to make the world a more secure place.
\n\nSpeakerBio: Jake Williams
\nNo BIO available
\nSpeakerBio: Meaghan Neill, Threat Hunter and DFIR Analyst at EY Canada
\nMeaghan is a Threat Hunter and DFIR Analyst with EY Canada’s MDR department. She currently holds her BSc in Computer Science, with a specialization in Systems and Information Security from MacEwan University and her GCFA. While at EY, her focus has been in Threat Hunting, Digital Forensics, Incident Response, Adversary Emulation, and Purple Teaming.
\n\nSpeakerBio: Ralph May, Security Analyst and Penetration Tester at Black Hills Information Security (BHIS)
\nRalph is a security analyst and penetration tester at Black Hills Information Security. Ralph is also a co-developer and instructor of the Practical Physical Exploitation course. Before joining BHIS, Ralph spent five years performing offensive operations on a wide range of security assessments. These assessments include physical, wireless, network, social engineering, and full simulation red teams. Before focusing on security, Ralph worked as a system administrator and network engineer for civilian and government employers. Ralph is a US Army veteran who previously worked with the United States Special Operations Command (USSOCOM) on information security challenges and threat actor simulations.
\n\nSpeakerBio: Matthew Nickerson
\nNo BIO available
\n\n\'',NULL,616448),('4_Sunday','12','12:00','12:30','N','BTV','LVCC West/Floor 3/W310','\'Blue Team Village Closing Ceremonies\'','\'\'','BTV_e9af30aa378a043469153020665c5422','\'Title: Blue Team Village Closing Ceremonies
\nWhen: Sunday, Aug 11, 12:00 - 12:30 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nThis is a placeholder for BTV’s closing ceremonies!
\n\nThis is a placeholder for BTV’s closing ceremonies!\nThis is a placeholder for BTV’s closing ceremonies!\nThis is a placeholder for BTV’s closing ceremonies!\nThis is a placeholder for BTV’s closing ceremonies!\nThis is a placeholder for BTV’s closing ceremonies!\nThis is a placeholder for BTV’s closing ceremonies!
\n\n\'',NULL,616449),('2_Friday','12','12:30','13:30','N','BTV','LVCC West/Floor 3/W310','\'Stealer Logs: Automation, Analysis, & Espionage in the World\'s Most Interesting Dataset\'','\'Eric Clay,Nick Ascoli\'','BTV_3adc1aae19bf1c0863d47f3d83353552','\'Title: Stealer Logs: Automation, Analysis, & Espionage in the World\'s Most Interesting Dataset
\nWhen: Friday, Aug 9, 12:30 - 13:30 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nThis talk will cover:
\n- Timeline of stealer variants rise
\n- Common stealer behaviors
\n- The anatomy of a stealer log
\n- An overview of stealer log sales and trading points in cybercrime communities
\n- Insights from our analysis of millions of stealer logs
\n- Automation pipeline for stealer log collection
\n- Stealer log parsing and analysis
\n- Post-discovery response
\n- Other defensive strategies for stealer defense
\n\nWhat would someone know about you if they had all of the credentials saved on your computer? More importantly what would you know about the world if you had 60 million random samples of all of the credentials saved on the\' computers of others? Join Eric Clay and Nick Ascoli as they dive into the fascinating world of stealer logs. Nick & Eric have spent more than 6 months examining the world\'s most comprehensive stealer log data set to understand.... well everything. Nick and Eric will not only go deep and examine one of the most interesting data sets for intelligence around, but will demonstrate data pipelines you can implement for collecting and operationalizing stealer logs for defense.
\n\nSpeakers:Eric Clay,Nick Ascoli
\n
\nSpeakerBio: Eric Clay
\nEric is a cybersecurity speaker and researcher with 8+ years in the field and 2+ years focused on cybercrime. Eric began his career as a GRC analyst before pivoting into network security data analysis and then Threat Intelligence. Eric now co-leads Flare\'s threat intelligence research team in addition to leading the marketing team.
\n\nSpeakerBio: Nick Ascoli
\nNick Ascoli is an experienced threat researcher who is recognized for his expertise in data leaks, reconnaissance, and detection engineering. Nick is an active member of the cybersecurity community contributing to open-source projects, regularly appearing on podcasts (Cyberwire, Simply Cyber, etc.) and speaking at conferences (GrrCON, B-Sides, DEFCON Villages, SANS, etc.)
\n\n\n\'',NULL,616450),('2_Friday','13','12:30','13:30','Y','BTV','LVCC West/Floor 3/W310','\'Stealer Logs: Automation, Analysis, & Espionage in the World\'s Most Interesting Dataset\'','\'Eric Clay,Nick Ascoli\'','BTV_3adc1aae19bf1c0863d47f3d83353552','\'\'',NULL,616451),('3_Saturday','10','10:00','10:30','N','BTV','LVCC West/Floor 3/W310','\'Obsidian: Forensics 101 Part 1\'','\'Sarthak Taneja\'','BTV_ba924f5b97c24634495f7c43d13f5390','\'Title: Obsidian: Forensics 101 Part 1
\nWhen: Saturday, Aug 10, 10:00 - 10:30 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nAn introduction to Digital Forensics: Part1
\n\nThis is Part 1 of the Blue Team Village developed 101 tutorial series. This tutorial, which will be delivered in two parts, covers Digital Forensics basics. If you have ever been interested in Digital Forensics this series is a great place to start learning. The tutorials will cover the basics, and helps answer many of the questions regarding Digital Forensics and it\'s use in modern day digital investigations.
\n\nSpeakerBio: Sarthak Taneja
\nNo BIO available
\n\n\'',NULL,616452),('3_Saturday','17','17:00','17:59','N','BTV','LVCC West/Floor 3/W310','\'Under the Hood: Incident Response at High Speed (A BTV Panel)\'','\'Angelo Violetti,David Zito,Nicole Beckwith,Shelly Giesbrecht\'','BTV_fbd9ff5355aa37a59abf87be8524ac3a','\'Title: Under the Hood: Incident Response at High Speed (A BTV Panel)
\nWhen: Saturday, Aug 10, 17:00 - 17:59 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nThis talk with dive into:
\n• The speed of threats coming at us today, and how teams manage burnout and back to back calls.
\n• How the incident response landscape is changing.
\n• Do AI and ML change incident response?
\n• How do the recent takedowns performed by LEs affect IR?
\n\nIn an era where cyber threats evolve at breakneck speed, the ability to respond swiftly and effectively has never been more critical. Join us for \"Under the Hood: Incident Response at High Speed,\" where we\'ll delve into the high-stakes world of incident response and explore how teams are adapting to the relentless pace of modern threats. Discover the innovative ways AI and machine learning are transforming our defensive strategies and hear expert insights on the shifting landscape of incident management. We\'ll also examine the recent high-profile takedowns of droppers, C2s, and ransomware leak sites to determine whether these efforts are truly mitigating long-term risks or if we need a new approach to stay ahead. Your pit crew panel consists of leaders and practitioners from across industries and the globe discussing the latest and greatest in the world of Incident Response. Don\'t miss this opportunity to gain cutting-edge knowledge and strategies for navigating the evolving cyber threat landscape.
\n\nSpeakers:Angelo Violetti,David Zito,Nicole Beckwith,Shelly Giesbrecht
\n
\nSpeakerBio: Angelo Violetti, Incident Response and Digital Forensics consultant at SEC Consult
\nAngelo is an Incident Response and Digital Forensics consultant with four year of experience in this field. He works for SEC Consult, a cyber security company based in the DACH region, and he supports the DFIR Report by writing blog posts and providing actionable Threat Intelligence.
\n\nHe has also experience in offensive projects such as penetration tests and red team engagements.
\n\nSpeakerBio: David Zito, VF Corp
\nDavid is a reformed Fed who spent the bulk of his career in the defense and federal sectors. Now he leads incident response operations for VF Corp, a leader in the fashion and retail industry. David is passionate about combatting burnout in the DFIR field and DFIR in general. He previously worked at CISA where he led national incident response operations. David is 100% a crazy cat person and loves all things nerd culture. He loves sharing battlefield stories and talking about the growth of DFIR and what the future holds. So come find him, say hi, and swap stories!
\n\nSpeakerBio: Nicole Beckwith
\nMeet Nicole Beckwith, a dynamic DFIR guru and former law enforcement officer who’s now leading Threat Operations for Kroger. Nicole’s expertise in cyber security is only rivaled by her enthusiasm for pineapple on pizza—because it definitely belongs there! When she’s not protecting the digital aisles or soldering tech innovations, Nicole is a proud Star Wars nerd and an aficionado of Vanilla Ice’s tunes (a fun fact she flaunts with the rapper’s follow on X). With a mix of hands-on experience, pop culture savvy, and a fascinating challenge coin collection, Nicole brings a unique and engaging perspective to every discussion.
\n\nSpeakerBio: Shelly Giesbrecht
\nA long-time admirer of smart people, Shelly works hard to surround herself in people she can learn from. This is particularly easy to do in her day job as a Director (IR) for CrowdStrike Services. She is frequently found wearing a bow-tie and some form of red sneakers. Her favourite role in life is dog mama, and she\'ll talk your ear off about her Lego collection if you are brave enough to ask.
\n\n\n\'',NULL,616453),('2_Friday','11','11:45','13:30','N','BTV','LVCC West/Floor 3/W309','\'Adventures in Android Triage Collection\'','\'Omenscan\'','BTV_263b293c7fe11fc1d8946f1c7ef3f58e','\'Title: Adventures in Android Triage Collection
\nWhen: Friday, Aug 9, 11:45 - 13:30 PDT
\nWhere: LVCC West/Floor 3/W309 - Map
\n
\nDescription:
\nAre you curious about accessing and collecting triage data from Android devices? I was. This workshop is designed for the defender that doesn\'t know much about Android or how to access it to collect forensic triage data, but would like to understand the subject better. This workshop gives a solid foundation for accessing Android devices and collecting data from them. It will cover:
\n\n\n- Installing and using an Android emulator
\n- How does an Android emulator differ from an actual Android device
\n- Using the Android Debug Bridge (ADB) to send commands to Android
\n- Collecting triage data using ADB or natively on the Android device
\n- Side loading and running a Linux executable on an Android device
\n- Remote access to the Android native AChoirX collector over TCP
\n- Collecting triage data both locally and remotely
\n- Transferring the collected data using ADB, SFTP, and S3
\n- Things to look out for. Android is very different from Windows, MacOS, and Linux
\n- Limitations and caveats
\n
\n\nThis workshop requires Windows 10 or 11. We will install and play with Android Studio, install and play with ADB, and run AChoirX collections both remotely and locally. It is highly recommended that the student come to the workshop with Android Studio, ADB, and AChoirX already installed on their machine. We will make a small amount of time to install the software, but will not be able to troubleshoot any installation issues.
\n\nAfter discovering that the Android Operating System commands nearly 44% of the total Operating Systems market (Windows is about 27%). I set about to see if the AChoirX triage collection program could run on it. Since Android is a Linux variant, and AChoirX already ran on Windows, MacOS, and Linux, it seemed very likely that I could make it work.
\n\nIn a short time I went from knowing nearly nothing about Android to creating both a remote and local triage collector for Android. This workshop will walk the student through how I created both remote and local triage collection systems for Android. It does not cover analysis of the artifacts, but will cover how to collect data from an Android device (and the limitations) using Free and Open Source tools.
\n\nSpeakerBio: Omenscan
\nNo BIO available
\n\n\'',NULL,616454),('2_Friday','12','11:45','13:30','Y','BTV','LVCC West/Floor 3/W309','\'Adventures in Android Triage Collection\'','\'Omenscan\'','BTV_263b293c7fe11fc1d8946f1c7ef3f58e','\'\'',NULL,616455),('2_Friday','13','11:45','13:30','Y','BTV','LVCC West/Floor 3/W309','\'Adventures in Android Triage Collection\'','\'Omenscan\'','BTV_263b293c7fe11fc1d8946f1c7ef3f58e','\'\'',NULL,616456),('2_Friday','11','11:15','12:15','N','BTV','LVCC West/Floor 3/W310','\'Cloud Native Security Platform for Defenders\'','\'Dafinga\'','BTV_2c612b711d6c38ffa98587e6ee905b48','\'Title: Cloud Native Security Platform for Defenders
\nWhen: Friday, Aug 9, 11:15 - 12:15 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nIn today\'s dynamic cybersecurity landscape, organizations and security professionals are constantly seeking innovative approaches to enhance their defensive capabilities. One such approach involves leveraging cloud-native technologies to build a robust platform for security operations and capture the flag (CTF) events. By combining the power of Cilium, Arkime, and Amazon Elastic Kubernetes Service (EKS), you can create a comprehensive solution that empowers security teams with unprecedented visibility, observability, and control over their environments.
\n\nEnhancing Security Operations from Layer 3 to Layer 7\nThis cloud-native platform integrates Cilium, Arkime, and EKS to provide a holistic view of network activities and potential threats from Layer 3 to Layer 7 of the OSI model. Cilium, leveraging eBPF (Extended Berkeley Packet Filter) technology, offers deep visibility into network traffic, enabling security teams to observe and analyze network flows from the Network layer to the Application layer. This allows for the detection of anomalous behavior and the enforcement of security policies at a granular level. Arkime complements this by providing large-scale packet capture and analysis, allowing security professionals to perform in-depth forensic analysis and threat hunting. By integrating Arkime with Cilium, security teams can seamlessly correlate network flows with packet data, offering a comprehensive understanding of network activities.
\n\nScalability, Flexibility, and Community Collaboration\nAmazon EKS underpins this platform, providing a scalable and resilient infrastructure for deploying and managing Kubernetes clusters. This enables security teams to focus on core operations without worrying about the underlying infrastructure. The platform\'s scalability ensures it can handle large-scale CTF events or security incidents. During the Defcon Blue Team Village talk, attendees will learn about the integration and deployment process of this platform, including the challenges faced and solutions implemented. Post-conference, the platform will be released for public use, allowing the security community to leverage, contribute to, and enhance this innovative solution for their own security operations and CTF events. This collaborative effort aims to collectively advance the capabilities of cloud-native security platforms.
\n\nIn today\'s dynamic cybersecurity landscape, organizations and security professionals are constantly seeking innovative approaches to enhance their defensive capabilities. One such approach involves leveraging cloud-native technologies to build a robust platform for security operations and capture the flag (CTF) events. By combining the power of Cilium, Arkime, and Amazon Elastic Kubernetes Service (EKS), you can create a comprehensive solution that empowers security teams with unprecedented visibility, observability, and control over their environments.
\n\nSpeakerBio: Dafinga
\nNo BIO available
\n\n\'',NULL,616457),('2_Friday','12','11:15','12:15','Y','BTV','LVCC West/Floor 3/W310','\'Cloud Native Security Platform for Defenders\'','\'Dafinga\'','BTV_2c612b711d6c38ffa98587e6ee905b48','\'\'',NULL,616458),('2_Friday','17','17:00','17:59','N','BTV','LVCC West/Floor 3/W310','\'CTI is Dead, Long Live CTI: Reassessing Blue Team\'s Squishiest Value Proposition (BTV Panel)\'','\'Aurora Johnson,Ben Goerz,Ch33r10,Jamie Williams,Rebecca Ford\'','BTV_9ecd71da3a6e697d4cce3bdb25d4b739','\'Title: CTI is Dead, Long Live CTI: Reassessing Blue Team\'s Squishiest Value Proposition (BTV Panel)
\nWhen: Friday, Aug 9, 17:00 - 17:59 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nCTI (Cyber Threat Intelligence) is hard, dumb, silly, a co$t center, a chaotic mess, nonsensical magic…dead. Let this panel change your mind that it is more than a threat feed or a too-long-to-read report. Where is the value?!?!?!
\n\nJoin us while we navigate the squishy love-hate relationship with CTI. Can we deliver on showing there is value to CTI? You be the judge...
\n\nSpeakers:Aurora Johnson,Ben Goerz,Ch33r10,Jamie Williams,Rebecca Ford
\n
\nSpeakerBio: Aurora Johnson, SpyCloud Labs
\nAurora Johnson is an information security researcher and cybersecurity policy expert with experience working in both the public and private sectors. She is currently a member of the security research team at SpyCloud Labs and manages SpyCloud’s responsible disclosure program. Prior to joining SpyCloud, Aurora served as a Senior Analyst for the Cybersecurity and Infrastructure Security Agency (CISA) and co-founded the agency’s Pre-Ransomware Notification Initiative (PRNI). Aurora participates in a range of volunteer and public-private initiatives to track and disrupt the cybercriminal ecosystem; she was a recipient of the President’s Volunteer Service Award in 2023 for work with the U.S. government against cyber security threats.
\n\nSpeakerBio: Ben Goerz
\nBen Goerz is an “InfoSec Janitor” who finds equal comfort in Bash commands and Excel budgets.
\n\nBen has more than a decade of experience building teams in Blue, Red & Purple Team, Threat Intel & Hunting, AppSec, Vulnerability & Attack Surface Management, and Security Consulting. He is a Director at Royal Caribbean Group, and previously held leadership roles in Fortune 500 companies, security vendors, and startups.
\n\nAfter work, Ben can be found tinkering on Raspberry Pi projects with his kids or dropping spicy memes in trust groups.
\n\nSpeakerBio: Ch33r10
\nCh33r10 (Dr. Xena Olsen) is a cybersecurity professional focused on cyber threat intelligence at a Fortune 100 Financial Services company. She enjoys discussing all things cyber threat intelligence and can be found in various threat intelligence sharing groups, such as Curated Intel. She is a SANS Women’s Academy graduate with 8 GIAC certifications, an MBA in IT Management, and a doctorate in Cybersecurity with a focus in Enterprise Purple Teaming.
\n\nSpeakerBio: Jamie Williams, Palo Alto Networks Unit 42
\nJamie is currently a threat researcher at Palo Alto Networks Unit 42, where he helps lead tailored, tactical and strategic intelligence deliveries. Prior to Unit 42, Jamie was a cyber operations engineer for the MITRE Corporation where he led development of MITRE ATT&CK® for Enterprise and worked with amazing people on various other exciting efforts involving security operations and research, mostly focused on adversary emulation and behavior-based detections.
\n\nSpeakerBio: Rebecca Ford
\nRebecca founded and leads the cyber threat intelligence program at a major media and entertainment company. She has over 18+ years of experience in cybersecurity and cyber threat intel working for the U.S. government as an APAC analyst with a focus on North Korean cyber activity.
\n\nWhen Rebecca isn\'t working, she and her husband like playing with their French Bulldog FiFi and volunteering her time speaking at veterans organizations to help service members and their spouses/partners transition from military life to the private sector.
\n\n\n\'',NULL,616459),('3_Saturday','12','12:30','13:30','N','BTV','LVCC West/Floor 3/W310','\'From CTI to Creating Campaigns\'','\'Noah Lazzaro\'','BTV_6f3c5f9799d8f67acddbae6ac43f249a','\'Title: From CTI to Creating Campaigns
\nWhen: Saturday, Aug 10, 12:30 - 13:30 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nThe goals of this presentation is to get the participants comfortable with breaking down CTI,\nmapping those insights to MITRE, and creating a campaign that will bring value to their work.\nEverything is completely focused on post-exploitation TTPs, and their importance. We will not\nreview how to integrate IoCs into the mapping of threats. Participants will walk away with a full\nexample of the process, resources to explore later, and examples for thinking critically about\ntest cases.
\n\nThere is a strong purple style emphasis here, to help bridge knowledge gaps, and show the\nimportance for defensive engineers to validate their security controls. This will not bring insight\ninto utilizing the results for remediations, threat hunting, or any other engineering strategy.
\n\nEverything in this presentation is free or open-source. Any mentions of vendors (for CTI content) is solely for the purpose of using a research paper resource that is free to the public, and are not meant to advertise.
\n\nWith an interactive session, participants will learn how: (not in this particular order)\n* To choose a threat/actor who is relevant to their organization\n* I will have a premade scenario and example ready for participants to follow along\n* Setting High-Level Goals for their campaign\n* Map their threat/actor to MITRE ATT&CK\n** Overview of ATT&CK
\n\n\nSimulation Vs Emulation\n* how this impacts choosing content\n* Combining multiple threats to create a campaign
The Power of CTI: Explore completely free CTI resources\n* will cover at least 4\n explore already published campaign content\n Interactive Questions & Answers: Making content choices\n Ex: Is X or Y a better test case for this situation?\n* Create multiple layers in ATT&CK navigator, to build their campaign\n* Add in open-source content, such as Atomic-Red-Team\n* Quick Demo & interactive: how to find the right Atomic Content
Finalizing the Campaign
- Overview of manual options and using open-source tools for executing campaigns
\n
\n\nOther High-level topics that will be presented: (not in this particular order)\n* Why create your own content if there is none available\n* Your org is in the beginning stages of adopting this strategy, and you want to find\na good place to start\n Demonstrate Value (KPIs)\n Budget: org cant onboard BAS/Simulator tools\n You have a BAS but the content isn\'t there for a specific threat OR its not\ncomprehensive enough\n* Why focus on a threat actor\'s TTPs\n Remediations are focused on the type of attack, not a specific indicator\n* Adopting Threats for your organization\n Following a framework inspired by MITRE\n Accepting specific threats/actors as likely to target\n* Avoiding Technical Bias when choosing test cases\n* particularly challenging for engineers who create detections, or work with EDR\nsolutions.
\n\n\n- Make zero assumptions of whether or not a test case will get stopped/logged\n** Most important to choose the most aligned content to your threat/actor\'s TTPs
\n- Convincing Benefits\n* Detection Validation Strategies: High Level Overview(SIEM, EDR, DLP, ect)\n SOC/IR gets to see examples of a full attack chain for specific threat\n Detection engineering gets to understand logging/EDR/tool gaps\n* Threat Hunting benefits from both of these insights
\n- List of Free Resources to dive more into these topics
\n
\n\nPremise:\n* Organizations are becoming increasingly aware of the importance of understanding the\nTTPs of the threats/actors most likely to target them.\n* Many organizations cannot afford outside consultants, or the ability to maintain a\ndedicated internal offensive team. Or they want this style of testing, but don\'t know how\nto get started, or show leadership the value.\n* This talk is for any engineer or team leader who wants to bring Adversarial\nEmulation/Simulation to their organization to understand how they compare against an\nattack from a likely threat. It is also valuable for consultants who want to provide this\nservice to their clients.\n* If someone is new to offensive techniques, this will be a way for them to think about how this strategy applies to their role, and embrace it as a defensive strategy.
\n\nThe goals of this presentation is to get the participants comfortable with breaking down CTI,\nmapping those insights to MITRE, and creating a campaign that will bring value to their work.\nEverything is completely focused on post-exploitation TTPs, and their importance. We will not\nreview how to integrate IoCs into the mapping of threats. Participants will walk away with a full\nexample of the process, resources to explore later, and examples for thinking critically about\ntest cases.
\n\nSpeakerBio: Noah Lazzaro
\nNo BIO available
\n\n\'',NULL,616460),('3_Saturday','13','12:30','13:30','Y','BTV','LVCC West/Floor 3/W310','\'From CTI to Creating Campaigns\'','\'Noah Lazzaro\'','BTV_6f3c5f9799d8f67acddbae6ac43f249a','\'\'',NULL,616461),('3_Saturday','11','11:15','12:15','N','BTV','LVCC West/Floor 3/W310','\'Use opensource AI to map alerts & logs into techniques, clusters, and killchains\'','\'Ezz Tahoun\'','BTV_e1a069d4fbc03cebb6c9cf8db6030b37','\'Title: Use opensource AI to map alerts & logs into techniques, clusters, and killchains
\nWhen: Saturday, Aug 10, 11:15 - 12:15 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nIntroduction:
\nWe will begin with an overview of event analysis systems and their challenges. Participants will learn about different types of data sources and logs, the prevalence of false positives, and the difficulty in identifying coordinated attacks. We will set the stage for the live, hands-on demonstration environment where participants can interact and apply what they learn in real-time. Importantly, no prior data science knowledge is required; all tasks will be performed using simple, user-friendly interfaces.
\n\nIntroduction to MITRE ATT&CK Framework:\nAn essential part of our session is understanding the MITRE ATT&CK framework. We will cover its structure, including Tactics, Techniques, and Procedures (TTPs), and explain why mapping alerts to this framework is crucial for standardizing threat detection and enhancing our capabilities.
\n\nLeveraging Open Source AI Tools:\nNext, we will delve into the open-source AI tools that will be used throughout the session. We will introduce families of algorithms including clustering and community detection, natural language processing with large language models (LLMs), and Markov chains. These tools are designed to be accessible and will be operated through straightforward interfaces. Participants will be guided through setting up a demo environment to follow along and interact with the exercises.
\n\nData Preprocessing and Normalization:\nParticipants will learn how to import and clean data from various sources, normalize data formats, and handle missing data. We will highlight some methods to get rich test data. This step is crucial for ensuring that the subsequent analysis is accurate and reliable. The hands-on exercise will involve preprocessing a sample dataset in real-time, using easy-to-follow steps and intuitive interfaces.
\n\nMapping Alerts to MITRE ATT&CK Techniques:\nWe will demonstrate techniques for mapping SIEM data to MITRE ATT&CK manually and using automated tools. The live demo will include a hands-on exercise where participants will map a sample dataset to MITRE ATT&CK Techniques, using AI to enhance mapping accuracy. All this will be done through simple interfaces that do not require deep technical knowledge.
\n\nClustering Alerts into Contextualized Attack Steps:\nThis section focuses on methods such as clustering and community detection. Participants will learn the criteria for clustering alerts based on temporal, spatial, and technical attributes. They will engage in a hands-on exercise to cluster sample alerts and evaluate the quality and relevance of the clusters, again using user-friendly interfaces.
\n\nBuilding Killchains:\nParticipants will understand the concept and importance of killchains in cybersecurity. We will demonstrate methods for linking attack steps into a cohesive killchain, with a hands-on exercise to create a killchain from clustered data. Participants will analyze killchains to identify patterns and coordinated attacks, all through accessible interfaces.
\n\nGenerating Actionable Tickets:\nWe will outline the criteria for generating three types of tickets: FP Tickets, Incident Tickets, and Attack Story Tickets. Through a hands-on exercise, participants will generate sample tickets and learn how to ensure each ticket type is comprehensive and actionable. This process will be facilitated through simple interfaces that guide the user step-by-step.
\n\nIntegrating and Automating the Workflow:\nFinally, we will discuss integrating this workflow into existing SOC setups and automating the process using scripts and tools. Participants will see how to maintain and update the system, ensuring continuous improvement in threat detection and response. The automation will be demonstrated in a way that requires minimal technical skills.
\n\nQ&A and Troubleshooting:\nThe session will conclude with an open floor for questions, addressing common issues, and offering troubleshooting tips. Participants will also receive resources for further learning and support to continue enhancing their skills post-session.
\n\nConclusion:\nBy the end of this interactive session, participants will have hands-on experience using open-source AI tools to enhance their SOC capabilities. They will be able to map alerts to MITRE ATT&CK Techniques, cluster data into meaningful attack steps, and build comprehensive killchains to uncover coordinated attacks. Additionally, they will learn to generate actionable tickets to facilitate immediate response and long-term improvements in their security posture. All of this will be achieved without needing advanced data science knowledge, thanks to the simple and intuitive interfaces provided.
\n\nParticipants are encouraged to apply these techniques in their own environments and continue exploring the vast capabilities of open-source AI in cybersecurity. The live demo environment setup will provide a practical and engaging way to solidify these concepts and skills.
\n\nGiven a SIEM loaded with alerts, logs and events from a variety of data sources, your task is to find the coordinated attack in the LOTS of noise of false positives & lone incidents.
\n\nTogether we will use opensource AI tools to map all of the hetrogenous data on the SIEM to MITRE ATT&CK Techniques, and then Cluster based on a variety of attributes to form contetualized Attack Steps. We will then fuse these attack steps based on timeline, causality and assets involved into killchains to reveal coordinated attacks.
\n\nYou are required to output the following tickets: \n1. FP Ticket that has clusters of false positives and tuning advisories & suggestions that should be forwarded to detection engineering to tune.
\n\n\nIncident Ticket that has remediation & investigation advisories & action playbooks for the contextualized lone-incidents identified.
Attack Story Ticket that has a correalted set of clusters of alerts & logs revealing a coordinated attack killchain affecting a variety of assets over a stretch of time.
\n\nSpeakerBio: Ezz Tahoun
\nEzz Tahoun, a distinguished cyber-security data scientist, who won AI & innovation awards at Yale, Princeton and Northwestern. He also got innovation awards from Canada’s Communications Security Establishment, Microsoft US, Trustwave US, PIA US, NATO, and more. He ran data science innovation programs and projects for OrangeCyber Defense, Forescout Technologies, Royal bank of Canada, Governments, and Huawei Technologies US. He has published 20 papers, countless articles and 15 open source projects in the domain. When he was 19 years old he started his CS PhD in one of the top 5 labs in the world for cyber & AI, in the prestigious University of Waterloo, where he published numerous papers and became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH. He was an adjunct professor of cyber defense and warfare at Toronto’s school of management.
\n\n\n\'',NULL,616462),('3_Saturday','12','11:15','12:15','Y','BTV','LVCC West/Floor 3/W310','\'Use opensource AI to map alerts & logs into techniques, clusters, and killchains\'','\'Ezz Tahoun\'','BTV_e1a069d4fbc03cebb6c9cf8db6030b37','\'\'',NULL,616463),('4_Sunday','10','10:30','11:59','N','BTV','LVCC West/Floor 3/W310','\'Blue Team Careers: Do what you love, get paid for it! (A BTV Interactive Panel)\'','\'Cyb0rg42,Dani,Shea Nangle,Tennisha Martin,Pete Ortega\'','BTV_135715a7503d129194c3033ca37b6e97','\'Title: Blue Team Careers: Do what you love, get paid for it! (A BTV Interactive Panel)
\nWhen: Sunday, Aug 11, 10:30 - 11:59 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nThis panel will consist of leaders and practitioners from multiple areas of the security and hacking space, sharing their journeys and perspectives on the industry. They’ll answer your questions on hiring, career advancement, and technical growth. Join us for this interactive session!
\n\nThis panel will consist of leaders and practitioners from multiple areas of the security and hacking space, sharing their journeys and perspectives on the industry. They’ll answer your questions on hiring, career advancement, and technical growth. Join us for this interactive session!
\n\nSpeakers:Cyb0rg42,Dani,Shea Nangle,Tennisha Martin,Pete Ortega
\n
\nSpeakerBio: Cyb0rg42
\nNo BIO available
\nSpeakerBio: Dani
\nWith more than 10 years in different security roles, last 5 years in the current role has brought me in the position to be the security department education advisor. I believe education and career path advice should be the role for a technical professional and not HR. It is important to know both the hunger for education and the pain of going through heavy learning curve. But it is also important to underatand the need to slow down at times for other life events. Also, helping eachother builds life long friendships and trust.
\n\nSpeakerBio: Shea Nangle
\nNo BIO available
\nSpeakerBio: Tennisha Martin
\nTennisha Martin is the founder and Executive Director of BlackGirlsHack (BGH Foundation), a national cybersecurity nonprofit organization dedicated to providing education and resources to underserved communities and increasing the diversity in cyber. BlackGirlsHack provides its members with resources, mentorship, direction, and training required to enter and excel in the cybersecurity field. Tennisha has a bachelor’s degree in Electrical and Computer Engineering from Carnegie Mellon University and several Master’s Degrees including in Cybersecurity and Business Administration. She has worked in a consulting capacity for over 15 years and is a best selling author, award winning hacker, and an advocate for diversity.
\n\nSpeakerBio: Pete Ortega
\nNo BIO available
\n\n\'',NULL,616464),('4_Sunday','11','10:30','11:59','Y','BTV','LVCC West/Floor 3/W310','\'Blue Team Careers: Do what you love, get paid for it! (A BTV Interactive Panel)\'','\'Cyb0rg42,Dani,Shea Nangle,Tennisha Martin,Pete Ortega\'','BTV_135715a7503d129194c3033ca37b6e97','\'\'',NULL,616465),('2_Friday','10','10:30','10:59','N','BTV','LVCC West/Floor 3/W310','\'Incident Response 101: Part 2 (Analyst Mindset and Quality Assurance)\'','\'David \"CountZ3r0\" Roman\'','BTV_b79646fa793e5fa389031f85b92557f2','\'Title: Incident Response 101: Part 2 (Analyst Mindset and Quality Assurance)
\nWhen: Friday, Aug 9, 10:30 - 10:59 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nAn introduction to the analyst mindset for IR and how to ensure quality. First, we\'ll discuss the analyst mindset. How does your investigation flow and potentially impact people? This is a big responsibility. Next we will discuss quality assurance. The \"evil\" metrics that we so often fear. Why are they important and how can we best use them?
\n\nAn introduction to the analyst mindset for IR and how to ensure quality. First, we\'ll discuss the analyst mindset. How does your investigation flow and potentially impact people? This is a big responsibility. Next we will discuss quality assurance. The \"evil\" metrics that we so often fear. Why are they important and how can we best use them?
\n\nSpeakerBio: David \"CountZ3r0\" Roman
\nDavid Roman is a Senior Incident Response Consultant at Cisco Talos Incident Response, with 28 years of experience in the IT and security industry. David leads investigations to help customers on their worst career day recover from security incidents and help them better prepare for the future. Volunteering and helping others learn about cybersecurity is a passion for David. He helps run local DEF CON and CitySec groups and guest lectures at Oklahoma State University.
\n\n\n\'',NULL,616466),('2_Friday','10','10:00','11:30','N','BTV','LVCC West/Floor 3/W309','\'Building a Cyber Threat Intelligence Program from scratch for free!\'','\'Apurv Singh Gautam,Karan Dwivedi\'','BTV_e4fcf9d28e4ad31bddea4fc8b56cfa46','\'Title: Building a Cyber Threat Intelligence Program from scratch for free!
\nWhen: Friday, Aug 9, 10:00 - 11:30 PDT
\nWhere: LVCC West/Floor 3/W309 - Map
\n
\nDescription:
\nOutline:
\nIntro to CTI
\n- What is CTI
\n- Threat Intel Types
\n- Why build a CTI
\n\nMajor components for a CTI program\n - Data Collection/Feeds\n - Parsing and Storage\n - Enrichment\n - Dissemination
\n\nSteps in building CTI program\n - Technology\n - People\n - Process
\n\nLab: Step-by-step walkthrough of two CTI platforms (MISP and OpenCTI)\n - Install the CTI platforms\n - Add relevant data sources\n - Analyzing data sources\n - Effective data correlation
\n\nMetrics to track the progress and success of a CTI program\nMaturity Model of a CTI program
\n\nAre you eager to understand your threat actors, targets, and behaviors? Are you constrained by resources to get a cyber threat intel program up and running? Are you not sure which tools to start with for cyber threat intel? If so, then this workshop is for you! We walkthrough how you can build a cyber threat intelligence program using open-source tools at minimum cost. We discuss the major components of a cyber threat intel program and the steps (including people, process, and technology) to bring your program to existence. In this workshop, we will show you how to set up and install open-source threat intelligence tools and relevant feeds. We also demonstrate how to analyze and correlate data to produce actionable intelligence. Finally, we discuss metrics and a maturity model for your program.
\n\nSpeakers:Apurv Singh Gautam,Karan Dwivedi
\n
\nSpeakerBio: Apurv Singh Gautam, Cybercrime Researcher at Cyble
\nApurv Singh Gautam is a Cybercrime Researcher working at Cyble. He focuses on monitoring and analyzing a wide spectrum of sources by utilizing HUMINT, SOCMINT, and OSINT and producing finished threat intelligence. Apurv has contributed to the SANS FOR589 course on Cybercrime Intelligence. He is passionate about giving back to the community and has already delivered several national and international talks and seminars at conferences like the SANS OSINT Summit, Defcon Blue Team Village, BSides Singapore, local security meetups, schools, and colleges. He loves volunteering with Station X to help students navigate into Cybersecurity. He looks forward to the end of the day to play and stream one of the AAA games, Rainbow Six Siege.
\n\nSpeakerBio: Karan Dwivedi
\nKaran Dwivedi is a recognized cybersecurity expert. Currently, he serves as a security engineering manager at Google. Karan has led large-scale security projects at Google and Yahoo in the US for products like Google Search, Google Assistant, Yahoo Mail, Yahoo Finance, Flickr, etc, to safeguard over a billion users. At Yahoo, he was part of the security team responding to the world’s largest data breach. Karan contributed to the latest internet standard for scoring vulnerabilities, the Common Vulnerability Scoring System (CVSS 4.0). He is featured in major media like Hakin9 Media Magazine, Forensic Focus News, etc. He has delivered talks at national and international conferences like Tech Ex North America, Tech Summit SF, BSides Las Vegas, National Cyber Summit, etc, to influence private and public sectors. Karan was featured as a subject matter expert in the Google Cybersecurity Certificate program launched in May 2023 on Coursera, which had an enrollment of over 41000 students in a few weeks.
\n\n\n\'',NULL,616467),('2_Friday','11','10:00','11:30','Y','BTV','LVCC West/Floor 3/W309','\'Building a Cyber Threat Intelligence Program from scratch for free!\'','\'Apurv Singh Gautam,Karan Dwivedi\'','BTV_e4fcf9d28e4ad31bddea4fc8b56cfa46','\'\'',NULL,616468),('2_Friday','14','14:00','15:59','N','BTV','LVCC West/Floor 3/W310','\'Area DC32: An Interactive Tabletop Takes Flight (A BTV Panel)\'','\'Aakin Patel,Caspian Kilkelly,Gwyddia,Harlan Geer,Shea Nangle,Matt Mayes\'','BTV_3a54870471249ef35166be1329593ba0','\'Title: Area DC32: An Interactive Tabletop Takes Flight (A BTV Panel)
\nWhen: Friday, Aug 9, 14:00 - 15:59 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nJoin BTV and the Aerospace Village for a large-scale interactive tabletop exercise with a game show panel format. Participants will walk through a security incident within input from security pros, tabletop experts, and aerospace insiders. The host will invite answers and prizes may fly through the air as our subject matter experts weigh in on the response effort with snark but no judgment.
\n\nJoin BTV and the Aerospace Village for a large-scale interactive tabletop exercise with a game show panel format. Participants will walk through a security incident within input from security pros, tabletop experts, and aerospace insiders. The host will invite answers and prizes may fly through the air as our subject matter experts weigh in on the response effort with snark but no judgment.
\n\nSpeakers:Aakin Patel,Caspian Kilkelly,Gwyddia,Harlan Geer,Shea Nangle,Matt Mayes
\n
\nSpeakerBio: Aakin Patel
\nNo BIO available
\nSpeakerBio: Caspian Kilkelly
\nNo BIO available
\nSpeakerBio: Gwyddia
\nNo BIO available
\nSpeakerBio: Harlan Geer
\nNo BIO available
\nSpeakerBio: Shea Nangle
\nNo BIO available
\nSpeakerBio: Matt Mayes, Aerospace Village
\nNo BIO available
\n\n\'',NULL,616469),('2_Friday','15','14:00','15:59','Y','BTV','LVCC West/Floor 3/W310','\'Area DC32: An Interactive Tabletop Takes Flight (A BTV Panel)\'','\'Aakin Patel,Caspian Kilkelly,Gwyddia,Harlan Geer,Shea Nangle,Matt Mayes\'','BTV_3a54870471249ef35166be1329593ba0','\'\'',NULL,616470),('3_Saturday','16','16:00','16:59','N','BTV','LVCC West/Floor 3/W310','\'Thrunting or DEATH! (A BTV Panel)\'','\'Joe Slowik,Randy Pargman,Sydney Marrone,th3CyF0x,Ryan Chapman\'','BTV_63b51b1b3e0078cde874ad6cdc8bdd8b','\'Title: Thrunting or DEATH! (A BTV Panel)
\nWhen: Saturday, Aug 10, 16:00 - 16:59 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nWhat is this Threat Hunting stuff all about? Isn\'t \"hunting\" just a cooler-sounding word for Incident Response? Why are so many new jobs opening up with Threat Hunting in the title, and how do you get the experience to land one of those jobs? Should SOC Analysts always be hunting, or is that \"someone else\'s job?\" How does CTI connect to hunting?\nIf you have any of these questions burning in your mind, you have to come to this panel! We\'ve got a fun and mostly sane panel of people who have different perspectives to share, and we want to hear from you, too!
\n\nOur panel of Threat Hunting practitioners will take spicy topics from our amazing moderator and the audience on topics ranging from how to thrunt to real life stories of the good, the bad and the ugly. Do you have strong opinions about whether you should call it Thrunting or DEATH? We\'ll ask the audience some questions, too, and you might even win a prize for your spicy take!
\n\nSpeakers:Joe Slowik,Randy Pargman,Sydney Marrone,th3CyF0x,Ryan Chapman
\n
\nSpeakerBio: Joe Slowik
\nJoe Slowik has over 15 years of experience across multiple cyber domains and problem sets. Currently Joe leads CTI functions for the MITRE ATT&CK project while also conducting critical infrastructure threat research and analysis. Previously Joe has worked in multiple roles spanning CTI, detection engineering, and threat hunting at organizations such as Dragos, Huntress, DomainTools, and Gigamon. Joe started his infosec journey with the US Navy and at Los Alamos National Laboratory.
\n\nSpeakerBio: Randy Pargman
\nI love helping people solve problems, especially when I get to use technology. I\'ve been in love with programming since my grandma taught me BASIC, and if you like talking about coding, dogs, pizza, camping, or beer, I\'d love to get to meet you. I especially enjoy threat hunting on endpoints, network, and email. The job I get paid for is Threat Detection at Proofpoint. In my spare time as a volunteer, I am an analyst with The DFIR Report, and I am one of the founders/organizers of DEATHCon.
\n\nSpeakerBio: Sydney Marrone
\nSydney Marrone is a Principal Thrunter at Splunk. She loves all things purple, treat hunting, and pop punk.
\n\nSpeakerBio: th3CyF0x
\nCo-Founder of DEATHCON. 12+ years of incident response, threat hunting and threat research
\n\nSpeakerBio: Ryan Chapman
\nRyan Chapman is the author of SANS’ “FOR528: Ransomware and Cyber Extortion” course, teaches SANS’ “FOR610: Reverse Engineering Malware” course, works as a threat hunter @ $dayJob, and is an author for Pluralsight. Ryan has a passion for life-long learning, loves to teach people about ransomware-related attacks, and enjoys pulling apart malware.
\n\n\n\'',NULL,616471),('3_Saturday','14','14:00','14:59','N','BTV','LVCC West/Floor 3/W310','\'Store bought is fine, sometimes!\'','\'Jason Craig,Lauren Proehl,Tina Velez,William Phillips\'','BTV_f13a75768a7dae160de8e6c8c4e8223f','\'Title: Store bought is fine, sometimes!
\nWhen: Saturday, Aug 10, 14:00 - 14:59 PDT
\nWhere: LVCC West/Floor 3/W310 - Map
\n
\nDescription:
\nArguably one of the many unsexy topics in the space, but a super important consideration for those leading security programs and the ICs working on the individual components. This conversation will include an overview of the pros and cons of building vs buying decisions in a security program. Specific use cases, and maturity stages will be explored to help the audience understand how to work towards getting the balance right. Panelists with a wealth of diverse industry experience will talk through real world examples of what worked and what didn’t, and lessons learned. We reserve the right to pull an Oprah Winfrey and leave jars of mayo under each seat to make this talk extra memorable.
\n\nPanelists’ experience includes both IC and management, from startups to FAANG to giant enterprise.
\n\nJoin us for this thrilling and dynamic panel as we extend the wisdom of The Barefoot Contessa, Ina Garten, to the security space. Why spend your precious time in the kitchen of your security program making absolutely everything from scratch, when store bought can be just fine sometimes? We’ll discuss the pros and cons and considerations of build vs buy, in a talk that promises to capture the right balance of cynicism, nuance, and practicality. We know it’s tempting to make our own mayo, but we’ve lived it and have to say - sometimes store bought is just fine. Prepare your well ack-shuallys, we’re ready.
\n\nSpeakers:Jason Craig,Lauren Proehl,Tina Velez,William Phillips
\n
\nSpeakerBio: Jason Craig
\nJason is a unicorn enthusiast and enjoys coffee, thrunting, and late apexes. Jason has worked for a few org’s you’ve heard of, done some things, and prefers to be a quiet professional.
\n\nSpeakerBio: Lauren Proehl
\nNo BIO available
\nSpeakerBio: Tina Velez, Growth Lead at ClearVector
\nTina is the Growth Lead and resident muppet at ClearVector. Prior to that, Tina spent several years at Expel serving in a variety of roles including customer success, enterprise solutions architecture, solutions strategist, and management. Before making the transition full time to the amazing and harried world of security, she spent many years tech side in the SLED space, both within the state courts system and at a major public research university. She defines her happy place as one involving a lot of art, books, and snacks. Tina misses the days of dial up, and crappy MS Paint art. She is a founding member of ThruntCon.
\n\nSpeakerBio: William Phillips
\nNo BIO available
\n\n\'',NULL,616472),('4_Sunday','10','10:00','13:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_e968aafc647c24718650e7070c7e85eb','\'Title: Packet Inspector
\nWhen: Sunday, Aug 11, 10:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nThe perfect introduction to network analysis, sniffing, and forensics. Do you want to understand the techniques people use to tap into a network, steal passwords and listen to conversations? Packet Inspector is the place to develop these skills! For well over a decade, the Wall of Sheep has shown people how important it is to use end-to-end encryption to keep sensitive information like passwords private. Using a license of the world famous Capture The Packet engine from Aries Security, we have created a unique way to teach hands-on skills in a controlled real-time environment.
\n\n\'',NULL,616473),('4_Sunday','11','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_e968aafc647c24718650e7070c7e85eb','\'\'',NULL,616474),('4_Sunday','12','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_e968aafc647c24718650e7070c7e85eb','\'\'',NULL,616475),('4_Sunday','13','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_e968aafc647c24718650e7070c7e85eb','\'\'',NULL,616476),('2_Friday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_bacd9afed71e601ae7c5c1ea1c45db86','\'Title: Packet Inspector
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nThe perfect introduction to network analysis, sniffing, and forensics. Do you want to understand the techniques people use to tap into a network, steal passwords and listen to conversations? Packet Inspector is the place to develop these skills! For well over a decade, the Wall of Sheep has shown people how important it is to use end-to-end encryption to keep sensitive information like passwords private. Using a license of the world famous Capture The Packet engine from Aries Security, we have created a unique way to teach hands-on skills in a controlled real-time environment.
\n\n\'',NULL,616477),('2_Friday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_bacd9afed71e601ae7c5c1ea1c45db86','\'\'',NULL,616478),('2_Friday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_bacd9afed71e601ae7c5c1ea1c45db86','\'\'',NULL,616479),('2_Friday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_bacd9afed71e601ae7c5c1ea1c45db86','\'\'',NULL,616480),('2_Friday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_bacd9afed71e601ae7c5c1ea1c45db86','\'\'',NULL,616481),('2_Friday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_bacd9afed71e601ae7c5c1ea1c45db86','\'\'',NULL,616482),('2_Friday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_bacd9afed71e601ae7c5c1ea1c45db86','\'\'',NULL,616483),('2_Friday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_bacd9afed71e601ae7c5c1ea1c45db86','\'\'',NULL,616484),('3_Saturday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_d52e6148ee6d7a274f518936b20290a6','\'Title: Packet Inspector
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nThe perfect introduction to network analysis, sniffing, and forensics. Do you want to understand the techniques people use to tap into a network, steal passwords and listen to conversations? Packet Inspector is the place to develop these skills! For well over a decade, the Wall of Sheep has shown people how important it is to use end-to-end encryption to keep sensitive information like passwords private. Using a license of the world famous Capture The Packet engine from Aries Security, we have created a unique way to teach hands-on skills in a controlled real-time environment.
\n\n\'',NULL,616485),('3_Saturday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_d52e6148ee6d7a274f518936b20290a6','\'\'',NULL,616486),('3_Saturday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_d52e6148ee6d7a274f518936b20290a6','\'\'',NULL,616487),('3_Saturday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_d52e6148ee6d7a274f518936b20290a6','\'\'',NULL,616488),('3_Saturday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_d52e6148ee6d7a274f518936b20290a6','\'\'',NULL,616489),('3_Saturday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_d52e6148ee6d7a274f518936b20290a6','\'\'',NULL,616490),('3_Saturday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_d52e6148ee6d7a274f518936b20290a6','\'\'',NULL,616491),('3_Saturday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Inspector\'','\'\'','PHV_d52e6148ee6d7a274f518936b20290a6','\'\'',NULL,616492),('4_Sunday','10','10:00','13:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_ea19b8e3394cb1ac9e98e854bd78c3f8','\'Title: Packet Detective
\nWhen: Sunday, Aug 11, 10:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nLooking to upgrade your skills or see how you would fare in Capture The Packet? Come check out what Packet Detective has to offer! A step up in difficulty from Packet Inspector, Packet Detective will put your network hunting abilities to the test with real-world scenarios at the intermediate level. Take the next step in your journey towards network mastery in a friendly environment still focused on learning and take another step closer to preparing yourself for the competitive environment of Capture The Packet
\n\n\'',NULL,616493),('4_Sunday','11','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_ea19b8e3394cb1ac9e98e854bd78c3f8','\'\'',NULL,616494),('4_Sunday','12','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_ea19b8e3394cb1ac9e98e854bd78c3f8','\'\'',NULL,616495),('4_Sunday','13','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_ea19b8e3394cb1ac9e98e854bd78c3f8','\'\'',NULL,616496),('2_Friday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_10e4d8ecc4ad842a137d5d6e23c9823e','\'Title: Packet Detective
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nLooking to upgrade your skills or see how you would fare in Capture The Packet? Come check out what Packet Detective has to offer! A step up in difficulty from Packet Inspector, Packet Detective will put your network hunting abilities to the test with real-world scenarios at the intermediate level. Take the next step in your journey towards network mastery in a friendly environment still focused on learning and take another step closer to preparing yourself for the competitive environment of Capture The Packet
\n\n\'',NULL,616497),('2_Friday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_10e4d8ecc4ad842a137d5d6e23c9823e','\'\'',NULL,616498),('2_Friday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_10e4d8ecc4ad842a137d5d6e23c9823e','\'\'',NULL,616499),('2_Friday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_10e4d8ecc4ad842a137d5d6e23c9823e','\'\'',NULL,616500),('2_Friday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_10e4d8ecc4ad842a137d5d6e23c9823e','\'\'',NULL,616501),('2_Friday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_10e4d8ecc4ad842a137d5d6e23c9823e','\'\'',NULL,616502),('2_Friday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_10e4d8ecc4ad842a137d5d6e23c9823e','\'\'',NULL,616503),('2_Friday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_10e4d8ecc4ad842a137d5d6e23c9823e','\'\'',NULL,616504),('3_Saturday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_a58730652699fd9781bc5d5076b63009','\'Title: Packet Detective
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nLooking to upgrade your skills or see how you would fare in Capture The Packet? Come check out what Packet Detective has to offer! A step up in difficulty from Packet Inspector, Packet Detective will put your network hunting abilities to the test with real-world scenarios at the intermediate level. Take the next step in your journey towards network mastery in a friendly environment still focused on learning and take another step closer to preparing yourself for the competitive environment of Capture The Packet
\n\n\'',NULL,616505),('3_Saturday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_a58730652699fd9781bc5d5076b63009','\'\'',NULL,616506),('3_Saturday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_a58730652699fd9781bc5d5076b63009','\'\'',NULL,616507),('3_Saturday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_a58730652699fd9781bc5d5076b63009','\'\'',NULL,616508),('3_Saturday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_a58730652699fd9781bc5d5076b63009','\'\'',NULL,616509),('3_Saturday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_a58730652699fd9781bc5d5076b63009','\'\'',NULL,616510),('3_Saturday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_a58730652699fd9781bc5d5076b63009','\'\'',NULL,616511),('3_Saturday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Packet Detective\'','\'\'','PHV_a58730652699fd9781bc5d5076b63009','\'\'',NULL,616512),('2_Friday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b0eea459bad5a191092d90028caf8cf3','\'Title: Botnets
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nJoin us for an interactive workshop where we will walk you through the ins and outs of botnet deployment and operation via a command and control web server. Geared towards beginners, this workshop offers a hands-on approach to understanding how botnets function. You\'ll also learn an effective defense strategy against the botnet you have created. No experience needed we will give you everything you need!
\n\n\'',NULL,616513),('2_Friday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b0eea459bad5a191092d90028caf8cf3','\'\'',NULL,616514),('2_Friday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b0eea459bad5a191092d90028caf8cf3','\'\'',NULL,616515),('2_Friday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b0eea459bad5a191092d90028caf8cf3','\'\'',NULL,616516),('2_Friday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b0eea459bad5a191092d90028caf8cf3','\'\'',NULL,616517),('2_Friday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b0eea459bad5a191092d90028caf8cf3','\'\'',NULL,616518),('2_Friday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b0eea459bad5a191092d90028caf8cf3','\'\'',NULL,616519),('2_Friday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b0eea459bad5a191092d90028caf8cf3','\'\'',NULL,616520),('3_Saturday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b00ca8e1187b6f2273a8369c14ccabd0','\'Title: Botnets
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nJoin us for an interactive workshop where we will walk you through the ins and outs of botnet deployment and operation via a command and control web server. Geared towards beginners, this workshop offers a hands-on approach to understanding how botnets function. You\'ll also learn an effective defense strategy against the botnet you have created. No experience needed we will give you everything you need!
\n\n\'',NULL,616521),('3_Saturday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b00ca8e1187b6f2273a8369c14ccabd0','\'\'',NULL,616522),('3_Saturday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b00ca8e1187b6f2273a8369c14ccabd0','\'\'',NULL,616523),('3_Saturday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b00ca8e1187b6f2273a8369c14ccabd0','\'\'',NULL,616524),('3_Saturday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b00ca8e1187b6f2273a8369c14ccabd0','\'\'',NULL,616525),('3_Saturday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b00ca8e1187b6f2273a8369c14ccabd0','\'\'',NULL,616526),('3_Saturday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b00ca8e1187b6f2273a8369c14ccabd0','\'\'',NULL,616527),('3_Saturday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_b00ca8e1187b6f2273a8369c14ccabd0','\'\'',NULL,616528),('4_Sunday','10','10:00','13:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_95a8e1095a68ebce45fc5a516d3b30e0','\'Title: Botnets
\nWhen: Sunday, Aug 11, 10:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nJoin us for an interactive workshop where we will walk you through the ins and outs of botnet deployment and operation via a command and control web server. Geared towards beginners, this workshop offers a hands-on approach to understanding how botnets function. You\'ll also learn an effective defense strategy against the botnet you have created. No experience needed we will give you everything you need!
\n\n\'',NULL,616529),('4_Sunday','11','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_95a8e1095a68ebce45fc5a516d3b30e0','\'\'',NULL,616530),('4_Sunday','12','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_95a8e1095a68ebce45fc5a516d3b30e0','\'\'',NULL,616531),('4_Sunday','13','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Botnets\'','\'\'','PHV_95a8e1095a68ebce45fc5a516d3b30e0','\'\'',NULL,616532),('2_Friday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_9afca0e0a7621f5e5eaff107af5ff886','\'Title: Linux Trainer
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nKnowing how to use the Linux command line is a critical skill for any good security practitioner. This trainer will have 10+ problems covering some of the most fundamental Linux commands. This trainer is for people new to field and for those who want to hone their Linux command line-fu.
\n\n\'',NULL,616533),('2_Friday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_9afca0e0a7621f5e5eaff107af5ff886','\'\'',NULL,616534),('2_Friday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_9afca0e0a7621f5e5eaff107af5ff886','\'\'',NULL,616535),('2_Friday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_9afca0e0a7621f5e5eaff107af5ff886','\'\'',NULL,616536),('2_Friday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_9afca0e0a7621f5e5eaff107af5ff886','\'\'',NULL,616537),('2_Friday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_9afca0e0a7621f5e5eaff107af5ff886','\'\'',NULL,616538),('2_Friday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_9afca0e0a7621f5e5eaff107af5ff886','\'\'',NULL,616539),('2_Friday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_9afca0e0a7621f5e5eaff107af5ff886','\'\'',NULL,616540),('4_Sunday','10','10:00','13:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_1639032ff9b6f6da8a3b60286711c940','\'Title: Linux Trainer
\nWhen: Sunday, Aug 11, 10:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nKnowing how to use the Linux command line is a critical skill for any good security practitioner. This trainer will have 10+ problems covering some of the most fundamental Linux commands. This trainer is for people new to field and for those who want to hone their Linux command line-fu.
\n\n\'',NULL,616541),('4_Sunday','11','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_1639032ff9b6f6da8a3b60286711c940','\'\'',NULL,616542),('4_Sunday','12','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_1639032ff9b6f6da8a3b60286711c940','\'\'',NULL,616543),('4_Sunday','13','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_1639032ff9b6f6da8a3b60286711c940','\'\'',NULL,616544),('3_Saturday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_26254442eb687c14021d5e7bc7fe8b41','\'Title: Linux Trainer
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nKnowing how to use the Linux command line is a critical skill for any good security practitioner. This trainer will have 10+ problems covering some of the most fundamental Linux commands. This trainer is for people new to field and for those who want to hone their Linux command line-fu.
\n\n\'',NULL,616545),('3_Saturday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_26254442eb687c14021d5e7bc7fe8b41','\'\'',NULL,616546),('3_Saturday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_26254442eb687c14021d5e7bc7fe8b41','\'\'',NULL,616547),('3_Saturday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_26254442eb687c14021d5e7bc7fe8b41','\'\'',NULL,616548),('3_Saturday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_26254442eb687c14021d5e7bc7fe8b41','\'\'',NULL,616549),('3_Saturday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_26254442eb687c14021d5e7bc7fe8b41','\'\'',NULL,616550),('3_Saturday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_26254442eb687c14021d5e7bc7fe8b41','\'\'',NULL,616551),('3_Saturday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Linux Trainer\'','\'\'','PHV_26254442eb687c14021d5e7bc7fe8b41','\'\'',NULL,616552),('4_Sunday','10','10:00','13:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_91945a233c22970b849145c75a21e13c','\'Title: Network-OS: Be The Cloud
\nWhen: Sunday, Aug 11, 10:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nThe Network-OS workshop will take you into the mysterious world which underpins modern computing and allows people to talk across the globe. This of course being the network itself. In this workshop you will familiarize yourself with the command line of network devices. Step by step, you will configure devices to talk to each other, share information about the computers connected to them, and relay their network information and traffic between each other. No experience needed, know how to type and copy/paste.
\n\n\'',NULL,616553),('4_Sunday','11','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_91945a233c22970b849145c75a21e13c','\'\'',NULL,616554),('4_Sunday','12','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_91945a233c22970b849145c75a21e13c','\'\'',NULL,616555),('4_Sunday','13','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_91945a233c22970b849145c75a21e13c','\'\'',NULL,616556),('2_Friday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_07379efb68d97fbb1c1b113ecb935763','\'Title: Network-OS: Be The Cloud
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nThe Network-OS workshop will take you into the mysterious world which underpins modern computing and allows people to talk across the globe. This of course being the network itself. In this workshop you will familiarize yourself with the command line of network devices. Step by step, you will configure devices to talk to each other, share information about the computers connected to them, and relay their network information and traffic between each other. No experience needed, know how to type and copy/paste.
\n\n\'',NULL,616557),('2_Friday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_07379efb68d97fbb1c1b113ecb935763','\'\'',NULL,616558),('2_Friday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_07379efb68d97fbb1c1b113ecb935763','\'\'',NULL,616559),('2_Friday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_07379efb68d97fbb1c1b113ecb935763','\'\'',NULL,616560),('2_Friday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_07379efb68d97fbb1c1b113ecb935763','\'\'',NULL,616561),('2_Friday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_07379efb68d97fbb1c1b113ecb935763','\'\'',NULL,616562),('2_Friday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_07379efb68d97fbb1c1b113ecb935763','\'\'',NULL,616563),('2_Friday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_07379efb68d97fbb1c1b113ecb935763','\'\'',NULL,616564),('3_Saturday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_495c08d4edbe48a0242537ff56588629','\'Title: Network-OS: Be The Cloud
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nThe Network-OS workshop will take you into the mysterious world which underpins modern computing and allows people to talk across the globe. This of course being the network itself. In this workshop you will familiarize yourself with the command line of network devices. Step by step, you will configure devices to talk to each other, share information about the computers connected to them, and relay their network information and traffic between each other. No experience needed, know how to type and copy/paste.
\n\n\'',NULL,616565),('3_Saturday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_495c08d4edbe48a0242537ff56588629','\'\'',NULL,616566),('3_Saturday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_495c08d4edbe48a0242537ff56588629','\'\'',NULL,616567),('3_Saturday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_495c08d4edbe48a0242537ff56588629','\'\'',NULL,616568),('3_Saturday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_495c08d4edbe48a0242537ff56588629','\'\'',NULL,616569),('3_Saturday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_495c08d4edbe48a0242537ff56588629','\'\'',NULL,616570),('3_Saturday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_495c08d4edbe48a0242537ff56588629','\'\'',NULL,616571),('3_Saturday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Network-OS: Be The Cloud\'','\'\'','PHV_495c08d4edbe48a0242537ff56588629','\'\'',NULL,616572),('3_Saturday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_317d8236d46265992e30e60e284529fb','\'Title: Regular Expressions (RegEx) Trainer
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nRegular Expressions or RegEX are used everywhere! If you aspire to be a Pentester, Threat Hunter, Programmer, Network Engineer, DevOps or really anything in technology today, RegEx is a skill all the greats have and the majority of the industry are terrible at. Come learn or brush up on your RegEx skills in on our live trainer.
\n\n\'',NULL,616573),('3_Saturday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_317d8236d46265992e30e60e284529fb','\'\'',NULL,616574),('3_Saturday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_317d8236d46265992e30e60e284529fb','\'\'',NULL,616575),('3_Saturday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_317d8236d46265992e30e60e284529fb','\'\'',NULL,616576),('3_Saturday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_317d8236d46265992e30e60e284529fb','\'\'',NULL,616577),('3_Saturday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_317d8236d46265992e30e60e284529fb','\'\'',NULL,616578),('3_Saturday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_317d8236d46265992e30e60e284529fb','\'\'',NULL,616579),('3_Saturday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_317d8236d46265992e30e60e284529fb','\'\'',NULL,616580),('4_Sunday','10','10:00','13:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_ce227cfd94f1db13a434f3c558afe071','\'Title: Regular Expressions (RegEx) Trainer
\nWhen: Sunday, Aug 11, 10:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nRegular Expressions or RegEX are used everywhere! If you aspire to be a Pentester, Threat Hunter, Programmer, Network Engineer, DevOps or really anything in technology today, RegEx is a skill all the greats have and the majority of the industry are terrible at. Come learn or brush up on your RegEx skills in on our live trainer.
\n\n\'',NULL,616581),('4_Sunday','11','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_ce227cfd94f1db13a434f3c558afe071','\'\'',NULL,616582),('4_Sunday','12','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_ce227cfd94f1db13a434f3c558afe071','\'\'',NULL,616583),('4_Sunday','13','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_ce227cfd94f1db13a434f3c558afe071','\'\'',NULL,616584),('2_Friday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_ae93fde21b4bd11c5371ffc77a693c12','\'Title: Regular Expressions (RegEx) Trainer
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nRegular Expressions or RegEX are used everywhere! If you aspire to be a Pentester, Threat Hunter, Programmer, Network Engineer, DevOps or really anything in technology today, RegEx is a skill all the greats have and the majority of the industry are terrible at. Come learn or brush up on your RegEx skills in on our live trainer.
\n\n\'',NULL,616585),('2_Friday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_ae93fde21b4bd11c5371ffc77a693c12','\'\'',NULL,616586),('2_Friday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_ae93fde21b4bd11c5371ffc77a693c12','\'\'',NULL,616587),('2_Friday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_ae93fde21b4bd11c5371ffc77a693c12','\'\'',NULL,616588),('2_Friday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_ae93fde21b4bd11c5371ffc77a693c12','\'\'',NULL,616589),('2_Friday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_ae93fde21b4bd11c5371ffc77a693c12','\'\'',NULL,616590),('2_Friday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_ae93fde21b4bd11c5371ffc77a693c12','\'\'',NULL,616591),('2_Friday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Regular Expressions (RegEx) Trainer\'','\'\'','PHV_ae93fde21b4bd11c5371ffc77a693c12','\'\'',NULL,616592),('2_Friday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_2fa060c4928fa3918d0d3dbf9f23deb6','\'Title: Python + Packet Analysis + Machine Learning
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nUse machine learning with Python to detect attacks in network packets including DNS tunneling, FTP brute force, and HTTP scanning. We will be using various Python tools such as iPython notebooks, scapy, and scikit-learn. Some Python experience is recommended, but if you don\'t know Python, come prepared to start with our Python tutorial!
\n\n\'',NULL,616593),('2_Friday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_2fa060c4928fa3918d0d3dbf9f23deb6','\'\'',NULL,616594),('2_Friday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_2fa060c4928fa3918d0d3dbf9f23deb6','\'\'',NULL,616595),('2_Friday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_2fa060c4928fa3918d0d3dbf9f23deb6','\'\'',NULL,616596),('2_Friday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_2fa060c4928fa3918d0d3dbf9f23deb6','\'\'',NULL,616597),('2_Friday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_2fa060c4928fa3918d0d3dbf9f23deb6','\'\'',NULL,616598),('2_Friday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_2fa060c4928fa3918d0d3dbf9f23deb6','\'\'',NULL,616599),('2_Friday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_2fa060c4928fa3918d0d3dbf9f23deb6','\'\'',NULL,616600),('3_Saturday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_23d6a110fb73a71a26f70dbf0e22d1b8','\'Title: Python + Packet Analysis + Machine Learning
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nUse machine learning with Python to detect attacks in network packets including DNS tunneling, FTP brute force, and HTTP scanning. We will be using various Python tools such as iPython notebooks, scapy, and scikit-learn. Some Python experience is recommended, but if you don\'t know Python, come prepared to start with our Python tutorial!
\n\n\'',NULL,616601),('3_Saturday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_23d6a110fb73a71a26f70dbf0e22d1b8','\'\'',NULL,616602),('3_Saturday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_23d6a110fb73a71a26f70dbf0e22d1b8','\'\'',NULL,616603),('3_Saturday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_23d6a110fb73a71a26f70dbf0e22d1b8','\'\'',NULL,616604),('3_Saturday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_23d6a110fb73a71a26f70dbf0e22d1b8','\'\'',NULL,616605),('3_Saturday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_23d6a110fb73a71a26f70dbf0e22d1b8','\'\'',NULL,616606),('3_Saturday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_23d6a110fb73a71a26f70dbf0e22d1b8','\'\'',NULL,616607),('3_Saturday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_23d6a110fb73a71a26f70dbf0e22d1b8','\'\'',NULL,616608),('4_Sunday','10','10:00','13:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_8432a198b5c7879e118e647de5a83ef3','\'Title: Python + Packet Analysis + Machine Learning
\nWhen: Sunday, Aug 11, 10:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nUse machine learning with Python to detect attacks in network packets including DNS tunneling, FTP brute force, and HTTP scanning. We will be using various Python tools such as iPython notebooks, scapy, and scikit-learn. Some Python experience is recommended, but if you don\'t know Python, come prepared to start with our Python tutorial!
\n\n\'',NULL,616609),('4_Sunday','11','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_8432a198b5c7879e118e647de5a83ef3','\'\'',NULL,616610),('4_Sunday','12','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_8432a198b5c7879e118e647de5a83ef3','\'\'',NULL,616611),('4_Sunday','13','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Python + Packet Analysis + Machine Learning\'','\'\'','PHV_8432a198b5c7879e118e647de5a83ef3','\'\'',NULL,616612),('3_Saturday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_58a63b70e59c0ef9ae5fe660a42fb065','\'Title: Password lab
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nFollow real world password attack steps against a mock target in order to better understand how to protect yourself and improve the security of your passwords!
\n\n\'',NULL,616613),('3_Saturday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_58a63b70e59c0ef9ae5fe660a42fb065','\'\'',NULL,616614),('3_Saturday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_58a63b70e59c0ef9ae5fe660a42fb065','\'\'',NULL,616615),('3_Saturday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_58a63b70e59c0ef9ae5fe660a42fb065','\'\'',NULL,616616),('3_Saturday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_58a63b70e59c0ef9ae5fe660a42fb065','\'\'',NULL,616617),('3_Saturday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_58a63b70e59c0ef9ae5fe660a42fb065','\'\'',NULL,616618),('3_Saturday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_58a63b70e59c0ef9ae5fe660a42fb065','\'\'',NULL,616619),('3_Saturday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_58a63b70e59c0ef9ae5fe660a42fb065','\'\'',NULL,616620),('4_Sunday','10','10:00','13:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_64b5a5660ef5e7ce510580cbae04c027','\'Title: Password lab
\nWhen: Sunday, Aug 11, 10:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nFollow real world password attack steps against a mock target in order to better understand how to protect yourself and improve the security of your passwords!
\n\n\'',NULL,616621),('4_Sunday','11','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_64b5a5660ef5e7ce510580cbae04c027','\'\'',NULL,616622),('4_Sunday','12','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_64b5a5660ef5e7ce510580cbae04c027','\'\'',NULL,616623),('4_Sunday','13','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_64b5a5660ef5e7ce510580cbae04c027','\'\'',NULL,616624),('2_Friday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_74456e5253603ef3982b982ad76474eb','\'Title: Password lab
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nFollow real world password attack steps against a mock target in order to better understand how to protect yourself and improve the security of your passwords!
\n\n\'',NULL,616625),('2_Friday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_74456e5253603ef3982b982ad76474eb','\'\'',NULL,616626),('2_Friday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_74456e5253603ef3982b982ad76474eb','\'\'',NULL,616627),('2_Friday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_74456e5253603ef3982b982ad76474eb','\'\'',NULL,616628),('2_Friday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_74456e5253603ef3982b982ad76474eb','\'\'',NULL,616629),('2_Friday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_74456e5253603ef3982b982ad76474eb','\'\'',NULL,616630),('2_Friday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_74456e5253603ef3982b982ad76474eb','\'\'',NULL,616631),('2_Friday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'Password lab\'','\'\'','PHV_74456e5253603ef3982b982ad76474eb','\'\'',NULL,616632),('3_Saturday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_3c5bed14db7472981f532723d1c5ab6f','\'Title: FleetDm
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nNo description provided by creator
\n\n\'',NULL,616633),('3_Saturday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_3c5bed14db7472981f532723d1c5ab6f','\'\'',NULL,616634),('3_Saturday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_3c5bed14db7472981f532723d1c5ab6f','\'\'',NULL,616635),('3_Saturday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_3c5bed14db7472981f532723d1c5ab6f','\'\'',NULL,616636),('3_Saturday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_3c5bed14db7472981f532723d1c5ab6f','\'\'',NULL,616637),('3_Saturday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_3c5bed14db7472981f532723d1c5ab6f','\'\'',NULL,616638),('3_Saturday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_3c5bed14db7472981f532723d1c5ab6f','\'\'',NULL,616639),('3_Saturday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_3c5bed14db7472981f532723d1c5ab6f','\'\'',NULL,616640),('4_Sunday','10','10:00','13:59','N','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_ce2274702e2a35243e16b27e2fcd8f36','\'Title: FleetDm
\nWhen: Sunday, Aug 11, 10:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nNo description provided by creator
\n\n\'',NULL,616641),('4_Sunday','11','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_ce2274702e2a35243e16b27e2fcd8f36','\'\'',NULL,616642),('4_Sunday','12','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_ce2274702e2a35243e16b27e2fcd8f36','\'\'',NULL,616643),('4_Sunday','13','10:00','13:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_ce2274702e2a35243e16b27e2fcd8f36','\'\'',NULL,616644),('2_Friday','10','10:00','17:59','N','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_aebac4482c4a03497dd80b61168dc235','\'Title: FleetDm
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W216-W221 - Map
\n
\nDescription:
\nNo description provided by creator
\n\n\'',NULL,616645),('2_Friday','11','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_aebac4482c4a03497dd80b61168dc235','\'\'',NULL,616646),('2_Friday','12','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_aebac4482c4a03497dd80b61168dc235','\'\'',NULL,616647),('2_Friday','13','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_aebac4482c4a03497dd80b61168dc235','\'\'',NULL,616648),('2_Friday','14','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_aebac4482c4a03497dd80b61168dc235','\'\'',NULL,616649),('2_Friday','15','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_aebac4482c4a03497dd80b61168dc235','\'\'',NULL,616650),('2_Friday','16','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_aebac4482c4a03497dd80b61168dc235','\'\'',NULL,616651),('2_Friday','17','10:00','17:59','Y','PHV','LVCC West/Floor 2/W216-W221','\'FleetDm\'','\'\'','PHV_aebac4482c4a03497dd80b61168dc235','\'\'',NULL,616652),('2_Friday','15','15:30','15:59','N','IOTV','LVCC West/Floor 1/Hall 2/Creator Stage 1','\'Microhard? More like MicroEASY...to exploit...\'','\'Ricky \"HeadlessZeke\" Lawshae\'','IOTV_4c8a100eacd487d838ab8f1abd9199ac','\'Title: Microhard? More like MicroEASY...to exploit...
\nWhen: Friday, Aug 9, 15:30 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/Creator Stage 1 - Map
\n
\nDescription:
\nMicrohard is a Canadian-based company that specializes in long range \"robust\" radio equipment. They are used in SCADA environments, point-of-sale terminals, power utilities, and more. From a security standpoint, however, some of their products are anything but \"robust\". And they have a habit of hiding their vulnerability fixes behind intentionally vague release notes, which will make this even more fun! (No, I\'m not bitter at all) Command injections and buffer overflows abound, as well as a lesson or two in the need for a \"robust\" secure development process.
\n\nSpeakerBio: Ricky \"HeadlessZeke\" Lawshae, Principal Security Researcher at Keysight
\nRicky \"HeadlessZeke\" Lawshae is a Principal Security Researcher at Keysight with well over a decade of experience in the fields of vulnerability research, exploitation, reverse engineering, and network/hardware analysis. He has spoken at many conferences around the world including DEFCON (x5), Recon, and Toorcon. His work has been featured on Forbes, Wired, and Hackaday. These days, he mostly focuses on offensive IoT research.
\n\n\n\'',NULL,616653),('2_Friday','08','08:15','10:30','N','MISC','LVCC West/Floor 3/LVCC-L3-Terrace','\'️ISSCON\'','\'\'','MISC_12ba2ab39110aeafbea833663538ac2d','\'Title: ️ISSCON
\nWhen: Friday, Aug 9, 08:15 - 10:30 PDT
\nWhere: LVCC West/Floor 3/LVCC-L3-Terrace - Map
\n
\nDescription:
\nLet’s Boop the ISS! Join the Lonely Hackers Club for an extraordinary experience where we’ll use our ham radios to attempt communication with astronauts aboard the International Space Station! We have tracked the orbital passes of the space station and calculated our best chance.
\n\n\'',NULL,616654),('2_Friday','09','08:15','10:30','Y','MISC','LVCC West/Floor 3/LVCC-L3-Terrace','\'️ISSCON\'','\'\'','MISC_12ba2ab39110aeafbea833663538ac2d','\'\'',NULL,616655),('2_Friday','10','08:15','10:30','Y','MISC','LVCC West/Floor 3/LVCC-L3-Terrace','\'️ISSCON\'','\'\'','MISC_12ba2ab39110aeafbea833663538ac2d','\'\'',NULL,616656),('4_Sunday','10','10:00','12:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Small scale LAN party\'','\'\'','MISC_2bce3cef4517e25e9cb12812f480afbb','\'Title: Small scale LAN party
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-04-01 - Map
\n
\nDescription:
\nSmall scale LAN party - Use one of our Windows 98 laptops or BYOB and hook it up! Seating will likely be limited depending on interest.
\n\n\'',NULL,616657),('4_Sunday','11','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Small scale LAN party\'','\'\'','MISC_2bce3cef4517e25e9cb12812f480afbb','\'\'',NULL,616658),('4_Sunday','12','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Small scale LAN party\'','\'\'','MISC_2bce3cef4517e25e9cb12812f480afbb','\'\'',NULL,616659),('2_Friday','10','10:00','15:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Small scale LAN party\'','\'\'','MISC_93f57478721a3c0ea43ee871cade8929','\'Title: Small scale LAN party
\nWhen: Friday, Aug 9, 10:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-04-01 - Map
\n
\nDescription:
\nSmall scale LAN party - Use one of our Windows 98 laptops or BYOB and hook it up! Seating will likely be limited depending on interest.
\n\n\'',NULL,616660),('2_Friday','11','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Small scale LAN party\'','\'\'','MISC_93f57478721a3c0ea43ee871cade8929','\'\'',NULL,616661),('2_Friday','12','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Small scale LAN party\'','\'\'','MISC_93f57478721a3c0ea43ee871cade8929','\'\'',NULL,616662),('2_Friday','13','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Small scale LAN party\'','\'\'','MISC_93f57478721a3c0ea43ee871cade8929','\'\'',NULL,616663),('2_Friday','14','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Small scale LAN party\'','\'\'','MISC_93f57478721a3c0ea43ee871cade8929','\'\'',NULL,616664),('2_Friday','15','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Small scale LAN party\'','\'\'','MISC_93f57478721a3c0ea43ee871cade8929','\'\'',NULL,616665),('3_Saturday','10','10:00','15:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Small scale LAN party\'','\'\'','MISC_90b9665856561a3130f77ca42d6bb315','\'Title: Small scale LAN party
\nWhen: Saturday, Aug 10, 10:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-04-01 - Map
\n
\nDescription:
\nSmall scale LAN party - Use one of our Windows 98 laptops or BYOB and hook it up! Seating will likely be limited depending on interest.
\n\n\'',NULL,616666),('3_Saturday','11','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Small scale LAN party\'','\'\'','MISC_90b9665856561a3130f77ca42d6bb315','\'\'',NULL,616667),('3_Saturday','12','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Small scale LAN party\'','\'\'','MISC_90b9665856561a3130f77ca42d6bb315','\'\'',NULL,616668),('3_Saturday','13','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Small scale LAN party\'','\'\'','MISC_90b9665856561a3130f77ca42d6bb315','\'\'',NULL,616669),('3_Saturday','14','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Small scale LAN party\'','\'\'','MISC_90b9665856561a3130f77ca42d6bb315','\'\'',NULL,616670),('3_Saturday','15','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Small scale LAN party\'','\'\'','MISC_90b9665856561a3130f77ca42d6bb315','\'\'',NULL,616671),('2_Friday','10','10:00','15:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Show & Tell\'','\'\'','MISC_bae4cb5de42b86c70b664cc6fb82cda1','\'Title: Show & Tell
\nWhen: Friday, Aug 9, 10:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-04-01 - Map
\n
\nDescription:
\nBring a retro artifact of your own for people to have fun with and demonstrate! (Note: Any artifact brought in for Show & Tell must also be taken back home with you, and although we will try our best to keep your artifact safe and operational, we suggest that you don\'t bring anything irreplaceable or that has sentimental value, as things could get destroyed or go missing.)
\n\n\'',NULL,616672),('2_Friday','11','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Show & Tell\'','\'\'','MISC_bae4cb5de42b86c70b664cc6fb82cda1','\'\'',NULL,616673),('2_Friday','12','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Show & Tell\'','\'\'','MISC_bae4cb5de42b86c70b664cc6fb82cda1','\'\'',NULL,616674),('2_Friday','13','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Show & Tell\'','\'\'','MISC_bae4cb5de42b86c70b664cc6fb82cda1','\'\'',NULL,616675),('2_Friday','14','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Show & Tell\'','\'\'','MISC_bae4cb5de42b86c70b664cc6fb82cda1','\'\'',NULL,616676),('2_Friday','15','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Show & Tell\'','\'\'','MISC_bae4cb5de42b86c70b664cc6fb82cda1','\'\'',NULL,616677),('4_Sunday','10','10:00','12:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Show & Tell\'','\'\'','MISC_434ca3cfa95995f6553f25556117db2f','\'Title: Show & Tell
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-04-01 - Map
\n
\nDescription:
\nBring a retro artifact of your own for people to have fun with and demonstrate! (Note: Any artifact brought in for Show & Tell must also be taken back home with you, and although we will try our best to keep your artifact safe and operational, we suggest that you don\'t bring anything irreplaceable or that has sentimental value, as things could get destroyed or go missing.)
\n\n\'',NULL,616678),('4_Sunday','11','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Show & Tell\'','\'\'','MISC_434ca3cfa95995f6553f25556117db2f','\'\'',NULL,616679),('4_Sunday','12','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Show & Tell\'','\'\'','MISC_434ca3cfa95995f6553f25556117db2f','\'\'',NULL,616680),('3_Saturday','10','10:00','15:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Show & Tell\'','\'\'','MISC_079562dce3307d1b7680aa7011adb2ad','\'Title: Show & Tell
\nWhen: Saturday, Aug 10, 10:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-04-01 - Map
\n
\nDescription:
\nBring a retro artifact of your own for people to have fun with and demonstrate! (Note: Any artifact brought in for Show & Tell must also be taken back home with you, and although we will try our best to keep your artifact safe and operational, we suggest that you don\'t bring anything irreplaceable or that has sentimental value, as things could get destroyed or go missing.)
\n\n\'',NULL,616681),('3_Saturday','11','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Show & Tell\'','\'\'','MISC_079562dce3307d1b7680aa7011adb2ad','\'\'',NULL,616682),('3_Saturday','12','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Show & Tell\'','\'\'','MISC_079562dce3307d1b7680aa7011adb2ad','\'\'',NULL,616683),('3_Saturday','13','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Show & Tell\'','\'\'','MISC_079562dce3307d1b7680aa7011adb2ad','\'\'',NULL,616684),('3_Saturday','14','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Show & Tell\'','\'\'','MISC_079562dce3307d1b7680aa7011adb2ad','\'\'',NULL,616685),('3_Saturday','15','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Show & Tell\'','\'\'','MISC_079562dce3307d1b7680aa7011adb2ad','\'\'',NULL,616686),('4_Sunday','10','10:00','12:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Dumb Terminal fun\'','\'\'','MISC_a1390d87d190cbfe72317ad79a4d5c72','\'Title: Dumb Terminal fun
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-04-01 - Map
\n
\nDescription:
\nWe will have several dumb terminals available for all sorts of things courtesy of SCAVHUNT!
\n\n\'',NULL,616687),('4_Sunday','11','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Dumb Terminal fun\'','\'\'','MISC_a1390d87d190cbfe72317ad79a4d5c72','\'\'',NULL,616688),('4_Sunday','12','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Dumb Terminal fun\'','\'\'','MISC_a1390d87d190cbfe72317ad79a4d5c72','\'\'',NULL,616689),('3_Saturday','10','10:00','15:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Dumb Terminal fun\'','\'\'','MISC_b08f5f65dff26af9f04446dd07d47791','\'Title: Dumb Terminal fun
\nWhen: Saturday, Aug 10, 10:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-04-01 - Map
\n
\nDescription:
\nWe will have several dumb terminals available for all sorts of things courtesy of SCAVHUNT!
\n\n\'',NULL,616690),('3_Saturday','11','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Dumb Terminal fun\'','\'\'','MISC_b08f5f65dff26af9f04446dd07d47791','\'\'',NULL,616691),('3_Saturday','12','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Dumb Terminal fun\'','\'\'','MISC_b08f5f65dff26af9f04446dd07d47791','\'\'',NULL,616692),('3_Saturday','13','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Dumb Terminal fun\'','\'\'','MISC_b08f5f65dff26af9f04446dd07d47791','\'\'',NULL,616693),('3_Saturday','14','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Dumb Terminal fun\'','\'\'','MISC_b08f5f65dff26af9f04446dd07d47791','\'\'',NULL,616694),('3_Saturday','15','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Dumb Terminal fun\'','\'\'','MISC_b08f5f65dff26af9f04446dd07d47791','\'\'',NULL,616695),('2_Friday','10','10:00','15:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Dumb Terminal fun\'','\'\'','MISC_34767b2eb1032c874a5ff3ab84c04cba','\'Title: Dumb Terminal fun
\nWhen: Friday, Aug 9, 10:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-04-01 - Map
\n
\nDescription:
\nWe will have several dumb terminals available for all sorts of things courtesy of SCAVHUNT!
\n\n\'',NULL,616696),('2_Friday','11','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Dumb Terminal fun\'','\'\'','MISC_34767b2eb1032c874a5ff3ab84c04cba','\'\'',NULL,616697),('2_Friday','12','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Dumb Terminal fun\'','\'\'','MISC_34767b2eb1032c874a5ff3ab84c04cba','\'\'',NULL,616698),('2_Friday','13','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Dumb Terminal fun\'','\'\'','MISC_34767b2eb1032c874a5ff3ab84c04cba','\'\'',NULL,616699),('2_Friday','14','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Dumb Terminal fun\'','\'\'','MISC_34767b2eb1032c874a5ff3ab84c04cba','\'\'',NULL,616700),('2_Friday','15','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Dumb Terminal fun\'','\'\'','MISC_34767b2eb1032c874a5ff3ab84c04cba','\'\'',NULL,616701),('3_Saturday','10','10:00','15:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Retro Repair\'','\'\'','MISC_1cfe5a98f3f25518d698eddb7a392560','\'Title: Retro Repair
\nWhen: Saturday, Aug 10, 10:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-04-01 - Map
\n
\nDescription:
\nAlthough not scheduled we intend to have people in and out who can do repairs/soldering on older equipment should anything need it. If you have trouble with your vintage tech during con, we will do our best to help!
\n\n\'',NULL,616702),('3_Saturday','11','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Retro Repair\'','\'\'','MISC_1cfe5a98f3f25518d698eddb7a392560','\'\'',NULL,616703),('3_Saturday','12','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Retro Repair\'','\'\'','MISC_1cfe5a98f3f25518d698eddb7a392560','\'\'',NULL,616704),('3_Saturday','13','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Retro Repair\'','\'\'','MISC_1cfe5a98f3f25518d698eddb7a392560','\'\'',NULL,616705),('3_Saturday','14','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Retro Repair\'','\'\'','MISC_1cfe5a98f3f25518d698eddb7a392560','\'\'',NULL,616706),('3_Saturday','15','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Retro Repair\'','\'\'','MISC_1cfe5a98f3f25518d698eddb7a392560','\'\'',NULL,616707),('2_Friday','10','10:00','15:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Retro Repair\'','\'\'','MISC_fb7ca87082fa473fe92738e5a58e8c62','\'Title: Retro Repair
\nWhen: Friday, Aug 9, 10:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-04-01 - Map
\n
\nDescription:
\nAlthough not scheduled we intend to have people in and out who can do repairs/soldering on older equipment should anything need it. If you have trouble with your vintage tech during con, we will do our best to help!
\n\n\'',NULL,616708),('2_Friday','11','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Retro Repair\'','\'\'','MISC_fb7ca87082fa473fe92738e5a58e8c62','\'\'',NULL,616709),('2_Friday','12','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Retro Repair\'','\'\'','MISC_fb7ca87082fa473fe92738e5a58e8c62','\'\'',NULL,616710),('2_Friday','13','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Retro Repair\'','\'\'','MISC_fb7ca87082fa473fe92738e5a58e8c62','\'\'',NULL,616711),('2_Friday','14','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Retro Repair\'','\'\'','MISC_fb7ca87082fa473fe92738e5a58e8c62','\'\'',NULL,616712),('2_Friday','15','10:00','15:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Retro Repair\'','\'\'','MISC_fb7ca87082fa473fe92738e5a58e8c62','\'\'',NULL,616713),('4_Sunday','10','10:00','12:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Retro Repair\'','\'\'','MISC_d4cf6a69847a38921d7133554f9b5ac2','\'Title: Retro Repair
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-04-01 - Map
\n
\nDescription:
\nAlthough not scheduled we intend to have people in and out who can do repairs/soldering on older equipment should anything need it. If you have trouble with your vintage tech during con, we will do our best to help!
\n\n\'',NULL,616714),('4_Sunday','11','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Retro Repair\'','\'\'','MISC_d4cf6a69847a38921d7133554f9b5ac2','\'\'',NULL,616715),('4_Sunday','12','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-01','\'Retro Repair\'','\'\'','MISC_d4cf6a69847a38921d7133554f9b5ac2','\'\'',NULL,616716),('2_Friday','12','12:00','12:59','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Flipping Locks (The Remix) - Remote Badge Cloning with the Flipper Zero and More\'','\'Langston Clement,Dan Goga\'','PSV_c8a62aa1a0e3e081a11ccbc6dd40743e','\'Title: Flipping Locks (The Remix) - Remote Badge Cloning with the Flipper Zero and More
\nWhen: Friday, Aug 9, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-03 - Map
\n
\nDescription:
\n\n\nSpeakers:Langston Clement,Dan Goga
\n
\nSpeakerBio: Langston Clement
\nNo BIO available
\nSpeakerBio: Dan Goga
\nNo BIO available
\n\n\'',NULL,616717),('2_Friday','13','13:30','13:59','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Bogus Badges: The Art and Innovation of Badge Counterfeiting\'','\'Nick Warner\'','PSV_27bfa2cce99133c86183d27356fe6a1c','\'Title: Bogus Badges: The Art and Innovation of Badge Counterfeiting
\nWhen: Friday, Aug 9, 13:30 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-03 - Map
\n
\nDescription:
\nCounterfeiting badges for conferences and employee access has evolved into a sophisticated craft, blending creativity with technology. This talk explores modern techniques from traditional methods to innovations like 3D printing and digital replication. We uncover how these tools enable counterfeiting to compromise even highly secure systems.
\n\nSpeakerBio: Nick Warner
\nNick is a Penetration Testing Consultant for the Secureworks Adversary Group, specializing in identifying and exploiting security vulnerabilities to help organizations strengthen their defenses. He is also a 3D printing enthusiast, particularly adept at combining technological creativity with practical applications. This unique blend of skills enables him to approach security challenges from diverse and inventive perspectives.
\n\n\n\'',NULL,616718),('2_Friday','17','17:00','17:59','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Bypass 101\'','\'Karen Ng\'','PSV_7824899b138060f30ac47e069bbfe08f','\'Title: Bypass 101
\nWhen: Friday, Aug 9, 17:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-03 - Map
\n
\nDescription:
\nThere are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn how to do these attacks in this talk!
\n\nSpeakerBio: Karen Ng, Risk Analyst at GGR Security
\nKaren is a Risk Analyst at GGR Security, and is one of GGR\'s entry team for physical penetration tests. She has a strong interest in physical security, delivering trainings on physical security vulnerabilities to a wide range of audiences. Karen comes from a background in engineering and has extensive experience in major event logistics. She is one of the Village Leads at the Physical Security Village, and works with the rest of the PSV team to teach how to recognize and fix security exploits to the community. Graphic design is her passion.
\n\n\n\'',NULL,616719),('4_Sunday','10','10:30','11:30','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Bypass 101\'','\'Karen Ng\'','PSV_58e720c6b1327cef284f47acaab2c980','\'Title: Bypass 101
\nWhen: Sunday, Aug 11, 10:30 - 11:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-03 - Map
\n
\nDescription:
\nThere are loads of ways to get through a door without actually attacking the lock itself, including using the egress hardware, access control hardware, and countless other techniques to gain entry. Learn how to do these attacks in this talk!
\n\nSpeakerBio: Karen Ng, Risk Analyst at GGR Security
\nKaren is a Risk Analyst at GGR Security, and is one of GGR\'s entry team for physical penetration tests. She has a strong interest in physical security, delivering trainings on physical security vulnerabilities to a wide range of audiences. Karen comes from a background in engineering and has extensive experience in major event logistics. She is one of the Village Leads at the Physical Security Village, and works with the rest of the PSV team to teach how to recognize and fix security exploits to the community. Graphic design is her passion.
\n\n\n\'',NULL,616720),('4_Sunday','11','10:30','11:30','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Bypass 101\'','\'Karen Ng\'','PSV_58e720c6b1327cef284f47acaab2c980','\'\'',NULL,616721),('2_Friday','16','16:00','16:30','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Access Control done right the first time\'','\'Tim Clevenger\'','PSV_ee8cba448e115206b721fa216e5dc00c','\'Title: Access Control done right the first time
\nWhen: Friday, Aug 9, 16:00 - 16:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-03 - Map
\n
\nDescription:
\nAre you looking to install or upgrade a physical access control system? Having installed, repaired and upgraded dozens of large and small access control system installations, I have found that many vendors install a minimum viable product that can leave your new system unreliable and trivial to bypass.
\n\nThis session will give you the tools and knowledge you need to work with your installer to implement your system using best practices in the following areas:
\n\n\n- Wiring, supervision, encryption and tamper-resistance
\n- Choosing clone-resistant badges and securely programming badge readers
\n- Securing controller equipment and managing issued badges
\n- Maintaining the system for maximum security and uptime
\n
\n\nSpeakerBio: Tim Clevenger, Cybersecurity Network Engineer at SailPoint
\nAs a low voltage hardware junkie, Tim has had the opportunity to design, expand, upgrade and repair numerous physical access control, alarm and video systems, including a stint at a security vendor where he was certified in Lenel access and video. Tim works today at SailPoint as a Cybersecurity Network Engineer.
\n\n\n\'',NULL,616722),('3_Saturday','11','11:00','12:59','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Social Engineering Improv Acting Techniques\'','\'Tim Roberts\'','PSV_45d184cf12ba68050fcad62849dc089f','\'Title: Social Engineering Improv Acting Techniques
\nWhen: Saturday, Aug 10, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-03 - Map
\n
\nDescription:
\nSocial Engineering is a widely-covered topic. We\'ll focus on how it can be beneficial specifically during covert entry assessments for talking your way in/out of situations as well as to solicit information that you can apply throughout the assessment.
\n\nIntroductory methods to modern covert entry Tactics, Techniques and Procedures (TTPs) for penetration testers.
\n\nAn introduction to common and uncommon covert entry techniques that are used during physical security assessments. Whether you are a penetration tester, security coordinator, or the decision maker, these techniques will provide an insight into how expensive electronic and physical access controls can sometimes be bypassed by something as simple as a can of air, a piece of plastic, or even a smile.
\n\nTim Roberts and Brent White of WeHackPeople.com and Dark Wolf Solutions, LLC will be sharing their experiences with covert and overt security tests over the years and walking participants through some real-life application of the techniques utilized during these assessments.
\n\nSpeakerBio: Tim Roberts, Covert Entry Specialist at Dark Wolf Solutions
\nTim is a Covert Entry Specialist with Dark Wolf Solutions and Sr. Principal Penetration Tester. He is the founding member of the Lexington DEF CON group (DC859). He has been interviewed on the subject of “White hat hacking” for Microsoft’s “Roadtrip Nation” television series, was featured on IDG Enterprise’s CSO Online publication by Ryan Francis on social engineering, and was interviewed at Black Hat by HelpNetSecurity on security awareness and “Know Your Adversary”. He and Brent White have also been featured a couple of times on the true crime series Profiling Evil with Mike King. Tim has over fifteen years of professional security experience and has held management, IT, and physical security roles across multiple industries, including healthcare, finance, and government. His experience includes Red Team, Internal/External Network, Wireless, Application, Physical Security, Social Engineering, and more. Tim has spoken and conducted training at numerous security and hacker conferences, including ISSA International, DEF CON, DerbyCon, NolaCon, various B-Sides, CircleCityCon, Techno Security Con, SaintCon, Appalachian Institute of Digital Evidence at Marshall University, Who’s Your Hacker, was keynote for the S&H Law – FBI/Hacker Panel, and more. By continuing to share these experiences, he hopes to further contribute to the InfoSec community and security awareness as a whole.
\n\n\n\'',NULL,616723),('3_Saturday','12','11:00','12:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Social Engineering Improv Acting Techniques\'','\'Tim Roberts\'','PSV_45d184cf12ba68050fcad62849dc089f','\'\'',NULL,616724),('4_Sunday','11','11:30','11:59','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'HandPwning: “Your Hand is your Passport. Verify me. Now let me in!”\'','\'Luca \"CYBERANTANI\" Bongiorni\'','PSV_61a2d0b944dff4d0d8b10c4b6ce80745','\'Title: HandPwning: “Your Hand is your Passport. Verify me. Now let me in!”
\nWhen: Sunday, Aug 11, 11:30 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-03 - Map
\n
\nDescription:
\nBiometrics applied to PACS (Physical Access Control Systems) has been an hot-topic for a few years now. The spread of fingerprint or face recognition based access control and time attendance systems among corporate, industrial and military environments has surged. And with it, also the number of potential attack vectors has increased. In this talk, after a brief overview of the state of art of available PACS utilizing biometrics to authenticate and authorize users, we will investigate one technology among others (usually perceived less-invasive) that has been widely used in some specific fields (e.g. industrial plants, airports, food industry, etc.): the handpunch access control and time attendance systems. The handpunch PACS are based on the hand-geometry recognition. In this presentation we will have a look how this tech works and, in particular, we will focus our attention on reviewing some of existing handpunch devices: from a physical security POV until reversing the communication protocol. Moreover, during the presentation will be demonstrated how to remotely push a new super-admin user into it (i.e. persistent backdoor), how to dump existing users credentials and will be also released an opensource tool-suite: HandScan & HandPwner. Eventually, thanks the cooperation with Shodan’s creator, it has been confirmed that more than 1800 of these vulnerable devices were found exposed on the Internet. Finally, we will conclude the talk with practical and actionable countermeasures to prevent these attacks and how to harden these devices.
\n\nSpeakerBio: Luca \"CYBERANTANI\" Bongiorni, Founder at We Hack In Disguise (WHID)
\nLuca Bongiorni is working as Director of a CyberSecurity Lab and is Founder of WHID - We Hack In Disguise: a cybersecurity boutique focused on R&D offensive hardware implants and IIoT Security. Luca is also actively involved in InfoSec where his main fields of research are: Radio Networks, Hardware Hacking, Internet of Things, and Physical Security. At the moment, he is focusing his researches on bypassing biometric access control systems, IIoT Security & Forensics, Air-Gapped Environments and IoOT (Internet of Offensive Things).
\n\n\n\n\n\'',NULL,616725),('3_Saturday','14','14:00','14:59','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'HandPwning: “Your Hand is your Passport. Verify me. Now let me in!”\'','\'Luca \"CYBERANTANI\" Bongiorni\'','PSV_d91b0599b6ef037e9759f016a8f7cc31','\'Title: HandPwning: “Your Hand is your Passport. Verify me. Now let me in!”
\nWhen: Saturday, Aug 10, 14:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-03 - Map
\n
\nDescription:
\nBiometrics applied to PACS (Physical Access Control Systems) has been an hot-topic for a few years now. The spread of fingerprint or face recognition based access control and time attendance systems among corporate, industrial and military environments has surged. And with it, also the number of potential attack vectors has increased. In this talk, after a brief overview of the state of art of available PACS utilizing biometrics to authenticate and authorize users, we will investigate one technology among others (usually perceived less-invasive) that has been widely used in some specific fields (e.g. industrial plants, airports, food industry, etc.): the handpunch access control and time attendance systems. The handpunch PACS are based on the hand-geometry recognition. In this presentation we will have a look how this tech works and, in particular, we will focus our attention on reviewing some of existing handpunch devices: from a physical security POV until reversing the communication protocol. Moreover, during the presentation will be demonstrated how to remotely push a new super-admin user into it (i.e. persistent backdoor), how to dump existing users credentials and will be also released an opensource tool-suite: HandScan & HandPwner. Eventually, thanks the cooperation with Shodan’s creator, it has been confirmed that more than 1800 of these vulnerable devices were found exposed on the Internet. Finally, we will conclude the talk with practical and actionable countermeasures to prevent these attacks and how to harden these devices.
\n\nSpeakerBio: Luca \"CYBERANTANI\" Bongiorni, Founder at We Hack In Disguise (WHID)
\nLuca Bongiorni is working as Director of a CyberSecurity Lab and is Founder of WHID - We Hack In Disguise: a cybersecurity boutique focused on R&D offensive hardware implants and IIoT Security. Luca is also actively involved in InfoSec where his main fields of research are: Radio Networks, Hardware Hacking, Internet of Things, and Physical Security. At the moment, he is focusing his researches on bypassing biometric access control systems, IIoT Security & Forensics, Air-Gapped Environments and IoOT (Internet of Offensive Things).
\n\n\n\n\n\'',NULL,616726),('3_Saturday','15','15:30','16:30','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Intermediate Physical Security\'','\'Justin Wynn\'','PSV_253655f98fb20aaf299e9068721cdbd5','\'Title: Intermediate Physical Security
\nWhen: Saturday, Aug 10, 15:30 - 16:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-03 - Map
\n
\nDescription:
\nPhysical Red Teams are the most dynamic, exciting, and fast paced engagements we can perform. It requires good decision making under pressure and intimate knowledge of a vast landscape of physical security mechanisms. This talk equips you with the knowledge of over a dozen techniques I use on engagements, delivering the most effective lessons from both lab work and field work. In one action packed hour we\'ll cover top bypasses for padlocks, doors, RFID systems and more.
\n\nSpeakerBio: Justin Wynn, Director of the Red Team at Coalfire
\nJustin Wynn is the Director of the Red Team at Coalfire and is a Physical Security SME. He\'s broken into nearly every type of building: data centers, banks, courthouses - you may be familiar with his wrongful arrest in the latter. He\'s a keynote speaker who has conducted over 350 penetration tests and physical engagements. His pastimes include bank robbing, algorithmic option trading, public speaking, community development, and world peace by founding the militant wing of the Salvation Army.
\n\n\n\'',NULL,616727),('3_Saturday','16','15:30','16:30','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Intermediate Physical Security\'','\'Justin Wynn\'','PSV_253655f98fb20aaf299e9068721cdbd5','\'\'',NULL,616728),('3_Saturday','17','17:00','17:59','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Flipping Locks (The Remix) - Remote Badge Cloning with the Flipper Zero and More\'','\'Langston Clement,Dan Goga\'','PSV_a37684ccebfe9dcaafef9045f0bbf2f8','\'Title: Flipping Locks (The Remix) - Remote Badge Cloning with the Flipper Zero and More
\nWhen: Saturday, Aug 10, 17:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-03 - Map
\n
\nDescription:
\nTraditional RFID badge cloning methods require you to be within 3 feet of your target. So how can you conduct a physical penetration test and clone a badge without interacting with a person? Companies have increasingly adopted a hybrid work environment, allowing employees to work remotely, which has decreased the amount of foot traffic in and out of a building at any given time. This session discusses two accessible, entry-level hardware designs you can build in a day and deploy in the field, along with the tried-and-true social engineering techniques that can increase your chances of remotely cloning an RFID badge.
\n\nLangston and Dan discuss their Red Team adventures using implant devices, a Flipper Zero and an iCopy-X. As a bonus the two will explain how to perform a stealthy HID iClass SE/SEOS downgrade and legacy attack! This presentation is supplemented with files and instructions that are available for download in order to build your own standalone gooseneck reader, wall implant and clipboard cloning devices! This is. The Remix.
\n\nSpeakers:Langston Clement,Dan Goga
\n
\nSpeakerBio: Langston Clement
\nNo BIO available
\nSpeakerBio: Dan Goga
\nNo BIO available
\n\n\'',NULL,616729),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_05f25b981f1936b988c4390b32eaf603','\'Title: A-ISAC Aviation Cybersecurity Challenge
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nA variety of aviation infrastructure has been compromised by hackers. Immerse yourself into challenges where you are tasked as an aviation cyber defense participant to identify attacks/attackers, stop attacks, and restore normal operations. As a participant your first step is to register ahead and read the rules at: https://aisac.cyberskyline.com/events/aisac-defcon and bring your own laptop to the venue. You can participate in the virtual challenges from Friday, but the more critical in-person challenges are only available at certain times during Village open hours!
\n\nSpeakerBio: A-ISAC and Embry-Riddle Aeronautical University - Prescott
\nNo BIO available
\n\n\'',NULL,616730),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_05f25b981f1936b988c4390b32eaf603','\'\'',NULL,616731),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_05f25b981f1936b988c4390b32eaf603','\'\'',NULL,616732),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_05f25b981f1936b988c4390b32eaf603','\'\'',NULL,616733),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_05f25b981f1936b988c4390b32eaf603','\'\'',NULL,616734),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_05f25b981f1936b988c4390b32eaf603','\'\'',NULL,616735),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_05f25b981f1936b988c4390b32eaf603','\'\'',NULL,616736),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_05f25b981f1936b988c4390b32eaf603','\'\'',NULL,616737),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_6bd49ab1e71fdefd433bc193a0a81a3e','\'Title: A-ISAC Aviation Cybersecurity Challenge
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nA variety of aviation infrastructure has been compromised by hackers. Immerse yourself into challenges where you are tasked as an aviation cyber defense participant to identify attacks/attackers, stop attacks, and restore normal operations. As a participant your first step is to register ahead and read the rules at: https://aisac.cyberskyline.com/events/aisac-defcon and bring your own laptop to the venue. You can participate in the virtual challenges from Friday, but the more critical in-person challenges are only available at certain times during Village open hours!
\n\nSpeakerBio: A-ISAC and Embry-Riddle Aeronautical University - Prescott
\nNo BIO available
\n\n\'',NULL,616738),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_6bd49ab1e71fdefd433bc193a0a81a3e','\'\'',NULL,616739),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_6bd49ab1e71fdefd433bc193a0a81a3e','\'\'',NULL,616740),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_658dbd580f12f1c74f7541d6010dde95','\'Title: A-ISAC Aviation Cybersecurity Challenge
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nA variety of aviation infrastructure has been compromised by hackers. Immerse yourself into challenges where you are tasked as an aviation cyber defense participant to identify attacks/attackers, stop attacks, and restore normal operations. As a participant your first step is to register ahead and read the rules at: https://aisac.cyberskyline.com/events/aisac-defcon and bring your own laptop to the venue. You can participate in the virtual challenges from Friday, but the more critical in-person challenges are only available at certain times during Village open hours!
\n\nSpeakerBio: A-ISAC and Embry-Riddle Aeronautical University - Prescott
\nNo BIO available
\n\n\'',NULL,616741),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_658dbd580f12f1c74f7541d6010dde95','\'\'',NULL,616742),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_658dbd580f12f1c74f7541d6010dde95','\'\'',NULL,616743),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_658dbd580f12f1c74f7541d6010dde95','\'\'',NULL,616744),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_658dbd580f12f1c74f7541d6010dde95','\'\'',NULL,616745),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_658dbd580f12f1c74f7541d6010dde95','\'\'',NULL,616746),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_658dbd580f12f1c74f7541d6010dde95','\'\'',NULL,616747),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'A-ISAC Aviation Cybersecurity Challenge\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_658dbd580f12f1c74f7541d6010dde95','\'\'',NULL,616748),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_8576e1f98e2b0b4f0b51a861727c9afe','\'Title: ARINC 664 CTF
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nARINC 664 is an extension to IP networking that adds deterministic QoS for Aircraft Systems over Ethernet. Sit down and learn about how the extensions to 802.3 is used on aircraft, how that flight critical data is transferred in a timely matter, and how to manipulate the data on these networks. This progressive difficulty CTF provides a fun and informative way of approaching ARINC 664 networking.
\n\nSpeakerBio: Boeing
\nNo BIO available
\n\n\'',NULL,616749),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_8576e1f98e2b0b4f0b51a861727c9afe','\'\'',NULL,616750),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_8576e1f98e2b0b4f0b51a861727c9afe','\'\'',NULL,616751),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_8576e1f98e2b0b4f0b51a861727c9afe','\'\'',NULL,616752),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_8576e1f98e2b0b4f0b51a861727c9afe','\'\'',NULL,616753),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_8576e1f98e2b0b4f0b51a861727c9afe','\'\'',NULL,616754),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_8576e1f98e2b0b4f0b51a861727c9afe','\'\'',NULL,616755),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_8576e1f98e2b0b4f0b51a861727c9afe','\'\'',NULL,616756),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_6812b5f5c1f559dc69735ed46511e13a','\'Title: ARINC 664 CTF
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nARINC 664 is an extension to IP networking that adds deterministic QoS for Aircraft Systems over Ethernet. Sit down and learn about how the extensions to 802.3 is used on aircraft, how that flight critical data is transferred in a timely matter, and how to manipulate the data on these networks. This progressive difficulty CTF provides a fun and informative way of approaching ARINC 664 networking.
\n\nSpeakerBio: Boeing
\nNo BIO available
\n\n\'',NULL,616757),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_6812b5f5c1f559dc69735ed46511e13a','\'\'',NULL,616758),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_6812b5f5c1f559dc69735ed46511e13a','\'\'',NULL,616759),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_6812b5f5c1f559dc69735ed46511e13a','\'\'',NULL,616760),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_6812b5f5c1f559dc69735ed46511e13a','\'\'',NULL,616761),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_6812b5f5c1f559dc69735ed46511e13a','\'\'',NULL,616762),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_6812b5f5c1f559dc69735ed46511e13a','\'\'',NULL,616763),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_6812b5f5c1f559dc69735ed46511e13a','\'\'',NULL,616764),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_15818a03eb28293d3bfd490a0835fb45','\'Title: ARINC 664 CTF
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nARINC 664 is an extension to IP networking that adds deterministic QoS for Aircraft Systems over Ethernet. Sit down and learn about how the extensions to 802.3 is used on aircraft, how that flight critical data is transferred in a timely matter, and how to manipulate the data on these networks. This progressive difficulty CTF provides a fun and informative way of approaching ARINC 664 networking.
\n\nSpeakerBio: Boeing
\nNo BIO available
\n\n\'',NULL,616765),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_15818a03eb28293d3bfd490a0835fb45','\'\'',NULL,616766),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'ARINC 664 CTF\'','\'Boeing\'','ASV_15818a03eb28293d3bfd490a0835fb45','\'\'',NULL,616767),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_4992624ec0e4141d4bf030d298b640be','\'Title: Bricks in the Air
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nBricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation.
\n\n\'',NULL,616768),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_4992624ec0e4141d4bf030d298b640be','\'\'',NULL,616769),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_4992624ec0e4141d4bf030d298b640be','\'\'',NULL,616770),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_ec32000b7af69f80e6488d6e8292d018','\'Title: Bricks in the Air
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nBricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation.
\n\n\'',NULL,616771),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_ec32000b7af69f80e6488d6e8292d018','\'\'',NULL,616772),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_ec32000b7af69f80e6488d6e8292d018','\'\'',NULL,616773),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_ec32000b7af69f80e6488d6e8292d018','\'\'',NULL,616774),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_ec32000b7af69f80e6488d6e8292d018','\'\'',NULL,616775),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_ec32000b7af69f80e6488d6e8292d018','\'\'',NULL,616776),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_ec32000b7af69f80e6488d6e8292d018','\'\'',NULL,616777),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_ec32000b7af69f80e6488d6e8292d018','\'\'',NULL,616778),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_6702bc8efaabb3a348247e9a1efa72a9','\'Title: Bricks in the Air
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nBricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation.
\n\n\'',NULL,616779),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_6702bc8efaabb3a348247e9a1efa72a9','\'\'',NULL,616780),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_6702bc8efaabb3a348247e9a1efa72a9','\'\'',NULL,616781),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_6702bc8efaabb3a348247e9a1efa72a9','\'\'',NULL,616782),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_6702bc8efaabb3a348247e9a1efa72a9','\'\'',NULL,616783),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_6702bc8efaabb3a348247e9a1efa72a9','\'\'',NULL,616784),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_6702bc8efaabb3a348247e9a1efa72a9','\'\'',NULL,616785),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Bricks in the Air\'','\'\'','ASV_6702bc8efaabb3a348247e9a1efa72a9','\'\'',NULL,616786),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_ccb4bd4214e32ce231c4de990e08feff','\'Title: CubeSat Simulator
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nThe AMSAT Ground Control and CubeSat simulator emulates how satellite communications are used. Ground control communicates via UHF to the cubesat.
\n\nSpeakerBio: AMSAT
\nNo BIO available
\n\n\'',NULL,616787),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_ccb4bd4214e32ce231c4de990e08feff','\'\'',NULL,616788),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_ccb4bd4214e32ce231c4de990e08feff','\'\'',NULL,616789),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_ccb4bd4214e32ce231c4de990e08feff','\'\'',NULL,616790),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_ccb4bd4214e32ce231c4de990e08feff','\'\'',NULL,616791),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_ccb4bd4214e32ce231c4de990e08feff','\'\'',NULL,616792),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_ccb4bd4214e32ce231c4de990e08feff','\'\'',NULL,616793),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_ccb4bd4214e32ce231c4de990e08feff','\'\'',NULL,616794),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_857436d7c28be985fc0859856f811d7c','\'Title: CubeSat Simulator
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nThe AMSAT Ground Control and CubeSat simulator emulates how satellite communications are used. Ground control communicates via UHF to the cubesat.
\n\nSpeakerBio: AMSAT
\nNo BIO available
\n\n\'',NULL,616795),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_857436d7c28be985fc0859856f811d7c','\'\'',NULL,616796),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_857436d7c28be985fc0859856f811d7c','\'\'',NULL,616797),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_857436d7c28be985fc0859856f811d7c','\'\'',NULL,616798),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_857436d7c28be985fc0859856f811d7c','\'\'',NULL,616799),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_857436d7c28be985fc0859856f811d7c','\'\'',NULL,616800),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_857436d7c28be985fc0859856f811d7c','\'\'',NULL,616801),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_857436d7c28be985fc0859856f811d7c','\'\'',NULL,616802),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_88398cea981ad493a087a9eb706b059b','\'Title: CubeSat Simulator
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nThe AMSAT Ground Control and CubeSat simulator emulates how satellite communications are used. Ground control communicates via UHF to the cubesat.
\n\nSpeakerBio: AMSAT
\nNo BIO available
\n\n\'',NULL,616803),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_88398cea981ad493a087a9eb706b059b','\'\'',NULL,616804),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'CubeSat Simulator\'','\'AMSAT\'','ASV_88398cea981ad493a087a9eb706b059b','\'\'',NULL,616805),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_797616f1fb5dce43306db18e5dc1244f','\'Title: Darkstar Badge Challenge
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nCollect the clues, solve the puzzles, show off your aerospace knowledge and technical skills to win a limited edition PCB badge.
\n\nSpeakerBio: Lockheed Martin
\nNo BIO available
\n\n\'',NULL,616806),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_797616f1fb5dce43306db18e5dc1244f','\'\'',NULL,616807),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_797616f1fb5dce43306db18e5dc1244f','\'\'',NULL,616808),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_797616f1fb5dce43306db18e5dc1244f','\'\'',NULL,616809),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_797616f1fb5dce43306db18e5dc1244f','\'\'',NULL,616810),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_797616f1fb5dce43306db18e5dc1244f','\'\'',NULL,616811),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_797616f1fb5dce43306db18e5dc1244f','\'\'',NULL,616812),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_797616f1fb5dce43306db18e5dc1244f','\'\'',NULL,616813),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_9e668584a374319d02c639a0ffeb4f30','\'Title: Darkstar Badge Challenge
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nCollect the clues, solve the puzzles, show off your aerospace knowledge and technical skills to win a limited edition PCB badge.
\n\nSpeakerBio: Lockheed Martin
\nNo BIO available
\n\n\'',NULL,616814),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_9e668584a374319d02c639a0ffeb4f30','\'\'',NULL,616815),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_9e668584a374319d02c639a0ffeb4f30','\'\'',NULL,616816),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_01758d497c6a76e87281c819c7a695b2','\'Title: Darkstar Badge Challenge
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nCollect the clues, solve the puzzles, show off your aerospace knowledge and technical skills to win a limited edition PCB badge.
\n\nSpeakerBio: Lockheed Martin
\nNo BIO available
\n\n\'',NULL,616817),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_01758d497c6a76e87281c819c7a695b2','\'\'',NULL,616818),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_01758d497c6a76e87281c819c7a695b2','\'\'',NULL,616819),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_01758d497c6a76e87281c819c7a695b2','\'\'',NULL,616820),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_01758d497c6a76e87281c819c7a695b2','\'\'',NULL,616821),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_01758d497c6a76e87281c819c7a695b2','\'\'',NULL,616822),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_01758d497c6a76e87281c819c7a695b2','\'\'',NULL,616823),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Darkstar Badge Challenge\'','\'Lockheed Martin\'','ASV_01758d497c6a76e87281c819c7a695b2','\'\'',NULL,616824),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_ad4ceb417957dd9495178429ba0979e1','\'Title: Defend the Airport CTF
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nYou are a new to the Airport IT staff at the IG International Airport Network Operations Center, working your first holiday travel weekend. It has been a busy day managing the network with the control tower reporting several small glitches.
\n\nNo alerts have been raised in the network, and the glitches appeared to have been easily handled. While taking your last break of the day, you decide to take a short walk around the concourse to watch the sun set. Suddenly, your cell phone rings and the voice on the other end is a panicked Control Tower Operator. A short time earlier, the tower had observed the runway lights turn off, come back on, and are now randomly blinking. They also mentioned the Operator HMI (Human Machine Interface) controlling the Runway Lighting system is non-responsive and they are locked out of the Maintenance HMI to reboot the system. Time is critical – without the lights, the planes circling the airport cannot land. With limited fuel stores, the planes are unable to divert to another airport. You sit down at your terminal to pull up the maintenance manual and troubleshoot the problem only to discover you are locked out of your account. You are suddenly relieved that management would not let you deploy security updates to the network because they feared service interruptions may occur. Once you regain access to the system and have all the reference material available, you bring up the control logic for the runway lighting system on one screen and the HMIs on another and quickly realize this is not a normal system failure. An unknown hacker or hacker group has ceased and taken control of the system. They have manipulated the PLC’s (Programmable Logic Controller) and impacted the HMIs. Time is of the essence to restore operation to the Runway Lighting control system before the planes run out of fuel.
\n\nSpeakerBio: IntelliGenesis and IG Labs
\nNo BIO available
\n\n\'',NULL,616825),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_ad4ceb417957dd9495178429ba0979e1','\'\'',NULL,616826),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_ad4ceb417957dd9495178429ba0979e1','\'\'',NULL,616827),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_ad4ceb417957dd9495178429ba0979e1','\'\'',NULL,616828),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_ad4ceb417957dd9495178429ba0979e1','\'\'',NULL,616829),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_ad4ceb417957dd9495178429ba0979e1','\'\'',NULL,616830),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_ad4ceb417957dd9495178429ba0979e1','\'\'',NULL,616831),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_ad4ceb417957dd9495178429ba0979e1','\'\'',NULL,616832),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_f376ed521e02323cff45f70d44bcdf85','\'Title: Defend the Airport CTF
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nYou are a new to the Airport IT staff at the IG International Airport Network Operations Center, working your first holiday travel weekend. It has been a busy day managing the network with the control tower reporting several small glitches.
\n\nNo alerts have been raised in the network, and the glitches appeared to have been easily handled. While taking your last break of the day, you decide to take a short walk around the concourse to watch the sun set. Suddenly, your cell phone rings and the voice on the other end is a panicked Control Tower Operator. A short time earlier, the tower had observed the runway lights turn off, come back on, and are now randomly blinking. They also mentioned the Operator HMI (Human Machine Interface) controlling the Runway Lighting system is non-responsive and they are locked out of the Maintenance HMI to reboot the system. Time is critical – without the lights, the planes circling the airport cannot land. With limited fuel stores, the planes are unable to divert to another airport. You sit down at your terminal to pull up the maintenance manual and troubleshoot the problem only to discover you are locked out of your account. You are suddenly relieved that management would not let you deploy security updates to the network because they feared service interruptions may occur. Once you regain access to the system and have all the reference material available, you bring up the control logic for the runway lighting system on one screen and the HMIs on another and quickly realize this is not a normal system failure. An unknown hacker or hacker group has ceased and taken control of the system. They have manipulated the PLC’s (Programmable Logic Controller) and impacted the HMIs. Time is of the essence to restore operation to the Runway Lighting control system before the planes run out of fuel.
\n\nSpeakerBio: IntelliGenesis and IG Labs
\nNo BIO available
\n\n\'',NULL,616833),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_f376ed521e02323cff45f70d44bcdf85','\'\'',NULL,616834),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_f376ed521e02323cff45f70d44bcdf85','\'\'',NULL,616835),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_98bad48418619c5a2d223bb8ef9d4be7','\'Title: Defend the Airport CTF
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nYou are a new to the Airport IT staff at the IG International Airport Network Operations Center, working your first holiday travel weekend. It has been a busy day managing the network with the control tower reporting several small glitches.
\n\nNo alerts have been raised in the network, and the glitches appeared to have been easily handled. While taking your last break of the day, you decide to take a short walk around the concourse to watch the sun set. Suddenly, your cell phone rings and the voice on the other end is a panicked Control Tower Operator. A short time earlier, the tower had observed the runway lights turn off, come back on, and are now randomly blinking. They also mentioned the Operator HMI (Human Machine Interface) controlling the Runway Lighting system is non-responsive and they are locked out of the Maintenance HMI to reboot the system. Time is critical – without the lights, the planes circling the airport cannot land. With limited fuel stores, the planes are unable to divert to another airport. You sit down at your terminal to pull up the maintenance manual and troubleshoot the problem only to discover you are locked out of your account. You are suddenly relieved that management would not let you deploy security updates to the network because they feared service interruptions may occur. Once you regain access to the system and have all the reference material available, you bring up the control logic for the runway lighting system on one screen and the HMIs on another and quickly realize this is not a normal system failure. An unknown hacker or hacker group has ceased and taken control of the system. They have manipulated the PLC’s (Programmable Logic Controller) and impacted the HMIs. Time is of the essence to restore operation to the Runway Lighting control system before the planes run out of fuel.
\n\nSpeakerBio: IntelliGenesis and IG Labs
\nNo BIO available
\n\n\'',NULL,616836),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_98bad48418619c5a2d223bb8ef9d4be7','\'\'',NULL,616837),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_98bad48418619c5a2d223bb8ef9d4be7','\'\'',NULL,616838),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_98bad48418619c5a2d223bb8ef9d4be7','\'\'',NULL,616839),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_98bad48418619c5a2d223bb8ef9d4be7','\'\'',NULL,616840),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_98bad48418619c5a2d223bb8ef9d4be7','\'\'',NULL,616841),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_98bad48418619c5a2d223bb8ef9d4be7','\'\'',NULL,616842),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Defend the Airport CTF\'','\'IntelliGenesis and IG Labs\'','ASV_98bad48418619c5a2d223bb8ef9d4be7','\'\'',NULL,616843),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_8a351ef28a4d427db4c97ddb37bfd36d','\'Title: Detect a Threat
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nCan you spot suspicious items in packages? Try out your skills.
\n\nSpeakerBio: TSA
\nNo BIO available
\n\n\'',NULL,616844),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_8a351ef28a4d427db4c97ddb37bfd36d','\'\'',NULL,616845),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_8a351ef28a4d427db4c97ddb37bfd36d','\'\'',NULL,616846),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_8a351ef28a4d427db4c97ddb37bfd36d','\'\'',NULL,616847),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_8a351ef28a4d427db4c97ddb37bfd36d','\'\'',NULL,616848),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_8a351ef28a4d427db4c97ddb37bfd36d','\'\'',NULL,616849),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_8a351ef28a4d427db4c97ddb37bfd36d','\'\'',NULL,616850),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_8a351ef28a4d427db4c97ddb37bfd36d','\'\'',NULL,616851),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_cd043c10f0d3a46115f236ce40c9f70f','\'Title: Detect a Threat
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nCan you spot suspicious items in packages? Try out your skills.
\n\nSpeakerBio: TSA
\nNo BIO available
\n\n\'',NULL,616852),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_cd043c10f0d3a46115f236ce40c9f70f','\'\'',NULL,616853),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_cd043c10f0d3a46115f236ce40c9f70f','\'\'',NULL,616854),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_fd185ecc99b388c7a71522cefdd9df2a','\'Title: Detect a Threat
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nCan you spot suspicious items in packages? Try out your skills.
\n\nSpeakerBio: TSA
\nNo BIO available
\n\n\'',NULL,616855),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_fd185ecc99b388c7a71522cefdd9df2a','\'\'',NULL,616856),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_fd185ecc99b388c7a71522cefdd9df2a','\'\'',NULL,616857),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_fd185ecc99b388c7a71522cefdd9df2a','\'\'',NULL,616858),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_fd185ecc99b388c7a71522cefdd9df2a','\'\'',NULL,616859),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_fd185ecc99b388c7a71522cefdd9df2a','\'\'',NULL,616860),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_fd185ecc99b388c7a71522cefdd9df2a','\'\'',NULL,616861),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Detect a Threat\'','\'TSA\'','ASV_fd185ecc99b388c7a71522cefdd9df2a','\'\'',NULL,616862),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_d46e9f574dbc7e7a527900ff4989a318','\'Title: Drone Capture the Flag (CTF)
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nPut your drone hacking skills to the test in our Drone CTF. This advanced challenge requires participants to take over a drone mid-flight and develop a payload to hack a DJI drone. This CTF is perfect for those who have some experience in drone hacking or have participated in our Drone Hacking Workshop. It\'s a great opportunity to showcase your technical prowess and win some cool prizes.
\n\nSpeakerBio: Dark Wolf
\nNo BIO available
\n\n\'',NULL,616863),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_d46e9f574dbc7e7a527900ff4989a318','\'\'',NULL,616864),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_d46e9f574dbc7e7a527900ff4989a318','\'\'',NULL,616865),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_8da7890277780648e4f5081ee41b0e1e','\'Title: Drone Capture the Flag (CTF)
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nPut your drone hacking skills to the test in our Drone CTF. This advanced challenge requires participants to take over a drone mid-flight and develop a payload to hack a DJI drone. This CTF is perfect for those who have some experience in drone hacking or have participated in our Drone Hacking Workshop. It\'s a great opportunity to showcase your technical prowess and win some cool prizes.
\n\nSpeakerBio: Dark Wolf
\nNo BIO available
\n\n\'',NULL,616866),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_8da7890277780648e4f5081ee41b0e1e','\'\'',NULL,616867),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_8da7890277780648e4f5081ee41b0e1e','\'\'',NULL,616868),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_8da7890277780648e4f5081ee41b0e1e','\'\'',NULL,616869),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_8da7890277780648e4f5081ee41b0e1e','\'\'',NULL,616870),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_8da7890277780648e4f5081ee41b0e1e','\'\'',NULL,616871),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_8da7890277780648e4f5081ee41b0e1e','\'\'',NULL,616872),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_8da7890277780648e4f5081ee41b0e1e','\'\'',NULL,616873),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_d60a1c8163378d442e067952865187a9','\'Title: Drone Capture the Flag (CTF)
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nPut your drone hacking skills to the test in our Drone CTF. This advanced challenge requires participants to take over a drone mid-flight and develop a payload to hack a DJI drone. This CTF is perfect for those who have some experience in drone hacking or have participated in our Drone Hacking Workshop. It\'s a great opportunity to showcase your technical prowess and win some cool prizes.
\n\nSpeakerBio: Dark Wolf
\nNo BIO available
\n\n\'',NULL,616874),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_d60a1c8163378d442e067952865187a9','\'\'',NULL,616875),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_d60a1c8163378d442e067952865187a9','\'\'',NULL,616876),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_d60a1c8163378d442e067952865187a9','\'\'',NULL,616877),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_d60a1c8163378d442e067952865187a9','\'\'',NULL,616878),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_d60a1c8163378d442e067952865187a9','\'\'',NULL,616879),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_d60a1c8163378d442e067952865187a9','\'\'',NULL,616880),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Capture the Flag (CTF)\'','\'Dark Wolf\'','ASV_d60a1c8163378d442e067952865187a9','\'\'',NULL,616881),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_b7bab191f0808cb2e6990c08b041d1d8','\'Title: Drone Flying Experience
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nExperience the thrill of flying a drone in our custom-built cage right on the showroom floor. This activity is designed for everyone to enjoy, from kids to adults. Fly mini drones around the cage and see how well you can control these agile little machines. It\'s a fun, interactive way to learn the basics of drone piloting in a safe environment.
\n\nSpeakerBio: Dark Wolf
\nNo BIO available
\n\n\'',NULL,616882),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_b7bab191f0808cb2e6990c08b041d1d8','\'\'',NULL,616883),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_b7bab191f0808cb2e6990c08b041d1d8','\'\'',NULL,616884),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_2159dc3f93f4b8fa24d97f0d42f55bd1','\'Title: Drone Flying Experience
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nExperience the thrill of flying a drone in our custom-built cage right on the showroom floor. This activity is designed for everyone to enjoy, from kids to adults. Fly mini drones around the cage and see how well you can control these agile little machines. It\'s a fun, interactive way to learn the basics of drone piloting in a safe environment.
\n\nSpeakerBio: Dark Wolf
\nNo BIO available
\n\n\'',NULL,616885),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_2159dc3f93f4b8fa24d97f0d42f55bd1','\'\'',NULL,616886),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_2159dc3f93f4b8fa24d97f0d42f55bd1','\'\'',NULL,616887),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_2159dc3f93f4b8fa24d97f0d42f55bd1','\'\'',NULL,616888),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_2159dc3f93f4b8fa24d97f0d42f55bd1','\'\'',NULL,616889),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_2159dc3f93f4b8fa24d97f0d42f55bd1','\'\'',NULL,616890),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_2159dc3f93f4b8fa24d97f0d42f55bd1','\'\'',NULL,616891),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_2159dc3f93f4b8fa24d97f0d42f55bd1','\'\'',NULL,616892),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_7d67ebbb9044316e6af12965be9e43cf','\'Title: Drone Flying Experience
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nExperience the thrill of flying a drone in our custom-built cage right on the showroom floor. This activity is designed for everyone to enjoy, from kids to adults. Fly mini drones around the cage and see how well you can control these agile little machines. It\'s a fun, interactive way to learn the basics of drone piloting in a safe environment.
\n\nSpeakerBio: Dark Wolf
\nNo BIO available
\n\n\'',NULL,616893),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_7d67ebbb9044316e6af12965be9e43cf','\'\'',NULL,616894),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_7d67ebbb9044316e6af12965be9e43cf','\'\'',NULL,616895),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_7d67ebbb9044316e6af12965be9e43cf','\'\'',NULL,616896),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_7d67ebbb9044316e6af12965be9e43cf','\'\'',NULL,616897),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_7d67ebbb9044316e6af12965be9e43cf','\'\'',NULL,616898),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_7d67ebbb9044316e6af12965be9e43cf','\'\'',NULL,616899),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Flying Experience\'','\'Dark Wolf\'','ASV_7d67ebbb9044316e6af12965be9e43cf','\'\'',NULL,616900),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_d2c749276247dd0dfb7d01668d93611b','\'Title: Drone Hacking Activity
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nJoin our Drone Hacking Activity and get hands-on experience with hacking into drone microcontrollers. This three-step in-depth activity is designed to teach you about the vulnerabilities and security of autonomous systems. Using sample drones, participants will learn techniques used in government pen tests. This workshop is suitable for all skill levels, from beginners to advanced hackers. Come and test your skills in a real-world scenario and understand the intricacies of drone security.
\n\nSpeakerBio: Dark Wolf
\nNo BIO available
\n\n\'',NULL,616901),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_d2c749276247dd0dfb7d01668d93611b','\'\'',NULL,616902),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_d2c749276247dd0dfb7d01668d93611b','\'\'',NULL,616903),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_d2c749276247dd0dfb7d01668d93611b','\'\'',NULL,616904),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_d2c749276247dd0dfb7d01668d93611b','\'\'',NULL,616905),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_d2c749276247dd0dfb7d01668d93611b','\'\'',NULL,616906),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_d2c749276247dd0dfb7d01668d93611b','\'\'',NULL,616907),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_d2c749276247dd0dfb7d01668d93611b','\'\'',NULL,616908),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_52ed2b1280dde4eedda16e5466eeccd7','\'Title: Drone Hacking Activity
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nJoin our Drone Hacking Activity and get hands-on experience with hacking into drone microcontrollers. This three-step in-depth activity is designed to teach you about the vulnerabilities and security of autonomous systems. Using sample drones, participants will learn techniques used in government pen tests. This workshop is suitable for all skill levels, from beginners to advanced hackers. Come and test your skills in a real-world scenario and understand the intricacies of drone security.
\n\nSpeakerBio: Dark Wolf
\nNo BIO available
\n\n\'',NULL,616909),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_52ed2b1280dde4eedda16e5466eeccd7','\'\'',NULL,616910),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_52ed2b1280dde4eedda16e5466eeccd7','\'\'',NULL,616911),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_52ed2b1280dde4eedda16e5466eeccd7','\'\'',NULL,616912),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_52ed2b1280dde4eedda16e5466eeccd7','\'\'',NULL,616913),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_52ed2b1280dde4eedda16e5466eeccd7','\'\'',NULL,616914),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_52ed2b1280dde4eedda16e5466eeccd7','\'\'',NULL,616915),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_52ed2b1280dde4eedda16e5466eeccd7','\'\'',NULL,616916),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_c09662cf6aed55e673c582c895ac0642','\'Title: Drone Hacking Activity
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nJoin our Drone Hacking Activity and get hands-on experience with hacking into drone microcontrollers. This three-step in-depth activity is designed to teach you about the vulnerabilities and security of autonomous systems. Using sample drones, participants will learn techniques used in government pen tests. This workshop is suitable for all skill levels, from beginners to advanced hackers. Come and test your skills in a real-world scenario and understand the intricacies of drone security.
\n\nSpeakerBio: Dark Wolf
\nNo BIO available
\n\n\'',NULL,616917),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_c09662cf6aed55e673c582c895ac0642','\'\'',NULL,616918),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Activity\'','\'Dark Wolf\'','ASV_c09662cf6aed55e673c582c895ac0642','\'\'',NULL,616919),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_29c78b6d18d5253c041a347adee90ec1','\'Title: Drone Hacking Choose Your Own Adventure
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nDive into our interactive choose-your-own-adventure web interface and learn how to hack a drone in a fun, storyboard-based game. This graphical user interface simulates the process we use when hacking drones for the Air Force, allowing participants to make decisions and see the outcomes. It\'s a beginner-friendly activity that anyone can enjoy, offering insight into the steps involved in drone penetration testing.
\n\nSpeakerBio: Dark Wolf
\nNo BIO available
\n\n\'',NULL,616920),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_29c78b6d18d5253c041a347adee90ec1','\'\'',NULL,616921),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_29c78b6d18d5253c041a347adee90ec1','\'\'',NULL,616922),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_29c78b6d18d5253c041a347adee90ec1','\'\'',NULL,616923),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_29c78b6d18d5253c041a347adee90ec1','\'\'',NULL,616924),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_29c78b6d18d5253c041a347adee90ec1','\'\'',NULL,616925),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_29c78b6d18d5253c041a347adee90ec1','\'\'',NULL,616926),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_29c78b6d18d5253c041a347adee90ec1','\'\'',NULL,616927),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_95958523b00c3f031f8ab344578370f2','\'Title: Drone Hacking Choose Your Own Adventure
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nDive into our interactive choose-your-own-adventure web interface and learn how to hack a drone in a fun, storyboard-based game. This graphical user interface simulates the process we use when hacking drones for the Air Force, allowing participants to make decisions and see the outcomes. It\'s a beginner-friendly activity that anyone can enjoy, offering insight into the steps involved in drone penetration testing.
\n\nSpeakerBio: Dark Wolf
\nNo BIO available
\n\n\'',NULL,616928),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_95958523b00c3f031f8ab344578370f2','\'\'',NULL,616929),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_95958523b00c3f031f8ab344578370f2','\'\'',NULL,616930),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_95958523b00c3f031f8ab344578370f2','\'\'',NULL,616931),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_95958523b00c3f031f8ab344578370f2','\'\'',NULL,616932),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_95958523b00c3f031f8ab344578370f2','\'\'',NULL,616933),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_95958523b00c3f031f8ab344578370f2','\'\'',NULL,616934),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_95958523b00c3f031f8ab344578370f2','\'\'',NULL,616935),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_76b142a7aba024b7de8d91c23c0c8dd9','\'Title: Drone Hacking Choose Your Own Adventure
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nDive into our interactive choose-your-own-adventure web interface and learn how to hack a drone in a fun, storyboard-based game. This graphical user interface simulates the process we use when hacking drones for the Air Force, allowing participants to make decisions and see the outcomes. It\'s a beginner-friendly activity that anyone can enjoy, offering insight into the steps involved in drone penetration testing.
\n\nSpeakerBio: Dark Wolf
\nNo BIO available
\n\n\'',NULL,616936),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_76b142a7aba024b7de8d91c23c0c8dd9','\'\'',NULL,616937),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Drone Hacking Choose Your Own Adventure\'','\'Dark Wolf\'','ASV_76b142a7aba024b7de8d91c23c0c8dd9','\'\'',NULL,616938),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_84b711725ec653ed4c583b77d8961814','\'Title: Hack-A-Sat Digital Twin
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nWant to know what happened to the Hack-A-Sat digital twins? We\'re bringing back our satellites and ground stations so you can see what it was like to be a team operating during finals!
\n\nEstablish uplink using a ground station. Send commands to the satellite, observe effects and telemetry. 3D Cesium visualization of satellite in orbit and ground station locations. Grafana dashboards for sim data, etc. OpenC3 satellite operator interface for C2
\n\nSpeakers:Hack-A-Sat,Cromulence
\n
\nSpeakerBio: Hack-A-Sat
\nNo BIO available
\nSpeakerBio: Cromulence
\nNo BIO available
\n\n\'',NULL,616939),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_84b711725ec653ed4c583b77d8961814','\'\'',NULL,616940),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_84b711725ec653ed4c583b77d8961814','\'\'',NULL,616941),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_84b711725ec653ed4c583b77d8961814','\'\'',NULL,616942),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_84b711725ec653ed4c583b77d8961814','\'\'',NULL,616943),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_84b711725ec653ed4c583b77d8961814','\'\'',NULL,616944),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_84b711725ec653ed4c583b77d8961814','\'\'',NULL,616945),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_84b711725ec653ed4c583b77d8961814','\'\'',NULL,616946),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_c764ca8830bd93c5460bbbed82a788bb','\'Title: Hack-A-Sat Digital Twin
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nWant to know what happened to the Hack-A-Sat digital twins? We\'re bringing back our satellites and ground stations so you can see what it was like to be a team operating during finals!
\n\nEstablish uplink using a ground station. Send commands to the satellite, observe effects and telemetry. 3D Cesium visualization of satellite in orbit and ground station locations. Grafana dashboards for sim data, etc. OpenC3 satellite operator interface for C2
\n\nSpeakers:Hack-A-Sat,Cromulence
\n
\nSpeakerBio: Hack-A-Sat
\nNo BIO available
\nSpeakerBio: Cromulence
\nNo BIO available
\n\n\'',NULL,616947),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_c764ca8830bd93c5460bbbed82a788bb','\'\'',NULL,616948),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_c764ca8830bd93c5460bbbed82a788bb','\'\'',NULL,616949),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_c764ca8830bd93c5460bbbed82a788bb','\'\'',NULL,616950),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_c764ca8830bd93c5460bbbed82a788bb','\'\'',NULL,616951),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_c764ca8830bd93c5460bbbed82a788bb','\'\'',NULL,616952),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_c764ca8830bd93c5460bbbed82a788bb','\'\'',NULL,616953),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_c764ca8830bd93c5460bbbed82a788bb','\'\'',NULL,616954),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_82c3890aa94b3063863c406a44e988b9','\'Title: Hack-A-Sat Digital Twin
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nWant to know what happened to the Hack-A-Sat digital twins? We\'re bringing back our satellites and ground stations so you can see what it was like to be a team operating during finals!
\n\nEstablish uplink using a ground station. Send commands to the satellite, observe effects and telemetry. 3D Cesium visualization of satellite in orbit and ground station locations. Grafana dashboards for sim data, etc. OpenC3 satellite operator interface for C2
\n\nSpeakers:Hack-A-Sat,Cromulence
\n
\nSpeakerBio: Hack-A-Sat
\nNo BIO available
\nSpeakerBio: Cromulence
\nNo BIO available
\n\n\'',NULL,616955),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_82c3890aa94b3063863c406a44e988b9','\'\'',NULL,616956),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Digital Twin\'','\'Hack-A-Sat,Cromulence\'','ASV_82c3890aa94b3063863c406a44e988b9','\'\'',NULL,616957),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_9de27f52e4301b7c693243d546f9d69b','\'Title: Hack-A-Sat Quals Challenges
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nEnjoy some space math nostalgia with challenges from the past four years of Hack-A-Sat quals! Challenges require skills in astrodynamics, satellite operations, digital signal processing, reverse engineering, exploitation, and more! If you missed the last Hack-A-Sat qualifiers or just want to try again, now is your chance!
\n\n10 challenges are available with a mix of difficulty. These will be available throughout all of DEF CON so work on them anywhere (even your hotel room). No team required and no scoreboard...so no pressure!
\n\nChallenge developers will be available for hints/clues on the conference floor but may not be able to help with every challenge.
\n\nSpeakers:Hack-A-Sat,Cromulence
\n
\nSpeakerBio: Hack-A-Sat
\nNo BIO available
\nSpeakerBio: Cromulence
\nNo BIO available
\n\n\'',NULL,616958),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_9de27f52e4301b7c693243d546f9d69b','\'\'',NULL,616959),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_9de27f52e4301b7c693243d546f9d69b','\'\'',NULL,616960),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_3b6855756deb1549f23db05c70a3cad0','\'Title: Hack-A-Sat Quals Challenges
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nEnjoy some space math nostalgia with challenges from the past four years of Hack-A-Sat quals! Challenges require skills in astrodynamics, satellite operations, digital signal processing, reverse engineering, exploitation, and more! If you missed the last Hack-A-Sat qualifiers or just want to try again, now is your chance!
\n\n10 challenges are available with a mix of difficulty. These will be available throughout all of DEF CON so work on them anywhere (even your hotel room). No team required and no scoreboard...so no pressure!
\n\nChallenge developers will be available for hints/clues on the conference floor but may not be able to help with every challenge.
\n\nSpeakers:Hack-A-Sat,Cromulence
\n
\nSpeakerBio: Hack-A-Sat
\nNo BIO available
\nSpeakerBio: Cromulence
\nNo BIO available
\n\n\'',NULL,616961),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_3b6855756deb1549f23db05c70a3cad0','\'\'',NULL,616962),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_3b6855756deb1549f23db05c70a3cad0','\'\'',NULL,616963),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_3b6855756deb1549f23db05c70a3cad0','\'\'',NULL,616964),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_3b6855756deb1549f23db05c70a3cad0','\'\'',NULL,616965),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_3b6855756deb1549f23db05c70a3cad0','\'\'',NULL,616966),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_3b6855756deb1549f23db05c70a3cad0','\'\'',NULL,616967),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_3b6855756deb1549f23db05c70a3cad0','\'\'',NULL,616968),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_16c443bd55a2c14b94f9db8efa463d62','\'Title: Hack-A-Sat Quals Challenges
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nEnjoy some space math nostalgia with challenges from the past four years of Hack-A-Sat quals! Challenges require skills in astrodynamics, satellite operations, digital signal processing, reverse engineering, exploitation, and more! If you missed the last Hack-A-Sat qualifiers or just want to try again, now is your chance!
\n\n10 challenges are available with a mix of difficulty. These will be available throughout all of DEF CON so work on them anywhere (even your hotel room). No team required and no scoreboard...so no pressure!
\n\nChallenge developers will be available for hints/clues on the conference floor but may not be able to help with every challenge.
\n\nSpeakers:Hack-A-Sat,Cromulence
\n
\nSpeakerBio: Hack-A-Sat
\nNo BIO available
\nSpeakerBio: Cromulence
\nNo BIO available
\n\n\'',NULL,616969),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_16c443bd55a2c14b94f9db8efa463d62','\'\'',NULL,616970),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_16c443bd55a2c14b94f9db8efa463d62','\'\'',NULL,616971),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_16c443bd55a2c14b94f9db8efa463d62','\'\'',NULL,616972),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_16c443bd55a2c14b94f9db8efa463d62','\'\'',NULL,616973),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_16c443bd55a2c14b94f9db8efa463d62','\'\'',NULL,616974),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_16c443bd55a2c14b94f9db8efa463d62','\'\'',NULL,616975),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Hack-A-Sat Quals Challenges\'','\'Hack-A-Sat,Cromulence\'','ASV_16c443bd55a2c14b94f9db8efa463d62','\'\'',NULL,616976),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_d21519101f1c59cf1582951efe1f7112','\'Title: PTP Flight Challenge
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nRole play what would happen (or not happen) should a plane be maliciously targeted, or (like most) try and land a A320.
\n\nSpeakerBio: Pen Test Partners
\nNo BIO available
\n\n\'',NULL,616977),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_d21519101f1c59cf1582951efe1f7112','\'\'',NULL,616978),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_d21519101f1c59cf1582951efe1f7112','\'\'',NULL,616979),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_1380d9f0dee95ef1b3c8303f7c9c92a1','\'Title: PTP Flight Challenge
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nRole play what would happen (or not happen) should a plane be maliciously targeted, or (like most) try and land a A320.
\n\nSpeakerBio: Pen Test Partners
\nNo BIO available
\n\n\'',NULL,616980),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_1380d9f0dee95ef1b3c8303f7c9c92a1','\'\'',NULL,616981),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_1380d9f0dee95ef1b3c8303f7c9c92a1','\'\'',NULL,616982),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_1380d9f0dee95ef1b3c8303f7c9c92a1','\'\'',NULL,616983),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_1380d9f0dee95ef1b3c8303f7c9c92a1','\'\'',NULL,616984),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_1380d9f0dee95ef1b3c8303f7c9c92a1','\'\'',NULL,616985),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_1380d9f0dee95ef1b3c8303f7c9c92a1','\'\'',NULL,616986),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_1380d9f0dee95ef1b3c8303f7c9c92a1','\'\'',NULL,616987),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_c3455d794619345ba78054caf112907a','\'Title: PTP Flight Challenge
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nRole play what would happen (or not happen) should a plane be maliciously targeted, or (like most) try and land a A320.
\n\nSpeakerBio: Pen Test Partners
\nNo BIO available
\n\n\'',NULL,616988),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_c3455d794619345ba78054caf112907a','\'\'',NULL,616989),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_c3455d794619345ba78054caf112907a','\'\'',NULL,616990),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_c3455d794619345ba78054caf112907a','\'\'',NULL,616991),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_c3455d794619345ba78054caf112907a','\'\'',NULL,616992),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_c3455d794619345ba78054caf112907a','\'\'',NULL,616993),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_c3455d794619345ba78054caf112907a','\'\'',NULL,616994),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'PTP Flight Challenge\'','\'Pen Test Partners\'','ASV_c3455d794619345ba78054caf112907a','\'\'',NULL,616995),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_93be41ce0cc50bcb24b1fe977d4f5b3a','\'Title: Selfie with a CubeSat
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nCome take a picture with a CubeSat. And while you\'re there, learn a few things about it.
\n\nSpeakerBio: CalPoly
\nNo BIO available
\n\n\'',NULL,616996),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_93be41ce0cc50bcb24b1fe977d4f5b3a','\'\'',NULL,616997),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_93be41ce0cc50bcb24b1fe977d4f5b3a','\'\'',NULL,616998),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_9b3a1d822d7c8f31e9c7fd06e4ee6e53','\'Title: Selfie with a CubeSat
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nCome take a picture with a CubeSat. And while you\'re there, learn a few things about it.
\n\nSpeakerBio: CalPoly
\nNo BIO available
\n\n\'',NULL,616999),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_9b3a1d822d7c8f31e9c7fd06e4ee6e53','\'\'',NULL,617000),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_9b3a1d822d7c8f31e9c7fd06e4ee6e53','\'\'',NULL,617001),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_9b3a1d822d7c8f31e9c7fd06e4ee6e53','\'\'',NULL,617002),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_9b3a1d822d7c8f31e9c7fd06e4ee6e53','\'\'',NULL,617003),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_9b3a1d822d7c8f31e9c7fd06e4ee6e53','\'\'',NULL,617004),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_9b3a1d822d7c8f31e9c7fd06e4ee6e53','\'\'',NULL,617005),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_9b3a1d822d7c8f31e9c7fd06e4ee6e53','\'\'',NULL,617006),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_040388051b8629defaea49cc84b6b822','\'Title: Selfie with a CubeSat
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nCome take a picture with a CubeSat. And while you\'re there, learn a few things about it.
\n\nSpeakerBio: CalPoly
\nNo BIO available
\n\n\'',NULL,617007),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_040388051b8629defaea49cc84b6b822','\'\'',NULL,617008),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_040388051b8629defaea49cc84b6b822','\'\'',NULL,617009),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_040388051b8629defaea49cc84b6b822','\'\'',NULL,617010),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_040388051b8629defaea49cc84b6b822','\'\'',NULL,617011),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_040388051b8629defaea49cc84b6b822','\'\'',NULL,617012),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_040388051b8629defaea49cc84b6b822','\'\'',NULL,617013),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Selfie with a CubeSat\'','\'CalPoly\'','ASV_040388051b8629defaea49cc84b6b822','\'\'',NULL,617014),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_d5040b83f36e22d5391e25e196a61cd1','\'Title: Space Grand Challenge Luna
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nThe Space Grand Challenge (SGC) Program is a free virtual game-based cybersecurity/space competition CTF for middle and high school students built by Cal Poly students—Learn by Doing in action. The game is built on the UNITY gaming engine.
\n\nSpeakerBio: CalPoly
\nNo BIO available
\n\n\'',NULL,617015),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_d5040b83f36e22d5391e25e196a61cd1','\'\'',NULL,617016),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_d5040b83f36e22d5391e25e196a61cd1','\'\'',NULL,617017),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_303fc9cbbb7b6dce1df54e7cb30a06d5','\'Title: Space Grand Challenge Luna
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nThe Space Grand Challenge (SGC) Program is a free virtual game-based cybersecurity/space competition CTF for middle and high school students built by Cal Poly students—Learn by Doing in action. The game is built on the UNITY gaming engine.
\n\nSpeakerBio: CalPoly
\nNo BIO available
\n\n\'',NULL,617018),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_303fc9cbbb7b6dce1df54e7cb30a06d5','\'\'',NULL,617019),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_303fc9cbbb7b6dce1df54e7cb30a06d5','\'\'',NULL,617020),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_303fc9cbbb7b6dce1df54e7cb30a06d5','\'\'',NULL,617021),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_303fc9cbbb7b6dce1df54e7cb30a06d5','\'\'',NULL,617022),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_303fc9cbbb7b6dce1df54e7cb30a06d5','\'\'',NULL,617023),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_303fc9cbbb7b6dce1df54e7cb30a06d5','\'\'',NULL,617024),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_303fc9cbbb7b6dce1df54e7cb30a06d5','\'\'',NULL,617025),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_7d742da1ce7d7f5a97abc309b7a84f04','\'Title: Space Grand Challenge Luna
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nThe Space Grand Challenge (SGC) Program is a free virtual game-based cybersecurity/space competition CTF for middle and high school students built by Cal Poly students—Learn by Doing in action. The game is built on the UNITY gaming engine.
\n\nSpeakerBio: CalPoly
\nNo BIO available
\n\n\'',NULL,617026),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_7d742da1ce7d7f5a97abc309b7a84f04','\'\'',NULL,617027),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_7d742da1ce7d7f5a97abc309b7a84f04','\'\'',NULL,617028),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_7d742da1ce7d7f5a97abc309b7a84f04','\'\'',NULL,617029),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_7d742da1ce7d7f5a97abc309b7a84f04','\'\'',NULL,617030),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_7d742da1ce7d7f5a97abc309b7a84f04','\'\'',NULL,617031),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_7d742da1ce7d7f5a97abc309b7a84f04','\'\'',NULL,617032),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Grand Challenge Luna\'','\'CalPoly\'','ASV_7d742da1ce7d7f5a97abc309b7a84f04','\'\'',NULL,617033),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_d5b9ea7d148d29a3af9257f43cbe54c5','\'Title: Space Systems Security CTF – Platform Security
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nLaunch into the thrilling world of cybersecurity, specifically designed for space systems! Learn the fundamentals to safeguard ground stations, communication links, and spacecrafts.
\n\nEngage in an immersive and fun CTF scenario. Apply your cybersecurity skills in real-time and see the direct impact of your decisions on our Space Systems Demonstrator. In this high-stakes scenario, you\'ll align with the Aurora Alliance in their critical mission to thwart Count Viktor Thunderclaw and the notorious Nebula Syndicate. The Syndicate threatens to destroy historic monuments around the world with their Space Laser unless their demands are met. Do you have what it takes to dismantle their malevolent plans?
\n\nOur beginner-level CTF kicks off as soon as the village opens—no pre-registration necessary. Just bring your laptop to access the CTF platform and your favorite packet decoding software (i.e. Wireshark). Expect the CTF to take you less than 1 hour to complete. Team collaboration is encouraged, and if you encounter obstacles, numerous hints are available to guide you. Excel in the challenge, and you could walk away with a CT Cubed SAO, an exclusive prize while supplies last.
\n\nSpeakerBio: CT Cubed
\nNo BIO available
\n\n\'',NULL,617034),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_d5b9ea7d148d29a3af9257f43cbe54c5','\'\'',NULL,617035),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_d5b9ea7d148d29a3af9257f43cbe54c5','\'\'',NULL,617036),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_117b5b0a82314c6a1f199aef8230966f','\'Title: Space Systems Security CTF – Platform Security
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nLaunch into the thrilling world of cybersecurity, specifically designed for space systems! Learn the fundamentals to safeguard ground stations, communication links, and spacecrafts.
\n\nEngage in an immersive and fun CTF scenario. Apply your cybersecurity skills in real-time and see the direct impact of your decisions on our Space Systems Demonstrator. In this high-stakes scenario, you\'ll align with the Aurora Alliance in their critical mission to thwart Count Viktor Thunderclaw and the notorious Nebula Syndicate. The Syndicate threatens to destroy historic monuments around the world with their Space Laser unless their demands are met. Do you have what it takes to dismantle their malevolent plans?
\n\nOur beginner-level CTF kicks off as soon as the village opens—no pre-registration necessary. Just bring your laptop to access the CTF platform and your favorite packet decoding software (i.e. Wireshark). Expect the CTF to take you less than 1 hour to complete. Team collaboration is encouraged, and if you encounter obstacles, numerous hints are available to guide you. Excel in the challenge, and you could walk away with a CT Cubed SAO, an exclusive prize while supplies last.
\n\nSpeakerBio: CT Cubed
\nNo BIO available
\n\n\'',NULL,617037),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_117b5b0a82314c6a1f199aef8230966f','\'\'',NULL,617038),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_117b5b0a82314c6a1f199aef8230966f','\'\'',NULL,617039),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_117b5b0a82314c6a1f199aef8230966f','\'\'',NULL,617040),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_117b5b0a82314c6a1f199aef8230966f','\'\'',NULL,617041),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_117b5b0a82314c6a1f199aef8230966f','\'\'',NULL,617042),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_117b5b0a82314c6a1f199aef8230966f','\'\'',NULL,617043),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_117b5b0a82314c6a1f199aef8230966f','\'\'',NULL,617044),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_63d80332ef9848ed8b0b1c09953ece43','\'Title: Space Systems Security CTF – Platform Security
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nLaunch into the thrilling world of cybersecurity, specifically designed for space systems! Learn the fundamentals to safeguard ground stations, communication links, and spacecrafts.
\n\nEngage in an immersive and fun CTF scenario. Apply your cybersecurity skills in real-time and see the direct impact of your decisions on our Space Systems Demonstrator. In this high-stakes scenario, you\'ll align with the Aurora Alliance in their critical mission to thwart Count Viktor Thunderclaw and the notorious Nebula Syndicate. The Syndicate threatens to destroy historic monuments around the world with their Space Laser unless their demands are met. Do you have what it takes to dismantle their malevolent plans?
\n\nOur beginner-level CTF kicks off as soon as the village opens—no pre-registration necessary. Just bring your laptop to access the CTF platform and your favorite packet decoding software (i.e. Wireshark). Expect the CTF to take you less than 1 hour to complete. Team collaboration is encouraged, and if you encounter obstacles, numerous hints are available to guide you. Excel in the challenge, and you could walk away with a CT Cubed SAO, an exclusive prize while supplies last.
\n\nSpeakerBio: CT Cubed
\nNo BIO available
\n\n\'',NULL,617045),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_63d80332ef9848ed8b0b1c09953ece43','\'\'',NULL,617046),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_63d80332ef9848ed8b0b1c09953ece43','\'\'',NULL,617047),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_63d80332ef9848ed8b0b1c09953ece43','\'\'',NULL,617048),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_63d80332ef9848ed8b0b1c09953ece43','\'\'',NULL,617049),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_63d80332ef9848ed8b0b1c09953ece43','\'\'',NULL,617050),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_63d80332ef9848ed8b0b1c09953ece43','\'\'',NULL,617051),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'Space Systems Security CTF – Platform Security\'','\'CT Cubed\'','ASV_63d80332ef9848ed8b0b1c09953ece43','\'\'',NULL,617052),('4_Sunday','10','10:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_034fe48481387c60a78035a25cda7573','\'Title: spacestudio and spacetower challenges
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nUse spacestudio software to work through multiple challenges and scenarios. For instance:
\n\nChallenge 1: Analysis of the performance of the next GEN of satellites to size the ground segment.
\n\nChallenge 2: Assessment of propulsion system capabilities for initial orbit raising
\n\nChallenges for spacetower flight dynamic software will also be available.
\n\nSpeakers:Exotrail,Hack-A-Sat
\n
\nSpeakerBio: Exotrail
\nNo BIO available
\nSpeakerBio: Hack-A-Sat
\nNo BIO available
\n\n\'',NULL,617053),('4_Sunday','11','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_034fe48481387c60a78035a25cda7573','\'\'',NULL,617054),('4_Sunday','12','10:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_034fe48481387c60a78035a25cda7573','\'\'',NULL,617055),('2_Friday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_685a1eba87ae88ceda9a1c528b56f617','\'Title: spacestudio and spacetower challenges
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nUse spacestudio software to work through multiple challenges and scenarios. For instance:
\n\nChallenge 1: Analysis of the performance of the next GEN of satellites to size the ground segment.
\n\nChallenge 2: Assessment of propulsion system capabilities for initial orbit raising
\n\nChallenges for spacetower flight dynamic software will also be available.
\n\nSpeakers:Exotrail,Hack-A-Sat
\n
\nSpeakerBio: Exotrail
\nNo BIO available
\nSpeakerBio: Hack-A-Sat
\nNo BIO available
\n\n\'',NULL,617056),('2_Friday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_685a1eba87ae88ceda9a1c528b56f617','\'\'',NULL,617057),('2_Friday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_685a1eba87ae88ceda9a1c528b56f617','\'\'',NULL,617058),('2_Friday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_685a1eba87ae88ceda9a1c528b56f617','\'\'',NULL,617059),('2_Friday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_685a1eba87ae88ceda9a1c528b56f617','\'\'',NULL,617060),('2_Friday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_685a1eba87ae88ceda9a1c528b56f617','\'\'',NULL,617061),('2_Friday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_685a1eba87ae88ceda9a1c528b56f617','\'\'',NULL,617062),('2_Friday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_685a1eba87ae88ceda9a1c528b56f617','\'\'',NULL,617063),('3_Saturday','10','10:00','17:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_4637d9034cc577777ed4254383010f71','\'Title: spacestudio and spacetower challenges
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02 - Map
\n
\nDescription:
\nUse spacestudio software to work through multiple challenges and scenarios. For instance:
\n\nChallenge 1: Analysis of the performance of the next GEN of satellites to size the ground segment.
\n\nChallenge 2: Assessment of propulsion system capabilities for initial orbit raising
\n\nChallenges for spacetower flight dynamic software will also be available.
\n\nSpeakers:Exotrail,Hack-A-Sat
\n
\nSpeakerBio: Exotrail
\nNo BIO available
\nSpeakerBio: Hack-A-Sat
\nNo BIO available
\n\n\'',NULL,617064),('3_Saturday','11','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_4637d9034cc577777ed4254383010f71','\'\'',NULL,617065),('3_Saturday','12','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_4637d9034cc577777ed4254383010f71','\'\'',NULL,617066),('3_Saturday','13','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_4637d9034cc577777ed4254383010f71','\'\'',NULL,617067),('3_Saturday','14','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_4637d9034cc577777ed4254383010f71','\'\'',NULL,617068),('3_Saturday','15','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_4637d9034cc577777ed4254383010f71','\'\'',NULL,617069),('3_Saturday','16','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_4637d9034cc577777ed4254383010f71','\'\'',NULL,617070),('3_Saturday','17','10:00','17:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02','\'spacestudio and spacetower challenges\'','\'Exotrail,Hack-A-Sat\'','ASV_4637d9034cc577777ed4254383010f71','\'\'',NULL,617071),('2_Friday','10','10:30','12:30','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'Building the Ultimate Budget-Friendly Low Earth Orbit Satellite Ground Station\'','\'Victor Fernandez Minguillon\'','ASV_e47d497ab702729f6cc31a20d91a98be','\'Title: Building the Ultimate Budget-Friendly Low Earth Orbit Satellite Ground Station
\nWhen: Friday, Aug 9, 10:30 - 12:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops - Map
\n
\nDescription:
\nIn this workshop, we explore the design, construction, and configuration of cost-effective Low Earth Orbit (LEO) satellite ground stations using open source tools. The aim is to demonstrate that high-quality ground stations can be developed on a limited budget without sacrificing performance. We will delve into the selection of hardware components, the integration process, and the software tools necessary for seamless operation. Additionally, real-world applications and case studies will be showcased to highlight the practical benefits and potential of these budget-friendly solutions. Attendees will leave with a comprehensive understanding of how to leverage open source resources to build and operate efficient ground stations, making advanced aerospace technology accessible to enthusiasts and professionals alike.
\n\nSpeakerBio: Victor Fernandez Minguillon
\nVictor is a Senior Red Team Analyst at United Airlines with 7 years of experience in offensive security. After immigrating to the United States in 2017 from Spain, he started his stateside career at Underwriter Laboratories doing penetration testing on medical device technologies, including software and hardware-embedded devices, wireless devices, and web and mobile applications. In his current position, he performs and manages Red Team Engagements, Attack Surface Reduction assessments, Physical Engagements, and handles United Airlines’ Vulnerability Disclosure Program to help enhance United’s cybersecurity posture. In his free time, he likes to spend time with his wife and three children (hackers are great at hide-and-seek).
\n\n\n\'',NULL,617072),('2_Friday','11','10:30','12:30','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'Building the Ultimate Budget-Friendly Low Earth Orbit Satellite Ground Station\'','\'Victor Fernandez Minguillon\'','ASV_e47d497ab702729f6cc31a20d91a98be','\'\'',NULL,617073),('2_Friday','12','10:30','12:30','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'Building the Ultimate Budget-Friendly Low Earth Orbit Satellite Ground Station\'','\'Victor Fernandez Minguillon\'','ASV_e47d497ab702729f6cc31a20d91a98be','\'\'',NULL,617074),('2_Friday','13','13:00','14:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'BYOS – Bring Your Own Satellite\'','\'Tim Fowler\'','ASV_fdb8b65f7874e0f11729b0e91a42b01e','\'Title: BYOS – Bring Your Own Satellite
\nWhen: Friday, Aug 9, 13:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops - Map
\n
\nDescription:
\nIn this workshop, attendees are introduced to the basics of satellite communication in a hands-on manner. Also, through the power of virtualization and open-source software, attendees will get a step-by-step guide to create their own personal satellite lab, while helping discover the fundamental principles of satellite communication, from orbital mechanics to data transmission protocols, as you design, simulate, and experiment with satellite systems in a risk-free, virtual environment. Unveil the secrets of satellite technology, gain hands-on experience with real-world scenarios, and configuring and controlling your virtual satellite. This unique learning experience equips you with the knowledge and practical skills needed to explore the possibilities of satellite communication. Unlock the universe of opportunities that satellite communication offers, right from your own laptop.
\n\nAttendee Requirements:\n- A moder laptop with VMware Workstation or VMware Fusion Installed.\n- Both Intel/AMD64 and ARM64 are supported in this workshop\n- Internet Access is not Required but the ability to connect to a local Wi-Fi network will be in order to access the workshop materials.
\n\nAudience Skill Level: Beginner
\n\nBYOS is a beginner friendly workshop that does require some use of the Linux command line, however if you have never used the command line before, you can still be successful in this lab.
\n\nSome concepts will be new to attendees and the workshop is setup to allow ample time for questions and troubleshooting.
\n\nSpeakerBio: Tim Fowler
\nTim Fowler is an Offensive Security Analyst with Black Hills Information Security and has over a decade of experience working in information security. He has worked for Fortune 100 financial institutions as well as a consultant, providing penetration testing and red team services. Tim is passionate about sharing his knowledge with others and has had the pleasure of speaking at multiple security conferences across the county. He is also the founder of the educational centric company ETHOS Labs, and the author of the Introduction to Cybersecurity in Space Systems course. When not hacking away as a clients’ network or writing the subsequent report, researching cybersecurity in space, or developing functional CubeSats, Tim loves spending time with his wife and son and working in his workshop with his collection of hand tools and CNC machines.
\n\n\n\'',NULL,617075),('2_Friday','14','13:00','14:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'BYOS – Bring Your Own Satellite\'','\'Tim Fowler\'','ASV_fdb8b65f7874e0f11729b0e91a42b01e','\'\'',NULL,617076),('2_Friday','15','15:30','17:30','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'Space Pirate Simulator\'','\'Michael Butler,Jacob Oakley\'','ASV_ca5562770dae0227feb238ee9f4be4f3','\'Title: Space Pirate Simulator
\nWhen: Friday, Aug 9, 15:30 - 17:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops - Map
\n
\nDescription:
\nIt\'s time to go beyond hacking the planet! Join us for an offensive cybersecurity in space workshop. We will discuss the challenges that are introduced when attacking space vehicles and work with space industry software such as COSMOS, the ground station software used by NASA, and a modified version of NOS3, NASA\'s satellite simulator. Attendees will have access to cloud environments that contain an operator station, a ground station, and a simulated satellite. We will walk you through the basics of accessing, operating, and of course, attacking these stations for the ultimate goal of taking control of the satellite.
\n\nSpeakers:Michael Butler,Jacob Oakley
\n
\nSpeakerBio: Michael Butler
\nMichael Butler is a 14-year veteran of the offensive cybersecurity industry. He got his start conducting cyber warfare operations with the US Army and NSA. \nHe has built two industry leading penetration testing teams. He is an expert in cloud security and has taught courses on hacking AWS, Azure, and GCP environments at BlackHat, at MITRE, and more. \nHe has worked as a consultant, code reviewer, and penetration tester for ground station software.
\n\nSpeakerBio: Jacob Oakley
\nNo BIO available
\n\n\'',NULL,617077),('2_Friday','16','15:30','17:30','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'Space Pirate Simulator\'','\'Michael Butler,Jacob Oakley\'','ASV_ca5562770dae0227feb238ee9f4be4f3','\'\'',NULL,617078),('2_Friday','17','15:30','17:30','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'Space Pirate Simulator\'','\'Michael Butler,Jacob Oakley\'','ASV_ca5562770dae0227feb238ee9f4be4f3','\'\'',NULL,617079),('3_Saturday','10','10:30','11:30','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'Introduction to Drone Security\'','\'Hahna Kane Latonick\'','ASV_26a45214511533908d37ba4392b70e99','\'Title: Introduction to Drone Security
\nWhen: Saturday, Aug 10, 10:30 - 11:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops - Map
\n
\nDescription:
\nRecent advancements in drone technology are opening new opportunities and applications in various industries across all domains. Drones are quickly becoming integrated into our everyday lives for commercial and recreational use like many IoT devices; however, these advancements also present new cybersecurity challenges as drones grow in popularity. This talk provides an introduction to drone security covering the core components of drone technology (e.g., hardware, software, firmware, and communication protocols), cybersecurity risks and mitigations, and cybersecurity best practices for drone operations. Attendees will gain an understanding of drone systems and important security measures that help protect these devices (and its operators) from emerging and evolving threats.
\n\nSpeakerBio: Hahna Kane Latonick
\nFor the past 18 years of her engineering career, Hahna Kane Latonick has worked throughout the defense industry specializing in cybersecurity as a computer security researcher for the Department of Defense and other defense contracting companies. She has been featured as a cybersecurity subject matter expert on Fox Business News, ABC, U.S. News and World Report, and other national media outlets. She currently serves as a Director of Security Research for a cybersecurity firm and has led four tech startups related to computer security, serving as CTO of two of them, VP of R&D, and Director of R&D. She has trained and developed security researchers at one of the top five aerospace and defense industry companies. She has also taught at Black Hat, CanSecWest, Ringzer0, and the Security BSides Orlando conferences. At the 2023 DEF CON IoT CTF, she and her team tied for first place. In 2014, she became a DEFCON CTF finalist, placing in 6th and ranking in the top 1.5% of ethical hackers worldwide. She also holds security certifications, including CISSP, CEH, and Certified Android Exploit Developer. Latonick attended Swarthmore College and Drexel University where she earned her B.S. and M.S. in Computer Engineering along with a Mathematics minor.
\n\n\n\'',NULL,617080),('3_Saturday','11','10:30','11:30','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'Introduction to Drone Security\'','\'Hahna Kane Latonick\'','ASV_26a45214511533908d37ba4392b70e99','\'\'',NULL,617081),('3_Saturday','12','12:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'Secure the Skies: A Modern Android Security Research Framework for Drone Ground Control Stations and Applications\'','\'Jonathan Waterman\'','ASV_eb158028f20d058e97577f46b5a0a634','\'Title: Secure the Skies: A Modern Android Security Research Framework for Drone Ground Control Stations and Applications
\nWhen: Saturday, Aug 10, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops - Map
\n
\nDescription:
\nDrones, also known as unmanned aerial vehicles (UAVs), are becoming increasingly popular for various applications, from delivery and surveillance to emergency response and military support. While traditionally controlled by dedicated remote controllers (ground control stations), Android is emerging as a powerful platform for drone development and operation. For example, some drone manufacturers, like DJI, have developed their own custom Android-based operating systems (OS) for their drones. Open-source Android-based flight control software like QGroundControl and Mission Planner are also available, allowing developers to build custom drone control applications. With the growing reliance on Android within the drone market, the necessity to understand the landscape of Android-based vulnerabilities and exposure has become more important than ever before, especially to ensure secure, safe, and reliable drone operations.
\n\nSpeakerBio: Jonathan Waterman
\nJonathan Waterman has spent the last 15 years focused on cyber security, spanning both defensive and offensive security. His career started as an ISSM verifying network policies and secure procedures. After obtaining his B.S. in Computer Science from Clarkson University in 2012, his focus became the integrity of applications and sanitization of data. He went from testing and finding ways to bypass secure systems, to writing and enhancing network monitoring systems. Over the course of his career, he worked with the Department of Defense and other defense contracting companies enhancing security postures. For the last 2 years, he has focused specifically on IoT and Android based devices. Many of the programs he worked on were a combination of black and white box testing, requiring expertise in reverse engineering, vulnerability research, binary exploitation, and penetration testing. Currently he serves as a principal security research engineer at Dark Wolf Solutions, leading the Android vulnerability research team.
\n\n\n\'',NULL,617082),('3_Saturday','13','13:30','14:30','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'Open Source Drone Hacking Simulator\'','\'Nick Aleks,Rudy Mendoza\'','ASV_bfc8da17bae98171fd24aac04ba6a110','\'Title: Open Source Drone Hacking Simulator
\nWhen: Saturday, Aug 10, 13:30 - 14:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops - Map
\n
\nDescription:
\nDrone hacking tends to be expensive and sometimes unsafe, but not if you use a simulator!. We have developed a drone hacking simulator called the Damn Vulnerable Drone (https://github.com/nicholasaleks/Damn-Vulnerable-Drone).
\n\nThe Damn Vulnerable Drone is a virtually simulated environment designed for offensive security professionals to safely learn and practice drone hacking techniques. It simulates real-world ArduPilot & MAVLink drone architectures and vulnerabilities, offering hands-on experience in exploiting drone systems.
\n\nSpeakers:Nick Aleks,Rudy Mendoza
\n
\nSpeakerBio: Nick Aleks
\nNo BIO available
\nSpeakerBio: Rudy Mendoza
\nRudy Mendoza is a highly skilled Penetration Tester at Dark Wolf Solutions with seven years of extensive experience in the field of Cyber Security. Renowned for his expertise, Rudy has achieved notable acclaim, including winning the prestigious Black Badge with his team at the DefCon IoT village CTF in 2022.
\n\nRudy has played a major role in paving the way for drone penetration testing, as one of the main pentesters for the BlueUAS program, he has been instrumental in enhancing the security and reliability of these critical systems. Rudy created \"The Drone Wolf Playbook,\" which has been widely regarded as an essential resource in drone security. His background as an Air Force Veteran further enhances his depth of knowledge and tactical proficiency in cybersecurity.
\n\nRudy\'s diverse experiences and accolades make him a respected figure in the cybersecurity community, and he brings a wealth of knowledge and insight to every conference and workshop he participates in.
\n\n\n\'',NULL,617083),('3_Saturday','14','13:30','14:30','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'Open Source Drone Hacking Simulator\'','\'Nick Aleks,Rudy Mendoza\'','ASV_bfc8da17bae98171fd24aac04ba6a110','\'\'',NULL,617084),('3_Saturday','16','16:00','16:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'Choose your own adventure: Has your fleet been hacked?\'','\'Ken Munro\'','ASV_017a521b9eac5f8bc74e61870a6aa92d','\'Title: Choose your own adventure: Has your fleet been hacked?
\nWhen: Saturday, Aug 10, 16:00 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops - Map
\n
\nDescription:
\nThis is an audience-participation talk in the style of the 1980s Choose your own Adventure books. We will expose the audience to a quasi real life incident, giving them the choice to choose how they deal with that incident. This will give insight in to the difficult choices that have to be made by operators in real time.
\n\nSpeakerBio: Ken Munro, Partner and Founder at Pen Test Partners
\nKen Munro is Partner and Founder of Pen Test Partners, a firm of ethical hackers. He and colleagues hold private pilot’s licenses and have been interested in aviation security for many years. They also publish and blog about their research into aviation cyber security, covering topics from airborne connectivity, the potential risks of publicly available avionics component information, and even the entire attack surface of the modern airport. Ken and Pen Test Partners have also been invited to speak at various aviation industry events, and on aviation at specialist security events such as DEF CON’s Aerospace Village, the Global Connected Aircraft Summit, and the Aviation ISAC Summit among others.
\n\n\n\'',NULL,617085),('4_Sunday','10','10:00','10:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'How to Corrupt Youth to Cyber Focused Space Science\'','\'RC Jones\'','ASV_243c31adcc86e45138e6744a04780a40','\'Title: How to Corrupt Youth to Cyber Focused Space Science
\nWhen: Sunday, Aug 11, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops - Map
\n
\nDescription:
\nBringing cyber focused space science to schools can be challenging given school restrictions, firewalls, and expense of equipment. This presentation will go over multiple space-centric outreach activities for youth of all ages. From talking to astronauts aboard the International Space Station (ISS) to listening to satellites in the classroom. These various programs are bound to capture the imagination. Some of the projects to be discussed are the Amateur Radio on the International Space Station (ARISS) program, Slow-Scan Television (SSTV) images from the ISS, AMSat CubeSat Simulators, and setting up a RTL-SDR to capture information from satellites in the classroom. There are a variety of ways to start a countdown to space science careers in youth and these projects can help you connect with the imagination of youth near you.
\n\nSpeakerBio: RC Jones
\nRC, a cybersecurity researcher focusing on the cybersecurity of space systems. She is currently a PhD student in Aerospace Sciences and holds an Amateur Radio Extra class License. Additionally she supports the Amateur Radio on the International Space Station (ARISS) Education committee and frequently facilitates “Teach the Teacher” workshops for K-12 educators and Youth Outreach leads.
\n\n\n\'',NULL,617086),('4_Sunday','11','11:00','12:59','N','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'Watch The Skies: Build Your Own ADS-B receiver\'','\'Jim \"Gurney\" Ross\'','ASV_8321d95168dd0d7d930824e968171bcf','\'Title: Watch The Skies: Build Your Own ADS-B receiver
\nWhen: Sunday, Aug 11, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops - Map
\n
\nDescription:
\nIn this workshop we will build an inexpensive ADS-B (Automatic Dependent Surveillance–Broadcast) receiver with a Raspberry Pi and RTL-SDR. The receiver will track and display aircraft (commercial, private, and military) providing real-time altitude, direction, speed, GPS location and aircraft information. We\'ll discuss ADS-B technology and its importance to air traffic control. We\'ll also discuss building cheap external antennas to improve reception.
\n\nWe will have 10 FREE ADS-B receiver kits that will be given away, at our discretion, to middle through high school students (11-18 years old). An additional 10 ADS-B kits will be available to any attendee for a modest donation to the Aerospace Village. Please see the Aerospace Village control tower to reserve your spot.
\n\nSpeakerBio: Jim \"Gurney\" Ross
\nJim \"Gurney\" Ross is an aerospace cybersecurity engineer with over 30 years of experience in aerospace systems (commercial and defense) and over 20 years of experience in cybersecurity. He is a co-founder of the Aerospace Village and a longtime DEFCON attendee. Gurney has built and operated an ADS-B receiver at the Aerospace Village for the past five years displaying. live, local LAS aircraft data. He is the youth and STEM point of contact for the Aerospace Village.
\n\n\n\'',NULL,617087),('4_Sunday','12','11:00','12:59','Y','ASV','LVCC West/Floor 1/Hall 2/HW2-07-02/HW2-07-02-Workshops','\'Watch The Skies: Build Your Own ADS-B receiver\'','\'Jim \"Gurney\" Ross\'','ASV_8321d95168dd0d7d930824e968171bcf','\'\'',NULL,617088),('2_Friday','10','10:00','10:59','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS: QUANTUM CTF CONTEST: How to get Started on The Quantum Capture The Flag\'','\'\'','QTV_12a5a8829677c66ce303ea77165103da','\'Title: QOLOSSUS: QUANTUM CTF CONTEST: How to get Started on The Quantum Capture The Flag
\nWhen: Friday, Aug 9, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\n\n\n\'',NULL,617089),('2_Friday','10','10:05','11:25','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Intro to Quantum with Q#\'','\'Mariia Mykhailova\'','QTV_7a3f38f95c3318847acdb8e7400e8156','\'Title: Intro to Quantum with Q#
\nWhen: Friday, Aug 9, 10:05 - 11:25 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nQuantum computing harnesses the laws of nature to solve problems that are infeasible on conventional computers, such as integer factorization, which has applications in cryptography, or analyzing properties of molecules and chemical reactions.
\n\nIn this workshop, you will learn the basics of quantum computing and quantum programming using Q# programming language and Azure Quantum Development Kit. You will learn enough to write your first quantum programs — quantum random number generator and Deutsch-Jozsa algorithm — an algorithm that is exponentially faster than any deterministic classical algorithm for that problem. HINT - for those looking to compete in the Quantum CTF, Mariia’s talk will be very useful indeed!!
\n\nSpeakerBio: Mariia Mykhailova
\nMariia Mykhailova is a principal quantum software engineer at Microsoft Quantum. She has been part of the team since early 2017, joining just in time to participate in the development of the first version of the quantum programming language that became Q#. She works on developing software for fault-tolerant quantum computation, as well as quantum education and outreach for Azure Quantum Development Kit. Mariia is the author and maintainer of the Quantum Katas project – an open-source collection of hands-on tutorials and programming problems for learning quantum computing. She is also a part-time lecturer at Northeastern University, teaching “Introduction to Quantum Computing” since 2020, and the author of the O\'Reilly book “Q# Pocket Guide” and the upcoming Manning book \"Quantum Programming in Depth\".
\n\n\n\'',NULL,617090),('2_Friday','11','10:05','11:25','Y','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Intro to Quantum with Q#\'','\'Mariia Mykhailova\'','QTV_7a3f38f95c3318847acdb8e7400e8156','\'\'',NULL,617091),('2_Friday','11','11:25','12:15','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'How do we make LLVM quantum?\'','\'Josh Isaac\'','QTV_bf329932a7366f825d7e72e6c3e3cf43','\'Title: How do we make LLVM quantum?
\nWhen: Friday, Aug 9, 11:25 - 12:15 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nThere are many hurdles we have to solve before we can make Quantum Computing a part of our everyday lives. Yes, we need to work out how to build it, and what we\'re actually going to run on it, but ignore that for now: we also need to figure out how we program it.
\n\nUp until now most quantum programming frameworks have been written in Python, and simply serialize to simplistic string-based representations that are sent over a REST API to cloud-connected quantum hardware. But this ignores the history of classical programming infrastructure, and the fact that no algorithm is purely quantum -- there is bound to be expensive and interwoven classical processing, and we need to take this into account.
\n\nJosh will chat about how we are planning to bring quantum to the existing LLVM compiler toolchain, show what quantum programming and compilation looks like today (and in the future!), and how you might be able to help us build it.
\n\nSpeakerBio: Josh Isaac
\nJosh Izaac is a theoretical physicist and Director of Product at Xanadu, and previously led Xanadu’s quantum software development, including Strawberry Fields, a platform for photonic quantum computing, and PennyLane, an open-source quantum machine learning software library. At Xanadu, he contributes to the development and growth of Xanadu’s open-source quantum software products. Josh holds a PhD in quantum computing and computational physics from the University of Western Australia.
\n\n\n\'',NULL,617092),('2_Friday','12','11:25','12:15','Y','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'How do we make LLVM quantum?\'','\'Josh Isaac\'','QTV_bf329932a7366f825d7e72e6c3e3cf43','\'\'',NULL,617093),('2_Friday','12','12:15','12:59','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'A Hacker\'s guide to PQC\'','\'Konstantinos Karagiannis\'','QTV_a9dbbf5f00743b06b83e901586f21573','\'Title: A Hacker\'s guide to PQC
\nWhen: Friday, Aug 9, 12:15 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nThis talk is aimed at non-experts and anyone who wants to stay ahead of the curve in a world where encryption rules are about to change dramatically. Whether you believe cryptographically relevant quantum computers are 10 or 100 years away, the first steps towards cryptographic agility that are being mandated within a couple of years. We\'ll explore the mind-bending math behind lattice-based and other exotic cryptosystems. Then, we\'ll get our hands dirty, dissecting real-world attacks launched against the finalists in the NIST PQC competition.\nPwn the future of cryptography!
\n\nSpeakerBio: Konstantinos Karagiannis
\nKonstantinos is the Director of Quantum Computing Services at Protiviti. He helps companies get ready for quantum opportunities and threats. He has been involved in the quantum computing industry since 2012, and in InfoSec since the 90s. He is a frequent speaker at RSA, Black Hat, Defcon, and dozens of conferences worldwide. He hosts Protiviti’s Post-Quantum World podcast and is our Venerable Village Elder here at Quantum Village.
\n\n\n\'',NULL,617094),('2_Friday','14','14:00','14:59','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Quantum on the flip side - A global south perspective on Quantum Technologies\'','\'Bruna Shinohara de Mendonça\'','QTV_9c34fe91d8f104030b9f9f54e68780e3','\'Title: Quantum on the flip side - A global south perspective on Quantum Technologies
\nWhen: Friday, Aug 9, 14:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nIn this talk Bruna will bring to the table societal aspects of quantum technologies from a Global South perspective. In particular, how different are the dynamics of quantum hype in non-English speaking countries, how economic inequality affects quantum-readiness and why this should be everyone’s problem.
\n\nSpeakerBio: Bruna Shinohara de Mendonça
\nBruna Shinohara is a Staff Scientist specialized in Quantum Technologies from Brazil, currently working at CMC Microsystems, Canada. She holds a PhD in Physics, focusing on Condensed Matter Theory and Quantum Computation. She is also engaged in science outreach and advocates for democratizing access to information.
\n\n\n\'',NULL,617095),('2_Friday','15','15:00','15:59','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Trapped Ion Quantum Computing Systems - Behind The Scenes: from the physics to control electronics\'','\'Daiwei Zhu,Rick Altherr\'','QTV_eb891ff11d3c06f11ae8c90d04c3c4c4','\'Title: Trapped Ion Quantum Computing Systems - Behind The Scenes: from the physics to control electronics
\nWhen: Friday, Aug 9, 15:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nIn this two-part presentation, we will explore the workings of trapped-ion quantum computers. The first part provides an introduction to the fundamental concepts of quantum computation, as well as the scientific principles behind implementing these concepts with lasers and trapped ions. The second part delves into the practical aspects of trapped-ion quantum computing by following a quantum circuit through the process of compilation and execution by control electronics.
\n\nSpeakers:Daiwei Zhu,Rick Altherr
\n
\nSpeakerBio: Daiwei Zhu
\nDaiwei Zhu is a quantum application researcher at IonQ, having joined the team following the completion of his PhD in experimental ion trap quantum computing. His current research focuses on quantum algorithms, quantum machine learning, reinforcement learning, and optimizing quantum circuit compilation.
\n\nSpeakerBio: Rick Altherr
\nRick Altherr is a full stack engineer having worked on everything from ASIC design to user experience (UX) in systems ranging from embedded to hyperscale. Their career has kept them close to the hardware software boundary, primarily working on computer systems at Apple, Google, and Oxide Computer. After a multi-year detour through firmware security, Rick is now designing instruction sets, microarchitecture, and real-time embedded control systems for trapped-ion quantum computers at IonQ.
\n\n\n\'',NULL,617096),('2_Friday','16','16:00','16:59','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Attack Vectors of Quantum Computers\'','\'Sorin Boloș,Adrian Coleșa\'','QTV_cb18a51d107aa04af591cf8a0c99fa12','\'Title: Attack Vectors of Quantum Computers
\nWhen: Friday, Aug 9, 16:00 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nThis talk explores security issues in quantum computing, identifying attack vectors on major platforms like IBM and IonQ. We examine vulnerabilities in popular quantum software development kits (SDKs) and workflows, highlighting flaws in authentication token management and supply chain attacks that inject malicious circuits.
\n\nWe also review existing literature on vulnerabilities in Quantum Processing Units (QPUs) and present new attacks that exploit qubit reset quality to infer results from prior computations and tamper with subsequent ones. Additionally, we demonstrate how crosstalk can inject faults into circuits run by other tenants on the same QPU.
\n\nQuantum computing holds immense potential, but so does the responsibility to secure it. By understanding and addressing these vulnerabilities today, we can build a more secure quantum ecosystem.
\n\nSpeakers:Sorin Boloș,Adrian Coleșa
\n
\nSpeakerBio: Sorin Boloș
\nSorin Boloș is a software engineer turned to quantum computing. After earning his stripes in the tech world and diving deep into computer science, he had a fling with quantum computing, thanks to a flirty course by MIT, and it turned into a full-blown love affair. As a proud Qiskit Advocate, he has been spreading the quantum love through talks, courses, and hosting some cool minds. Now, he is on a mission to crack the code on quantum security.
\n\nSpeakerBio: Adrian Coleșa
\nAdrian Coleșa is an Associate Professor of Computer Science at the Technical University of Cluj-Napoca (TUCN) in Romania, where he has dedicated 26 years of service. He earned his PhD from TUCN and specializes in teaching courses such as Operating Systems (OS), Secure Coding, and Virtualization-Based Security. His primary research focus since 2013 has been in the field of cybersecurity. Additionally, he has been leading a cybersecurity master\'s program at TUCN since 2015. Since 2019, he has held the position of Senior Security Researcher at Bitdefender, concentrating on virtualization and operating system security. Adrian obtained the OSCP certification in 2014. He has coauthored around 40 scientific papers and six US patents, primarily in cybersecurity.
\n\n\n\'',NULL,617097),('2_Friday','17','17:00','17:30','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'DevSecOps of Quantum Computers\'','\'\'','QTV_8b24463fe2358ebb54376ffcc7deb119','\'Title: DevSecOps of Quantum Computers
\nWhen: Friday, Aug 9, 17:00 - 17:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\n\n\n\'',NULL,617098),('2_Friday','17','17:30','17:59','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Threat Modelling: Quantum Computers\'','\'\'','QTV_ffccfcd689689a83b4e722ee52a17a59','\'Title: Threat Modelling: Quantum Computers
\nWhen: Friday, Aug 9, 17:30 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nWhether you believe all the talk of Quantum Computing and its threats to classical cryptography, or are more curious for how it’ll definitely stop climate change, fix AI, and give us world peace🌈 - we have identified the need to put a spotlight on the threat to quantum computers. With all the potential advantages, quantum computers will need access to some of the most highly sensitive data to carry out their quantum calculations. However, this makes them an ideal target for attackers, and we want to enumerate this threat model with YOU!
\n\n\'',NULL,617099),('3_Saturday','10','10:00','10:59','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Intro to QKD: Quantum Key Exchange: Beyond the Hype\'','\'Ben Varcoe\'','QTV_a18cd6460a019f5f9cc92e8c66bb8030','\'Title: Intro to QKD: Quantum Key Exchange: Beyond the Hype
\nWhen: Saturday, Aug 10, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nQuantum Key Distribution (QKD) has been heralded as the future of secure communications, but what does it really offer, and how does it work? This talk is a deep dive into the physics that underpins QKD, tailored for the technically curious and sceptical minds at DefCon. We’ll explore the foundational principles of quantum mechanics that make QKD possible, with a focus on the BB84 protocol and Continuous Variable QKD (CV-QKD). Additionally, we’ll compare these quantum methods with classical key exchange techniques, discussing their strengths and limitations in real-world applications—without the hype. Whether you’re a seasoned cryptographer or new to the field, this session will provide a practical and clear-eyed understanding of quantum key exchange.
\n\nSpeakerBio: Ben Varcoe
\nNo BIO available
\n\n\'',NULL,617100),('3_Saturday','11','11:00','11:59','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Hacking Quantum Key Distribution (QKD)\'','\'Vadim Makarov\'','QTV_3f26fb7a909252015e4aed8f64724f7e','\'Title: Hacking Quantum Key Distribution (QKD)
\nWhen: Saturday, Aug 10, 11:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nQuantum cryptography is unbreakable in principle but suffers from implementation vulnerabilities that may compromise the perfect protocol. I show examples of such vulnerabilities and tell about upcoming certification standards that verify the quality of countermeasures.
\n\nSpeakerBio: Vadim Makarov
\nVadim received his M.Sc from St. Petersburg State Polytechnical University in 1998. He obtained a Doctor Engineer Degree in Physics Electronics at the Norwegian University of Science and Technology in 2007. After postdoctoral positions at Pohang University of Science and Technology (South Korea) and at the Norwegian University of Science and Technology, in 2012 he joined the Institute for Quantum Computing, Waterloo University (Canada) as research Assistant Professor. Since 2018 he is an applied PI at the Russian Quantum Center, and Professor at the National University of Science and Technology MISiS in Moscow since 2019. In 2023, he joined the Vigo Quantum Communication Center as group leader of the Quantum Hacking & Certification Lab. His research interest lies in quantum communication, particularly quantum hacking.
\n\n\n\'',NULL,617101),('3_Saturday','12','12:00','12:59','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Threat Modelling QKD\'','\'\'','QTV_30894dcec743491ae5702393a28b656e','\'Title: Threat Modelling QKD
\nWhen: Saturday, Aug 10, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nMuch is said about QKD and its benefits and drawbacks. Even more is said about how it is, and we quote, ‘UNHACKABLE’!! We know that it is definitely susceptible to hacks, and want to invite all hackers to an open session where we will discuss attacks against QKD, both classical and quantum, and as a group start constructing a threat model that describes this technology. We will all benefit when more of us understand the real details and contexts about it! HAQ THE PLANET!
\n\n\'',NULL,617102),('3_Saturday','14','14:00','14:45','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QML - Quantum Machine Learning: What is it, where did it come from, and how do I start?\'','\'Josh Izaac\'','QTV_32d5e89ec812c4adba4adffbe9615b7e','\'Title: QML - Quantum Machine Learning: What is it, where did it come from, and how do I start?
\nWhen: Saturday, Aug 10, 14:00 - 14:45 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nQuantum machine learning is a relatively new discipline, first appearing around 15 years ago, and uses a combination of machine learning ideas and concepts with quantum computing in order to ask: can we utilize the high-dimensional vector space of quantum computing for machine learning?
\n\nIn this talk, I’ll go through the history of quantum machine learning: the highs, the lows, and the question marks. While we still have a lot to figure out — quantum computers will not just make existing quantum machine learning ‘faster’! — I’ll show you what’s already out there and how to take part.
\n\nSpeakerBio: Josh Izaac
\nNo BIO available
\n\n\'',NULL,617103),('3_Saturday','14','14:45','15:30','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Playing with Quantum: wayfinding with quantum game theory\'','\'Michael Dascal\'','QTV_a8e39bdf2f78ecf2ab55344ecf8637ef','\'Title: Playing with Quantum: wayfinding with quantum game theory
\nWhen: Saturday, Aug 10, 14:45 - 15:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nThe global quantum community is searching for future applications of quantum computing and quantum communications. A somewhat uncommon way to think about this problem is through quantum game theory. This field of research looks at how quantum resources can be used in both cooperative and competitive games to achieve what would be impossible with only classical resources. In this talk we’ll look at some of the fundamentals of quantum game theory, including some archetypal examples of quantum strategies and some theoretical results that show how quantum games differ from classical ones.
\n\nSpeakerBio: Michael Dascal
\nMichael leads the FCAT quantum computing incubator and is responsible for monitoring the quantum ecosystem and exploring collaboration, engagement, and community development opportunities. He has given multiple technical and non-technical talks in quantum computing and quantum information, and is dedicated to promoting an optimistic, but realistic understanding of quantum technologies and the quantum timeline.
\n\nMichael’s background includes a combination of industry and academic experience, including a decade in marketing and communications for Fortune 100 brands. He holds a PhD in foundations of quantum mechanics and quantum information and degrees in philosophy, physics, and linguistics.
\n\n\n\'',NULL,617104),('3_Saturday','15','14:45','15:30','Y','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Playing with Quantum: wayfinding with quantum game theory\'','\'Michael Dascal\'','QTV_a8e39bdf2f78ecf2ab55344ecf8637ef','\'\'',NULL,617105),('3_Saturday','15','15:30','16:30','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Covert Quantum Communication\'','\'Evan Anderson\'','QTV_2df902d49fe84bddabc80596f03947af','\'Title: Covert Quantum Communication
\nWhen: Saturday, Aug 10, 15:30 - 16:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nGiven access to the start time, duration, method of encoding, and an all-powerful quantum receiver, could you perform the \"simple\" task of detecting whether two or more parties were attempting to communicate? Covert communication, or low probability of detection, demonstrates that it is possible to hide signals within noise so effectively that even an all-powerful quantum adversary would have a vanishing probability of detecting the signal’s presence. In this talk, I\'ll provide a high-level overview of covert communication and its extension to the quantum regime. I\'ll discuss the theoretical underpinnings of covert quantum communication, and how we can practically implement such a system. Finally, I\'ll discuss the ethical considerations of this work and why we should care about it.
\n\nSpeakerBio: Evan Anderson
\nDriven by a deep curiosity about the nature of information, Evan Anderson transitioned from software engineering to pursue a PhD in quantum information theory and photonic quantum information processing. He is curious about all aspects of information, from its fundamental structure within physics to how we manipulate it to suit our needs in day-to-day conversations. Evan is currently in his final year as a PhD student at the University of Arizona, the home of the Center for Quantum Networks, where his research primarily focuses on covert communication over quantum channels and quantum coding theory.
\n\n\n\'',NULL,617106),('3_Saturday','16','15:30','16:30','Y','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Covert Quantum Communication\'','\'Evan Anderson\'','QTV_2df902d49fe84bddabc80596f03947af','\'\'',NULL,617107),('3_Saturday','16','16:30','17:29','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'The Quantum Ethics and Skills Debates\'','\'Bob Gourley,Bruna Shinohara de Mendonça,Joan Arrow\'','QTV_603d5fbcbce4aea59883383315fc208f','\'Title: The Quantum Ethics and Skills Debates
\nWhen: Saturday, Aug 10, 16:30 - 17:29 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nJoin us for another round of our Oxford Union-style debates @ DEF CON! Chaired by Bob Gourley, we’re extremely excited to bring you two debates this year - one on Quantum Ethics, and another on the Quantum Skills gap, feat. some of our most excellent speakers including Bruna Shinohara de Mendonça, Joan Arrow of the Quantum Ethics Project, and more!
\n\nSpeakers:Bob Gourley,Bruna Shinohara de Mendonça,Joan Arrow
\n
\nSpeakerBio: Bob Gourley
\nNo BIO available
\nSpeakerBio: Bruna Shinohara de Mendonça
\nBruna Shinohara is a Staff Scientist specialized in Quantum Technologies from Brazil, currently working at CMC Microsystems, Canada. She holds a PhD in Physics, focusing on Condensed Matter Theory and Quantum Computation. She is also engaged in science outreach and advocates for democratizing access to information.
\n\nSpeakerBio: Joan Arrow
\nNo BIO available
\n\n\'',NULL,617108),('3_Saturday','17','16:30','17:29','Y','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'The Quantum Ethics and Skills Debates\'','\'Bob Gourley,Bruna Shinohara de Mendonça,Joan Arrow\'','QTV_603d5fbcbce4aea59883383315fc208f','\'\'',NULL,617109),('3_Saturday','17','17:15','17:59','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Bloch Party & More Debates\'','\'\'','QTV_f1d9743eb99c2ccbc924ecbe39a9d0fd','\'Title: Bloch Party & More Debates
\nWhen: Saturday, Aug 10, 17:15 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\n\n\n\'',NULL,617110),('4_Sunday','10','10:00','10:59','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Physical Fundamentals of Quantum Computing\'','\'Erez M Abrams\'','QTV_7053c9410553949ff061c0df8987232c','\'Title: Physical Fundamentals of Quantum Computing
\nWhen: Sunday, Aug 11, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Erez M Abrams
\nMy name is Erez Abrams and I\'m currently a physics and math undergraduate student at MIT with four years\' experience in research on the mechanism underlying controlled quantum systems. Prior to burying myself in the ungodly mess that is quantum field theory, I often lectured at or ran cybersecurity, math, and physics teams/clubs for high schoolers and undergraduates, and I was an avid player of CTFs. Nowadays, I mostly sit in a dark room ruminating over a whiteboard full of Feynman diagrams in the hopes of understanding something or other about how the universe functions, but I still passionately love to teach and am very excited to share my knowledge with the wonderful attendees of DEF CON 32\'s Quantum Village!
\n\n\n\'',NULL,617111),('4_Sunday','11','11:00','11:59','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'FIDO2 in the Quantum Realm\'','\'Nina Bindel,James Howe\'','QTV_0cd1a2a1b59aea81f1d6c3e17ee6ca82','\'Title: FIDO2 in the Quantum Realm
\nWhen: Sunday, Aug 11, 11:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nDue to its wide usage, the FIDO2 protocol – also known as Passkeys – is a key example (pun intended) of a protocol that urgently needs to be migrated to post-quantum cryptographic algorithms (PQ or PQC) to be secure against the looming quantum threat. In this presentation we explain our work over the last two years towards maintaining secure passwordless authentication in the quantum era.
\n\nWe discuss: is FIDO2 ‘quantum-ready’? Which of the used cryptographic algorithms need to be replaced and with what? What is the (quantum) threat model? And do we ‘just’ need quantum-secure instead of classical algorithms or should we instead use a combination of classical and PQ (a.k.a. hybrid) algorithms? Can the PQ migration be backwards compatible? If yes, would this introduce the possibility of down-grading attacks? And last but not least, is PQ FIDO2 feasible on current hardware?
\n\nAfter discussing these, we present the first end-to-end post-quantum secure implementation of the FIDO2 protocol which we have recently open-sourced and benchmarked. The aim of our E2E OSS is to provide a complete implementation that allows PQ registration and authentication in all protocol operations, to enable developers to experiment and test the viability of PQ cryptography in current hardware devices providing FIDO2 authentication.
\n\nSpeakers:Nina Bindel,James Howe
\n
\nSpeakerBio: Nina Bindel
\nNina is a staff researcher at SandboxAQ specialized in quantum-secure algorithms and protocols, including how to ensure a smooth PQ migration of the latter. Her research has recently been focused on the FIDO2 protocol both from a theoretical as well as from a more practical aspect. Her list of publications, presentations, blog posts and a stop-motion video about batch signatures can be found at ninabindel.de.
\n\nSpeakerBio: James Howe
\nJames is a Staff Research Scientist in the Quantum Security Group’s PQC Team. He works on the research and development of post-quantum cryptography and addresses issues in integrating PQC into the real-world. He is a co-author of the SDitH signature scheme candidate which is a part of the NIST PQC process for additional signature schemes. His research interests range from optimizing designs in software and hardware, side-channel analysis and countermeasures, protocol design, and more.
\n\n\n\'',NULL,617112),('4_Sunday','12','12:00','12:59','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Policy and the Quantum: Where do we start?\'','\'\'','QTV_e546765ed8d824aab1abb9e801419a1a','\'Title: Policy and the Quantum: Where do we start?
\nWhen: Sunday, Aug 11, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\n\n\n\'',NULL,617113),('4_Sunday','13','13:15','14:14','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS CONTEST Q-CTF Finals\'','\'\'','QTV_5b14a29483fb655fe6365b21427d1c29','\'Title: QOLOSSUS CONTEST Q-CTF Finals
\nWhen: Sunday, Aug 11, 13:15 - 14:14 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\n\n\n\'',NULL,617114),('4_Sunday','14','13:15','14:14','Y','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'QOLOSSUS CONTEST Q-CTF Finals\'','\'\'','QTV_5b14a29483fb655fe6365b21427d1c29','\'\'',NULL,617115),('2_Friday','10','10:30','11:30','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Generative Red Team 2 Kickoff\'','\'Sven Cattell,Will Pearce,Jerome Wynne,Sean McGregor,Nicole DeCario,Kent Wilson\'','AIV_87c140f31cb0226374c1b0d6bf37015f','\'Title: Generative Red Team 2 Kickoff
\nWhen: Friday, Aug 9, 10:30 - 11:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nCome ask us anything about the GRT2! There will be a short presentation about how to participate and the objectives of the event and then you can ask us anything about it and ML flaws and vulnerabilities.
\n\nSpeakers:Sven Cattell,Will Pearce,Jerome Wynne,Sean McGregor,Nicole DeCario,Kent Wilson
\n
\nSpeakerBio: Sven Cattell, Founder at AI Village
\nNo BIO available
\nSpeakerBio: Will Pearce
\nNo BIO available
\nSpeakerBio: Jerome Wynne
\nNo BIO available
\nSpeakerBio: Sean McGregor
\nNo BIO available
\nSpeakerBio: Nicole DeCario
\nNo BIO available
\nSpeakerBio: Kent Wilson
\nNo BIO available
\n\n\'',NULL,617116),('2_Friday','11','10:30','11:30','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Generative Red Team 2 Kickoff\'','\'Sven Cattell,Will Pearce,Jerome Wynne,Sean McGregor,Nicole DeCario,Kent Wilson\'','AIV_87c140f31cb0226374c1b0d6bf37015f','\'\'',NULL,617117),('2_Friday','10','10:00','10:30','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Opening Remarks\'','\'Sven Cattell,Lauren Putvin,Ravin Kumar\'','AIV_48df293b5e6f0bd3345135b1d6028216','\'Title: Opening Remarks
\nWhen: Friday, Aug 9, 10:00 - 10:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nOpening remarks for events at AIV at DEFCON 32
\n\nSpeakers:Sven Cattell,Lauren Putvin,Ravin Kumar
\n
\nSpeakerBio: Sven Cattell, Founder at AI Village
\nNo BIO available
\nSpeakerBio: Lauren Putvin, AIV Steering Committee
\nNo BIO available
\nSpeakerBio: Ravin Kumar, AIV Steering Committee
\nNo BIO available
\n\n\'',NULL,617118),('2_Friday','11','11:30','12:30','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'BOLABuster: Harnessing LLMs for Automating BOLA Detection\'','\'Ravid Mazon,Jay Chen\'','AIV_6cc9bccb8e8e19f45069b4f642f9c228','\'Title: BOLABuster: Harnessing LLMs for Automating BOLA Detection
\nWhen: Friday, Aug 9, 11:30 - 12:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nBroken Object Level Authorization (BOLA) is a prevalent vulnerability in modern APIs and web applications, ranked as the top risk in the OWASP API top 10 and the fourth most reported vulnerability type in HackerOne Global Top 10. The consequences of BOLA can be severe, from sensitive data exposure to a total loss of system control.
\n\nWhile manually verifying or triggering known BOLAs is typically straightforward, automatically identifying the correct execution sequences and generating viable input values for testing BOLAs is challenging. The complexities of application and business logic, the wide range of input parameters, and the stateful nature of modern web applications all hinder existing static analysis tools from detecting unknown BOLAs.
\n\nTo overcome these challenges, we leverage LLM’s reasoning and generative capabilities to automate tasks that were previously done manually. These tasks include understanding application logic, uncovering endpoint dependency relationships, generating test cases, and interpreting test results. When combined with heuristics, this AI-backed method enables fully automated BOLA detection at scale. We dub this research BOLABuster.
\n\nAlthough BOLABuster is still in its early stages, it has already discovered multiple new vulnerabilities in open-source projects. In one instance, we submitted 15 CVEs for one project, some leading to critical privilege escalation. Our most recent disclosed vulnerability was CVE-2024-1313, a BOLA vulnerability in Grafana, an open-source project used by over 20 million users.
\n\nWhen benchmarked against other state-of-the-art fuzzing tools using applications with known BOLAs, BOLABuster, on average, sends less than 1% of the API requests to a target server to uncover a BOLA.
\n\nIn this talk, we will share our methodology and the lessons learned from our research. We invite you to join us to learn about our journey with AI and explore a new approach to conducting vulnerability research.
\n\nSpeakers:Ravid Mazon,Jay Chen
\n
\nSpeakerBio: Ravid Mazon
\nRavid:
\nRavid is a Senior Security Researcher at Palo Alto Networks with more than 6 years of hands-on experience in the Application & API Security field. As a Bachelor of Information Systems with a specialization in Cyber, Ravid brings an innovative attitude to the table, while researching different aspects in the AppSec world. He’s eager to experience, experiment, and learn something new every day. In his free time, Ravid likes to travel, exercise, and have a good time with friends and family.
\n\nJay:\nJay Chen is a Cloud Security Researcher with Prisma Cloud and Unit 42 at Palo Alto Networks. He has extensive research experience in cloud security. In his role at Palo Alto Networks, he focuses on investigating the vulnerabilities, design flaws, and adversarial TTPs in cloud-native technologies such as containers and public cloud services. He works to develop methodologies for identifying and remediating security gaps in public clouds and works to protect Prisma customers from threats.
\n\nSpeakerBio: Jay Chen
\nJay Chen is a Cloud Security Researcher with Prisma Cloud and Unit 42 at Palo Alto Networks. He has extensive research experience in cloud security. In his role at Palo Alto Networks, he focuses on investigating the vulnerabilities, design flaws, and adversarial TTPs in cloud-native technologies such as containers and public cloud services. He works to develop methodologies for identifying and remediating security gaps in public clouds and works to protect Prisma Cloud customers from threats.
\n\nIn previous roles, he has researched mobile cloud security and distributed storage security. Jay has authored 25+ academic and industrial papers.
\n\n\n\'',NULL,617119),('2_Friday','12','11:30','12:30','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'BOLABuster: Harnessing LLMs for Automating BOLA Detection\'','\'Ravid Mazon,Jay Chen\'','AIV_6cc9bccb8e8e19f45069b4f642f9c228','\'\'',NULL,617120),('2_Friday','13','13:30','14:30','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI’ll be watching you. Greybox Attacks against an Embedded AI\'','\'Ryan Tracey,Kasimir Schulz,Tom Boner\'','AIV_908a2b3083384cbe4f5aea90e18f6c78','\'Title: AI’ll be watching you. Greybox Attacks against an Embedded AI
\nWhen: Friday, Aug 9, 13:30 - 14:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nAI’ll be watching you will cover attacking an embedded AI on a family of popular security cameras with over 100,000 combined reviews on Amazon. The camera’s embedded AI system is used for on-device person detection, a system that filters notifications based on whether a person is detected. Traditionally the camera would alert the owner if any motion was detected, meaning that an attacker would have to have no motion be detected, but now with the embedded AI making decisions, an attacker needs to only appear not to be human. While this may seem a simple task, dressing up as a giant bush would be noticeable by the people around the attacker, meaning that a successful attack against this system requires the on-camera AI to be tricked while not alerting nearby people to any suspicious disguises.
\n\nIn this talk we will cover the steps we took to research and gain access to the device in order to perform greybox attacks against its embedded AI. We will demonstrate how we rooted an older version of the device to gain access to how the models were brought to the camera. We will show how the knowledge we gained while reverse engineering let us download the models for any arbitrary device or firmware and, eventually, how we were able to exploit and gain root on the newer, more secure device. We will show the audience our process in which we discovered and reverse-engineered a proprietary model format that we had never seen before. Finally, we will show how, once we understood the model, we were able to perform attacks against both it and the camera.
\n\nThe purpose of this talk is to raise awareness about the insecurity of embedded AI as well as to demonstrate how known attack techniques can be used on never-before-seen models, showcasing that AI/ML research has truly passed the infant stage and has reached a point where developed methods can be broadly applied.
\n\nSpeakers:Ryan Tracey,Kasimir Schulz,Tom Boner
\n
\nSpeakerBio: Ryan Tracey, HiddenLayer
\nNo BIO available
\nSpeakerBio: Kasimir Schulz, Principal Security Researcher at HiddenLayer
\nKasimir Schulz, Principal Security Researcher at HiddenLayer, is a leading expert in uncovering zero-day exploits and supply chain vulnerabilities in AI. His work has been featured in BleepingComputer and Dark Reading, and he has spoken at conferences such as FS-ISAC and Black Hat. Kasimir leads the development of advanced tools for automating vulnerability detection and implementing large-scale patches, fortifying systems against supply chain attacks. His dedication to proactive defense measures sets a new standard in cybersecurity resilience.
\n\nSpeakerBio: Tom Boner, HiddenLayer
\nNo BIO available
\n\n\'',NULL,617121),('2_Friday','14','13:30','14:30','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI’ll be watching you. Greybox Attacks against an Embedded AI\'','\'Ryan Tracey,Kasimir Schulz,Tom Boner\'','AIV_908a2b3083384cbe4f5aea90e18f6c78','\'\'',NULL,617122),('2_Friday','14','14:30','14:59','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Removing the Ring of Gyges: Lessons from Securing AI Systems Against File Format Abuse\'','\'Sean Oesch,Luke Koch,Brian Weber,Amul Chaulagain,Matthew Dixson,Jared Dixon,Cory Watson\'','AIV_1397b0d9ee45039e40c43744927240c0','\'Title: Removing the Ring of Gyges: Lessons from Securing AI Systems Against File Format Abuse
\nWhen: Friday, Aug 9, 14:30 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nThis talk will focus on the implications of our work defending AI based cybersecurity systems against file format abuse for the design of AI systems for cyber. The audience will learn how the interface between traditional cybersecurity systems and the AI models being integrated into them impacts security. File format abuse enables polyglot files to bypass state-of-the-art malware detection systems (EDR tools) that utilize machine learning in an attempt to catch novel forms of malware. The polyglot file is sent to the wrong model because the embedded file type is not detected. Existing file type, file carving, and polyglot detection tools are insufficient to detect polyglots used by threat actors in the wild. However, we trained a machine learning model capable of detecting all polyglot types in our dataset, which is based on threat actor usage of polyglots in the wild, with over 99.9% accuracy. Content disarm and reconstruct (CDR) tools can also be used to disarm polyglots, but are not effective on all file types.
\n\nSpeakers:Sean Oesch,Luke Koch,Brian Weber,Amul Chaulagain,Matthew Dixson,Jared Dixon,Cory Watson
\n
\nSpeakerBio: Sean Oesch, Oak Ridge National Laboratory
\nNo BIO available
\nSpeakerBio: Luke Koch, Oak Ridge National Laboratory
\nNo BIO available
\nSpeakerBio: Brian Weber, Oak Ridge National Laboratory
\nNo BIO available
\nSpeakerBio: Amul Chaulagain, Oak Ridge National Laboratory
\nNo BIO available
\nSpeakerBio: Matthew Dixson
\nNo BIO available
\nSpeakerBio: Jared Dixon
\nNo BIO available
\nSpeakerBio: Cory Watson
\nNo BIO available
\n\n\'',NULL,617123),('2_Friday','15','15:00','15:59','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'On Your Ocean’s 11 Team, I’m the AI Guy (technically Girl)\'','\'Harriet Farlow\'','AIV_5bb39ad6784d1e46589fa7669e105c8d','\'Title: On Your Ocean’s 11 Team, I’m the AI Guy (technically Girl)
\nWhen: Friday, Aug 9, 15:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nOne of the best parts of DEF CON is the glitz and glam of Vegas, the gambling capital of the world. Many have explored hacking casinos (on and off stage). Unfortunately, it’s just not like it is portrayed in the Oceans franchise.. in real life there’s much less action, no George Clooney, and it’s a lot harder to pull off a heist than it seems.
\n\nWell fortunately I’m not your typical hacker, I’m an AI hacker. I use adversarial machine learning techniques to disrupt, deceive and disclose information from Artificial Intelligence systems. I chose my target carefully: Canberra Casino. It’s the best casino in my city.. It’s also the only casino but that’s not the point.
\n\nThe casino industry is at an interesting inflection point. Many large casinos have already adopted AI for surveillance and gameplay monitoring, smaller casinos are starting to make the transition, and there’s only a couple of companies in the world that provide this software. It’s ripe for exploitation.
\n\nIn this talk I’m going to show you how I bypassed casino AI systems - facial recognition, surveillance systems and game monitoring. AI Security is the new cyber security threat, and attacks on AI systems could have broad implications including misdiagnoses in medical imaging, navigation errors in autonomous vehicles.. and successful casino heists.
\n\nSpeakerBio: Harriet Farlow, CEO at Mileva Security Labs
\nHarriet Farlow is the CEO of AI Security company Mileva Security Labs, a PhD Candidate in Machine Learning Security, and creative mind behind the YouTube channel HarrietHacks. She missed the boat on computer hacking so now she hacks AI and Machine Learning models instead. Her career has spanned consulting, academia, a start-up and Government, but don’t judge her for that one. She also has a Bachelor in Physics and a Master in Cyber Security. She calls Australia home but has lived in the UK and the US. Her ultimate hack was in founding her own AI Security company but if Skynet takes over she will deny everything and pretend the AI stood for Artificial Insemination, like her Mum thinks it does. (Sorry Mum but I’m not really a Medical Doctor).
\n\n\n\'',NULL,617124),('3_Saturday','10','10:00','10:59','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Keynote - AI-Powered Cybersecurity: The Importance of Red Teamers\'','\'Nikki Pope\'','AIV_f967cac073cca8ecb4e97bfbca31b882','\'Title: Keynote - AI-Powered Cybersecurity: The Importance of Red Teamers
\nWhen: Saturday, Aug 10, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nAs artificial intelligence and machine learning increasingly become the backbone of our cybersecurity infrastructure, we face a new set of ethical challenges that go beyond traditional security concerns. This keynote dives into the critical issues of fairness, transparency, and accountability in AI-driven security systems. We’ll explore the relevance of AI ethics to safety and security testing, especially red teaming efforts. Finally, we’ll discuss the importance of ethical AI development in cybersecurity, emphasizing the need for diverse development teams, rigorous testing for biases, and ongoing audits of AI systems in production. This keynote aims to spark a crucial conversation in the hacker community about our responsibility to ensure that as we push the boundaries of AI in security, we don’t lose sight of the human values and ethical principles that should guide our work.
\n\nSpeakerBio: Nikki Pope, NVIDIA
\nNo BIO available
\n\n\'',NULL,617125),('3_Saturday','11','11:30','12:30','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'garak : A Framework for Large Language Model Red Teaming\'','\'Leon Derczynski,Erick Galinkin,Jeffery Martin,Subho Majumdar\'','AIV_d6ea2e6e66e0e5dd115cc384d4b1f087','\'Title: garak : A Framework for Large Language Model Red Teaming
\nWhen: Saturday, Aug 10, 11:30 - 12:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nLarge Language Model (LLM) deployment and integration comes with a need for scalable evaluation of how these models respond to adversarial attacks. However, LLM security is a moving target: models produce unpredictable output, are constantly updated, and the potential adversary is highly diverse: anyone with access to the internet and a decent command of natural language. Further, what constitutes a weakness in one context may not be an issue in a different context; one-fits-all guardrails remain theoretical. It is time to rethink what constitutes ``LLM security’’, and pursue a holistic approach to LLM security evaluation, where exploration and discovery of issues are central. To this end, this paper introduces garak (Generative AI Red-teaming and Assessment Kit), a framework which can be used to discover and identify vulnerabilities in a target LLM or dialog system. garak probes an LLM in a structured fashion to discover potential vulnerabilities. The outputs of the framework describe a target model’s weaknesses, contribute to an informed discussion of what composes vulnerabilities in unique contexts, and can inform alignment and policy discussions for LLM deployment.
\n\nSpeakers:Leon Derczynski,Erick Galinkin,Jeffery Martin,Subho Majumdar
\n
\nSpeakerBio: Leon Derczynski, Principal Research Scientist, LLM Security at NVIDIA
\nLeon Derczynski is principal research scientist in LLM Security at NVIDIA and prof in natural language processing at ITU Copenhagen. He’s on the OWASP LLM Top 10 core team, and consults with governments and supranational bodies. He co-wrote a paper on how LLM red teaming is like demon summoning, that you should definitely read. He’s been doing NLP since 2005, deep learning since it was more than one layer, and LLM security for about two years, which is almost a lifetime in this field. Finally, Prof. Derczynski also contributes to ML Commons, and regularly appears in national and international media.
\n\nSpeakerBio: Erick Galinkin, Research Scientist at NVIDIA
\nErick Galinkin is a Research Scientist at NVIDIA working on the security assessment and protection of large language models. Previously, he led the AI research team at Rapid7 and has extensive experience working in the cybersecurity space. He is an alumnus of Johns Hopkins University and holds degrees in applied mathematics and computer science. Outside of his work, Erick is a lifelong student, currently at Drexel University and is renowned for his ability to be around equestrians.
\n\nSpeakerBio: Jeffery Martin, NVIDIA
\nNo BIO available
\nSpeakerBio: Subho Majumdar, vijil
\nNo BIO available
\n\n\'',NULL,617126),('3_Saturday','12','11:30','12:30','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'garak : A Framework for Large Language Model Red Teaming\'','\'Leon Derczynski,Erick Galinkin,Jeffery Martin,Subho Majumdar\'','AIV_d6ea2e6e66e0e5dd115cc384d4b1f087','\'\'',NULL,617127),('3_Saturday','13','13:30','14:30','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'ConfusedPilot: Data Corruption and Leakage by Misusing Copilot for Microsoft 365\'','\'Ayush RoyChowdhury,Mulong Luo,Mohit Tiwari\'','AIV_8cfe6a2faa3d50ebe6342470affb5194','\'Title: ConfusedPilot: Data Corruption and Leakage by Misusing Copilot for Microsoft 365
\nWhen: Saturday, Aug 10, 13:30 - 14:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nThe hype for integrating artificial intelligence into an enterprise’s daily work has become more prevalent after introducing AI-driven systems that use Retrieval Augmented Generation (RAG), such as Copilot for Microsoft 365. But is the trust in such systems and their control over decision-making processes within enterprises rational? Copilot and other RAG-based systems can be misused to cause dissemination of misinformation that negatively impacts decision-making processes without proper auditing and safeguarding of data available to large language models in RAG-based systems.
\n\nThis talk will demonstrate such an attack that we have termed ConfusedPilot because of its ability to turn Copilot into a confused deputy. The attack occurs when a malicious document is introduced to the data pool (documents, presentations, other relevant files, etc.) related to a topic affecting the enterprise’s decision-making process. The malicious document contains a combination of corrupt data and malicious strings that suppress the correct documents related to the topic and respond to the user’s query with only the information present within the malicious document. Furthermore, the talk highlights how this attack can persist after deleting content within the malicious document or the document itself. The talk also points to the larger implications of such attacks, highlighting their cascading effect and existing security measures that can be used to reduce the attack’s effectiveness. Our talk sheds light on the current attacks and potential security measures that can shield enterprises from the adverse effects of such attacks on their AI-driven systems.
\n\nSpeakers:Ayush RoyChowdhury,Mulong Luo,Mohit Tiwari
\n
\nSpeakerBio: Ayush RoyChowdhury, The University of Texas at Austin
\nNo BIO available
\nSpeakerBio: Mulong Luo, The University of Texas at Austin
\nNo BIO available
\nSpeakerBio: Mohit Tiwari, The University of Texas at Austin
\nNo BIO available
\n\n\'',NULL,617128),('3_Saturday','14','13:30','14:30','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'ConfusedPilot: Data Corruption and Leakage by Misusing Copilot for Microsoft 365\'','\'Ayush RoyChowdhury,Mulong Luo,Mohit Tiwari\'','AIV_8cfe6a2faa3d50ebe6342470affb5194','\'\'',NULL,617129),('3_Saturday','14','14:30','14:59','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Evaluations and Guardrails against Prompt Injection attacks on LLM powered-applications\'','\'Cyrus Nikolaidis,Faizan Ahmad\'','AIV_80b453a737fae0ea63c5fda1e79ae277','\'Title: Evaluations and Guardrails against Prompt Injection attacks on LLM powered-applications
\nWhen: Saturday, Aug 10, 14:30 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nPrompt injections are a class of attacks against LLM-powered applications that exploit the inclusion of untrusted user inputs in LLM prompts. We give an overview of two open source frameworks developed by Meta related to understanding and mitigating prompt injection risks:
\n\n\nour CyberSecEval Prompt Injection benchmarks (evaluations of the propensity of popular LLMs to succumb to prompt injection when used without guardrails),
as well as PromptGuard (an open-source model for identifying risky inputs to LLM-powered applications, both direct jailbreaks and indirect injections).
\n\nFindings of interest:
\n\n\nEvaluating foundation model vulnerability to indirect prompt injection: LLMs can be trained to have contextual awareness of which parts of the input prompt are coming from a trusted user versus an untrusted third party - in particular via inclusion of a system prompt. We share our benchmark for direct and indirect prompt injection susceptibility of foundational LLMs (across a wide variety of attack strategies) introduced as part of CyberSecEval (an open-source suite of benchmarks for measuring the cybersecurity risks of foundational models). We present the results of these evaluations for currently-popular foundational LLMs. We conclude that model conditioning is not enough to defend against indirect prompt injection risks in most contexts, even with the usage of a system prompt.
Guardrailing against prompt injection attacks in real applications: We present PromptGuard, a model designed for both the detection of direct jailbreak and indirect injection attacks. We highlight the differences between our models and existing malicious prompt detectors (which largely only address direct prompt injection or jailbreaking risks), and the specific risks that can be prevented by utilizing our guardrail in LLM-powered applications. We also show how the model can be fine-tuned to improve application-specific performance.
\n\nSpeakers:Cyrus Nikolaidis,Faizan Ahmad
\n
\nSpeakerBio: Cyrus Nikolaidis, Meta Platforms, Inc.
\nNo BIO available
\nSpeakerBio: Faizan Ahmad, Meta Platforms, Inc.
\nNo BIO available
\n\n\'',NULL,617130),('3_Saturday','15','15:00','15:59','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Bridging the Experience Gap in Machine Learning Security\'','\'Kellee Wicker (Moderator),Christine Lai,David Lo,Austin Carson,Nick Landers\'','AIV_49b4bb8362c351241d2607999672d09f','\'Title: Bridging the Experience Gap in Machine Learning Security
\nWhen: Saturday, Aug 10, 15:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nThis panel will explore the critical challenges and opportunities in developing a robust workforce for AI and machine learning (ML) security. As AI systems become increasingly prevalent across industries, the need for skilled professionals who can safeguard these technologies against adversarial attacks and vulnerabilities has never been greater.
\n\nA key focus of the discussion will be addressing the significant shortage of practitioners with hands-on experience in securing ML models deployed in real-world adversarial environments. Panelists will examine how this lack of battle-tested expertise impacts the industry’s ability to defend against sophisticated attacks and discuss strategies for cultivating this essential skill set.
\n\nSpeakers:Kellee Wicker (Moderator),Christine Lai,David Lo,Austin Carson,Nick Landers
\n
\nSpeakerBio: Kellee Wicker (Moderator), The Wilson Center
\nNo BIO available
\nSpeakerBio: Christine Lai, Cybersecurity Research Specialist at DHS Cyber Security and Infrastructure Security Agency
\nChristine Lai is a cybersecurity research specialist in the Office of the Technical Director at the Cybersecurity and Infrastructure Security Agency (CISA), where she currently serves as the AI Security lead for the agency. Prior to joining CISA, she was a cybersecurity and machine learning researcher on critical infrastructure programs at Sandia National Laboratories in Albuquerque, NM.
\n\nSpeakerBio: David Lo, SMU
\nNo BIO available
\nSpeakerBio: Austin Carson, Seed AI
\nNo BIO available
\nSpeakerBio: Nick Landers, Dreadnode
\nNo BIO available
\n\n\'',NULL,617131),('4_Sunday','10','10:00','10:59','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Photoshop Fantasies\'','\'Walter Scheirer\'','AIV_836c3b074c72b12be668d098d7897b77','\'Title: Photoshop Fantasies
\nWhen: Sunday, Aug 11, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nThe possibility of an altered photo revising history in a convincing way highlights a salient threat of imaging technology. After all, seeing is believing. Or is it? The examples history has preserved make it clear that the observer is more often than not meant to understand that something has changed. Surprisingly, the objectives of photographic manipulation have remained largely the same since the camera first appeared in the 19th century. The old battleworn techniques have simply evolved to keep pace with technological developments. In this talk, we will learn about the history of photographic manipulation, from the invention of the camera to the advent of generative AI. Importantly, we will consider the reception of photo editing and its relationship to the notion of reality, which is more significant than the technologies themselves. Surprisingly, we will discover that creative myth making has found a new medium to embed itself in. This talk is based on Walter Scheirer’s recent book A History of Fake Things on the Internet (Stanford University Press 2023).
\n\nSpeakerBio: Walter Scheirer, University of Notre Dame
\nNo BIO available
\n\n\'',NULL,617132),('4_Sunday','11','11:00','11:30','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'My Conversations with a GenAI-Powered Virtual Kidnapper\'','\'Perry Carpenter\'','AIV_9fb549727b1e18b90466f7b59ca3dfef','\'Title: My Conversations with a GenAI-Powered Virtual Kidnapper
\nWhen: Sunday, Aug 11, 11:00 - 11:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nFor the past few months, I’ve been seeing how far I can push several commercially available GenAI systems past their ethical boundaries. … hint: it’s way too far.
\n\nIn this talk, I’ll demonstrate how I was able to turn LLMs into a powerful backend for realtime, interactive voice enabled cyber scams. I’ll share my prompting strategy, social engineering tactics, the backend systems used, and show how each of these are working innocently in their own right, but enable massive possibilities for deception and harm when combined (in their current form). I’ll also cover a few key insights gained from this research, including unexpected lessons from both successful and unsuccessful attempts.
\n\nNote: this session includes demos of a violent and profane chatbot. Please do not attend if that will be offensive to you.
\n\nSpeakerBio: Perry Carpenter, KnowBe4, Inc.
\nNo BIO available
\n\n\'',NULL,617133),('4_Sunday','12','12:00','12:59','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Generative Red Team 2 Readout & Acknowledgements\'','\'Sven Cattell,Will Pearce,Jerome Wynne,Sean McGregor,Nicole DeCario,Kent Wilson\'','AIV_680b513914fc8ea28cb51bf6907af0ac','\'Title: Generative Red Team 2 Readout & Acknowledgements
\nWhen: Sunday, Aug 11, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nWe’re going over the results of the GRT and giving out some awards for our favorite reports. We want to hear from you about how it went and what you liked.
\n\nSpeakers:Sven Cattell,Will Pearce,Jerome Wynne,Sean McGregor,Nicole DeCario,Kent Wilson
\n
\nSpeakerBio: Sven Cattell, Founder at AI Village
\nNo BIO available
\nSpeakerBio: Will Pearce
\nNo BIO available
\nSpeakerBio: Jerome Wynne
\nNo BIO available
\nSpeakerBio: Sean McGregor
\nNo BIO available
\nSpeakerBio: Nicole DeCario
\nNo BIO available
\nSpeakerBio: Kent Wilson
\nNo BIO available
\n\n\'',NULL,617134),('3_Saturday','10','10:00','17:59','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_0dcde79b56cc3943c213ceab028cf5d3','\'Title: AI Village Demos
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nJoin us at the AI Village for interactive demonstrations at the intersection of AI and security. Attempt to hijack and manipulate autonomous robots using large language models and generative AI. Fool your friends by creating deep fakes with a state-of-the-art setup from Bishop Fox, complete with DSLR camera, green screen, and props. Finally, put your social engineering awareness to the test with DARPA’s deep fake analysis system, designed to identify and attribute manipulated and synthetic media. Don’t miss this opportunity to engage with adversarial AI technologies and learn about their implications on the future, at DEF CON 32!
\n\n\'',NULL,617135),('3_Saturday','11','10:00','17:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_0dcde79b56cc3943c213ceab028cf5d3','\'\'',NULL,617136),('3_Saturday','12','10:00','17:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_0dcde79b56cc3943c213ceab028cf5d3','\'\'',NULL,617137),('3_Saturday','13','10:00','17:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_0dcde79b56cc3943c213ceab028cf5d3','\'\'',NULL,617138),('3_Saturday','14','10:00','17:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_0dcde79b56cc3943c213ceab028cf5d3','\'\'',NULL,617139),('3_Saturday','15','10:00','17:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_0dcde79b56cc3943c213ceab028cf5d3','\'\'',NULL,617140),('3_Saturday','16','10:00','17:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_0dcde79b56cc3943c213ceab028cf5d3','\'\'',NULL,617141),('3_Saturday','17','10:00','17:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_0dcde79b56cc3943c213ceab028cf5d3','\'\'',NULL,617142),('4_Sunday','10','10:00','12:59','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_c6cf8044c32d21e0ac5188aba73b35b9','\'Title: AI Village Demos
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nJoin us at the AI Village for interactive demonstrations at the intersection of AI and security. Attempt to hijack and manipulate autonomous robots using large language models and generative AI. Fool your friends by creating deep fakes with a state-of-the-art setup from Bishop Fox, complete with DSLR camera, green screen, and props. Finally, put your social engineering awareness to the test with DARPA’s deep fake analysis system, designed to identify and attribute manipulated and synthetic media. Don’t miss this opportunity to engage with adversarial AI technologies and learn about their implications on the future, at DEF CON 32!
\n\n\'',NULL,617143),('4_Sunday','11','10:00','12:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_c6cf8044c32d21e0ac5188aba73b35b9','\'\'',NULL,617144),('4_Sunday','12','10:00','12:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_c6cf8044c32d21e0ac5188aba73b35b9','\'\'',NULL,617145),('2_Friday','10','10:00','17:59','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_d3e49a04576e7a7cbf48acb62c0f5447','\'Title: AI Village Demos
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nJoin us at the AI Village for interactive demonstrations at the intersection of AI and security. Attempt to hijack and manipulate autonomous robots using large language models and generative AI. Fool your friends by creating deep fakes with a state-of-the-art setup from Bishop Fox, complete with DSLR camera, green screen, and props. Finally, put your social engineering awareness to the test with DARPA’s deep fake analysis system, designed to identify and attribute manipulated and synthetic media. Don’t miss this opportunity to engage with adversarial AI technologies and learn about their implications on the future, at DEF CON 32!
\n\n\'',NULL,617146),('2_Friday','11','10:00','17:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_d3e49a04576e7a7cbf48acb62c0f5447','\'\'',NULL,617147),('2_Friday','12','10:00','17:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_d3e49a04576e7a7cbf48acb62c0f5447','\'\'',NULL,617148),('2_Friday','13','10:00','17:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_d3e49a04576e7a7cbf48acb62c0f5447','\'\'',NULL,617149),('2_Friday','14','10:00','17:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_d3e49a04576e7a7cbf48acb62c0f5447','\'\'',NULL,617150),('2_Friday','15','10:00','17:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_d3e49a04576e7a7cbf48acb62c0f5447','\'\'',NULL,617151),('2_Friday','16','10:00','17:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_d3e49a04576e7a7cbf48acb62c0f5447','\'\'',NULL,617152),('2_Friday','17','10:00','17:59','Y','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Demos\'','\'\'','AIV_d3e49a04576e7a7cbf48acb62c0f5447','\'\'',NULL,617153),('3_Saturday','13','13:00','15:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Finalist Selection Process\'','\'\'','CON_7165bb541d0baa60e074227523121f0d','\'Title: Live Recon Finalist Selection Process
\nWhen: Saturday, Aug 10, 13:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\n\n\n\'',NULL,617154),('3_Saturday','14','13:00','15:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Finalist Selection Process\'','\'\'','CON_7165bb541d0baa60e074227523121f0d','\'\'',NULL,617155),('3_Saturday','15','13:00','15:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Finalist Selection Process\'','\'\'','CON_7165bb541d0baa60e074227523121f0d','\'\'',NULL,617156),('3_Saturday','16','16:00','17:59','N','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Finalist Presentations\'','\'\'','CON_15d5aa1e352359f81eaadeeaccf2c44e','\'Title: Live Recon Finalist Presentations
\nWhen: Saturday, Aug 10, 16:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\n\n\n\'',NULL,617157),('3_Saturday','17','16:00','17:59','Y','CON','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Live Recon Finalist Presentations\'','\'\'','CON_15d5aa1e352359f81eaadeeaccf2c44e','\'\'',NULL,617158),('2_Friday','16','16:00','16:59','N','AIV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'AI Village Day 1 Keynote – Poison, injection, evasion, oh my! Grounding AI security threats in data driven reality\'','\'Christina Liaghati\'','AIV_0859cca46fa5fe0d1d4ca82e6ea78f35','\'Title: AI Village Day 1 Keynote – Poison, injection, evasion, oh my! Grounding AI security threats in data driven reality
\nWhen: Friday, Aug 9, 16:00 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\nChristina will speak to the latest MITRE ATLAS community efforts focused on capturing and sharing cross community data on real world AI incidents, expanding the community’s data on vulnerabilities that can arise when using open-source AI models or data, especially for vulnerabilities that fall outside of the scope of CVE/CWE, and developing mitigations to defend against these AI security threats and vulnerabilities.
\n\nMITRE ATLAS () is a public knowledge base of adversary tactics and techniques based on real-world attack observations and realistic demonstrations from artificial intelligence (AI) red teams and security groups. There are a growing number of vulnerabilities in AI-enabled systems as the incorporation of AI increases the attack surfaces of existing systems beyond those of traditional cyberattacks. We developed ATLAS to raise community awareness and readiness for these unique threats, vulnerabilities, and risks in the broader AI assurance landscape.
\n\nSpeakerBio: Christina Liaghati
\nNo BIO available
\n\n\'',NULL,617159),('2_Friday','10','10:00','10:45','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Bastardo Grande: Hunting the Largest Black Market Bike Fence In The World\'','\'Bryan Hance\'','RCV_57c1542c2cb6380935e408ae1b4db10b','\'Title: Bastardo Grande: Hunting the Largest Black Market Bike Fence In The World
\nWhen: Friday, Aug 9, 10:00 - 10:45 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nSince 2020, I have (as a BikeIndex.org cofounder) been chasing and hunting the single largest black market bike fence in modern history. This OSINT-heavy, cross-border investigation eventually blossomed into a federal court case in early 2024, so I\'ve only able to partially share that story in public until now. By the time DEFCON happens, I\'ll be able to give this talk in its fullest and most unredacted form, which I haven\'t been able to do yet. (This talk was presented at Seattle BSIDES 2023, but even then I couldn\'t give \'the whole talk\' because one of the key players was still being prosecuted in CA court)
\n\nIn December 2021, BikeIndex.org published an article that laid out how our OSINT detective work showed residential burglars in Colorado were exporting stolen bikes to Juarez Mexico and selling them on grey-market sites there for excellent profit. This quantified a long suspected \'urban legend\' in the cycling community - that high end stolen bikes went to Mexico - but also the economics of the problem, as we tracked over 1000 sales of stolen bikes and were able to capture sales data and study the black market in very great detail. (That write up is here, if you are curious:https://bikeindex.org/news/closing-the-loop-a-deep-dive-on-a-facebook-reseller-of-bikes-stolen-in )
\n\nWhat we did not disclose at that time was that we were infiltrating and tracking an even larger, more impressive criminal actor in the same space - one whose sales and profits reach into the millions. Through years of surveillance, OSINT work, and a lot of persistence, we eventually identified one of his US side suppliers and got them raided by law enforcement, which then snowballed into a federal prosecution in 2024.
\n\nIn this talk, I\'ll talk about how the motivation to seek justice drives normal people to do extraordinary things with OSINT and other crafty methods to chase down bad guys and recover their stolen goods and seek justice. I\'ll cover some of the crazier edge cases we\'ve run into in this space, and I\'ll talk about the secret shadow army of hunters and cyclists who are hunt these kinds of bad guys down online, every day.
\n\nThe talk will be audience engaging, with back-and-forth and audience \'spot-the-OSINT-FAIL-here\' type participation as we walk through the major breakthroughs that took this project from \'hey, that\'s an interesting\' to names going down into a federal indictment. Specifically, I\'ll give an overview of how we engage with theft victims to surveil, track, identify, and take down transnational black market bike fences - who often turn out to be even crazier individuals than anybody ever expected.
\n\nSpeakerBio: Bryan Hance
\nNo BIO available
\n\n\'',NULL,617160),('2_Friday','10','10:00','13:59','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Recon Village GE(O)SINT Challenge\'','\'\'','RCV_49d329a710b26425d0282c7819eeb39f','\'Title: Recon Village GE(O)SINT Challenge
\nWhen: Friday, Aug 9, 10:00 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nJoin the Recon Village GEOSINT Challenge, where your geospatial intelligence skills will be put to the ultimate test. Navigate through complex scenarios, uncover hidden clues, and outsmart your competition. Sharpen your analytical prowess and prove your mastery in this thrilling contest of wits and strategy.
\n\n\'',NULL,617161),('2_Friday','11','10:00','13:59','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Recon Village GE(O)SINT Challenge\'','\'\'','RCV_49d329a710b26425d0282c7819eeb39f','\'\'',NULL,617162),('2_Friday','12','10:00','13:59','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Recon Village GE(O)SINT Challenge\'','\'\'','RCV_49d329a710b26425d0282c7819eeb39f','\'\'',NULL,617163),('2_Friday','13','10:00','13:59','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Recon Village GE(O)SINT Challenge\'','\'\'','RCV_49d329a710b26425d0282c7819eeb39f','\'\'',NULL,617164),('3_Saturday','10','10:00','13:59','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Recon Village GE(O)SINT Challenge\'','\'\'','RCV_cf76e83c65b4dd78a319046ebbbd0b90','\'Title: Recon Village GE(O)SINT Challenge
\nWhen: Saturday, Aug 10, 10:00 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nJoin the Recon Village GEOSINT Challenge, where your geospatial intelligence skills will be put to the ultimate test. Navigate through complex scenarios, uncover hidden clues, and outsmart your competition. Sharpen your analytical prowess and prove your mastery in this thrilling contest of wits and strategy.
\n\n\'',NULL,617165),('3_Saturday','11','10:00','13:59','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Recon Village GE(O)SINT Challenge\'','\'\'','RCV_cf76e83c65b4dd78a319046ebbbd0b90','\'\'',NULL,617166),('3_Saturday','12','10:00','13:59','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Recon Village GE(O)SINT Challenge\'','\'\'','RCV_cf76e83c65b4dd78a319046ebbbd0b90','\'\'',NULL,617167),('3_Saturday','13','10:00','13:59','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Recon Village GE(O)SINT Challenge\'','\'\'','RCV_cf76e83c65b4dd78a319046ebbbd0b90','\'\'',NULL,617168),('2_Friday','10','10:45','11:30','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Recursion is a Harsh Mistress: How (Not) To Build a Recursive Internet Scanner\'','\'TheTechromancer\'','RCV_5d3c3593cc23690430be8c171689b8a7','\'Title: Recursion is a Harsh Mistress: How (Not) To Build a Recursive Internet Scanner
\nWhen: Friday, Aug 9, 10:45 - 11:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nRecursion has a tendency to turn little bugs into explosive ones. In this talk, witness the myriad of strange and unexpected bugs we encountered while building BBOT, a recursive internet scanner. Rendered in smooth realtime animations, these bugs may appear fun and sometimes hilarious, but when they occurred they were extremely problematic, and taught us some valuable lessons about the internet and recursion.
\n\nDiscover the nefarious traps and nightmarish edge cases that awaited us in the depths of the internet, the destruction they caused, the awkward situations they put us in, and the tricks we used to overcome them. Most importantly, discover the kinds of hidden gems recursion can uncover (when it\'s implemented properly), and the critical advantage it will give you in your recon!
\n\nSpeakerBio: TheTechromancer
\nNo BIO available
\n\n\'',NULL,617169),('2_Friday','11','10:45','11:30','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Recursion is a Harsh Mistress: How (Not) To Build a Recursive Internet Scanner\'','\'TheTechromancer\'','RCV_5d3c3593cc23690430be8c171689b8a7','\'\'',NULL,617170),('2_Friday','11','11:30','12:05','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Hospitals, Airports, and Telcos — Modern Approach to Attributing Hacktivism Attacks\'','\'Itay Cohen\'','RCV_df0d9040670d7d8a210b0240f354d2e2','\'Title: Hospitals, Airports, and Telcos — Modern Approach to Attributing Hacktivism Attacks
\nWhen: Friday, Aug 9, 11:30 - 12:05 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nOn December 12th, millions of Ukrainians trying to connect on Kyivstar\'s mobile and internet services were met with silence. The outage, it turned out, was no accident, but a carefully planned attack that had been brewing for months. One day later, a message saying “We take full responsibility for the cyber attack on Kyivstar” appeared on social media accounts belonging to a group calling itself ‘Solntsepek’.
\n\n“We attacked Kyivstar because the company provides communications to the Armed Forces of Ukraine” the message continued. The Ukrainian users found themselves an audience of another hacking stunt in the ongoing war that started with the Russian invasion of Ukraine. Almost one month later, the pro-Ukraine hacker group “BlackJack” claimed to have breached the Russian internet provider M9com as revenge for the Kyivstar attack.
\n\nThese attacks demonstrate a rising trend where groups, ostensibly state-sponsored yet posing as hacktivists, execute cyber and influence operations. This approach provides plausible deniability and an appearance of legitimacy, avoiding the direct implications of government involvement. These actors, often using various group names, leverage grassroots facades for anonymity and to minimize international backlash.
\n\nBut what if the inflation in the trend is its weakest point? This is where yet another trendy topic comes in handy— Machine Learning (And yes, AI as well). We analyzed thousands of public messages from Hacktivist groups in Europe and the Middle East and combined classic Cyber threat-intelligence practices with modern ML models to learn about their motives over time and more importantly — tie some of these groups together and improve the way we do attribution when it comes to Hacktivism.
\n\nSpeakerBio: Itay Cohen
\nNo BIO available
\n\n\'',NULL,617171),('2_Friday','12','11:30','12:05','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Hospitals, Airports, and Telcos — Modern Approach to Attributing Hacktivism Attacks\'','\'Itay Cohen\'','RCV_df0d9040670d7d8a210b0240f354d2e2','\'\'',NULL,617172),('2_Friday','12','12:00','12:59','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Ask Me Anything - Daniel Cutberth, Moderated by Sudhanshu\'','\'Sudhanshu,Daniel Cuthbert\'','RCV_b4644caabf0509a5dcea1dc66b6748b2','\'Title: Ask Me Anything - Daniel Cutberth, Moderated by Sudhanshu
\nWhen: Friday, Aug 9, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nThis is an AMA/Podcast that will be recorded on-site.
\n\nSpeakers:Sudhanshu,Daniel Cuthbert
\n
\nSpeakerBio: Sudhanshu
\nNo BIO available
\nSpeakerBio: Daniel Cuthbert
\nNo BIO available
\n\n\'',NULL,617173),('2_Friday','12','12:05','12:40','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Bypassing WHOIS Rate Limiting and Alerting on Fresh Enterprise Domains\'','\'Willis Vandevanter\'','RCV_dac3f5226e3ec8150959a94fc7e89feb','\'Title: Bypassing WHOIS Rate Limiting and Alerting on Fresh Enterprise Domains
\nWhen: Friday, Aug 9, 12:05 - 12:40 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nWHOIS data is a prime resources for identifying apex domains owned by a company. Unfortunately that data is typically locked up behind rate limited systems, third party APIs, or expensive bulk purchases. We developed whoiswatcher to run in serverless cloud (where we have clocked it at 1-1.5MM domains per day) or by using IPv6 proxying (can hit 150-200k domains per day with a small VPC). This makes it a perfect candidate to build a WHOIS dataset, review historic WHOIS records, and alert you on fresh enterprise domains. We will demo all this and more!
\n\nSpeakerBio: Willis Vandevanter
\nNo BIO available
\n\n\'',NULL,617174),('2_Friday','12','12:40','13:25','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'SWGRecon: Automate SWG Rules, Policy, and Bypass Enumeration\'','\'Vivek Ramachandran\'','RCV_d204737503caf0a8604b507bc1d533d6','\'Title: SWGRecon: Automate SWG Rules, Policy, and Bypass Enumeration
\nWhen: Friday, Aug 9, 12:40 - 13:25 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nEnterprise users on their web browsers are prime targets for attackers, penetration testers, and red teamers. A common tactic involves tricking users into clicking on spear-phishing emails, downloading malicious documents or binaries, and subsequently compromising their systems. To mitigate these web-based initial access threats, enterprises deploy Secure Web Gateways (SWGs). SWGs are essentially SSL-intercepting cloud proxies that inspect web traffic, blocking attacks such as malicious file downloads, harmful websites, and scripts. Since all web traffic from users\' browsers is routed through these proxies, SWGs have complete visibility into the scripts loading into users\' browsers and the capability to block them.
\n\nIn this talk, we will explore how to conduct reconnaissance against SWGs, identify the vendor and location, reconstruct the rules and policies applied, and identify bypasses based on these insights. We will introduce SWGRecon, a new tool designed to automate enumeration processes. This tool can be deployed as a JavaScript file for automatic enumeration and is complemented by a browser extension for certain scenarios. Our techniques have been rigorously tested against all the leading vendors in the market and have proven to be highly effective as of this writing.
\n\nOur primary objective is to raise awareness about how easily an attacker can deploy JavaScript via their website or inject it into a known website, uncovering loopholes in SWG rules and policies. By exploiting these loopholes, attackers can bypass protections and deliver malware or malicious websites directly to enterprise users\' browsers.
\n\nSpeakerBio: Vivek Ramachandran, Founder at SquareX
\nVivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. Before that, Vivek’s company built an 802.11ac monitoring product sold exclusively to defense agencies. Vivek discovered the Caffe Latte attack, broke WEP Cloaking, conceptualized enterprise Wi-Fi Backdoors, and created Chellam (Wi-Fi Firewall), WiMonitor Enterprise (802.11ac monitoring), Chigula (Wi-Fi traffic analysis via SQL), Deceptacon (IoT Honeypots), among others. He is the author of multiple five-star-rated books in offensive cybersecurity, which have sold thousands of copies worldwide and have been translated into multiple languages. He has been a speaker/trainer at top security conferences such as Blackhat USA, Europe and Abu Dhabi, DEFCON, Nullcon, Brucon, HITB, Hacktivity, and others. Vivek’s work in cybersecurity has been covered in Forbes, TechCrunch, and other popular media outlets. In a past life, he was one of the programmers of the 802.1x protocol and Port Security in Cisco’s 6500 Catalyst series of switches. He was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He has also published multiple research papers in the field of DDoS, ARP Spoofing Detection, and Anomaly-based Intrusion Detection Systems. In 2021, he was awarded an honorary title of Regional Director of Cybersecurity by Microsoft for a period of three years, and in 2024 he joined the BlackHat Arsenal Review Board.
\n\n\n\'',NULL,617175),('2_Friday','13','12:40','13:25','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'SWGRecon: Automate SWG Rules, Policy, and Bypass Enumeration\'','\'Vivek Ramachandran\'','RCV_d204737503caf0a8604b507bc1d533d6','\'\'',NULL,617176),('2_Friday','13','13:00','13:59','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Interview - Mika Devonshire, Hosted by Himanshu Das\'','\'Mika Devonshire,Himanshu Das\'','RCV_d2785f35ea37b7b317184cd65ddd7b31','\'Title: Interview - Mika Devonshire, Hosted by Himanshu Das
\nWhen: Friday, Aug 9, 13:00 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nThis is an AMA/Podcast that will be recorded on-site.
\n\nSpeakers:Mika Devonshire,Himanshu Das
\n
\nSpeakerBio: Mika Devonshire
\nNo BIO available
\nSpeakerBio: Himanshu Das
\nNo BIO available
\n\n\'',NULL,617177),('2_Friday','13','13:25','13:59','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Tapping the OSINT potential of Telegram\'','\'Megan Squire\'','RCV_a1e0c0abf8d288a7b6028e89d342d9ca','\'Title: Tapping the OSINT potential of Telegram
\nWhen: Friday, Aug 9, 13:25 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nThis short talk explores the intelligence potential available in the Telegram messaging app, with particular focus on our novel work exploring its new “similar channels” feature. Telegram is a popular application with numerous, but labyrinthine, security settings and many ways to spill data. In November 2023, Telegram also launched a new “similar channels” recommender feature, explaining that upon joining a channel, users will be shown similar channels that were \"selected automatically based on similarities in their subscriber bases.” We built a new tool, which we will release at DEFCON, to collect and analyze this similar channels data. We will then show how to use social network analysis techniques to uncover previously-hidden relationships between channels on the platform. In the course of collecting this OSINT for our own research projects, we uncovered evidence of numerous inauthentic channel networks that are being used to influence political discourse.
\n\nSpeakerBio: Megan Squire
\nNo BIO available
\n\n\'',NULL,617178),('2_Friday','15','15:00','15:45','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'GeoINT Mastery: A pixel is worth a thousand words\'','\'Mishaal Khan\'','RCV_0914b83aa75921794cc799632dcf22fd','\'Title: GeoINT Mastery: A pixel is worth a thousand words
\nWhen: Friday, Aug 9, 15:00 - 15:45 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nAfter this interactive talk, you will never see images the same way again. This enlightening session explores the dynamic realm of GEOINT (Geospatial Intelligence), a captivating subset of OSINT (Open Source Intelligence) that unlocks a wealth of hidden insights within images and videos. From identifying objects, landscapes, and aircraft to interpreting symbols, shadows, and reflections, we\'ll go deep into the art of imagery analysis. Learn how to decode the language of trees, signs, text and logos, and uncover the strategic implications behind seemingly mundane details using common browser tools. This talk promises to equip you with mind-blowing skills that you can easily learn as I take you through multiple demos.
\n\nSpeakerBio: Mishaal Khan
\nNo BIO available
\n\n\'',NULL,617179),('2_Friday','15','15:00','15:59','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Interview - Scott Helme, Hosted by Shubham\'','\'Scott Helme,Shubham\'','RCV_93f9b64be1b775bf27ca92bb21e0700b','\'Title: Interview - Scott Helme, Hosted by Shubham
\nWhen: Friday, Aug 9, 15:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nThis is an AMA/Podcast that will be recorded on-site.
\n\nSpeakers:Scott Helme,Shubham
\n
\nSpeakerBio: Scott Helme
\nNo BIO available
\nSpeakerBio: Shubham
\nNo BIO available
\n\n\'',NULL,617180),('2_Friday','15','15:45','16:20','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Recon MindMap: Organize, Visualize, and Prioritize Your Recon Data Efficiently\'','\'Lenin Alevski\'','RCV_5349149a6c6ece1afc105051e9da5f78','\'Title: Recon MindMap: Organize, Visualize, and Prioritize Your Recon Data Efficiently
\nWhen: Friday, Aug 9, 15:45 - 16:20 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nAfter doing recon on a target you probably end up with more URLs, domains and IPs that you can handle, and when time is limited, how do you prioritize them? Recon MindMap (RMM) is a tool that will simplify the task of organizing and sorting all these assets. RMM can help you to generate complex domain structures, visualize them using your favorite mind map tools, make informed decisions, and improve your reports visual appeal.
\n\nDuring the talk I’ll discuss the motivations behind building this tool and what problem it solves, the algorithm behind, scenarios and use cases for this tool, how to contribute to the project and what’s next for RMM.
\n\nRMM it\'s opensource and it\'s available at https://github.com/Alevsk/rmm
\n\nSpeakerBio: Lenin Alevski, Security Engineer at Google
\nLenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog
\n\n\n\'',NULL,617181),('2_Friday','16','15:45','16:20','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Recon MindMap: Organize, Visualize, and Prioritize Your Recon Data Efficiently\'','\'Lenin Alevski\'','RCV_5349149a6c6ece1afc105051e9da5f78','\'\'',NULL,617182),('2_Friday','16','16:00','16:59','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Interview - the gumshoo, Hosted by Ram\'','\'the gumshoo,Ram\'','RCV_ac42e22aea2398bc8815970a8f742702','\'Title: Interview - the gumshoo, Hosted by Ram
\nWhen: Friday, Aug 9, 16:00 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nThis is an AMA/Podcast that will be recorded on-site.
\n\nSpeakers:the gumshoo,Ram
\n
\nSpeakerBio: the gumshoo
\nNo BIO available
\nSpeakerBio: Ram
\nNo BIO available
\n\n\'',NULL,617183),('2_Friday','17','17:05','17:45','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Pushing the limits of mass DNS scanning\'','\'Jasper Insinger\'','RCV_ef0395caeeb90ff86319fa3a839a1ac2','\'Title: Pushing the limits of mass DNS scanning
\nWhen: Friday, Aug 9, 17:05 - 17:45 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nMost hackers have a complicated, love-hate relationship with DNS: teleporting a fundamental building block of the internet from the 80’s without major overhauls is a recipe for some interesting exploits and frustrations.
\n\nDNS enumeration is a critical process in penetration testing and essential to security practitioners: the faster we can conduct DNS enumeration, the more potential vulnerabilities we can find.
\n\nWe developed an ultra-fast open-source DNS scanner, SanicDNS, using multiple parallelisation techniques. The result is a scanner that is two orders of magnitude faster than other popular tools. I will take attendees under the hood of the code, sharing what techniques yield the best results, the challenges encountered and their workarounds, and my tips for those considering the same endeavour.
\n\nThe practical applications of SanicDNS far exceed those of everything that preceded it. With this novel scanner, it is possible to identify DNS misconfigurations and conduct Nameserver takeover scans across the entire internet in realtime. This opens up a world of new possibilities for conducting reconnaissance.
\n\nSanicDNS will be released for open-source at Defcon with easy-to-use installation instructions for the community.
\n\nSpeakerBio: Jasper Insinger
\nJasper Insinger is a security researcher with a background in Electrical Engineering with a passion for low level / embedded computing. Before transitioning into security, Jasper worked on engineering the world’s most efficient solar powered cars.
\n\n\n\'',NULL,617184),('2_Friday','17','17:45','18:15','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'OSINT at Clemson: Unmasking John Mark Dougan\'s Disinformation Empire\'','\'Steven Sheffield\'','RCV_daac911767518b41088e790e6a080f12','\'Title: OSINT at Clemson: Unmasking John Mark Dougan\'s Disinformation Empire
\nWhen: Friday, Aug 9, 17:45 - 18:15 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nClemson University\'s Media Forensics Center spearheaded an investigation into the extensive disinformation network orchestrated by John Mark Dougan, an alleged corrupt Sheriff\'s Deputy now residing in Russia. This presentation will focus on Clemson\'s employment of OSINT techniques, emphasizing our thorough examination of digital forensic artifacts and metadata analysis.
\n\nThrough advanced OSINT techniques, our team analyzed server logs, domain registrations, and internet protocol (IP) addresses, unraveling a sophisticated web of over 160 disinformation websites designed to mimic legitimate news outlets. By dissecting these digital breadcrumbs, we traced the network\'s infrastructure and operational tactics, uncovering the strategies Dougan employed to disseminate false narratives. During the process we discovered how narratives were laundered, and LLMs were utilized to create inflammatory content.
\n\nThe session will provide a detailed look at the methods used to collect and interpret metadata and artifacts, which revealed the hidden connections between the fake sites and Dougan\'s operations. We will discuss how our forensic analysis uncovered patterns of digital behavior, allowing us to attribute the network\'s activities to Dougan and understand the broader implications for more transparent public discourse.
\n\nJoin us as we share the intricacies of our forensic process, demonstrating how Clemson\'s expertise in media forensics and metadata analysis played a critical role in exposing a key player in Russia\'s disinformation efforts. This talk will equip attendees with a deeper appreciation of the vital role OSINT plays in modern intelligence operations and the ongoing battle against digital deception.
\n\nSpeakerBio: Steven Sheffield
\nNo BIO available
\n\n\'',NULL,617185),('2_Friday','18','17:45','18:15','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'OSINT at Clemson: Unmasking John Mark Dougan\'s Disinformation Empire\'','\'Steven Sheffield\'','RCV_daac911767518b41088e790e6a080f12','\'\'',NULL,617186),('3_Saturday','10','10:00','10:59','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Interview - CATO Networks, Hosted by Dhruv Shah\'','\'CATO Networks,Dhruv Shah\'','RCV_93545828ddf473643fbbd9d1b5073509','\'Title: Interview - CATO Networks, Hosted by Dhruv Shah
\nWhen: Saturday, Aug 10, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nThis is an AMA/Podcast that will be recorded on-site.
\n\nSpeakers:CATO Networks,Dhruv Shah
\n
\nSpeakerBio: CATO Networks
\nNo BIO available
\nSpeakerBio: Dhruv Shah
\nNo BIO available
\n\n\'',NULL,617187),('3_Saturday','10','10:00','11:59','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Maltego Community Workshop\'','\'Carlos Fragoso\'','RCV_d71bd8c57f74197bcb03d1b3403ec7cf','\'Title: Maltego Community Workshop
\nWhen: Saturday, Aug 10, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nThis workshop aims to describe how to use Maltego CE with the common available transform sets. Additionally we will teach you how to extend the tool by integrating external datasources and OSINT tools thanks to the open-source maltego-trx library.
\n\nOutline:\n- Overview\n- Datasources\n- Investigation basics\n- Creating your own entities\n- Building your own transforms\n- Demo\n- Lab:\n- Connecting an OSINT tool (holehe, whatsmyname…)
\n- Q&A
\n\nPrerequisites\n- Maltego Community Edition (requires Maltego ID registration for activation)\n- Python + pip\n- Maltego-trx library\n- Optional: your favourite IDE (VSCode, Pycharm…)
\n\nSpeakerBio: Carlos Fragoso
\nNo BIO available
\n\n\'',NULL,617188),('3_Saturday','11','10:00','11:59','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Maltego Community Workshop\'','\'Carlos Fragoso\'','RCV_d71bd8c57f74197bcb03d1b3403ec7cf','\'\'',NULL,617189),('3_Saturday','11','11:00','11:59','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Interview - RedHunt Labs (Kunal), Hosted by Anant Shrivastava\'','\'RedHunt Labs (Kunal),Anant Shrivastava\'','RCV_d5e7aa6fb5cf93a2ef7eb685a482f2c2','\'Title: Interview - RedHunt Labs (Kunal), Hosted by Anant Shrivastava
\nWhen: Saturday, Aug 10, 11:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nThis is an AMA/Podcast that will be recorded on-site.
\n\nSpeakers:RedHunt Labs (Kunal),Anant Shrivastava
\n
\nSpeakerBio: RedHunt Labs (Kunal)
\nNo BIO available
\nSpeakerBio: Anant Shrivastava
\nNo BIO available
\n\n\'',NULL,617190),('3_Saturday','12','12:00','12:59','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'Interview - Daniel Miessler, Hosted by Ankur\'','\'Daniel Miessler,Ankur\'','RCV_3e2a4f54ce6d915257b48ab1f636a1a4','\'Title: Interview - Daniel Miessler, Hosted by Ankur
\nWhen: Saturday, Aug 10, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nThis is an AMA/Podcast that will be recorded on-site.
\n\nSpeakers:Daniel Miessler,Ankur
\n
\nSpeakerBio: Daniel Miessler
\nNo BIO available
\nSpeakerBio: Ankur
\nNo BIO available
\n\n\'',NULL,617191),('3_Saturday','12','12:00','13:59','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'OWASP Amass Expanding Data Horizons: Amassing More Than Subdomains\'','\'Jeff Foley\'','RCV_79ea9d97374c8e551b37c1c38bd1d6c7','\'Title: OWASP Amass Expanding Data Horizons: Amassing More Than Subdomains
\nWhen: Saturday, Aug 10, 12:00 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nJoin us at Recon Village for an in-depth workshop on the OWASP Amass Project, a powerful open-source tool used for network mapping, attack surface analysis, and asset discovery. This workshop will delve into the exciting advancements in data collection capabilities within Amass, demonstrating how these enhancements have taken the project from a humble subdomain enumeration tool to an OSINT collection system. Participants will gain hands-on experience with new features, learn best practices for leveraging Amass, and explore the broader dataset of findings and associated assets. Whether you are a seasoned security professional or new to network reconnaissance, this session will provide valuable insights and practical skills to elevate your reconnaissance game.
\n\nWorkshop Outline
\n\nIntroduction (15 minutes)\n- Welcome and speaker introductions\n- Overview of OWASP Amass\n - Brief history and evolution\n - Core functionalities and typical use cases\n- Workshop objectives and agenda
\n\nUnderstanding Amass\'s Data Collection Capabilities (15 minutes)\n- Current data sources utilized by Amass\n - Public data sources\n - OSINT (Open Source Intelligence) integration\n - Third-party APIs\n- Introduction to new data collection features\n - Enhanced API integrations\n - Proprietary data sources
\n\nHands-On with New Data Collection Features (30 minutes)\n- Setting up Amass for expanded data collection\n - Installation and configuration\n - API key management and integration\n- Practical demonstration\n - Running Amass with new data sources\n - Interpreting results\n - Case study: Real-world scenarios and outcomes
\n\nAnalyzing and Utilizing Recon Data (30 minutes)\n- Attack surface mapping is more than internet infrastructure\n- Introduction to the Open Asset Model (OAM)\n- Collecting email addresses with Amass\n- OAM types to be supported by the project\n- The Future of Mapping attack surfaces
\n\nQ&A Session (20 minutes)
\n\nConclusion (10 minutes)\n- Recap of key takeaways\n- Additional resources and further learning\n- Closing remarks and feedback session
\n\n
\n\nPreparation Requirements:**\n- Participants are encouraged to bring laptops with pre-installed OWASP Amass.\n- API keys for various data sources (details to be provided prior to the workshop).
\n\nTarget Audience:**\n- Security researchers and professionals\n- Penetration testers\n- Network administrators\n- Anyone interested in improving their reconnaissance skills and knowledge
\n\nThis workshop promises to be an engaging and educational experience, equipping attendees with the latest techniques and tools to enhance their security reconnaissance capabilities using OWASP Amass.
\n\nSpeakerBio: Jeff Foley
\nNo BIO available
\n\n\'',NULL,617192),('3_Saturday','13','12:00','13:59','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'OWASP Amass Expanding Data Horizons: Amassing More Than Subdomains\'','\'Jeff Foley\'','RCV_79ea9d97374c8e551b37c1c38bd1d6c7','\'\'',NULL,617193),('3_Saturday','14','14:00','15:59','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'The art of Pivoting in OSINT Investigations\'','\'Ram Ganesh\'','RCV_3846c789d9f2e3404a824619ff33eac0','\'Title: The art of Pivoting in OSINT Investigations
\nWhen: Saturday, Aug 10, 14:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nJoin us for an immersive workshop designed for beginners and professionals looking to enhance their Open Source Intelligence (OSINT) skills. This workshop provides a technical guide to uncovering hidden connections and expanding investigative horizons using advanced OSINT techniques and tools. Participants will gain hands-on experience with leading OSINT tools, learn how to identify pivotal data points, and practice real-world pivoting strategies through interactive exercises and case studies.
\n\nThis workshop is ideal for those seeking to refine their investigative methodologies and leverage cutting-edge OSINT practices for more effective and efficient investigations.
\n\nTopics:\n- OSINT Introduction and Walkthrough\n- Common tools and platforms\n- Data Sources\n- Understanding Pivoting\n- Identifying Pivot Points\n- Techniques and Tools\n- Data Correlation\n- Automation and Scripting\n- Case Study\n- Integrating OSINT with other Intel\n- Ethical and Legal Considerations
\n\nSkill Level: Beginner to Intermediate
\n\nSpeakerBio: Ram Ganesh
\nNo BIO available
\n\n\'',NULL,617194),('3_Saturday','15','14:00','15:59','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'The art of Pivoting in OSINT Investigations\'','\'Ram Ganesh\'','RCV_3846c789d9f2e3404a824619ff33eac0','\'\'',NULL,617195),('3_Saturday','14','14:00','17:59','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'ToolMakers Hackathon\'','\'\'','RCV_921965cdcd1f614b07c8d8fee83e1f73','\'Title: ToolMakers Hackathon
\nWhen: Saturday, Aug 10, 14:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nUnleash your creativity at the Tool Makers Hackathon, where innovation meets functionality. Collaborate with fellow hackers to design and build groundbreaking tools that push the boundaries of cybersecurity. Whether you\'re a seasoned pro or a budding developer, this is your chance to showcase your skills, learn from the best, and create something truly unique.
\n\n\'',NULL,617196),('3_Saturday','15','14:00','17:59','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'ToolMakers Hackathon\'','\'\'','RCV_921965cdcd1f614b07c8d8fee83e1f73','\'\'',NULL,617197),('3_Saturday','16','14:00','17:59','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'ToolMakers Hackathon\'','\'\'','RCV_921965cdcd1f614b07c8d8fee83e1f73','\'\'',NULL,617198),('3_Saturday','17','14:00','17:59','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'ToolMakers Hackathon\'','\'\'','RCV_921965cdcd1f614b07c8d8fee83e1f73','\'\'',NULL,617199),('2_Friday','14','14:00','17:59','N','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'ToolMakers Hackathon\'','\'\'','RCV_7936d8b74086b1bcd4ae93ffbc05bcdd','\'Title: ToolMakers Hackathon
\nWhen: Friday, Aug 9, 14:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-04 - Map
\n
\nDescription:
\nUnleash your creativity at the Tool Makers Hackathon, where innovation meets functionality. Collaborate with fellow hackers to design and build groundbreaking tools that push the boundaries of cybersecurity. Whether you\'re a seasoned pro or a budding developer, this is your chance to showcase your skills, learn from the best, and create something truly unique.
\n\n\'',NULL,617200),('2_Friday','15','14:00','17:59','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'ToolMakers Hackathon\'','\'\'','RCV_7936d8b74086b1bcd4ae93ffbc05bcdd','\'\'',NULL,617201),('2_Friday','16','14:00','17:59','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'ToolMakers Hackathon\'','\'\'','RCV_7936d8b74086b1bcd4ae93ffbc05bcdd','\'\'',NULL,617202),('2_Friday','17','14:00','17:59','Y','RCV','LVCC West/Floor 1/Hall 4/HW4-03-04','\'ToolMakers Hackathon\'','\'\'','RCV_7936d8b74086b1bcd4ae93ffbc05bcdd','\'\'',NULL,617203),('4_Sunday','10','10:00','12:59','N','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_1cb4b1f79c2ad3ef2cbb6796462aa7c6','\'Title: DEF CON Groups - Open for questions and hanging out
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W236 - Map
\n
\nDescription:
\nDo you have questions about what DEF CON Groups are? Do you need help finding a group near you? Feel free to come ask. Or, just come up and hang out.
\n\n\'',NULL,617204),('4_Sunday','11','10:00','12:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_1cb4b1f79c2ad3ef2cbb6796462aa7c6','\'\'',NULL,617205),('4_Sunday','12','10:00','12:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_1cb4b1f79c2ad3ef2cbb6796462aa7c6','\'\'',NULL,617206),('3_Saturday','10','10:00','17:59','N','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_cc86ea61f457284fca20a23bce5c9ac0','\'Title: DEF CON Groups - Open for questions and hanging out
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W236 - Map
\n
\nDescription:
\nDo you have questions about what DEF CON Groups are? Do you need help finding a group near you? Feel free to come ask. Or, just come up and hang out.
\n\n\'',NULL,617207),('3_Saturday','11','10:00','17:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_cc86ea61f457284fca20a23bce5c9ac0','\'\'',NULL,617208),('3_Saturday','12','10:00','17:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_cc86ea61f457284fca20a23bce5c9ac0','\'\'',NULL,617209),('3_Saturday','13','10:00','17:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_cc86ea61f457284fca20a23bce5c9ac0','\'\'',NULL,617210),('3_Saturday','14','10:00','17:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_cc86ea61f457284fca20a23bce5c9ac0','\'\'',NULL,617211),('3_Saturday','15','10:00','17:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_cc86ea61f457284fca20a23bce5c9ac0','\'\'',NULL,617212),('3_Saturday','16','10:00','17:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_cc86ea61f457284fca20a23bce5c9ac0','\'\'',NULL,617213),('3_Saturday','17','10:00','17:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_cc86ea61f457284fca20a23bce5c9ac0','\'\'',NULL,617214),('2_Friday','10','10:00','17:59','N','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_96f04c9f4846edbf0f48bac4fa40b528','\'Title: DEF CON Groups - Open for questions and hanging out
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W236 - Map
\n
\nDescription:
\nDo you have questions about what DEF CON Groups are? Do you need help finding a group near you? Feel free to come ask. Or, just come up and hang out.
\n\n\'',NULL,617215),('2_Friday','11','10:00','17:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_96f04c9f4846edbf0f48bac4fa40b528','\'\'',NULL,617216),('2_Friday','12','10:00','17:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_96f04c9f4846edbf0f48bac4fa40b528','\'\'',NULL,617217),('2_Friday','13','10:00','17:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_96f04c9f4846edbf0f48bac4fa40b528','\'\'',NULL,617218),('2_Friday','14','10:00','17:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_96f04c9f4846edbf0f48bac4fa40b528','\'\'',NULL,617219),('2_Friday','15','10:00','17:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_96f04c9f4846edbf0f48bac4fa40b528','\'\'',NULL,617220),('2_Friday','16','10:00','17:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_96f04c9f4846edbf0f48bac4fa40b528','\'\'',NULL,617221),('2_Friday','17','10:00','17:59','Y','DCG','LVCC West/Floor 2/W236','\'DEF CON Groups - Open for questions and hanging out\'','\'\'','DCG_96f04c9f4846edbf0f48bac4fa40b528','\'\'',NULL,617222),('2_Friday','17','17:00','17:45','N','PLV','LVCC West/Floor 2/W237','\'Singapore - Safeguarding the Nation: The Vital Role of Cybersecurity in AI-Driven Homeland Security\'','\'NG Yeow Boon,Bill Woodcock\'','PLV_9c5e78a74959f08e0c9e6cc4d036375c','\'Title: Singapore - Safeguarding the Nation: The Vital Role of Cybersecurity in AI-Driven Homeland Security
\nWhen: Friday, Aug 9, 17:00 - 17:45 PDT
\nWhere: LVCC West/Floor 2/W237 - Map
\n
\nDescription:
\nHomeland security agencies have been rapidly developing AI-powered solutions to enhance their operational effectiveness. As AI-powered systems become more ubiquitous, a greater emphasis must be placed on Cybersecurity. A career police officer, Yeow Boon understands first-hand the myriad ways AI can augment Homeland Security operations. In his current roles as the Deputy Chief Executive (Development) and Chief Information Officer of Singapore’s Home Team Science and Technology Agency (HTX), Yeow Boon oversees the agency\'s transformation, and by extension, the AI transformation of Singapore’s Home Team. Concurrently, he has to ensure that any risks involved in the increased attack surface associated with the development of AI-powered technologies are mitigated. In his speech, Yeow Boon will highlight the critical role of Cybersecurity in AI-driven homeland security. From the development stage to organisational best practices, he emphasises the importance of keeping Cybersecurity at the forefront of any agency’s AI transformation. During this session, look forward to gaining insights into the latest Cybersecurity threats in AI-driven Homeland Security and how to combat them.
\n\nSpeakers:NG Yeow Boon,Bill Woodcock
\n
\nSpeakerBio: NG Yeow Boon, Singapore’s Home Team Science and Technology Agency
\nNo BIO available
\nSpeakerBio: Bill Woodcock, Executive Director at Packet Clearing House
\nBill Woodcock is the executive director of Packet Clearing House, the intergovernmental treaty organization that supports the operation of critical Internet infrastructure, including Internet exchange points and the core of the domain name system. Since entering the Internet industry in 1985, Bill has helped establish more than three hundred Internet exchange points. In 1989, Bill developed the anycast routing technique that now protects the domain name system. In 1998 he was one of the principal drivers of California 17538.4, the world’s first anti-spam legislation. Bill was principal author of the Multicast DNS and Operator Requirements of Infrastructure Management Methods IETF drafts. In 2002 he co-founded INOC-DBA, the security-coordination hotline system that interconnects the network operations centers of more than three thousand Internet Service Providers and Security Operations Centers around the world. And in 2007, Bill was one of the two international liaisons deployed by NSP-Sec to the Estonian CERT during the Russian cyber-attack. In 2011, Bill authored the first survey of Internet interconnection agreements, as input to the OECD’s analysis of the Internet economy. Bill served on the Global Commission on the Stability of Cyberspace and on the Commission on Caribbean Communications Resilience. He\'s on the board of directors of the M3AA Foundation, and was on the board of the American Registry for Internet Numbers for fifteen years. Now, Bill’s work focuses principally on the security and economic stability of critical Internet infrastructure.
\n\n\n\'',NULL,617223),('3_Saturday','17','17:00','17:45','N','PLV','LVCC West/Floor 2/W237','\'Challenges and Reactions: Cybersecurity and Communications Resilience in Taiwan\'','\'Herming Chiueh\'','PLV_217d2a2e5f49a4f7f2b7646b3bd45ed8','\'Title: Challenges and Reactions: Cybersecurity and Communications Resilience in Taiwan
\nWhen: Saturday, Aug 10, 17:00 - 17:45 PDT
\nWhere: LVCC West/Floor 2/W237 - Map
\n
\nDescription:
\n
\n\nSpeakerBio: Herming Chiueh, Deputy Minister at Ministry of Digital Affairs, Taiwan
\nHerming Chiueh received the B.S. degree in electrophysics from National Chiao Tung University, Hsinchu, Taiwan, and the M.S. and Ph.D. degrees in electrical engineering from the University of Southern California, Los Angeles, CA, USA. From 1996 to 2002, he was with the Information Sciences Institute, University of Southern California, Marina del Rey, CA, USA. He currently serves as Deputy Minister at Ministry of Digital Affairs, Taiwan. He is currently on-leave from the faculty member of Department of Electrical and Computer Engineering, National Yang Ming Chiao Tung University, Hsinchu, Taiwan.
\n\n\n\'',NULL,617224),('2_Friday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9dbf5896f4352f7461b4bf532a05e6a4','\'Title: Firmware Extraction and Analysis
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nIn this interactive exercise, you\'ll learn how to talk to chips on a board via SPI, extract a firmware image, and analyze it to find vulnerabilities. Take your hardware hacking skills to the next level
\n\n\'',NULL,617225),('2_Friday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9dbf5896f4352f7461b4bf532a05e6a4','\'\'',NULL,617226),('2_Friday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9dbf5896f4352f7461b4bf532a05e6a4','\'\'',NULL,617227),('2_Friday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9dbf5896f4352f7461b4bf532a05e6a4','\'\'',NULL,617228),('2_Friday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9dbf5896f4352f7461b4bf532a05e6a4','\'\'',NULL,617229),('2_Friday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9dbf5896f4352f7461b4bf532a05e6a4','\'\'',NULL,617230),('2_Friday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9dbf5896f4352f7461b4bf532a05e6a4','\'\'',NULL,617231),('2_Friday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9dbf5896f4352f7461b4bf532a05e6a4','\'\'',NULL,617232),('4_Sunday','10','10:00','12:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_c617eba76eecac0c8842003b43e38b90','\'Title: Firmware Extraction and Analysis
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nIn this interactive exercise, you\'ll learn how to talk to chips on a board via SPI, extract a firmware image, and analyze it to find vulnerabilities. Take your hardware hacking skills to the next level
\n\n\'',NULL,617233),('4_Sunday','11','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_c617eba76eecac0c8842003b43e38b90','\'\'',NULL,617234),('4_Sunday','12','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_c617eba76eecac0c8842003b43e38b90','\'\'',NULL,617235),('3_Saturday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9cd895af3e69282188263b54731f9d94','\'Title: Firmware Extraction and Analysis
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nIn this interactive exercise, you\'ll learn how to talk to chips on a board via SPI, extract a firmware image, and analyze it to find vulnerabilities. Take your hardware hacking skills to the next level
\n\n\'',NULL,617236),('3_Saturday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9cd895af3e69282188263b54731f9d94','\'\'',NULL,617237),('3_Saturday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9cd895af3e69282188263b54731f9d94','\'\'',NULL,617238),('3_Saturday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9cd895af3e69282188263b54731f9d94','\'\'',NULL,617239),('3_Saturday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9cd895af3e69282188263b54731f9d94','\'\'',NULL,617240),('3_Saturday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9cd895af3e69282188263b54731f9d94','\'\'',NULL,617241),('3_Saturday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9cd895af3e69282188263b54731f9d94','\'\'',NULL,617242),('3_Saturday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Firmware Extraction and Analysis\'','\'\'','IOTV_9cd895af3e69282188263b54731f9d94','\'\'',NULL,617243),('3_Saturday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_bdc0ce9ed87772f72ca2aba3b7cf9ffe','\'Title: Hack My TV
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nWith Google Cast Miracast or AirPlay smart TVs now have plenty of ways to get your favorite content on screen. But while the latest show is playing there is a complex system running underneath that is ripe for hacking. Bitdefender invites you to solve a few challenges that will get you diving into the inner workings of a smart TV.
\n\n\'',NULL,617244),('3_Saturday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_bdc0ce9ed87772f72ca2aba3b7cf9ffe','\'\'',NULL,617245),('3_Saturday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_bdc0ce9ed87772f72ca2aba3b7cf9ffe','\'\'',NULL,617246),('3_Saturday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_bdc0ce9ed87772f72ca2aba3b7cf9ffe','\'\'',NULL,617247),('3_Saturday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_bdc0ce9ed87772f72ca2aba3b7cf9ffe','\'\'',NULL,617248),('3_Saturday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_bdc0ce9ed87772f72ca2aba3b7cf9ffe','\'\'',NULL,617249),('3_Saturday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_bdc0ce9ed87772f72ca2aba3b7cf9ffe','\'\'',NULL,617250),('3_Saturday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_bdc0ce9ed87772f72ca2aba3b7cf9ffe','\'\'',NULL,617251),('2_Friday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_e0e74498c0b80ccbd159a8e2ea58afdf','\'Title: Hack My TV
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nWith Google Cast Miracast or AirPlay smart TVs now have plenty of ways to get your favorite content on screen. But while the latest show is playing there is a complex system running underneath that is ripe for hacking. Bitdefender invites you to solve a few challenges that will get you diving into the inner workings of a smart TV.
\n\n\'',NULL,617252),('2_Friday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_e0e74498c0b80ccbd159a8e2ea58afdf','\'\'',NULL,617253),('2_Friday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_e0e74498c0b80ccbd159a8e2ea58afdf','\'\'',NULL,617254),('2_Friday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_e0e74498c0b80ccbd159a8e2ea58afdf','\'\'',NULL,617255),('2_Friday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_e0e74498c0b80ccbd159a8e2ea58afdf','\'\'',NULL,617256),('2_Friday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_e0e74498c0b80ccbd159a8e2ea58afdf','\'\'',NULL,617257),('2_Friday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_e0e74498c0b80ccbd159a8e2ea58afdf','\'\'',NULL,617258),('2_Friday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_e0e74498c0b80ccbd159a8e2ea58afdf','\'\'',NULL,617259),('4_Sunday','10','10:00','12:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_86feb348dfd6c685df6c56bd719fc039','\'Title: Hack My TV
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nWith Google Cast Miracast or AirPlay smart TVs now have plenty of ways to get your favorite content on screen. But while the latest show is playing there is a complex system running underneath that is ripe for hacking. Bitdefender invites you to solve a few challenges that will get you diving into the inner workings of a smart TV.
\n\n\'',NULL,617260),('4_Sunday','11','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_86feb348dfd6c685df6c56bd719fc039','\'\'',NULL,617261),('4_Sunday','12','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hack My TV\'','\'\'','IOTV_86feb348dfd6c685df6c56bd719fc039','\'\'',NULL,617262),('4_Sunday','10','10:00','12:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_0ec2327bc7d41fe1d55d4307f79eff94','\'Title: Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nRapid7 is back with more hands-on hardware hacking exercises. This year we will be guiding attendees through several exercises gaining root access for control and extraction of firmware and file system data. From TFTP kernel images over the network to single user mode access via modification of U-Boot. These exercises will guide you through the process of importing a kernel image over the network and executing it in memory for root access, along with understanding embedded device flash memory layout and how to transfer firmware images over the network for offline testing. Also, we will walk through placing the IoT device in single user mode for root access and then rebuild the structure and needed drivers to bring the IoT embedded system out of single user mode for full access.
\n\n\'',NULL,617263),('4_Sunday','11','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_0ec2327bc7d41fe1d55d4307f79eff94','\'\'',NULL,617264),('4_Sunday','12','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_0ec2327bc7d41fe1d55d4307f79eff94','\'\'',NULL,617265),('2_Friday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_8427ef94d7c55945cc2799e785bad8ec','\'Title: Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nRapid7 is back with more hands-on hardware hacking exercises. This year we will be guiding attendees through several exercises gaining root access for control and extraction of firmware and file system data. From TFTP kernel images over the network to single user mode access via modification of U-Boot. These exercises will guide you through the process of importing a kernel image over the network and executing it in memory for root access, along with understanding embedded device flash memory layout and how to transfer firmware images over the network for offline testing. Also, we will walk through placing the IoT device in single user mode for root access and then rebuild the structure and needed drivers to bring the IoT embedded system out of single user mode for full access.
\n\n\'',NULL,617266),('2_Friday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_8427ef94d7c55945cc2799e785bad8ec','\'\'',NULL,617267),('2_Friday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_8427ef94d7c55945cc2799e785bad8ec','\'\'',NULL,617268),('2_Friday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_8427ef94d7c55945cc2799e785bad8ec','\'\'',NULL,617269),('2_Friday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_8427ef94d7c55945cc2799e785bad8ec','\'\'',NULL,617270),('2_Friday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_8427ef94d7c55945cc2799e785bad8ec','\'\'',NULL,617271),('2_Friday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_8427ef94d7c55945cc2799e785bad8ec','\'\'',NULL,617272),('2_Friday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_8427ef94d7c55945cc2799e785bad8ec','\'\'',NULL,617273),('3_Saturday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_702243ae128362c2c6e6f7c8bf25e60f','\'Title: Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nRapid7 is back with more hands-on hardware hacking exercises. This year we will be guiding attendees through several exercises gaining root access for control and extraction of firmware and file system data. From TFTP kernel images over the network to single user mode access via modification of U-Boot. These exercises will guide you through the process of importing a kernel image over the network and executing it in memory for root access, along with understanding embedded device flash memory layout and how to transfer firmware images over the network for offline testing. Also, we will walk through placing the IoT device in single user mode for root access and then rebuild the structure and needed drivers to bring the IoT embedded system out of single user mode for full access.
\n\n\'',NULL,617274),('3_Saturday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_702243ae128362c2c6e6f7c8bf25e60f','\'\'',NULL,617275),('3_Saturday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_702243ae128362c2c6e6f7c8bf25e60f','\'\'',NULL,617276),('3_Saturday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_702243ae128362c2c6e6f7c8bf25e60f','\'\'',NULL,617277),('3_Saturday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_702243ae128362c2c6e6f7c8bf25e60f','\'\'',NULL,617278),('3_Saturday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_702243ae128362c2c6e6f7c8bf25e60f','\'\'',NULL,617279),('3_Saturday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_702243ae128362c2c6e6f7c8bf25e60f','\'\'',NULL,617280),('3_Saturday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','\'\'','IOTV_702243ae128362c2c6e6f7c8bf25e60f','\'\'',NULL,617281),('3_Saturday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_3dd9997147d85a6e97b6fea4440be269','\'Title: Hardware Hacking GE Appliances
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nHow to get started, two steps
\n\nDownload the GE Appliances SmartHQ App “SmartHQ” available on the Google Play and iOS Stores to your mobile phone\nCreate your GE Appliances Account to commission the appliance, connecting the appliance to your account. The app will walk you through this step.\n
\n\nRouter Name SSID: HackAway\nRouter Name Password: With GEA
\n\nIn-Scope: Only communications between the appliance, GE Appliances SmartHQ App, and the cloud connection for the appliance
\n\nPlease leave your contact information and we will be in touch! Or you may visit our security webpage by typing “GEAppliances.com/security” into your Internet browser. We have a call center and PSIRT team ready to hear your questions!
\n\n\'',NULL,617282),('3_Saturday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_3dd9997147d85a6e97b6fea4440be269','\'\'',NULL,617283),('3_Saturday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_3dd9997147d85a6e97b6fea4440be269','\'\'',NULL,617284),('3_Saturday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_3dd9997147d85a6e97b6fea4440be269','\'\'',NULL,617285),('3_Saturday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_3dd9997147d85a6e97b6fea4440be269','\'\'',NULL,617286),('3_Saturday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_3dd9997147d85a6e97b6fea4440be269','\'\'',NULL,617287),('3_Saturday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_3dd9997147d85a6e97b6fea4440be269','\'\'',NULL,617288),('3_Saturday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_3dd9997147d85a6e97b6fea4440be269','\'\'',NULL,617289),('2_Friday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_bedcde77c33256050f1b06376a162d6c','\'Title: Hardware Hacking GE Appliances
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nHow to get started, two steps
\n\nDownload the GE Appliances SmartHQ App “SmartHQ” available on the Google Play and iOS Stores to your mobile phone\nCreate your GE Appliances Account to commission the appliance, connecting the appliance to your account. The app will walk you through this step.\n
\n\nRouter Name SSID: HackAway\nRouter Name Password: With GEA
\n\nIn-Scope: Only communications between the appliance, GE Appliances SmartHQ App, and the cloud connection for the appliance
\n\nPlease leave your contact information and we will be in touch! Or you may visit our security webpage by typing “GEAppliances.com/security” into your Internet browser. We have a call center and PSIRT team ready to hear your questions!
\n\n\'',NULL,617290),('2_Friday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_bedcde77c33256050f1b06376a162d6c','\'\'',NULL,617291),('2_Friday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_bedcde77c33256050f1b06376a162d6c','\'\'',NULL,617292),('2_Friday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_bedcde77c33256050f1b06376a162d6c','\'\'',NULL,617293),('2_Friday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_bedcde77c33256050f1b06376a162d6c','\'\'',NULL,617294),('2_Friday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_bedcde77c33256050f1b06376a162d6c','\'\'',NULL,617295),('2_Friday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_bedcde77c33256050f1b06376a162d6c','\'\'',NULL,617296),('2_Friday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_bedcde77c33256050f1b06376a162d6c','\'\'',NULL,617297),('4_Sunday','10','10:00','12:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_5bc3b4a44cee4bf71a4ae519946b7f38','\'Title: Hardware Hacking GE Appliances
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nHow to get started, two steps
\n\nDownload the GE Appliances SmartHQ App “SmartHQ” available on the Google Play and iOS Stores to your mobile phone\nCreate your GE Appliances Account to commission the appliance, connecting the appliance to your account. The app will walk you through this step.\n
\n\nRouter Name SSID: HackAway\nRouter Name Password: With GEA
\n\nIn-Scope: Only communications between the appliance, GE Appliances SmartHQ App, and the cloud connection for the appliance
\n\nPlease leave your contact information and we will be in touch! Or you may visit our security webpage by typing “GEAppliances.com/security” into your Internet browser. We have a call center and PSIRT team ready to hear your questions!
\n\n\'',NULL,617298),('4_Sunday','11','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_5bc3b4a44cee4bf71a4ae519946b7f38','\'\'',NULL,617299),('4_Sunday','12','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Hardware Hacking GE Appliances\'','\'\'','IOTV_5bc3b4a44cee4bf71a4ae519946b7f38','\'\'',NULL,617300),('2_Friday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_ebda661f489b067fc0cc1fb2818560a6','\'Title: Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nLearn the trade secrets of elite embedded security researchers and exploit developers. This hands-on workshop equips you with the QEMU and GDB skills needed to emulate and debug embedded system processes.
\n\nFriday, August 9th / Saturday, August 10th
\n\n10:00 am - QEMU Primer\n11:00 am - QEMU Emulation\n2:00 pm - Debugging with QEMU and GDB\n3:00 pm - Q&A for Workshops\n
\n\n\'',NULL,617301),('2_Friday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_ebda661f489b067fc0cc1fb2818560a6','\'\'',NULL,617302),('2_Friday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_ebda661f489b067fc0cc1fb2818560a6','\'\'',NULL,617303),('2_Friday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_ebda661f489b067fc0cc1fb2818560a6','\'\'',NULL,617304),('2_Friday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_ebda661f489b067fc0cc1fb2818560a6','\'\'',NULL,617305),('2_Friday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_ebda661f489b067fc0cc1fb2818560a6','\'\'',NULL,617306),('2_Friday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_ebda661f489b067fc0cc1fb2818560a6','\'\'',NULL,617307),('2_Friday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_ebda661f489b067fc0cc1fb2818560a6','\'\'',NULL,617308),('3_Saturday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_2c9ec73aae185ff89bb2d3ea4950c202','\'Title: Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nLearn the trade secrets of elite embedded security researchers and exploit developers. This hands-on workshop equips you with the QEMU and GDB skills needed to emulate and debug embedded system processes.
\n\nFriday, August 9th / Saturday, August 10th
\n\n10:00 am - QEMU Primer\n11:00 am - QEMU Emulation\n2:00 pm - Debugging with QEMU and GDB\n3:00 pm - Q&A for Workshops\n
\n\n\'',NULL,617309),('3_Saturday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_2c9ec73aae185ff89bb2d3ea4950c202','\'\'',NULL,617310),('3_Saturday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_2c9ec73aae185ff89bb2d3ea4950c202','\'\'',NULL,617311),('3_Saturday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_2c9ec73aae185ff89bb2d3ea4950c202','\'\'',NULL,617312),('3_Saturday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_2c9ec73aae185ff89bb2d3ea4950c202','\'\'',NULL,617313),('3_Saturday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_2c9ec73aae185ff89bb2d3ea4950c202','\'\'',NULL,617314),('3_Saturday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_2c9ec73aae185ff89bb2d3ea4950c202','\'\'',NULL,617315),('3_Saturday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_2c9ec73aae185ff89bb2d3ea4950c202','\'\'',NULL,617316),('4_Sunday','10','10:00','12:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_a67e5139e02ae8e7eb0dae55341ecd72','\'Title: Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nLearn the trade secrets of elite embedded security researchers and exploit developers. This hands-on workshop equips you with the QEMU and GDB skills needed to emulate and debug embedded system processes.
\n\nFriday, August 9th / Saturday, August 10th
\n\n10:00 am - QEMU Primer\n11:00 am - QEMU Emulation\n2:00 pm - Debugging with QEMU and GDB\n3:00 pm - Q&A for Workshops\n
\n\n\'',NULL,617317),('4_Sunday','11','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_a67e5139e02ae8e7eb0dae55341ecd72','\'\'',NULL,617318),('4_Sunday','12','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','\'\'','IOTV_a67e5139e02ae8e7eb0dae55341ecd72','\'\'',NULL,617319),('2_Friday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_017c257802bd9fdd041d6c48a8615269','\'Title: IoT Security at DEF CON 32
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nJoin Finite State live on the Tech Done Different Podcast live at 2: 30 on the 9th with host Ted Harrington. Finite State and ISE will be discussing all things DEF CON 32 and the state of IoT security. This will be a live recording!
\n\n\n\n\'',NULL,617320),('2_Friday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_017c257802bd9fdd041d6c48a8615269','\'\'',NULL,617321),('2_Friday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_017c257802bd9fdd041d6c48a8615269','\'\'',NULL,617322),('2_Friday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_017c257802bd9fdd041d6c48a8615269','\'\'',NULL,617323),('2_Friday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_017c257802bd9fdd041d6c48a8615269','\'\'',NULL,617324),('2_Friday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_017c257802bd9fdd041d6c48a8615269','\'\'',NULL,617325),('2_Friday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_017c257802bd9fdd041d6c48a8615269','\'\'',NULL,617326),('2_Friday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_017c257802bd9fdd041d6c48a8615269','\'\'',NULL,617327),('4_Sunday','10','10:00','12:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_2a78e7234f49cbb5a710eb3cc65137ae','\'Title: IoT Security at DEF CON 32
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nJoin Finite State live on the Tech Done Different Podcast live at 2: 30 on the 9th with host Ted Harrington. Finite State and ISE will be discussing all things DEF CON 32 and the state of IoT security. This will be a live recording!
\n\n\n\n\'',NULL,617328),('4_Sunday','11','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_2a78e7234f49cbb5a710eb3cc65137ae','\'\'',NULL,617329),('4_Sunday','12','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_2a78e7234f49cbb5a710eb3cc65137ae','\'\'',NULL,617330),('3_Saturday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_5da45f9a88f76540effaa6661f44389d','\'Title: IoT Security at DEF CON 32
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nJoin Finite State live on the Tech Done Different Podcast live at 2: 30 on the 9th with host Ted Harrington. Finite State and ISE will be discussing all things DEF CON 32 and the state of IoT security. This will be a live recording!
\n\n\n\n\'',NULL,617331),('3_Saturday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_5da45f9a88f76540effaa6661f44389d','\'\'',NULL,617332),('3_Saturday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_5da45f9a88f76540effaa6661f44389d','\'\'',NULL,617333),('3_Saturday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_5da45f9a88f76540effaa6661f44389d','\'\'',NULL,617334),('3_Saturday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_5da45f9a88f76540effaa6661f44389d','\'\'',NULL,617335),('3_Saturday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_5da45f9a88f76540effaa6661f44389d','\'\'',NULL,617336),('3_Saturday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_5da45f9a88f76540effaa6661f44389d','\'\'',NULL,617337),('3_Saturday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Security at DEF CON 32\'','\'\'','IOTV_5da45f9a88f76540effaa6661f44389d','\'\'',NULL,617338),('3_Saturday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_666a2dcd5ce4221f1dd770b438206861','\'Title: IoT Village Hacking Playground
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nThe IoT Village Hacking Playground is a set of hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices in just a few minutes. Work at your own pace following our IoT Hacking guides and if you get stuck, our instructors are on hand to provide assistance and answer any questions.
\n\n\'',NULL,617339),('3_Saturday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_666a2dcd5ce4221f1dd770b438206861','\'\'',NULL,617340),('3_Saturday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_666a2dcd5ce4221f1dd770b438206861','\'\'',NULL,617341),('3_Saturday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_666a2dcd5ce4221f1dd770b438206861','\'\'',NULL,617342),('3_Saturday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_666a2dcd5ce4221f1dd770b438206861','\'\'',NULL,617343),('3_Saturday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_666a2dcd5ce4221f1dd770b438206861','\'\'',NULL,617344),('3_Saturday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_666a2dcd5ce4221f1dd770b438206861','\'\'',NULL,617345),('3_Saturday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_666a2dcd5ce4221f1dd770b438206861','\'\'',NULL,617346),('4_Sunday','10','10:00','12:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_282c2682cda9f0c584245379d29682d1','\'Title: IoT Village Hacking Playground
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nThe IoT Village Hacking Playground is a set of hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices in just a few minutes. Work at your own pace following our IoT Hacking guides and if you get stuck, our instructors are on hand to provide assistance and answer any questions.
\n\n\'',NULL,617347),('4_Sunday','11','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_282c2682cda9f0c584245379d29682d1','\'\'',NULL,617348),('4_Sunday','12','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_282c2682cda9f0c584245379d29682d1','\'\'',NULL,617349),('2_Friday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_08615af89c0526644b5f1b117381025e','\'Title: IoT Village Hacking Playground
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nThe IoT Village Hacking Playground is a set of hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices in just a few minutes. Work at your own pace following our IoT Hacking guides and if you get stuck, our instructors are on hand to provide assistance and answer any questions.
\n\n\'',NULL,617350),('2_Friday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_08615af89c0526644b5f1b117381025e','\'\'',NULL,617351),('2_Friday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_08615af89c0526644b5f1b117381025e','\'\'',NULL,617352),('2_Friday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_08615af89c0526644b5f1b117381025e','\'\'',NULL,617353),('2_Friday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_08615af89c0526644b5f1b117381025e','\'\'',NULL,617354),('2_Friday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_08615af89c0526644b5f1b117381025e','\'\'',NULL,617355),('2_Friday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_08615af89c0526644b5f1b117381025e','\'\'',NULL,617356),('2_Friday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Village Hacking Playground\'','\'\'','IOTV_08615af89c0526644b5f1b117381025e','\'\'',NULL,617357),('2_Friday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_2ad15471339e699099fe0fdf9f90ca89','\'Title: Keysight CTF Challenge
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nDefeat the Keysight CTF challenge for a chance to win a Riscuberry IoT hacking training kit with Riscure Academy online training. See one of the Keysight staff for details. LIGHT THE BEACONS and show us the flag!
\n\n\'',NULL,617358),('2_Friday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_2ad15471339e699099fe0fdf9f90ca89','\'\'',NULL,617359),('2_Friday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_2ad15471339e699099fe0fdf9f90ca89','\'\'',NULL,617360),('2_Friday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_2ad15471339e699099fe0fdf9f90ca89','\'\'',NULL,617361),('2_Friday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_2ad15471339e699099fe0fdf9f90ca89','\'\'',NULL,617362),('2_Friday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_2ad15471339e699099fe0fdf9f90ca89','\'\'',NULL,617363),('2_Friday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_2ad15471339e699099fe0fdf9f90ca89','\'\'',NULL,617364),('2_Friday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_2ad15471339e699099fe0fdf9f90ca89','\'\'',NULL,617365),('4_Sunday','10','10:00','12:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_e394a3da6641a9de6b002e3122fe9fe9','\'Title: Keysight CTF Challenge
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nDefeat the Keysight CTF challenge for a chance to win a Riscuberry IoT hacking training kit with Riscure Academy online training. See one of the Keysight staff for details. LIGHT THE BEACONS and show us the flag!
\n\n\'',NULL,617366),('4_Sunday','11','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_e394a3da6641a9de6b002e3122fe9fe9','\'\'',NULL,617367),('4_Sunday','12','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_e394a3da6641a9de6b002e3122fe9fe9','\'\'',NULL,617368),('3_Saturday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_f3673ebbf5883245fc7e53c1864f5fc1','\'Title: Keysight CTF Challenge
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nDefeat the Keysight CTF challenge for a chance to win a Riscuberry IoT hacking training kit with Riscure Academy online training. See one of the Keysight staff for details. LIGHT THE BEACONS and show us the flag!
\n\n\'',NULL,617369),('3_Saturday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_f3673ebbf5883245fc7e53c1864f5fc1','\'\'',NULL,617370),('3_Saturday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_f3673ebbf5883245fc7e53c1864f5fc1','\'\'',NULL,617371),('3_Saturday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_f3673ebbf5883245fc7e53c1864f5fc1','\'\'',NULL,617372),('3_Saturday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_f3673ebbf5883245fc7e53c1864f5fc1','\'\'',NULL,617373),('3_Saturday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_f3673ebbf5883245fc7e53c1864f5fc1','\'\'',NULL,617374),('3_Saturday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_f3673ebbf5883245fc7e53c1864f5fc1','\'\'',NULL,617375),('3_Saturday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Keysight CTF Challenge\'','\'\'','IOTV_f3673ebbf5883245fc7e53c1864f5fc1','\'\'',NULL,617376),('2_Friday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_d395fcea7bbcd36ed8395816ac309f9a','\'Title: Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nJoin Drew Green, John Rodriguez, and Ken Pyle for a deep dive into identifying vulnerabilities in network devices. Explore and exploit weaknesses in a wireless mesh network and learn how advanced threats view your infrastructure.
\n\nSpeakers:Drew Green,John Rodriguez,Ken Pyle
\n
\nSpeakerBio: Drew Green
\nNo BIO available
\nSpeakerBio: John Rodriguez
\nNo BIO available
\nSpeakerBio: Ken Pyle
\nNo BIO available
\n\n\'',NULL,617377),('2_Friday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_d395fcea7bbcd36ed8395816ac309f9a','\'\'',NULL,617378),('2_Friday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_d395fcea7bbcd36ed8395816ac309f9a','\'\'',NULL,617379),('2_Friday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_d395fcea7bbcd36ed8395816ac309f9a','\'\'',NULL,617380),('2_Friday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_d395fcea7bbcd36ed8395816ac309f9a','\'\'',NULL,617381),('2_Friday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_d395fcea7bbcd36ed8395816ac309f9a','\'\'',NULL,617382),('2_Friday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_d395fcea7bbcd36ed8395816ac309f9a','\'\'',NULL,617383),('2_Friday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_d395fcea7bbcd36ed8395816ac309f9a','\'\'',NULL,617384),('3_Saturday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_b4040aefeaa3ff94f35dd210ae2f405f','\'Title: Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nJoin Drew Green, John Rodriguez, and Ken Pyle for a deep dive into identifying vulnerabilities in network devices. Explore and exploit weaknesses in a wireless mesh network and learn how advanced threats view your infrastructure.
\n\nSpeakers:Drew Green,John Rodriguez,Ken Pyle
\n
\nSpeakerBio: Drew Green
\nNo BIO available
\nSpeakerBio: John Rodriguez
\nNo BIO available
\nSpeakerBio: Ken Pyle
\nNo BIO available
\n\n\'',NULL,617385),('3_Saturday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_b4040aefeaa3ff94f35dd210ae2f405f','\'\'',NULL,617386),('3_Saturday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_b4040aefeaa3ff94f35dd210ae2f405f','\'\'',NULL,617387),('3_Saturday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_b4040aefeaa3ff94f35dd210ae2f405f','\'\'',NULL,617388),('3_Saturday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_b4040aefeaa3ff94f35dd210ae2f405f','\'\'',NULL,617389),('3_Saturday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_b4040aefeaa3ff94f35dd210ae2f405f','\'\'',NULL,617390),('3_Saturday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_b4040aefeaa3ff94f35dd210ae2f405f','\'\'',NULL,617391),('3_Saturday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_b4040aefeaa3ff94f35dd210ae2f405f','\'\'',NULL,617392),('4_Sunday','10','10:00','12:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_615f6f46cc4201b683f3422e073e5c84','\'Title: Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nJoin Drew Green, John Rodriguez, and Ken Pyle for a deep dive into identifying vulnerabilities in network devices. Explore and exploit weaknesses in a wireless mesh network and learn how advanced threats view your infrastructure.
\n\nSpeakers:Drew Green,John Rodriguez,Ken Pyle
\n
\nSpeakerBio: Drew Green
\nNo BIO available
\nSpeakerBio: John Rodriguez
\nNo BIO available
\nSpeakerBio: Ken Pyle
\nNo BIO available
\n\n\'',NULL,617393),('4_Sunday','11','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_615f6f46cc4201b683f3422e073e5c84','\'\'',NULL,617394),('4_Sunday','12','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','\'Drew Green,John Rodriguez,Ken Pyle\'','IOTV_615f6f46cc4201b683f3422e073e5c84','\'\'',NULL,617395),('4_Sunday','10','10:00','12:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_e23c3335607b49c15fcf2d8f53137021','\'Title: Phisherman\'s Wharf - Phishing for Beginners
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nIntuit R3DC0N\'s Phisherman\'s Wharf will lead beginners looking to learn how phishing campaigns are managed. This short introductory lab will give you hands on experience creating a phish test campaign from a cached email and web site using GoPhish, leverage email lists, and observe the responses when the victims interact with the phish emails in MailHog.
\n\nAccompanied by our expert guide, witness live hacking demonstrations showcasing the alarming simplicity behind breaching and controlling banned xIoT devices. Embrace the excitement. Join us at the Lab and let the hacking games begin!
\n\n\'',NULL,617396),('4_Sunday','11','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_e23c3335607b49c15fcf2d8f53137021','\'\'',NULL,617397),('4_Sunday','12','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_e23c3335607b49c15fcf2d8f53137021','\'\'',NULL,617398),('2_Friday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_7b5f4002319f6fd79aed5055fe5d7d5b','\'Title: Phisherman\'s Wharf - Phishing for Beginners
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nIntuit R3DC0N\'s Phisherman\'s Wharf will lead beginners looking to learn how phishing campaigns are managed. This short introductory lab will give you hands on experience creating a phish test campaign from a cached email and web site using GoPhish, leverage email lists, and observe the responses when the victims interact with the phish emails in MailHog.
\n\nAccompanied by our expert guide, witness live hacking demonstrations showcasing the alarming simplicity behind breaching and controlling banned xIoT devices. Embrace the excitement. Join us at the Lab and let the hacking games begin!
\n\n\'',NULL,617399),('2_Friday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_7b5f4002319f6fd79aed5055fe5d7d5b','\'\'',NULL,617400),('2_Friday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_7b5f4002319f6fd79aed5055fe5d7d5b','\'\'',NULL,617401),('2_Friday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_7b5f4002319f6fd79aed5055fe5d7d5b','\'\'',NULL,617402),('2_Friday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_7b5f4002319f6fd79aed5055fe5d7d5b','\'\'',NULL,617403),('2_Friday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_7b5f4002319f6fd79aed5055fe5d7d5b','\'\'',NULL,617404),('2_Friday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_7b5f4002319f6fd79aed5055fe5d7d5b','\'\'',NULL,617405),('2_Friday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_7b5f4002319f6fd79aed5055fe5d7d5b','\'\'',NULL,617406),('3_Saturday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_251b18d721650b727ffbf2bd943272c5','\'Title: Phisherman\'s Wharf - Phishing for Beginners
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nIntuit R3DC0N\'s Phisherman\'s Wharf will lead beginners looking to learn how phishing campaigns are managed. This short introductory lab will give you hands on experience creating a phish test campaign from a cached email and web site using GoPhish, leverage email lists, and observe the responses when the victims interact with the phish emails in MailHog.
\n\nAccompanied by our expert guide, witness live hacking demonstrations showcasing the alarming simplicity behind breaching and controlling banned xIoT devices. Embrace the excitement. Join us at the Lab and let the hacking games begin!
\n\n\'',NULL,617407),('3_Saturday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_251b18d721650b727ffbf2bd943272c5','\'\'',NULL,617408),('3_Saturday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_251b18d721650b727ffbf2bd943272c5','\'\'',NULL,617409),('3_Saturday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_251b18d721650b727ffbf2bd943272c5','\'\'',NULL,617410),('3_Saturday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_251b18d721650b727ffbf2bd943272c5','\'\'',NULL,617411),('3_Saturday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_251b18d721650b727ffbf2bd943272c5','\'\'',NULL,617412),('3_Saturday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_251b18d721650b727ffbf2bd943272c5','\'\'',NULL,617413),('3_Saturday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Phisherman\'s Wharf - Phishing for Beginners\'','\'\'','IOTV_251b18d721650b727ffbf2bd943272c5','\'\'',NULL,617414),('4_Sunday','10','10:00','12:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_70cbaf8c82a47eba31ec980a4ebc89ef','\'Title: Safe Hacking
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nHack a (not-so) smart safe and win prizes from TCM Security! Attendees will be guided through a hands-on lab that demonstrates common tools and techniques to unpack and analyze firmware, hunt for files of interest, and reverse engineer binaries and libraries. In addition, you will learn how to trace functionality in IoT devices to their underlying binaries and libraries and further reverse engineer these to hunt for common vulnerabilities. By using these techniques, you will be able to find the vulnerable section of code in the smart safe and craft an exploit that will allow you to access the safe and win the loot inside.
\n\n\'',NULL,617415),('4_Sunday','11','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_70cbaf8c82a47eba31ec980a4ebc89ef','\'\'',NULL,617416),('4_Sunday','12','10:00','12:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_70cbaf8c82a47eba31ec980a4ebc89ef','\'\'',NULL,617417),('3_Saturday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_e2ae03bbcbabdc9c7a54c30f50993aa1','\'Title: Safe Hacking
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nHack a (not-so) smart safe and win prizes from TCM Security! Attendees will be guided through a hands-on lab that demonstrates common tools and techniques to unpack and analyze firmware, hunt for files of interest, and reverse engineer binaries and libraries. In addition, you will learn how to trace functionality in IoT devices to their underlying binaries and libraries and further reverse engineer these to hunt for common vulnerabilities. By using these techniques, you will be able to find the vulnerable section of code in the smart safe and craft an exploit that will allow you to access the safe and win the loot inside.
\n\n\'',NULL,617418),('3_Saturday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_e2ae03bbcbabdc9c7a54c30f50993aa1','\'\'',NULL,617419),('3_Saturday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_e2ae03bbcbabdc9c7a54c30f50993aa1','\'\'',NULL,617420),('3_Saturday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_e2ae03bbcbabdc9c7a54c30f50993aa1','\'\'',NULL,617421),('3_Saturday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_e2ae03bbcbabdc9c7a54c30f50993aa1','\'\'',NULL,617422),('3_Saturday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_e2ae03bbcbabdc9c7a54c30f50993aa1','\'\'',NULL,617423),('3_Saturday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_e2ae03bbcbabdc9c7a54c30f50993aa1','\'\'',NULL,617424),('3_Saturday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_e2ae03bbcbabdc9c7a54c30f50993aa1','\'\'',NULL,617425),('2_Friday','10','10:00','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_9e3a69a104929508354018621c306f29','\'Title: Safe Hacking
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nHack a (not-so) smart safe and win prizes from TCM Security! Attendees will be guided through a hands-on lab that demonstrates common tools and techniques to unpack and analyze firmware, hunt for files of interest, and reverse engineer binaries and libraries. In addition, you will learn how to trace functionality in IoT devices to their underlying binaries and libraries and further reverse engineer these to hunt for common vulnerabilities. By using these techniques, you will be able to find the vulnerable section of code in the smart safe and craft an exploit that will allow you to access the safe and win the loot inside.
\n\n\'',NULL,617426),('2_Friday','11','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_9e3a69a104929508354018621c306f29','\'\'',NULL,617427),('2_Friday','12','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_9e3a69a104929508354018621c306f29','\'\'',NULL,617428),('2_Friday','13','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_9e3a69a104929508354018621c306f29','\'\'',NULL,617429),('2_Friday','14','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_9e3a69a104929508354018621c306f29','\'\'',NULL,617430),('2_Friday','15','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_9e3a69a104929508354018621c306f29','\'\'',NULL,617431),('2_Friday','16','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_9e3a69a104929508354018621c306f29','\'\'',NULL,617432),('2_Friday','17','10:00','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Safe Hacking\'','\'\'','IOTV_9e3a69a104929508354018621c306f29','\'\'',NULL,617433),('2_Friday','10','10:15','11:45','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Cat Lamp\'','\'Kody K\'','IOTV_dc2de0ca4ceb44b1d37cbb12d9494c6f','\'Title: IoT Cat Lamp
\nWhen: Friday, Aug 9, 10:15 - 11:45 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nWant to create a cute, squishy, Wi-Fi controllable LED cat lamp? In this workshop, we\'ll create a cute cat lamp featuring programmable IoT LED\'s, giving it custom light animations and Wi-Fi control! Your adorable cat lamp can be controlled over Wi-Fi with WLED, allowing you to control it with home automation software. You will create open source, Wi-Fi controlled LED art; learn basic soldering; and take home the remote-controlled Pusheen lamp of your dreams.
\n\nSpeakerBio: Kody K
\nNo BIO available
\n\n\'',NULL,617434),('2_Friday','11','10:15','11:45','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Cat Lamp\'','\'Kody K\'','IOTV_dc2de0ca4ceb44b1d37cbb12d9494c6f','\'\'',NULL,617435),('2_Friday','12','12:00','13:30','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Learn Beginner Soldering With the Meow Mixer Badge\'','\'Kody K\'','IOTV_0ed70279f8864cbbcb40766eb6d61787','\'Title: Learn Beginner Soldering With the Meow Mixer Badge
\nWhen: Friday, Aug 9, 12:00 - 13:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nIn this class, we solder together a light-up, cat-themed badge that teaches a simple RGB tuning circuit. By turning the red, green, or blue knobs, you can adjust the color of the cat’s eyes. Perfect for beginners and soldering experts wanting to make a fun and cute badge.
\n\nSpeakerBio: Kody K
\nNo BIO available
\n\n\'',NULL,617436),('2_Friday','13','12:00','13:30','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Learn Beginner Soldering With the Meow Mixer Badge\'','\'Kody K\'','IOTV_0ed70279f8864cbbcb40766eb6d61787','\'\'',NULL,617437),('2_Friday','14','14:00','15:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Solder your own cat shaped WiFi Haking tool\'','\'Kody K\'','IOTV_3eb50877fb18ffd92128eb5dd437ab02','\'Title: Solder your own cat shaped WiFi Haking tool
\nWhen: Friday, Aug 9, 14:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nTest out your through-hole and surface mount soldering skills to create your own open-source, cat-themed hacking tool! The WiFi nugget is a microcontroller-powered WiFi hacking device you will then flash with a suite of WiFi tools to get started with offensive and defensive WiFi security techniques.
\n\nSpeakerBio: Kody K
\nNo BIO available
\n\n\'',NULL,617438),('2_Friday','15','14:00','15:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Solder your own cat shaped WiFi Haking tool\'','\'Kody K\'','IOTV_3eb50877fb18ffd92128eb5dd437ab02','\'\'',NULL,617439),('2_Friday','16','16:30','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Meshtastic Meetup\'','\'Kody K\'','IOTV_0b00439f43c37975bacf2c3fd3ed9636','\'Title: Meshtastic Meetup
\nWhen: Friday, Aug 9, 16:30 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nCome learn about Meshtastic, the long-range, low-power, encrypted off-grid messaging protocol. We\'ll be setting up our Meshtastic Nuggets, going over the setup options, and exploring the advanced options that make Meshtastic more useful. We\'ll cover setting encryption, choosing a device role, and connecting over serial, web, and bluetooth. We\'ll also look at some of the optional modules, like broadcasting sensor telemetry data or adding a GPS.
\n\nSpeakerBio: Kody K
\nNo BIO available
\n\n\'',NULL,617440),('2_Friday','17','16:30','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Meshtastic Meetup\'','\'Kody K\'','IOTV_0b00439f43c37975bacf2c3fd3ed9636','\'\'',NULL,617441),('3_Saturday','10','10:15','11:45','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Learn BadUSB Hacking With the USB Nugget\'','\'Kody K\'','IOTV_6be1324f6c121b645c63cadd58955935','\'Title: Learn BadUSB Hacking With the USB Nugget
\nWhen: Saturday, Aug 10, 10:15 - 11:45 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nIn this workshop, you’ll learn to write BadUSB scripts to hack computers using a cute, cat-shaped hacking tool called the USB Nugget. You’ll learn to write scripts to get computers of any operating system to do your bidding in seconds, and also how to automate nearly any desired action remotely. If you want to learn scripting like the USB Rubber Ducky, but with a Wi-Fi interface and more, this workshop is for you! A computer with Google Chrome is required for this workshop.
\n\nSpeakerBio: Kody K
\nNo BIO available
\n\n\'',NULL,617442),('3_Saturday','11','10:15','11:45','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Learn BadUSB Hacking With the USB Nugget\'','\'Kody K\'','IOTV_6be1324f6c121b645c63cadd58955935','\'\'',NULL,617443),('3_Saturday','12','12:00','13:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'LoRa for Hackers : Long Range Hacking for Beginners With CircuitPython\'','\'Kody K\'','IOTV_1a45d944aeb850b61f088bd9951a01bc','\'Title: LoRa for Hackers : Long Range Hacking for Beginners With CircuitPython
\nWhen: Saturday, Aug 10, 12:00 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nLoRa is an exciting new technology renowned for its low cost and long range, making it popular for hackers and makers. In this workshop, you’ll learn to program a LoRa radio with CircuitPython to create long-range hacking tools and blinky prototypes which can communicate off-grid from over a mile away! The workshop will cover remotely triggered BadUSB devices, LED controllers, sensor monitors, and more! A computer with Google Chrome is required for this workshop.
\n\nSpeakerBio: Kody K
\nNo BIO available
\n\n\'',NULL,617444),('3_Saturday','13','12:00','13:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'LoRa for Hackers : Long Range Hacking for Beginners With CircuitPython\'','\'Kody K\'','IOTV_1a45d944aeb850b61f088bd9951a01bc','\'\'',NULL,617445),('3_Saturday','14','14:15','16:15','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Wi-Fi Hacking Self Defense: Four Advanced Techniques and How to Stop Them\'','\'Kody K\'','IOTV_5cb54489326cecd05a700e5e6b940257','\'Title: Wi-Fi Hacking Self Defense: Four Advanced Techniques and How to Stop Them
\nWhen: Saturday, Aug 10, 14:15 - 16:15 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nThis workshop offers hands-on instruction using a unique, cat-shaped Wi-Fi hacking microcontroller. Designed to engage participants in practical learning, the workshop will cover essential skills for defending against four common Wi-Fi attacks. Participants will explore topics like detecting Wi-Fi leaks, the risks of QR codes leading to hidden networks, spotting phishing networks, and defending against advanced Wi-Fi karma attacks. The cat-shaped Wi-Fi Nugget is a powerful tool for understanding and fighting back against Wi-Fi hacking. This workshop is suitable for Wi-Fi hacking experts and those just getting started. A computer with a Chrome-based browser is required for this workshop.
\n\nSpeakerBio: Kody K
\nNo BIO available
\n\n\'',NULL,617446),('3_Saturday','15','14:15','16:15','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Wi-Fi Hacking Self Defense: Four Advanced Techniques and How to Stop Them\'','\'Kody K\'','IOTV_5cb54489326cecd05a700e5e6b940257','\'\'',NULL,617447),('3_Saturday','16','14:15','16:15','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Wi-Fi Hacking Self Defense: Four Advanced Techniques and How to Stop Them\'','\'Kody K\'','IOTV_5cb54489326cecd05a700e5e6b940257','\'\'',NULL,617448),('3_Saturday','16','16:30','17:59','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Meshtastic Meetup\'','\'Kody K\'','IOTV_d2c5dcd4b80c28ff22783d8982a28bbf','\'Title: Meshtastic Meetup
\nWhen: Saturday, Aug 10, 16:30 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nCome learn about Meshtastic, the long-range, low-power, encrypted off-grid messaging protocol. We\'ll be setting up our Meshtastic Nuggets, going over the setup options, and exploring the advanced options that make Meshtastic more useful. We\'ll cover setting encryption, choosing a device role, and connecting over serial, web, and bluetooth. We\'ll also look at some of the optional modules, like broadcasting sensor telemetry data or adding a GPS.
\n\nSpeakerBio: Kody K
\nNo BIO available
\n\n\'',NULL,617449),('3_Saturday','17','16:30','17:59','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Meshtastic Meetup\'','\'Kody K\'','IOTV_d2c5dcd4b80c28ff22783d8982a28bbf','\'\'',NULL,617450),('4_Sunday','10','10:15','11:45','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Wi-Fi Hacker Hunting\'','\'Kody K\'','IOTV_7e3cf611c1ed5cfb7d3e675767825a7b','\'Title: Wi-Fi Hacker Hunting
\nWhen: Sunday, Aug 11, 10:15 - 11:45 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nBecome a Wi-Fi investigator: Uncover Hidden Wi-Fi Cameras, network Intruders, and more with the Wi-Fi Nugget. In this workshop, we\'ll use a cute, cat-shaped microcontroller board to catch hackers using well-known hacking tools like a Wi-Fi Pineapple, hunt down suspicious Wi-Fi devices like hidden cameras, and detect jamming attacks. We’ll explore how low-cost microcontrollers can be used to unmask and track down Wi-Fi hacking tools, or locate unwanted devices on your local network.
\n\n\n\nSpeakerBio: Kody K
\nNo BIO available
\n\n\'',NULL,617451),('4_Sunday','11','10:15','11:45','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'Wi-Fi Hacker Hunting\'','\'Kody K\'','IOTV_7e3cf611c1ed5cfb7d3e675767825a7b','\'\'',NULL,617452),('4_Sunday','12','12:00','13:30','N','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Cat Lamp\'','\'Kody K\'','IOTV_90c6cc1a6a1065f7a21b03ff9e8ee80c','\'Title: IoT Cat Lamp
\nWhen: Sunday, Aug 11, 12:00 - 13:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-04 - Map
\n
\nDescription:
\nWant to create a cute, squishy, Wi-Fi controllable LED cat lamp? In this workshop, we\'ll create a cute cat lamp featuring programmable IoT LED\'s, giving it custom light animations and Wi-Fi control! Your adorable cat lamp can be controlled over Wi-Fi with WLED, allowing you to control it with home automation software. You will create open source, Wi-Fi controlled LED art; learn basic soldering; and take home the remote-controlled Pusheen lamp of your dreams.
\n\nSpeakerBio: Kody K
\nNo BIO available
\n\n\'',NULL,617453),('4_Sunday','13','12:00','13:30','Y','IOTV','LVCC West/Floor 1/Hall 2/HW2-08-04','\'IoT Cat Lamp\'','\'Kody K\'','IOTV_90c6cc1a6a1065f7a21b03ff9e8ee80c','\'\'',NULL,617454),('3_Saturday','16','16:00','16:50','N','ICSV','LVCC West/Floor 1/Hall 3/HW3-06-05','\'Product security considerations for OT security appliances\'','\'Brandon Dudley,Robert Landavazo\'','ICSV_a9e5c0ebb44f5c8a5896b23b27210a18','\'Title: Product security considerations for OT security appliances
\nWhen: Saturday, Aug 10, 16:00 - 16:50 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-05 - Map
\n
\nDescription:
\nThe adoption of OT security solutions into the world\'s most critical infrastructure has increased dramatically. The location in which these appliance reside within control networks poses unique risk as both management interfaces and even more often monitoring interfaces reside within segments that contain critical process automation equipment. This talk will explore essential product security considerations specific to OT security appliances, secure deployment strategies, device and network hardening techniques, and some real-world examples of discovered vulnerabilities in COTS appliances.
\n\nSpeakers:Brandon Dudley,Robert Landavazo
\n
\nSpeakerBio: Brandon Dudley, Field Operations Engineer at Dragos
\nBrandon Dudley is a Field Operations Engineer at Dragos, with 10 years of cybersecurity experience. Brandon deploys and configures the Dragos platform in OT networks, working with numerous critical infrastructure sectors. He was formerly an incident responder as well as a researcher specializing in PLC exploitation at a systems security lab. He has previously published on OT honeypots and has generated numerous honeypot datasets.
\n\nSpeakerBio: Robert Landavazo, Senior Director of Solution Architects at Dragos
\nRobert Landavazo is a Senior Director of Solution Architects at Dragos, he has more than 18 years of experience in cybersecurity, 12 of the most recent working in OT roles. Most recently, Robert’s focus has been on building world class teams of Solution Architects at Dragos and previously at security and configuration management software company with a global presence. Earlier in his career, Robert was an industrial cybersecurity practitioner in the electric utility sector, responsible for implementing the NERC Critical Infrastructure Protection (CIP) internal compliance program and securing distribution, transmission, and generation assets across the western US.
\n\n\n\'',NULL,617455),('0_Wednesday','00','00:00','00:59','N','MISC','Other / See Description','\'Important Message\'','\'\'','MISC_08932269d993f361b41dcafdb309056b','\'Title: Important Message
\nWhen: Wednesday, Aug 7, 00:00 - 00:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nThere are a few things that we would like everyone to be aware of, leading up to DEF CON 32.
\n\nSticker Policy
\n\nWe have a beautiful culture of #stickerlife at DEF CON, and we hope that it can continue well into the future. Refer to the conference schedule for \"sticker swaps\". We\'re also putting up multiple sticker walls this year -- it was a hit last year, and we hope that having a couple of them will be even more awesome this year.
\n\nThe LVCVA (Las Vegas Convention and Visitors Authority, owners of the LVCC) has a zero-tolerance policy with regard to adhering anything at all to their property, including stickers. Please DFIU. If you are caught adhering anything to LVCC property, you will likely be trespassed from the property by Las Vegas Police. Beyond stickers, you may also not use tape, sticky putty, tacks, or even non-stick clings.
\n\nAdmission inspections and searches
\n\nThe LVCC will not be searching or scanning people or bags entering the facility.
\n\nMoney
\n\nAs always, human badges (that were not pre-purchased) are exclusively sold using cash (US currency). Merch is the same. No credit cards, debit cards, mobile payments, cryptocurrency, or any means other than USD cash will be accepted at either human registration or DEF CON Merch. We recommend bringing cash with you: there are only two ATMs inside the LVCC.
\n\nFood and beverage operations inside the LVCC, including the food court and bars, only accept cards and mobile payments. You cannot use cash to purchase food or beverage inside the LVCC.
\n\nVendors are permitted to conduct transactions via whatever means they choose. We do not have a list of which vendors are accepting cash vs card.
\n\nWater
\n\nThe LVCC has many modern water-bottle filling stations, so free water will be readily available for those who bring their own reusable water bottles.
\n\nDCTV
\n\nDCTV will exclusively be streaming online this year, and will not be available on any hotel TV channels.
\n\nOutside food and beverage
\n\nLVCC prohibits attendees from bringing outside food and beverage into the convention center, except in cases of medical or dietary necessity.
\n\nPhotography policy
\n\nPublic photography is allowed*. It’s okay to take photos of your friends if they’re cool with it. We’ve setup several “selfie spots” that are amazing art pieces created specifically for the yearly theme where you can take cool photos.
\n\nWe want you to take consenting photos of each other and we want others to see the wide range of attendees we have at DEF CON having a good time. What we don’t want to see are group shots taken without consent/warning, images taken by the press, video of people standing in lines, etc.
\n\nOfficial Press & DEF CON Policy Village rules may differ, please refer to them. At DEF CON you may see our official photography goons capturing the uniqueness that is to be expected at DEF CON; they adhere to our photo policy.
\n\nGroups & individuals participating in public on stage (events, contests, or activities) are allowed* to be photographed.
\n\nPhotography in the CTF room is NOT permitted without consent of the individuals to be photographed.
\n\nCrowd shots are VERY discouraged, if so desired you must alert the crowd to give them time to opt out. For example: \" Hey, I\'m taking a photo, if you don\'t want to be in it hide your face\" .
\n\nTaking photos of people in hallways, lines, hanging out, at random, is not allowed without consent. Respect the rights of the individual not to be photographed. Deletion of photos can be requested by staff.
\n\nWhen taking pictures of your friends please use “portrait mode” because this will blur the picture background, respecting the privacy of those inadvertently captured.
\n\nNOTE: It is permissible to record violations of the DEF CON CoC to share with our safety team (link) to help us investigate and take action.
\n\n\n- We reserve the right to revoke an individual\'s permission to photograph, at any time, on a case by case basis. Failure to comply can result in revocation of admission without refund.
\n
\n\n\'',NULL,617456),('2_Friday','10','10:00','17:59','N','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_bd08d04b2f1c910a8dd9e03e39cc521c','\'Title: Vendors and Exhibitors Open
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West - Map
\n
\nDescription:
\nThis is when you can go visit our awesome vendors.
\n\nWe don\'t know which they will be accepting cash vs cards. That\'s up to each organization, and we do not have a list.
\n\nWe also don\'t know if/when vendors will sell out of anything they may be selling.
\n\n\'',NULL,617457),('2_Friday','11','10:00','17:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_bd08d04b2f1c910a8dd9e03e39cc521c','\'\'',NULL,617458),('2_Friday','12','10:00','17:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_bd08d04b2f1c910a8dd9e03e39cc521c','\'\'',NULL,617459),('2_Friday','13','10:00','17:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_bd08d04b2f1c910a8dd9e03e39cc521c','\'\'',NULL,617460),('2_Friday','14','10:00','17:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_bd08d04b2f1c910a8dd9e03e39cc521c','\'\'',NULL,617461),('2_Friday','15','10:00','17:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_bd08d04b2f1c910a8dd9e03e39cc521c','\'\'',NULL,617462),('2_Friday','16','10:00','17:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_bd08d04b2f1c910a8dd9e03e39cc521c','\'\'',NULL,617463),('2_Friday','17','10:00','17:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_bd08d04b2f1c910a8dd9e03e39cc521c','\'\'',NULL,617464),('3_Saturday','10','10:00','17:59','N','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_498f19aeb57158fa5912d47bfdbb757a','\'Title: Vendors and Exhibitors Open
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West - Map
\n
\nDescription:
\nThis is when you can go visit our awesome vendors.
\n\nWe don\'t know which they will be accepting cash vs cards. That\'s up to each organization, and we do not have a list.
\n\nWe also don\'t know if/when vendors will sell out of anything they may be selling.
\n\n\'',NULL,617465),('3_Saturday','11','10:00','17:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_498f19aeb57158fa5912d47bfdbb757a','\'\'',NULL,617466),('3_Saturday','12','10:00','17:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_498f19aeb57158fa5912d47bfdbb757a','\'\'',NULL,617467),('3_Saturday','13','10:00','17:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_498f19aeb57158fa5912d47bfdbb757a','\'\'',NULL,617468),('3_Saturday','14','10:00','17:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_498f19aeb57158fa5912d47bfdbb757a','\'\'',NULL,617469),('3_Saturday','15','10:00','17:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_498f19aeb57158fa5912d47bfdbb757a','\'\'',NULL,617470),('3_Saturday','16','10:00','17:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_498f19aeb57158fa5912d47bfdbb757a','\'\'',NULL,617471),('3_Saturday','17','10:00','17:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_498f19aeb57158fa5912d47bfdbb757a','\'\'',NULL,617472),('4_Sunday','10','10:00','12:59','N','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_591c7f51e3f978514a94932b315d9871','\'Title: Vendors and Exhibitors Open
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West - Map
\n
\nDescription:
\nThis is when you can go visit our awesome vendors.
\n\nWe don\'t know which they will be accepting cash vs cards. That\'s up to each organization, and we do not have a list.
\n\nWe also don\'t know if/when vendors will sell out of anything they may be selling.
\n\n\'',NULL,617473),('4_Sunday','11','10:00','12:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_591c7f51e3f978514a94932b315d9871','\'\'',NULL,617474),('4_Sunday','12','10:00','12:59','Y','MISC','LVCC West','\'Vendors and Exhibitors Open\'','\'\'','MISC_591c7f51e3f978514a94932b315d9871','\'\'',NULL,617475),('2_Friday','10','10:00','10:59','N','MISC','LVCC West/Floor 2/W235','\'Be Latino in Cybersecurity on markets outside LATAM\'','\'Salvador Mendonza,Lenin Alevski,Omar Santos,Alan Villaseñor,Guillermo Buendia\'','MISC_cc46923886174d349d5bacc5ba5edb90','\'Title: Be Latino in Cybersecurity on markets outside LATAM
\nWhen: Friday, Aug 9, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nEn este panel se abordará las oportunidades y desafíos que enfrentan los profesionales latinos en el campo de la ciberseguridad fuera de América Latina. Adicionalmente estudiaremos las estrategias para destacar en mercados internacionales, las habilidades clave necesarias y las redes de apoyo que pueden ayudar a los latinos a prosperar en esta industria en constante evolución. Además, se discutirán experiencias personales y consejos prácticos para navegar en entornos multiculturales y globales. Únete a nosotros para aprender cómo los latinos pueden hacer una diferencia significativa en el panorama global de la ciberseguridad.
\n\nSpeakers:Salvador Mendonza,Lenin Alevski,Omar Santos,Alan Villaseñor,Guillermo Buendia
\n
\nSpeakerBio: Salvador Mendonza
\nNo BIO available
\nSpeakerBio: Lenin Alevski, Security Engineer at Google
\nLenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog
\n\nSpeakerBio: Omar Santos
\nNo BIO available
\nSpeakerBio: Alan Villaseñor
\nNo BIO available
\nSpeakerBio: Guillermo Buendia
\nNo BIO available
\n\n\'',NULL,617476),('2_Friday','11','11:00','11:59','N','MISC','LVCC West/Floor 2/W235','\'Prendendo Fraudadores utilizando Técnicas de Red Team\'','\'Gustavo Roberto\'','MISC_40c99124918943530846a3f452fa0bbf','\'Title: Prendendo Fraudadores utilizando Técnicas de Red Team
\nWhen: Friday, Aug 9, 11:00 - 11:59 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nEsta palestra apresenta um estudo de caso real onde técnicas de Red Team foram cruciais para identificar e prender uma quadrilha de fraudadores especializada em esquemas financeiros. A equipe de Red Team conduziu simulações de ataques controlados, explorando vulnerabilidades na segurança da organização alvo.
\n\nSpeakerBio: Gustavo Roberto, Old Pirate
\nAs a seasoned Information Security professional with over a decade of experience in the industry, I have developed a deep expertise in Red Team and Penetration Testing. I am highly skilled in identifying and mitigating security vulnerabilities, and I take a proactive approach to helping organizations defend against cyber threats.
\n\n\n\'',NULL,617477),('2_Friday','12','12:00','12:30','N','MISC','LVCC West/Floor 2/W235','\'SQLi to Root Access: Exploiting a ISP infrastructure\'','\'Ignacio Daniel Navarro\'','MISC_8d612112362a105b8a13a70cf03f462b','\'Title: SQLi to Root Access: Exploiting a ISP infrastructure
\nWhen: Friday, Aug 9, 12:00 - 12:30 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nWhat if we play with the ISP? In this talk I am going to tell you how one day, something that started as a simple SQL injection, going through LFI, RCE, ended up in a pwn of an internet provider in my country that affected more than 25 cities, being able to intercept user traffic and other stuff.
\n\nSpeakerBio: Ignacio Daniel Navarro, Appication security / Ethical hacker
\nIgnacio Navarro, an Ethical Hacker and Security Researcher from Cordoba, Argentina. With around 6 years in the cybersecurity game, he\'s currently working as an Application Security. Their interests include code analysis, web application security, and cloud security.
\n\nSpeaker at Hackers2Hackers, Security Fest, BSides, Diana Initiative, Hacktivity Budapest, 8.8, Ekoparty.
\n\n\n\'',NULL,617478),('2_Friday','12','12:30','13:30','N','MISC','LVCC West/Floor 2/W235','\'Mexicans Together - Un vistazo a recientes investigaciones de nuestros dos equipos globales\'','\'Ashley Hiram M.,Isabel Manjarrez\'','MISC_64fdafe11711f5064729624f2c60148b','\'Title: Mexicans Together - Un vistazo a recientes investigaciones de nuestros dos equipos globales
\nWhen: Friday, Aug 9, 12:30 - 13:30 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nEsta plática abordará detalles sobre tres investigaciones recientemente realizadas por el equipo de respuesta a incidentes (GERT) y el equipo de investigación (GReAT). La plática será impartida por María Isabel (GReAT) y Ashley Hiram (GERT) mostrando las investigaciones hechas en conjunto con la finalidad de brindar diferentes perspectivas, así como resaltar la colaboración y resultados de ambos equipos, resaltando que una de ellas nos permitió añadir una sub-técnica al MITRE ATT&CK.
\n\nLas investigaciones a mostrar son conocidas como:
\n\n\n- NKAbuse: Malware que utiliza Blockchain para su C2.
\n- LockBit 3.0 Builder: Capacidades adicionales a LockBit.
\n- Grandoreiro: Campañas de alcance global.
\n
\n\nWe will talk about three investigations recently conducted by the Incident Response Team (GERT) and the Investigation Team (GReAT). The talk will be given by María Isabel (GReAT) and Ashley Hiram (GERT) showing the research done together with the purpose of providing different perspectives, as well as highlighting the collaboration and results of both teams, highlighting that one of them allowed us to add a sub-technical to MITRE ATT&CK.
\n\nThe investigations to be shown are known as:
\n\n\n- NKAbuse: Malware that uses Blockchain for your C2.
\n- LockBit 3.0 Builder: Additional capabilities to LockBit.
\n- Grandoreiro: Global reach campaigns.
\n
\n\nSpeakers:Ashley Hiram M.,Isabel Manjarrez
\n
\nSpeakerBio: Ashley Hiram M., Incident Response Specialist (GERT)
\nI currently work as an Incident Response Specialist on the GERT team, I have 5-6 years of experience performing digital forensics, Malware Analysis and Reversing.
\n\nI have collaborated on different Threat Intelligence and Threat Hunting projects.
\n\nBefore dedicating myself to DFIR (Digital Forensics and Incident Response), I worked for 2 years as a Pentester in a well-known Mexican consulting company.
\n\nCertifications: GREM, GCFA, eCTHP, CHFI.
\n\n
\n\nActualmente me desempeño como Especialista en Respuesta a Incidentes en el equipo GERT, cuento con 5-6 años de experiencia realizando tanto forense digital, así como Análisis de Malware y Reversing.
\n\nHe colaborado en diferentes proyectos de Threat Intelligence y Threat Hunting.
\n\nPrevio a dedicarme a DFIR (Digital Forensics and Incident Response), laboré 2 años como Pentester en una conocida empresa de consultoría mexicana.
\n\nCertificaciones: GREM, GCFA, eCTHP, CHFI.
\n\nSpeakerBio: Isabel Manjarrez, Threat Researcher (GReAT)
\nI am currently part of the Global Research and Analysis team (GReAT). My activities include investigating the most active threat actors, tracking their movements and analyzing new implemented techniques. With bases in telecommunications and electronics, today I have more than five years of experience performing threat intelligence tasks.
\n\n
\n\nActualmente soy parte del equipo de Global de Investigación y Análisis (GReAT). Mis actividades incluyen investigar a los actores de amenaza más activos, seguir sus movimientos y analizar nuevas técnicas implementadas. Con bases en telecomunicaciones y electrónica, hoy cuento con más de cinco años de experiencia realizando tareas de inteligencia de amenazas.
\n\n\n\'',NULL,617479),('2_Friday','13','12:30','13:30','Y','MISC','LVCC West/Floor 2/W235','\'Mexicans Together - Un vistazo a recientes investigaciones de nuestros dos equipos globales\'','\'Ashley Hiram M.,Isabel Manjarrez\'','MISC_64fdafe11711f5064729624f2c60148b','\'\'',NULL,617480),('2_Friday','13','13:30','13:59','N','MISC','LVCC West/Floor 2/W235','\'De Escudo a Espada: Cómo un Antivirus Facilitó el compromiso de una compañía\'','\'R4v3n Bl4ck\'','MISC_161dee4df46c83679060460a950d943c','\'Title: De Escudo a Espada: Cómo un Antivirus Facilitó el compromiso de una compañía
\nWhen: Friday, Aug 9, 13:30 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nEn una actividad de simulación de adversarios, se demostró cómo se puede comprometer una empresa utilizando su antivirus corporativo. Aprovechando las funcionalidades de antivirus de nueva generación, y el compromiso de la consola de administración se logro desplegar un comando y control (C2) en equipos críticos como controladores de dominio. La capacidad del antivirus para comunicarse con subredes críticas y aplicar excepciones a otras herramientas de seguridad facilitó el compromiso total de la red, destacando la necesidad de una gestión y auditoría exhaustivas de estas herramientas.
\n\nSpeakerBio: R4v3n Bl4ck, Sr Red Team
\nAriel Cruz: OSCP, OSWE, OSWA, OSEP, OWSP, CISSP, CNSS, CEH v10,Autopsy. Más de 10 años generando valor
\n\ncomo red teamer, simulación de adversarios avanzados y pentester. Enfoque en sectores bancarios y
\n\nde telecomunicaciones. Cuenta con dominio sobre la metodología MITRE ATT&CK, amplia ejecución
\n\nsobre la ejecución de las vulnerabilidades del Top 10 OWASP, así como con diversas certificaciones de
\n\nla industria de la ciberseguridad, entre las que puede destacar OffSec Certified Professional, OffSec
\n\nWeb Expert, OffSec Experienced Penetration Tester.
\n\n\n\'',NULL,617481),('2_Friday','14','14:00','14:59','N','MISC','LVCC West/Floor 2/W235','\'Amenaza persistente: UXHIL y la propagación de URSA\'','\'Jesika Juarez,Armando Aguilar\'','MISC_7326d24786b0e49d89efb9aad4f881b7','\'Title: Amenaza persistente: UXHIL y la propagación de URSA
\nWhen: Friday, Aug 9, 14:00 - 14:59 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nEsta conferencia se centrará en el actor amenaza UXHIL, responsable de la distribución del malware URSA, ofreciendo una visión profunda basada en ciberinteligencia. Exploraremos cómo este actor ha estado distribuyendo el malware, las tácticas, técnicas y procedimientos (TTPs) que utiliza y cómo es su cadena de infección. Los asistentes aprenderán a identificar y analizar estos patrones para desarrollar estrategias efectivas de mitigación.
\n\nSpeakers:Jesika Juarez,Armando Aguilar
\n
\nSpeakerBio: Jesika Juarez, Senior Cyber Threat Intelligence Analyst at Deloitte México
\nJesika Juarez es una analista con casi cinco años de experiencia en el campo de inteligencia de amenazas en el equipo de Cyber Threat Intelligence en Deloitte México. Especializada en análisis de malware, investigación forense y técnicas de OSINT (Open Source Intelligence), ha desempeñado un papel crucial en la identificación, análisis y mitigación de amenazas cibernéticas avanzadas. Jesika es egresada de la Facultad de Estudios Superiores Aragón de la carrera de Ingeniería en Computación, la cual cuenta con una certificación de Malware Analysis y Digital Forensics impartidas por Elearnsecurity
\n\nSpeakerBio: Armando Aguilar, Cyber Threat Analyst
\nArmando Aguilar es un analista de inteligencia de ciberamenazas con más de 6 años de experiencia en la identificación, análisis y mitigación de amenazas que se encuentran afectado a México y Latinoamérica. Actualmente, es miembro del equipo de Threat Intelligence en una de las instituciones financieraa más grandes de México.
\n\n\n\'',NULL,617482),('2_Friday','15','15:00','15:59','N','MISC','LVCC West/Floor 2/W235','\'Removing OPSEC from Cyber Predators and Threat Actors\'','\'Thiago Bordini\'','MISC_c4fb2f3a1e6fe1ae534597f3bcd07144','\'Title: Removing OPSEC from Cyber Predators and Threat Actors
\nWhen: Friday, Aug 9, 15:00 - 15:59 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nOne of the major problems faced by law enforcement and investigators is the process of identifying threat actors who use the tor network. The purpose of this work is to show that sometimes these Threat Actors fall into the same problems as other victims of malicious artifacts on the Internet.
\n\nSpeakerBio: Thiago Bordini, Head Cyber Threat Intelligence
\nThiago Bordini, Head Cyber Threat Intelligence, executive with more than 20 years of experience in the cyber intelligence market, working with analysis and prevention of cyber threats and fraud and dissemination of educational content on the subject to professionals and companies. Technical coordinator and postgraduate professor at IDESP.
\n\nSpeaker at several national and international events such as YSTS, EkoParty,
\n\nH2HC, Security BSides, SANS, HTCIA, CoronaCon, 8.8 Andina and Brazil, among others.
\n\nMember of the HTCIA (High Technology Crime Investigation Association).
\n\nMember of the Security BSides Sao Paulo/Brazil organization.
\n\n\n\'',NULL,617483),('2_Friday','16','16:00','16:30','N','MISC','LVCC West/Floor 2/W235','\'Structural Insights: PDF Analysis for Detecting and Defending Against Threats\'','\'Filipi Pires\'','MISC_bc8ac50d5a677438ea39145d03ad11cd','\'Title: Structural Insights: PDF Analysis for Detecting and Defending Against Threats
\nWhen: Friday, Aug 9, 16:00 - 16:30 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nWe’ll walk through the structures of a PDF, analyzing each part of it, demonstrating how Threat Actors work in the inclusion of malicious components in the structures of the file, in addition to demonstrating the collection of IOC(Indicators of Attack)s and how to build IOA(Indicators of Attack) for analysis by behavior, to anticipate new attacks. Demonstrating structures in the binaries as a PDF(header/ body/cross-reference table/trailer) and performing a comparison of malicious PDFs, explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more, explaining too about some anti-disassembly techniques, demonstrating as a is the action of these malware’s and where it would be possible to “include” a malicious code.
\n\nSpeakerBio: Filipi Pires, Founder at Black&White Technology
\nI’ve been working as Security and Threat Researcher and Cybersecurity Advocate at senhasegura, Founder at Black&White Technology, Cybersecurity Advocate, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US, Canada, France, Spain, Germany, Poland, and others, I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I\'m Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).
\n\n\n\'',NULL,617484),('2_Friday','16','16:30','16:59','N','MISC','LVCC West/Floor 2/W235','\'Chatbots for Cybersecurity\'','\'Lenin Alevski\'','MISC_4dc214f4b02d5bfdf90071f520b9cf76','\'Title: Chatbots for Cybersecurity
\nWhen: Friday, Aug 9, 16:30 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nIn this presentation, we explore the integration of chatbots and large language models (LLMs) like ChatGPT in cybersecurity. We begin by explaining chatbots and LLMs, their operation, and their relevance to cybersecurity. We\'ll discuss practical applications on both defensive and offensive sides. Defensively, chatbots can automate tasks such as log parsing, web scraping, and data analysis, and aid in educating team members on complex security concepts. Offensively, chatbots can be employed for social engineering, phishing simulations, and automating attack techniques. Real-world examples demonstrate how ChatGPT supports security engineering by generating Python scripts, creating cybersecurity content, and assisting with complex projects. By the end, you\'ll understand the potential of chatbots and LLMs in enhancing cybersecurity workflows.
\n\nSpeakerBio: Lenin Alevski, Security Engineer at Google
\nLenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog
\n\n\n\'',NULL,617485),('2_Friday','17','17:00','17:59','N','MISC','LVCC West/Floor 2/W235','\'Cybersecurity Overview over LATAM- Skills, Challenges, Knowledge, Perspectives\'','\'Leonardo Pigñer,Katherina Canales,Victor Santos\'','MISC_042ef06d46bc82fc9211410a73e54c53','\'Title: Cybersecurity Overview over LATAM- Skills, Challenges, Knowledge, Perspectives
\nWhen: Friday, Aug 9, 17:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nEn este panel vamos a revisar desde la perspectiva de diferentes profesionales los desafios de hacer ciberseguridad en LATAM, los conocimientos o falta de ellos que se pueden evidenciar en diferentes sectores y las necesidades de habilidades existentes actuales en la region para mantener un ecosistema protegido de las amenazas que deben ser enfrentadas a diario
\n\nSpeakers:Leonardo Pigñer,Katherina Canales,Victor Santos
\n
\nSpeakerBio: Leonardo Pigñer, CEO y Co-Founder Ekoparty
\nLeo Pigñer es co-fundador y CEO de Ekoparty, la conferencia hacker más importante de Latinoamérica. Con más de 20 años en la industria de ciberseguridad, Pigñer tambien es co-fundador de BASE4 Security, empresa proveedora de servicios de ciberseguridad en Latinoamérica y España.
\n\nSpeakerBio: Katherina Canales, Directora Ejecutiva de la Corporación de Ciberseguridad Minera
\nActualmente es Directora Ejecutiva de la Corporación de Ciberseguridad Minera. Katherina es ex Directora Operacional del CSIRT de gobierno de Chile, experta en estrategias de ciberseguridad, con especial énfasis en políticas públicas, equipos de respuesta ante incidentes de seguridad informática y concientización. Reconocida por la academia, la industria e internacionalmente como mujer influyente en ciberseguridad
\n\nSpeakerBio: Victor Santos, CEO da Clavis Segurança da Informação
\nNo BIO available
\n\n\'',NULL,617486),('3_Saturday','10','10:00','10:30','N','MISC','LVCC West/Floor 2/W235','\'Case Study: Hacking Smart Lock For Fun and Profit\'','\'Cesar Ortega Ortega\'','MISC_d6decdf6b963caf4a53913d1acb472c9','\'Title: Case Study: Hacking Smart Lock For Fun and Profit
\nWhen: Saturday, Aug 10, 10:00 - 10:30 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nCaso de estudio sobre como se realizo el pentest de una Chapa inteligente que se pretendía utilizar en la Fascia de cajeros automáticos, al final, se logro encontrar una vulnerabilidad que ponía en riesgo la apertura de cualquier chapa perteneciente a la empresa fabricante, ya que las llaves AES que utiliza se podía extraer por medio de una vulnerabilidad IDOR. Con la información obtenida de llaves, y con información de logs de su app móvil permiten entender como se implementaba el algoritmo de encripcion. Finalmente se creo un BOT en telegram el cual resolviera los challenges que solicitaba la chapa para poder realizar la apertura. La Metodologia utilizada para el análisis no es nueva, se baso en el trabajo de presentaciones DEFCON anteriores, por lo que referencias a esos trabajo estaran incluidos en la presentación, la intención principal de la platica es que sirva como guía para el futuro análisis de este tipo de dispositivos.
\n\nSpeakerBio: Cesar Ortega Ortega, Total Cyber-Sec - Cyber Security Consultant
\n\n\n\n\'',NULL,617487),('3_Saturday','10','10:30','11:30','N','MISC','LVCC West/Floor 2/W235','\'Protecting the Backbone of Our Modern World\'','\'Soledad Antelada Toledano\'','MISC_9c8a56f5a9aa22e726a0dd39cf830aea','\'Title: Protecting the Backbone of Our Modern World
\nWhen: Saturday, Aug 10, 10:30 - 11:30 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nIn today\'s volatile geopolitical landscape, the security of critical infrastructure—such as power grids, water supplies, and transportation systems—has never been more important. As global tensions rise, these vital systems increasingly become targets for cyber threats from state and non-state actors alike. This talk will delve into the evolving landscape of cyber threats targeting these essential services, highlighting notable attacks and their devastating impacts. We will explore the methodologies employed by malicious actors, including advanced persistent threats and ransomware, and examine real-world case studies to understand the stakes involved. The discussion will also cover the latest strategies and technologies for protecting critical infrastructure, emphasizing a defense-in-depth approach.
\n\nSpeakerBio: Soledad Antelada Toledano, Google -Office of the CISO
\nSoledad Antelada Toledano is the Security Technical Program Manager at Google. She previously worked for Berkeley Lab, one of the most prestigious scientific centers in the world and one of the first nodes of ARPANET, the forerunner of the Internet. Soledad was the first woman in the history of the Cybersecurity department at Berkeley Lab. After specializing in \'penetration testing\' for several years, Soledad also develops research and advancement tasks for intrusion detection systems, monitoring of high capacity networks and vision and research exercises on how cybersecurity will evolve in the next 10 years adopting techniques of Artificial Intelligence for intrusion detection and handling of BigData generated by monitoring tools. Soledad has combined her work at the Berkeley lab in recent years with the responsibility of being the head of security for the ACM / IEEE Supercomputing Conference, the annual supercomputing conference in the United States, protecting and building the network architecture of SCinet, the fastest network in the world. She is the founder of GirlsCanHack, an organization dedicated to engaging women in the cybersecurity field, encouraging women to pursue a career in cybersecurity Soledad was named one of the 20 Most Influential Latinos in Technology in America in 2016. She has recently joined Google as a Technical Program Manager for Security. Soledad has recently published the book Critical Infrastructure Security: Cybersecurity lessons learned from real-world breaches
\n\n\n\'',NULL,617488),('3_Saturday','11','10:30','11:30','Y','MISC','LVCC West/Floor 2/W235','\'Protecting the Backbone of Our Modern World\'','\'Soledad Antelada Toledano\'','MISC_9c8a56f5a9aa22e726a0dd39cf830aea','\'\'',NULL,617489),('3_Saturday','11','11:30','12:30','N','MISC','LVCC West/Floor 2/W235','\'Cybersecurity for Emerging Tech (panelists would include researchers or industry executives in emerging tech categories, like space, OT, hardware like drones, etc)\'','\'Paulino Calderon\'','MISC_ecced214613745f0857daa16f322d3b6','\'Title: Cybersecurity for Emerging Tech (panelists would include researchers or industry executives in emerging tech categories, like space, OT, hardware like drones, etc)
\nWhen: Saturday, Aug 10, 11:30 - 12:30 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Paulino Calderon
\nNo BIO available
\n\n\'',NULL,617490),('3_Saturday','12','11:30','12:30','Y','MISC','LVCC West/Floor 2/W235','\'Cybersecurity for Emerging Tech (panelists would include researchers or industry executives in emerging tech categories, like space, OT, hardware like drones, etc)\'','\'Paulino Calderon\'','MISC_ecced214613745f0857daa16f322d3b6','\'\'',NULL,617491),('3_Saturday','12','12:30','13:30','N','MISC','LVCC West/Floor 2/W235','\'Threats in Space: The Dangerous Rise of GNSS Attacks\'','\'Isabel Manjarrez\'','MISC_7e74f823ed1caf02079a67e086575462','\'Title: Threats in Space: The Dangerous Rise of GNSS Attacks
\nWhen: Saturday, Aug 10, 12:30 - 13:30 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nIn this 50-minute session, we will explore the critical role of Global Navigation Satellite Systems (GNSS) and the escalating cyber threats they face. GNSS technologies such as GPS, GLONASS, Galileo, and BeiDou are indispensable for providing precise positioning, navigation, and timing services across various sectors. However, these systems are increasingly vulnerable to cyber attacks. Join us to uncover disruptive techniques that threaten essential services in transportation, utilities, public safety, and finance. Don\'t miss the fascinating real-life case studies we\'ll discuss, highlighting strategies to defend against these threats.
\n\nSpeakerBio: Isabel Manjarrez, Threat Researcher (GReAT)
\nI am currently part of the Global Research and Analysis team (GReAT). My activities include investigating the most active threat actors, tracking their movements and analyzing new implemented techniques. With bases in telecommunications and electronics, today I have more than five years of experience performing threat intelligence tasks.
\n\n
\n\nActualmente soy parte del equipo de Global de Investigación y Análisis (GReAT). Mis actividades incluyen investigar a los actores de amenaza más activos, seguir sus movimientos y analizar nuevas técnicas implementadas. Con bases en telecomunicaciones y electrónica, hoy cuento con más de cinco años de experiencia realizando tareas de inteligencia de amenazas.
\n\n\n\'',NULL,617492),('3_Saturday','13','12:30','13:30','Y','MISC','LVCC West/Floor 2/W235','\'Threats in Space: The Dangerous Rise of GNSS Attacks\'','\'Isabel Manjarrez\'','MISC_7e74f823ed1caf02079a67e086575462','\'\'',NULL,617493),('3_Saturday','13','13:30','14:30','N','MISC','LVCC West/Floor 2/W235','\'DarkGate: Cazando a la amenaza y exponiendo su infraestructura\'','\'Nestor Sánchez\'','MISC_8bf13953b5deea966b0fd4d76e0b8d14','\'Title: DarkGate: Cazando a la amenaza y exponiendo su infraestructura
\nWhen: Saturday, Aug 10, 13:30 - 14:30 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nCon el continuo crecimiento de las amenazas en el ciberespacio y la escasez de guías efectivas para analizar, detectar y estar un paso adelante de los adversarios, expondremos durante nuestra plática cómo, a través de la inteligencia de ciber-amenazas y el análisis de malware, podemos desmantelar la infraestructura de los atacantes y anticiparnos a sus objetivos. Utilizaremos técnicas de Threat Hunting para demostrar cómo detectar comportamientos anómalos dentro de una red y proporcionar a los asistentes las herramientas necesarias, incluyendo Indicadores de Compromiso (IoCs), Tácticas, Técnicas y Procedimientos (TTPs), e infraestructura no detectada (Hunting Infrastructure), para enfrentar la actividad maliciosa del malware conocido como DarkGate.
\n\nSpeakerBio: Nestor Sánchez, Cyber Threat Hunter at GNP
\nNestor Sánchez es un profesional con 6 años de experiencia en el campo de la ciberseguridad principalmente en Cyber Threat Hunting destacando en la detección temprana de amenazas, el analisis y la mitigación de distiantos adversarios que afectan al sector financiero/asegurador, asi como el desarrollo de inteligencia para un mejor postura de seguridad antes las distintas amenazas que se encuentran en el mundo digital.
\n\nNestor Sánchez ha colobaroado y se ha desempñeado en distintas areas de la ciberseguridad, como son: Cyber threat intelligence, Incidente Response y Digital forensics, desempeñando diversas tareas que han ayudado a mitigar y detectar distintos actores amenaza asi como mejorar la postura de seguridad seguridad de las organizaciones.
\n\nNestor es egresado de la facultad de estudios superiores aragon (UNAM) asi como colaborador del laboratorio de seguridad de la misma, actualmente cuenta con 3 certificaciones dos emitidad por el SANS y 1 emitada por eLearn Security (INE) que son: GCFA - Advanced incident response, threat hunting and digital forensics, GCTI - Cyber Threat Intelligence y eCTHP Cyber Threat Hunting Professional
\n\n\n\'',NULL,617494),('3_Saturday','14','13:30','14:30','Y','MISC','LVCC West/Floor 2/W235','\'DarkGate: Cazando a la amenaza y exponiendo su infraestructura\'','\'Nestor Sánchez\'','MISC_8bf13953b5deea966b0fd4d76e0b8d14','\'\'',NULL,617495),('3_Saturday','14','14:30','14:59','N','MISC','LVCC West/Floor 2/W235','\'Make all the things - Construa seus próprios \"brinquedos\" Threats\'','\'Christiane Borges Santos\'','MISC_8ccc4eb333ff06073ae59ef400fd3f12','\'Title: Make all the things - Construa seus próprios \"brinquedos\" Threats
\nWhen: Saturday, Aug 10, 14:30 - 14:59 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nEmbora tragam muita diversão e inovação, brinquedos conectados à Internet (IoToys) também apresentam sérios riscos à segurança e privacidade. Ao entender e mitigar esses riscos, e até mesmo criando seus próprios dispositivos, pais e responsáveis podem garantir que a diversão com brinquedos inteligentes e conectados não se transforme em uma preocupação com vazamentos de informações pessoais.
\n\nSpeakerBio: Christiane Borges Santos, Coordenadora do Eixo de Design Factory - Criar IFG
\nTecnóloga em Redes de Comunicação e Mestre em Engenharia Elétrica e da Computação. Fundadora do Grupo de Robótica para Meninas Metabotix e membro do Grupo de Robótica GYNBOT. Atualmente, professora no Instituto Federal de Goiás (IFG) campus Luziânia, Instrutora CISCO NetAcad e Coordenadora do Eixo de Design Factory do Criar Polo de Inovação do IFG.
\n\n\n\'',NULL,617496),('3_Saturday','15','15:00','15:30','N','MISC','LVCC West/Floor 2/W235','\'Ransomware B-Sides: Los ransoms que nunca triunfaron\'','\'Mauro Eldritch,Cybelle Oliveira \'','MISC_8274783a9da57fd4aaf03d2c9c62788c','\'Title: Ransomware B-Sides: Los ransoms que nunca triunfaron
\nWhen: Saturday, Aug 10, 15:00 - 15:30 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nEste es un triple disco de vinilo. En el Lado A, abordaremos el panorama de los ransomwares, los famosos, por supuesto, y cómo los ransomware indies intentan competir con los ya consagrados. Al igual que en el lado B de un disco, se encuentran las canciones más oscuras y desconocidas que es poco probable que escuches por ahí, trataremos de los ransomwares que nunca han llegado al estrellato. Y por último, en LadoC, echaremos un vistazo a las amenazas emergentes y a las recomendaciones.
\n\nSpeakers:Mauro Eldritch,Cybelle Oliveira
\n
\nSpeakerBio: Mauro Eldritch, Founder at Birmingham Cyber Arms LTD
\nMauro Eldritch is an Argentine hacker, founder of Birmingham Cyber Arms LTD and DC5411 (Argentina / Uruguay). He has spoken at various events, including DEF CON (10 times). He is passionate about Threat Intelligence and Biohacking.
\n\nMauro Eldritch es un hacker argentino, fundador de Birmingham Cyber Arms LTD y DC5411 (Argentina / Uruguay). Habló en diferentes eventos incluyendo DEF CON (10 veces). Le apasiona la Inteligencia de Amenazas y el Biohacking.
\n\nSpeakerBio: Cybelle Oliveira , CTI Malwarelandia
\nCybelle Oliveira is a Cybersecurity Consultant, postgraduate in Cyber Threat Intelligence and Master\'s student in Cyber intelligence at the International Cybersecurity Campus of the University of Murcia, Spain. She has been involved in privacy and security activism for over 10 years and has presented talks at events around the world, including BSides LV, BSides SP, Girls Hack Village (DefCon), 8.8 Chile, Internet Freedom Festival, Radical Networks, Mozilla Festival, Roadsec, Cryptorave, among others. Cybelle is part of the Mozilla community and is the director of the Casa Hacker organization.
\n\nCybelle Oliveira es Consultora de Ciberseguridad, postgraduada en Cyber Threat Intelligence y estudiante de Máster en Ciberinteligencia en el Campus Internacional de Ciberseguridad de la Universidad de Murcia, España. Ha estado involucrada en activismo de privacidad y seguridad durante más de 10 años y ha presentado charlas en eventos por todo el mundo, como BSides LV, BSides SP, Girls Hack Village (DefCon), 8.8 Chile, Internet Freedom Festival, Radical Networks, Mozilla Festival, Roadsec, Cryptorave, entre otros. Cybelle forma parte de la comunidad Mozilla y es directora de la organización Casa Hacker.
\n\n\n\'',NULL,617497),('3_Saturday','15','15:30','16:30','N','MISC','LVCC West/Floor 2/W235','\'Haciendo visible lo invisible: Observabilidad y transparencia en routers Draytek\'','\'Gastón Aznarez,Octavio Gianatiempo\'','MISC_62a43a32647f3bdbbce852abfefd97d7','\'Title: Haciendo visible lo invisible: Observabilidad y transparencia en routers Draytek
\nWhen: Saturday, Aug 10, 15:30 - 16:30 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nNuestra presentación se centra en cómo ganar observabilidad y transparencia a nivel de firmware en dispositivos que se encuentran el perímetro de la red. De esta forma, toca el tema central de DEF CON 32: Arreglar lo que esta roto en internet. Contaremos todo lo que aprendimos haciendo ingenieria inversa del firmware de los routers Draytek, cómo descubrimos vulnerabilidades que permiten ganar persistencia, y cómo aprovechamos esto para detectar posibles ataques de terceros sobre estos dispositivos. Mostraremos nuestro proceso y compartiremos nuestras herramientas para empoderar a los asistentes que deseen analizar estos routers, buscar nuevas vulnerabilidades, hardenearlos o incluso hacer mods que implementen nuevas funcionalidades.
\n\nSpeakers:Gastón Aznarez,Octavio Gianatiempo
\n
\nSpeakerBio: Gastón Aznarez, Security Researcher at Faraday
\nGastón Aznarez is a computer enthusiast who is passionate about cybersecurity. He earned a degree in Computer Science and began working in malware detection in firmware. He currently works as a Security Researcher at Faraday, specializing in discovering and exploiting vulnerabilities in IoT and embedded devices. Gastón also participates in CTF competitions and has shared his expertise as a speaker at different conferences.
\n\nSpeakerBio: Octavio Gianatiempo, Student, Computer Science at University of Buenos Aires
\nOctavio Gianatiempo is a Security Researcher at Faraday and a Computer Science student at the University of Buenos Aires. He\'s also a biologist with research experience in molecular biology and neuroscience. The necessity of analyzing complex biological data was his point of entry into programming. However, he wanted to gain a deeper understanding of how computers work, so he enrolled in Computer Science. As a Security Researcher at Faraday, he focuses on vulnerability research on IoT and embedded devices and fuzzing open and closed-source software to find new vulnerabilities and exploit them. He has presented his findings at various conferences, including DEFCON, Ekoparty, 8.8, and Nerdearla.
\n\nOctavio Gianatiempo trabaja como Security Researcher en Faraday y es estudiante de Ciencias de la Computación en la Universidad de Buenos Aires. También es biólogo con experiencia en biología molecular y neurociencia. Dentro de su rol en Faraday, se enfoca en sistemas embebidos e IoT, ingeniería inversa y fuzzing de código abierto y propietario para identificar vulnerabilidades y explotarlas. Ha presentado sus hallazgos en conferencias como DEF CON, Ekoparty, 8.8 y Nerdearla.
\n\n\n\'',NULL,617498),('3_Saturday','16','15:30','16:30','Y','MISC','LVCC West/Floor 2/W235','\'Haciendo visible lo invisible: Observabilidad y transparencia en routers Draytek\'','\'Gastón Aznarez,Octavio Gianatiempo\'','MISC_62a43a32647f3bdbbce852abfefd97d7','\'\'',NULL,617499),('3_Saturday','16','16:30','17:59','N','MISC','LVCC West/Floor 2/W235','\'How is GenIA Impacting Cybersecurity: The good, The Bad, and The ugly (Trilingual Panel)\'','\'Marco Figueroa\'','MISC_08a65e49817fbe9b058352a887cb4820','\'Title: How is GenIA Impacting Cybersecurity: The good, The Bad, and The ugly (Trilingual Panel)
\nWhen: Saturday, Aug 10, 16:30 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nCon la presentacion de diferentes expertos en el tema, los cuales en este panel presentado en tres idiomas, vamos a discutir el impacto real que genera la GenIA en nuestro mundo de cibserseguridad
\n\nSpeakerBio: Marco Figueroa
\nNo BIO available
\n\n\'',NULL,617500),('3_Saturday','17','16:30','17:59','Y','MISC','LVCC West/Floor 2/W235','\'How is GenIA Impacting Cybersecurity: The good, The Bad, and The ugly (Trilingual Panel)\'','\'Marco Figueroa\'','MISC_08a65e49817fbe9b058352a887cb4820','\'\'',NULL,617501),('4_Sunday','10','10:00','10:59','N','MISC','LVCC West/Floor 2/W235','\'Threat Hunting + Intelligence, capabilities, skills and capabilities inside the LATAM community\'','\'Thiago Bordini,Mauro Eldritch,Zoziel\'','MISC_9cf1aa43b4150b037e215999dd9a0551','\'Title: Threat Hunting + Intelligence, capabilities, skills and capabilities inside the LATAM community
\nWhen: Sunday, Aug 11, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nEn este panel exploraremos las capacidades y habilidades esenciales para la caza de amenazas y la inteligencia en el ámbito de la ciberseguridad, con un enfoque especial en la comunidad de América Latina. Discutiremos las técnicas y herramientas más avanzadas utilizadas en la identificación y mitigación de amenazas, así como las competencias necesarias para enfrentar los desafíos actuales en ciberseguridad. Además, analizaremos casos de estudio y compartiremos experiencias y mejores prácticas dentro de la comunidad LATAM, destacando el papel crucial que juega la colaboración regional en el fortalecimiento de nuestras defensas colectivas.
\n\nSpeakers:Thiago Bordini,Mauro Eldritch,Zoziel
\n
\nSpeakerBio: Thiago Bordini, Head Cyber Threat Intelligence
\nThiago Bordini, Head Cyber Threat Intelligence, executive with more than 20 years of experience in the cyber intelligence market, working with analysis and prevention of cyber threats and fraud and dissemination of educational content on the subject to professionals and companies. Technical coordinator and postgraduate professor at IDESP.
\n\nSpeaker at several national and international events such as YSTS, EkoParty,
\n\nH2HC, Security BSides, SANS, HTCIA, CoronaCon, 8.8 Andina and Brazil, among others.
\n\nMember of the HTCIA (High Technology Crime Investigation Association).
\n\nMember of the Security BSides Sao Paulo/Brazil organization.
\n\nSpeakerBio: Mauro Eldritch, Founder at Birmingham Cyber Arms LTD
\nMauro Eldritch is an Argentine hacker, founder of Birmingham Cyber Arms LTD and DC5411 (Argentina / Uruguay). He has spoken at various events, including DEF CON (10 times). He is passionate about Threat Intelligence and Biohacking.
\n\nMauro Eldritch es un hacker argentino, fundador de Birmingham Cyber Arms LTD y DC5411 (Argentina / Uruguay). Habló en diferentes eventos incluyendo DEF CON (10 veces). Le apasiona la Inteligencia de Amenazas y el Biohacking.
\n\nSpeakerBio: Zoziel
\nNo BIO available
\n\n\'',NULL,617502),('4_Sunday','11','11:00','11:59','N','MISC','LVCC West/Floor 2/W235','\'Detección de Vulnerabilidades mediante Instrumentación y su Explotación\'','\'Asher Davila\'','MISC_b603523978e22560b31d20bc9bbdb729','\'Title: Detección de Vulnerabilidades mediante Instrumentación y su Explotación
\nWhen: Sunday, Aug 11, 11:00 - 11:59 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nEn esta presentación se explorará cómo nuestra estrategia de instrumentación basada en la librería Microsoft Detours permite una inspección de los procesos de software comercial presente en diferentes sistemas, enfocándose en operaciones privilegiadas del sistema de archivos. Se detallará cómo el uso de la instrumentación facilita la búsqueda sistemática y exhaustiva de vulnerabilidades en dichos procesos, identificando y explotando fallos de seguridad críticos presentes en algunos de ellos. El proyecto demuestra la efectividad de Detours para realizar análisis de seguridad avanzados y muestra cómo las vulnerabilidades encontradas pueden ser explotadas para evaluar su impacto en escenarios reales. Esta exposición enfatiza la importancia y la efectividad de la búsqueda de vulnerabilidades para fortalecer la seguridad en sistemas de IT y OT.
\n\nSpeakerBio: Asher Davila, IoT/OT Security Researcher at Palo Alto Networks
\nAsher Davila (@asher_davila) is an IoT/OT Security Researcher at Palo Alto Networks, leveraging his expertise in the intersection of software and hardware across IoT to IIoT, ICS, and critical infrastructure security. His work includes discovering and disclosing vulnerabilities and malware affecting these systems, alongside developing tools for reverse engineering and exploitation efforts. Asher has also presented his findings at multiple cybersecurity conferences and academic events.
\n\n\n\'',NULL,617503),('4_Sunday','12','12:00','12:59','N','MISC','LVCC West/Floor 2/W235','\'Abusando de Bitlocker para secuestrar información corporativa | Desde la intrusión hasta el descifrado (i)\'','\'Eduardo Chavarro Ovalle\'','MISC_1fbdd06afbd089a2fe9b71385f749366','\'Title: Abusando de Bitlocker para secuestrar información corporativa | Desde la intrusión hasta el descifrado (i)
\nWhen: Sunday, Aug 11, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nDurante abril de 2024 el equipo GERT de Kaspersky detectó un nuevo grupo de ransomware aprovechando las funcionalidades de Microsoft para cifrar sistemas en infraestructuras comprometidas, usando scripts para disminuir defensas, deshabilitar parámetros críticos de sistemas Microsoft y finalmente usar el servicio Bitlocker de Microsoft, creando contraseñas individuales de cifrado por cada sistema, eliminando los rastros locales y enviando los datos mediante comunicaciones de comando y control para garantizar el descifrado y recibir el pago del rescate. Aunque el ataque fue dirigido a organizaciones en LATAM, fue identificado también en Jordania e Indonesia. Durante esta charla presentaremos los principales retos de recolectar evidencia en sistemas donde los discos fueron completamente cifrados y las propuestas de descifrado habilitadas una vez se obtuvo la muestra del malware construida de forma dirigida para las organizaciones afectadas. Se presentarán los mecanismos de descifrado disponibles frente a esta y otras amenazas similares y las técnicas usadas por los adversarios para comprometer las infraestructuras.
\n\nSpeakerBio: Eduardo Chavarro Ovalle, Digital Forensic and Incident Response Group Manager Americas
\nMSc Eduardo Chavarro Ovalle, DFIR Group Manager para Kaspersky GERT en América, especialista en respuesta a Incidentes, CSIRT Leader, MSc en seguridad informática, Ingeniero en Telecomunicaciones con conocimiento en Gerencia Estratégica de las Telecomunicaciones, con más de 20 años de experiencia en Análisis Digital Forense, Respuesta a Incidentes, eDiscovery, Threat Hunting, entre otros. GCIH | GRID | GCFA | CISM | CHFI | C)PTE | SFCP | ITIL
\n\n\n\'',NULL,617504),('4_Sunday','13','13:00','13:59','N','MISC','LVCC West/Floor 2/W235','\'Jeitinho Cibernético: A Convergência da Segurança no Brasil e América Latina\'','\'Ueric Melo\'','MISC_5edaf44c168b090a10896093c495bcbf','\'Title: Jeitinho Cibernético: A Convergência da Segurança no Brasil e América Latina
\nWhen: Sunday, Aug 11, 13:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W235 - Map
\n
\nDescription:
\nA convergência entre segurança física e cibernética ainda é pouco explorada em nossa região, muitas vezes devido à dificuldade de acesso a ferramentas específicas. Esta apresentação explora esse conceito e sua importância, ilustrando com casos reais de incidentes que exploraram sistemas de segurança física, detalhando como ocorreram e seus impactos.
\n\nApresentaremos os fundamentos dos sistemas de controle de acesso, abordando arquitetura básica, protocolos de comunicação e tecnologias de credenciais. Em seguida, demonstraremos técnicas práticas de exploração:
\n\n\n- Exploração da interface Wiegand: Mostraremos como explorar essa interface antiga e vulnerável, utilizando a versão DIY do BLE-Key, acessível e econômica.
\n- Exploração de credenciais vulneráveis: Como iClass Legacy, PROX e MiFare Classic, usando ferramentas como ProxMark3 e Flipper Zero.
\n- Exploração de credenciais \"seguras\": Demonstrando ataques de downgrade em credenciais HID Seos com Flipper Zero e um leitor HID Multiclass SE, usando um app desenvolvido por mim como alternativa econômica ao Seader.
\n
\n\nSpeakerBio: Ueric Melo, Privacy & Security Awareness Manager, LATAM and Caribbean at Genetec
\nMeu nome é Ueric Melo, sou Privacy & Security Awareness Manager na Genetec. Atuo ha 27 anos na área de Tecnologia da Informação, e na área de segurança (física e da informação) há mais de 22 anos. Sou formado em processamento de dados e possuo extensão em compliance digital. Já palestrei em diversos eventos no Brasil e America Latinha, a maioria deles focados em profissionais de segurança física e TI.
\n\n\n\'',NULL,617505),('3_Saturday','10','10:00','17:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_35541355694b4172271969abb972023d','\'Title: Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-02 - Map
\n
\nDescription:
\nThe S.O.D.A. Machine Experience:
\n\nImagine being at DEF CON, eager to dive into some serious hacking without being tethered to your laptop. The Shell On Demand Appliance is here to enhance your experience by providing access to anonymous virtual machine using cold hard cash.
\n\nWhat is the Shell On Demand Appliance?
\n\nThe S.O.D.A. machine is now located in the contest area at the DEF CON Scavenger Hunt booth, offering virtual machines accessible via the DEF CON network. A blend of hardware, software, art, and hacking, using recycled materials to create a sustainable tech experience. The built-in datacenter connects directly to the DEF CON network. Insert cash or coins into the machine to get started, the system deploys the VM to the network, and a receipt with your login credentials is printed. Users receive login credentials to access their virtual machine via remote shell. You can change the password, install tools and applications, and customize the VM to suit your needs. The updated system now provides secure access from anywhere in the world through a web browser or standard SSH client. Be sure to check out the BBS too!
\n\nSupporting the Cause:
\n\nAll proceeds from the S.O.D.A. Machine benefit the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization dedicated to advancing research and education in computer science, technology, and engineering. Contributions are welcome at https://www.paypal.com/paypalme/NUCC.
\n\n\'',NULL,617506),('3_Saturday','11','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_35541355694b4172271969abb972023d','\'\'',NULL,617507),('3_Saturday','12','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_35541355694b4172271969abb972023d','\'\'',NULL,617508),('3_Saturday','13','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_35541355694b4172271969abb972023d','\'\'',NULL,617509),('3_Saturday','14','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_35541355694b4172271969abb972023d','\'\'',NULL,617510),('3_Saturday','15','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_35541355694b4172271969abb972023d','\'\'',NULL,617511),('3_Saturday','16','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_35541355694b4172271969abb972023d','\'\'',NULL,617512),('3_Saturday','17','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_35541355694b4172271969abb972023d','\'\'',NULL,617513),('4_Sunday','10','10:00','12:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_d2fb39227001cd8f09f2827d2f7539df','\'Title: Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-02 - Map
\n
\nDescription:
\nThe S.O.D.A. Machine Experience:
\n\nImagine being at DEF CON, eager to dive into some serious hacking without being tethered to your laptop. The Shell On Demand Appliance is here to enhance your experience by providing access to anonymous virtual machine using cold hard cash.
\n\nWhat is the Shell On Demand Appliance?
\n\nThe S.O.D.A. machine is now located in the contest area at the DEF CON Scavenger Hunt booth, offering virtual machines accessible via the DEF CON network. A blend of hardware, software, art, and hacking, using recycled materials to create a sustainable tech experience. The built-in datacenter connects directly to the DEF CON network. Insert cash or coins into the machine to get started, the system deploys the VM to the network, and a receipt with your login credentials is printed. Users receive login credentials to access their virtual machine via remote shell. You can change the password, install tools and applications, and customize the VM to suit your needs. The updated system now provides secure access from anywhere in the world through a web browser or standard SSH client. Be sure to check out the BBS too!
\n\nSupporting the Cause:
\n\nAll proceeds from the S.O.D.A. Machine benefit the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization dedicated to advancing research and education in computer science, technology, and engineering. Contributions are welcome at https://www.paypal.com/paypalme/NUCC.
\n\n\'',NULL,617514),('4_Sunday','11','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_d2fb39227001cd8f09f2827d2f7539df','\'\'',NULL,617515),('4_Sunday','12','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_d2fb39227001cd8f09f2827d2f7539df','\'\'',NULL,617516),('2_Friday','10','10:00','17:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_1812908b9f90a5563f373478dc851575','\'Title: Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-02 - Map
\n
\nDescription:
\nThe S.O.D.A. Machine Experience:
\n\nImagine being at DEF CON, eager to dive into some serious hacking without being tethered to your laptop. The Shell On Demand Appliance is here to enhance your experience by providing access to anonymous virtual machine using cold hard cash.
\n\nWhat is the Shell On Demand Appliance?
\n\nThe S.O.D.A. machine is now located in the contest area at the DEF CON Scavenger Hunt booth, offering virtual machines accessible via the DEF CON network. A blend of hardware, software, art, and hacking, using recycled materials to create a sustainable tech experience. The built-in datacenter connects directly to the DEF CON network. Insert cash or coins into the machine to get started, the system deploys the VM to the network, and a receipt with your login credentials is printed. Users receive login credentials to access their virtual machine via remote shell. You can change the password, install tools and applications, and customize the VM to suit your needs. The updated system now provides secure access from anywhere in the world through a web browser or standard SSH client. Be sure to check out the BBS too!
\n\nSupporting the Cause:
\n\nAll proceeds from the S.O.D.A. Machine benefit the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization dedicated to advancing research and education in computer science, technology, and engineering. Contributions are welcome at https://www.paypal.com/paypalme/NUCC.
\n\n\'',NULL,617517),('2_Friday','11','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_1812908b9f90a5563f373478dc851575','\'\'',NULL,617518),('2_Friday','12','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_1812908b9f90a5563f373478dc851575','\'\'',NULL,617519),('2_Friday','13','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_1812908b9f90a5563f373478dc851575','\'\'',NULL,617520),('2_Friday','14','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_1812908b9f90a5563f373478dc851575','\'\'',NULL,617521),('2_Friday','15','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_1812908b9f90a5563f373478dc851575','\'\'',NULL,617522),('2_Friday','16','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_1812908b9f90a5563f373478dc851575','\'\'',NULL,617523),('2_Friday','17','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-03-02','\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','\'\'','MISC_1812908b9f90a5563f373478dc851575','\'\'',NULL,617524),('3_Saturday','10','10:00','17:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7efc758b2efa05b7f86b6fa5bc47673d','\'Title: Adversary simulator and purple teaming hands-on booth
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area - Map
\n
\nDescription:
\nAdversary Simulator booth is a volunteer assisted activity, which has hands-on adversary emulation plans and exercises specific to a wide variety of threat-actors; these are meant to provide the participants with a better understanding of adversarial attack emulation. The booth will be hosting a simulated environment meant to recreate enterprise infrastructure, operational technology environment, which serves targets for various attack simulations.The hands-on simulator booth also hosts an activity, which would need the participants to generate their own adversary emulation plans to assess the efficacy of the defense systems based on publicly available cyber threat intelligence.
\n\nSpeakerBio: Adversary Village Crew
\nNo BIO available
\n\n\'',NULL,617525),('3_Saturday','11','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7efc758b2efa05b7f86b6fa5bc47673d','\'\'',NULL,617526),('3_Saturday','12','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7efc758b2efa05b7f86b6fa5bc47673d','\'\'',NULL,617527),('3_Saturday','13','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7efc758b2efa05b7f86b6fa5bc47673d','\'\'',NULL,617528),('3_Saturday','14','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7efc758b2efa05b7f86b6fa5bc47673d','\'\'',NULL,617529),('3_Saturday','15','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7efc758b2efa05b7f86b6fa5bc47673d','\'\'',NULL,617530),('3_Saturday','16','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7efc758b2efa05b7f86b6fa5bc47673d','\'\'',NULL,617531),('3_Saturday','17','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7efc758b2efa05b7f86b6fa5bc47673d','\'\'',NULL,617532),('4_Sunday','10','10:00','11:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_f9fe05437a7f74a01ee64a5c0cc5b9a8','\'Title: Adversary simulator and purple teaming hands-on booth
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area - Map
\n
\nDescription:
\nAdversary Simulator booth is a volunteer assisted activity, which has hands-on adversary emulation plans and exercises specific to a wide variety of threat-actors; these are meant to provide the participants with a better understanding of adversarial attack emulation. The booth will be hosting a simulated environment meant to recreate enterprise infrastructure, operational technology environment, which serves targets for various attack simulations.The hands-on simulator booth also hosts an activity, which would need the participants to generate their own adversary emulation plans to assess the efficacy of the defense systems based on publicly available cyber threat intelligence.
\n\nSpeakerBio: Adversary Village Crew
\nNo BIO available
\n\n\'',NULL,617533),('4_Sunday','11','10:00','11:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_f9fe05437a7f74a01ee64a5c0cc5b9a8','\'\'',NULL,617534),('2_Friday','10','10:00','17:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7f182cf402fa135dd52daf397cf654fb','\'Title: Adversary simulator and purple teaming hands-on booth
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area - Map
\n
\nDescription:
\nAdversary Simulator booth is a volunteer assisted activity, which has hands-on adversary emulation plans and exercises specific to a wide variety of threat-actors; these are meant to provide the participants with a better understanding of adversarial attack emulation. The booth will be hosting a simulated environment meant to recreate enterprise infrastructure, operational technology environment, which serves targets for various attack simulations.The hands-on simulator booth also hosts an activity, which would need the participants to generate their own adversary emulation plans to assess the efficacy of the defense systems based on publicly available cyber threat intelligence.
\n\nSpeakerBio: Adversary Village Crew
\nNo BIO available
\n\n\'',NULL,617535),('2_Friday','11','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7f182cf402fa135dd52daf397cf654fb','\'\'',NULL,617536),('2_Friday','12','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7f182cf402fa135dd52daf397cf654fb','\'\'',NULL,617537),('2_Friday','13','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7f182cf402fa135dd52daf397cf654fb','\'\'',NULL,617538),('2_Friday','14','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7f182cf402fa135dd52daf397cf654fb','\'\'',NULL,617539),('2_Friday','15','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7f182cf402fa135dd52daf397cf654fb','\'\'',NULL,617540),('2_Friday','16','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7f182cf402fa135dd52daf397cf654fb','\'\'',NULL,617541),('2_Friday','17','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary simulator and purple teaming hands-on booth\'','\'Adversary Village Crew\'','ADV_7f182cf402fa135dd52daf397cf654fb','\'\'',NULL,617542),('2_Friday','10','10:00','17:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_75f332be9475da6a482be48cbae96d89','\'Title: Adversary-Adventure Table-top Game
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area - Map
\n
\nDescription:
\nAdversary Adventure is a Choose-Your-Own-Adventure model interactive table-top exercise game, where everyone can participate and choose various tasks. The participants can choose to play as an attacker who performs adversarial activities against a target, a defender who deals with a potential breach, as a CISO who is managing a ransomware attack, or even as management executives going through a table-top exercise.
\n\nSpeakerBio: Adversary Village Crew
\nNo BIO available
\n\n\'',NULL,617543),('2_Friday','11','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_75f332be9475da6a482be48cbae96d89','\'\'',NULL,617544),('2_Friday','12','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_75f332be9475da6a482be48cbae96d89','\'\'',NULL,617545),('2_Friday','13','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_75f332be9475da6a482be48cbae96d89','\'\'',NULL,617546),('2_Friday','14','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_75f332be9475da6a482be48cbae96d89','\'\'',NULL,617547),('2_Friday','15','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_75f332be9475da6a482be48cbae96d89','\'\'',NULL,617548),('2_Friday','16','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_75f332be9475da6a482be48cbae96d89','\'\'',NULL,617549),('2_Friday','17','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_75f332be9475da6a482be48cbae96d89','\'\'',NULL,617550),('4_Sunday','10','10:00','11:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_42b923a85b736871005380606f04934c','\'Title: Adversary-Adventure Table-top Game
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area - Map
\n
\nDescription:
\nAdversary Adventure is a Choose-Your-Own-Adventure model interactive table-top exercise game, where everyone can participate and choose various tasks. The participants can choose to play as an attacker who performs adversarial activities against a target, a defender who deals with a potential breach, as a CISO who is managing a ransomware attack, or even as management executives going through a table-top exercise.
\n\nSpeakerBio: Adversary Village Crew
\nNo BIO available
\n\n\'',NULL,617551),('4_Sunday','11','10:00','11:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_42b923a85b736871005380606f04934c','\'\'',NULL,617552),('3_Saturday','10','10:00','17:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_c6eb1835faf5f8f8ee1af15593a5b3a6','\'Title: Adversary-Adventure Table-top Game
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area - Map
\n
\nDescription:
\nAdversary Adventure is a Choose-Your-Own-Adventure model interactive table-top exercise game, where everyone can participate and choose various tasks. The participants can choose to play as an attacker who performs adversarial activities against a target, a defender who deals with a potential breach, as a CISO who is managing a ransomware attack, or even as management executives going through a table-top exercise.
\n\nSpeakerBio: Adversary Village Crew
\nNo BIO available
\n\n\'',NULL,617553),('3_Saturday','11','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_c6eb1835faf5f8f8ee1af15593a5b3a6','\'\'',NULL,617554),('3_Saturday','12','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_c6eb1835faf5f8f8ee1af15593a5b3a6','\'\'',NULL,617555),('3_Saturday','13','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_c6eb1835faf5f8f8ee1af15593a5b3a6','\'\'',NULL,617556),('3_Saturday','14','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_c6eb1835faf5f8f8ee1af15593a5b3a6','\'\'',NULL,617557),('3_Saturday','15','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_c6eb1835faf5f8f8ee1af15593a5b3a6','\'\'',NULL,617558),('3_Saturday','16','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_c6eb1835faf5f8f8ee1af15593a5b3a6','\'\'',NULL,617559),('3_Saturday','17','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Adversary-Adventure Table-top Game\'','\'Adversary Village Crew\'','ADV_c6eb1835faf5f8f8ee1af15593a5b3a6','\'\'',NULL,617560),('2_Friday','10','10:00','17:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_86c24db162dae82d9a297555628021d5','\'Title: Hands-on Attack and Breach Simulation exercises
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area - Map
\n
\nDescription:
\nThis area will feature guided breach simulation exercises for participants to engage with. There will be two activities, \"Breach-the-Hospital\" and \"Breach-the-Office,\" based on two LEGO sets. A simulated cyber range will be available for each scenario, providing an exact replica of an enterprise production environment. We will provide a detailed walkthrough of the attack scenarios, including Tools-Techniques-and-Procedures (TTPs) commands and how-to guides, demonstrating how to atatck and breach the hospital\'s infrastructure or the office environment. This exercise will give participants a clear understanding of how adversaries infiltrate corporate environments.
\n\nSpeakerBio: Adversary Village Crew
\nNo BIO available
\n\n\'',NULL,617561),('2_Friday','11','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_86c24db162dae82d9a297555628021d5','\'\'',NULL,617562),('2_Friday','12','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_86c24db162dae82d9a297555628021d5','\'\'',NULL,617563),('2_Friday','13','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_86c24db162dae82d9a297555628021d5','\'\'',NULL,617564),('2_Friday','14','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_86c24db162dae82d9a297555628021d5','\'\'',NULL,617565),('2_Friday','15','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_86c24db162dae82d9a297555628021d5','\'\'',NULL,617566),('2_Friday','16','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_86c24db162dae82d9a297555628021d5','\'\'',NULL,617567),('2_Friday','17','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_86c24db162dae82d9a297555628021d5','\'\'',NULL,617568),('4_Sunday','10','10:00','11:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_c7564cfc07b9a6890018a0476f21a62a','\'Title: Hands-on Attack and Breach Simulation exercises
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area - Map
\n
\nDescription:
\nThis area will feature guided breach simulation exercises for participants to engage with. There will be two activities, \"Breach-the-Hospital\" and \"Breach-the-Office,\" based on two LEGO sets. A simulated cyber range will be available for each scenario, providing an exact replica of an enterprise production environment. We will provide a detailed walkthrough of the attack scenarios, including Tools-Techniques-and-Procedures (TTPs) commands and how-to guides, demonstrating how to atatck and breach the hospital\'s infrastructure or the office environment. This exercise will give participants a clear understanding of how adversaries infiltrate corporate environments.
\n\nSpeakerBio: Adversary Village Crew
\nNo BIO available
\n\n\'',NULL,617569),('4_Sunday','11','10:00','11:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_c7564cfc07b9a6890018a0476f21a62a','\'\'',NULL,617570),('3_Saturday','10','10:00','17:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_70842f6a1e1c9e23cf518ffa3d37772f','\'Title: Hands-on Attack and Breach Simulation exercises
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area - Map
\n
\nDescription:
\nThis area will feature guided breach simulation exercises for participants to engage with. There will be two activities, \"Breach-the-Hospital\" and \"Breach-the-Office,\" based on two LEGO sets. A simulated cyber range will be available for each scenario, providing an exact replica of an enterprise production environment. We will provide a detailed walkthrough of the attack scenarios, including Tools-Techniques-and-Procedures (TTPs) commands and how-to guides, demonstrating how to atatck and breach the hospital\'s infrastructure or the office environment. This exercise will give participants a clear understanding of how adversaries infiltrate corporate environments.
\n\nSpeakerBio: Adversary Village Crew
\nNo BIO available
\n\n\'',NULL,617571),('3_Saturday','11','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_70842f6a1e1c9e23cf518ffa3d37772f','\'\'',NULL,617572),('3_Saturday','12','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_70842f6a1e1c9e23cf518ffa3d37772f','\'\'',NULL,617573),('3_Saturday','13','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_70842f6a1e1c9e23cf518ffa3d37772f','\'\'',NULL,617574),('3_Saturday','14','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_70842f6a1e1c9e23cf518ffa3d37772f','\'\'',NULL,617575),('3_Saturday','15','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_70842f6a1e1c9e23cf518ffa3d37772f','\'\'',NULL,617576),('3_Saturday','16','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_70842f6a1e1c9e23cf518ffa3d37772f','\'\'',NULL,617577),('3_Saturday','17','10:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Hands-on Attack and Breach Simulation exercises\'','\'Adversary Village Crew\'','ADV_70842f6a1e1c9e23cf518ffa3d37772f','\'\'',NULL,617578),('2_Friday','10','10:00','10:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'Adversary Village keynote kick-off panel\'','\'Abhijith “Abx” B R,Bryson Bort ,Ken Kato,Vivek Ramachandran,Sanne Maasakkers\'','ADV_8df5cfb64613c404b0a4eaf6ffbf609e','\'Title: Adversary Village keynote kick-off panel
\nWhen: Friday, Aug 9, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage - Map
\n
\nDescription:
\n\n\nSpeakers:Abhijith “Abx” B R,Bryson Bort ,Ken Kato,Vivek Ramachandran,Sanne Maasakkers
\n
\nSpeakerBio: Abhijith “Abx” B R
\nAbhijith B R, also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry. Currently he is involved with multiple organizations as a consulting specialist, to help them build offensive security operations programs, improve their current security posture, assess cyber defense systems, and bridge the gap between business leadership and cyber security professionals. Abhijith’s professional exposure is stretched across multiple industries and various other sectors.
\n\nAs the founder of Adversary Village, Abhijith spearheads a community driven initiative exclusively focused on adversary simulation, adversary tactics, purple teaming, threat-actor/ransomware research-emulation, and offensive security-adversary tradecraft.
\n\nSpeakerBio: Bryson Bort
\nNo BIO available
\nSpeakerBio: Ken Kato, VP at Omni Federal
\nBreaking up bureaucracy since 2008, Ken Kato is a leader in large-scale digital transformation for highly regulated industries. It’s his belief that success comes from changing how teams work with each other toward a common goal. Whether it’s an austere data center with bare-metal servers, global-scale cloud deployments, or terrestrial networking in the far reaches of space, it always comes back to the people.
\n\nKen’s recent accomplishments include: being a founding member of USAF Kessel Run, the first federal software factory; building Black Pearl, the Navy’s premiere DevSecOeps platform; and working with the White House to secure and scale critical cyber-infrastructure. \nBut technology alone can’t solve complex problems. With this in mind, Ken balances his years of experience with industry data to develop sustainable strategies for organizational growth and predict how decisions made today will be survivable in the years ahead.
\n\nSpeakerBio: Vivek Ramachandran, Founder at SquareX
\nVivek Ramachandran is a security researcher, book author, speaker-trainer, and serial entrepreneur with over two decades of experience in offensive cybersecurity. He is currently the founder of SquareX, building a browser-native security product focused on detecting, mitigating, and threat-hunting web attacks against enterprise users and consumers. Prior to that, he was the founder of Pentester Academy (acquired in 2021), which has trained thousands of customers from government agencies, Fortune 500 companies, and enterprises from over 140+ countries. Before that, Vivek’s company built an 802.11ac monitoring product sold exclusively to defense agencies. Vivek discovered the Caffe Latte attack, broke WEP Cloaking, conceptualized enterprise Wi-Fi Backdoors, and created Chellam (Wi-Fi Firewall), WiMonitor Enterprise (802.11ac monitoring), Chigula (Wi-Fi traffic analysis via SQL), Deceptacon (IoT Honeypots), among others. He is the author of multiple five-star-rated books in offensive cybersecurity, which have sold thousands of copies worldwide and have been translated into multiple languages. He has been a speaker/trainer at top security conferences such as Blackhat USA, Europe and Abu Dhabi, DEFCON, Nullcon, Brucon, HITB, Hacktivity, and others. Vivek’s work in cybersecurity has been covered in Forbes, TechCrunch, and other popular media outlets. In a past life, he was one of the programmers of the 802.1x protocol and Port Security in Cisco’s 6500 Catalyst series of switches. He was also one of the winners of the Microsoft Security Shootout contest held in India among a reported 65,000 participants. He has also published multiple research papers in the field of DDoS, ARP Spoofing Detection, and Anomaly-based Intrusion Detection Systems. In 2021, he was awarded an honorary title of Regional Director of Cybersecurity by Microsoft for a period of three years, and in 2024 he joined the BlackHat Arsenal Review Board.
\n\nSpeakerBio: Sanne Maasakkers, Threat Intel at Mandiant
\nNo BIO available
\n\n\'',NULL,617579),('2_Friday','11','11:00','12:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'Modifying Impacket for Better OpSec\'','\'Ryan O\'Donnell\'','ADV_0edfe4f648aa8c80d17a5f41f4d82eca','\'Title: Modifying Impacket for Better OpSec
\nWhen: Friday, Aug 9, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage - Map
\n
\nDescription:
\nOperational security (OpSec) is a cornerstone in red teaming, necessitating continuous refinement of tools and techniques to avoid detection. This workshop is designed for new red team operators and individuals seeking to enhance their offensive capabilities. It focuses on customizing the Impacket toolset—a collection of Python classes for working with network protocols—to improve OpSec during engagements. Impacket tools such as wmiexec, smbexec, and secretsdump are staples in the toolkit of any red teamer due to their versatility and power in gaining access and extracting sensitive data from Windows environments. However, their detectability has increased as defensive measures have become more sophisticated. This session proposes modifications to these tools to reduce their footprint and evade modern security defenses. Participants will explore various customization strategies, including altering network signatures, timing attacks to evade detection, and integrating stealthier authentication methods. Practical exercises will guide attendees through the process of modifying the Impacket scripts, demonstrating how these changes can significantly enhance operational security in simulated environments.
\n\nSpeakerBio: Ryan O\'Donnell, Senior Offensive Security Engineer at Microsoft
\nRyan O\'Donnell is an Offensive Security Engineer at Microsoft. Over the last 13+ years, Ryan has been performing Penetration Tests, Red Team assessments, and Incident Response investigations. Ryan has conducted hands-on workshops at Hack Space Con and Bsides Nova. Ryan has a Masters in Cybersecurity from GMU and the following Certifications: OSCP, OSEP, CRTO, GREM, GCFE, GCIH, CRTO
\n\n\n\'',NULL,617580),('2_Friday','12','11:00','12:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'Modifying Impacket for Better OpSec\'','\'Ryan O\'Donnell\'','ADV_0edfe4f648aa8c80d17a5f41f4d82eca','\'\'',NULL,617581),('2_Friday','13','13:00','14:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'Introduction to MITRE Caldera Through Adversary Emulation\'','\'Rachel Murphy,Mark Perry\'','ADV_908dcc49d11d1cea2a40b4749f40991f','\'Title: Introduction to MITRE Caldera Through Adversary Emulation
\nWhen: Friday, Aug 9, 13:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage - Map
\n
\nDescription:
\nMITRE Caldera is a scalable, automated adversary emulation, open-source cybersecurity platform developed by MITRE. It empowers cyber practitioners to save time, money, and energy through automated security assessments. Caldera not only tests and evaluates detection/analytic and response platforms, but it also provides the capability for your red team to perform manual assessments with computer assistance. This is achieved by augmenting existing offensive toolsets. The framework can be extended to integrate with any custom tools you may have. The development team behind the platform is a group of red teamers, software developers, exploit writers, cyber threat analysts, AI researchers, cybersecurity engineers, and computer scientists. They all pursue the common goal of building a premier adversary emulation platform for our security defenders around the world. To showcase Caldera at DEF CON 32, we will present a scenario that a commercial or corporate entity may ask of a security team. In this scenario, a concerned organization is requesting a security team to develop a repeatable adversary emulation plan based on current cyber threat intelligence (CTI) for a specific advanced persistent threat (APT) that has been targeting the organization’s industry sector. We will create three cyber threat intelligence reports for this adversary detailing the tactics, techniques, and procedures (TTPs) attributed to them. These TTPs will correspond with the abilities available in Caldera’s Stockpile and Atomic plugins. This collection of abilities makes the job of developing an adversary emulation very simple. We will go on to demonstrate how to develop an adversary emulation plan in Caldera utilizing the relevant TTPs described in the CTI reporting. Finally, we will execute the new adversary emulation plan against the target machines and display the facts that Caldera collects during an operation, the outputs of all commands run, and the final report generated by the Debrief plugin.
\n\nSpeakers:Rachel Murphy,Mark Perry
\n
\nSpeakerBio: Rachel Murphy, Cyber Security Engineer at MITRE Corp
\nRachel Murphy is a Cyber Security Engineer at MITRE Corp. She has a B.S. in Mechanical Engineering and prior to joining MITRE, she worked as a mechanical engineer at NASA performing thermal analysis for the International Space Station at Johnson Space Center in Houston, TX. Rachel has worked on projects in adversary emulation, red teaming, cyber threat intelligence, and software development. Part of this work includes supporting Caldera’s research in artificial intelligence, developing Caldera workshops like this one, and promoting Caldera’s benefactor program. She has also served as a red team operator for MITRE Engenuity’s ATT&CK Evaluations.
\n\nSpeakerBio: Mark Perry, Lead Applied Cyber Security Engineer at MITRE Corp
\nMark Perry is a Lead Applied Cyber Security Engineer at MITRE Corp, where he specializes in adversary emulation and work development. With a robust background in infrastructure and cyber security frameworks, Mark brings extensive expertise to his role, focusing on fortifying systems against sophisticated cyber threats. He has worked on projects involving adversary emulation, red teaming, cyber threat intelligence, and software development. Mark also leads development and delivery of Caldera workshops, providing participants with practical, hands-on training utilizing cybersecurity techniques. Additionally, he actively promotes Caldera’s benefactor program, fostering community support and engagement to further the development of cybersecurity tools and resources. Outside of his professional endeavors, Mark enjoys traveling and is a supercar enthusiast.
\n\n\n\'',NULL,617582),('2_Friday','14','13:00','14:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'Introduction to MITRE Caldera Through Adversary Emulation\'','\'Rachel Murphy,Mark Perry\'','ADV_908dcc49d11d1cea2a40b4749f40991f','\'\'',NULL,617583),('2_Friday','15','15:00','16:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'Hands-on workshop\'','\'\'','ADV_983403c7121803adc4a7720a897bcea1','\'Title: Hands-on workshop
\nWhen: Friday, Aug 9, 15:00 - 16:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage - Map
\n
\nDescription:
\n\n\n\'',NULL,617584),('2_Friday','16','15:00','16:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'Hands-on workshop\'','\'\'','ADV_983403c7121803adc4a7720a897bcea1','\'\'',NULL,617585),('2_Friday','17','17:00','17:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'Red Teaming is broken; this panel will fix it.\'','\'Suneel Sundar,Niru Ragupathy,Joe Vest,Drinor Selmanaj\'','ADV_3206e1e79fb1cc12f07440420cfe169d','\'Title: Red Teaming is broken; this panel will fix it.
\nWhen: Friday, Aug 9, 17:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage - Map
\n
\nDescription:
\n\n\nSpeakers:Suneel Sundar,Niru Ragupathy,Joe Vest,Drinor Selmanaj
\n
\nSpeakerBio: Suneel Sundar, Director of Research & Development, Center for Threat-Informed Defense
\nNo BIO available
\nSpeakerBio: Niru Ragupathy, Security Engineer - Manager at Google
\nNiru is a security engineer - manager at Google. She leads the Offensive security team, where she supports the program and works on red team exercises. In her free time she doodles corgis and writes CTF challenges.
\n\nSpeakerBio: Joe Vest, Author of Red Team Development and Operations
\nDriven by his curiosity, perseverance, and passion for technology, Joe Vest\'s mantra for his work and teaching is: \"The journey of gaining experience can be as valuable as the end result.\" Joe has over 20 years of experience in technology with a focus on red teaming, When Joe is not working, you can find him enjoying life in the sun on the coast of Florida.penetration testing, and application security. Joe is currently a Principal Security Engineer at AWS. Prior experience includes the Cobalt Strike Technical Director at HelpSystems, a security consulting company entrepreneur and owner, and a former director at SpecterOps. This diverse experience has given him extensive knowledge of cyber threats, tools, and tactics, including threat emulation and threat detection. Notable career accomplishments include authoring the book \"Red Team Development and Operations\" and authoring the original SANS 564 red team course.
\n\nSpeakerBio: Drinor Selmanaj, Founder of Sentry Cybersecurity and Defense
\nNo BIO available
\n\n\'',NULL,617586),('3_Saturday','10','10:00','10:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'Adversarial AI: Disrupting Artificial Intelligence with Style\'','\'Chloé Messdaghi,Sebastian Cesario,Kasimir Schulz\'','ADV_5c7947ccef7ef14320d038b18e5fd6a4','\'Title: Adversarial AI: Disrupting Artificial Intelligence with Style
\nWhen: Saturday, Aug 10, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage - Map
\n
\nDescription:
\n\n\nSpeakers:Chloé Messdaghi,Sebastian Cesario,Kasimir Schulz
\n
\nSpeakerBio: Chloé Messdaghi, Head of Threat Intelligence at HiddenLayer
\nChloé Messdaghi is the Head of Threat Intelligence at HiddenLayer, leading efforts to secure AI measures and promote industry-wide security practices. A sought-after public speaker and trusted authority for journalists, her expertise has been widely featured in the media. Recognized as a Power Player by Business Insider and SC Media, Chloé has made significant contributions to cybersecurity. Outside of work, she is dedicated to philanthropy, advancing industry progress, and promoting societal and environmental well-being.
\n\nChloé Messdaghi serves as the Head of Threat Intelligence at HiddenLayer, where she spearheads efforts to fortify security for AI measures and fosters collaborative initiatives to enhance industry-wide security practices for AI. A highly sought-after public speaker and trusted authority for national and sector-specific journalists, Chloé\'s expertise has been prominently featured across various media platforms. Her impactful contributions to cybersecurity have earned her recognition as a Power Player by esteemed publications such as Business Insider and SC Media.Beyond her professional endeavors, Chloé remains passionately committed to philanthropy aimed at advancing industry progress and fostering societal and environmental well-being.
\n\nSpeakerBio: Sebastian Cesario, CTO & Co Founder, BforeAI
\nNo BIO available
\nSpeakerBio: Kasimir Schulz, Principal Security Researcher at HiddenLayer
\nKasimir Schulz, Principal Security Researcher at HiddenLayer, is a leading expert in uncovering zero-day exploits and supply chain vulnerabilities in AI. His work has been featured in BleepingComputer and Dark Reading, and he has spoken at conferences such as FS-ISAC and Black Hat. Kasimir leads the development of advanced tools for automating vulnerability detection and implementing large-scale patches, fortifying systems against supply chain attacks. His dedication to proactive defense measures sets a new standard in cybersecurity resilience.
\n\n\n\'',NULL,617587),('3_Saturday','12','12:00','13:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'Hands-on Kubernetes security with KubeHound (purple teaming)\'','\'Julien Terriac\'','ADV_bbf3ae870c598fabfe6303bb17c5cd95','\'Title: Hands-on Kubernetes security with KubeHound (purple teaming)
\nWhen: Saturday, Aug 10, 12:00 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage - Map
\n
\nDescription:
\nThere’s no two ways about it: Kubernetes is a confusing and complex collection of intertwined systems. Finding attack paths in Kubernetes by hand is a frustrating, slow, and tedious process. Defending Kubernetes against those same attack paths is almost impossible without any third party tooling. In this workshop we will present KubeHound - an opinionated, scalable, offensive-minded Kubernetes attack graph tool used by security teams across Datadog. We will cover the custom KubeHound DSL to demonstrate its power to identify some of the most interesting and common attack primitives living in your Kubernetes cluster. If the DSL is not enough, we will cover the basics of Gremlin, the language used by our graph technology so you can find relevant attack paths that matter to you. As attackers (or defenders), there\'s nothing better to understand an attack than to exploit it oneself. So in this workshop we will cover some of the usual attack paths and exploit them.
\n\nSpeakerBio: Julien Terriac, Adversary Simulation Engineering at Datadog
\nJulien Terriac a French senior security researcher with a strong background of pentesting with a special taste for Windows authentication, Active Directory inner working and reverse engineering. He developed several offensive tools to automate such as ProtonPack (custom mimikatz), Lycos (share hunter), ExploitPack (privilege escalation framework), IAMBuster (AD auditing framework).He led the R&D department at XMCO for 5 years before joining Datadog as the Team Lead for Adversary Simulation Engineering (ASE) where his team aims at building offensive tools and frameworks that will automate the simulation of real life attacks against Datadog.
\n\n\n\'',NULL,617588),('3_Saturday','13','12:00','13:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'Hands-on Kubernetes security with KubeHound (purple teaming)\'','\'Julien Terriac\'','ADV_bbf3ae870c598fabfe6303bb17c5cd95','\'\'',NULL,617589),('3_Saturday','14','14:00','15:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'CopyCat: An Artist Guide to Adversary Forgery\'','\'Cat Self\'','ADV_c5a5fe62cbc9b26c5f698c640d8381ca','\'Title: CopyCat: An Artist Guide to Adversary Forgery
\nWhen: Saturday, Aug 10, 14:00 - 15:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage - Map
\n
\nDescription:
\nSkills are learned, but application is art. Much like an artist learning the skill to draw, in this workshop, we learn the skill to identify and create byte-sized adversary emulation-based tests. By reading a report with the lens of MITRE ATT&CK, we identify procedures that link back to MITRE ATT&CK techniques or sub-techniques, which allows us to create an atomic red team test based on the reporting. However, like every artist faces when putting pen to paper, the skill of drawing is not the same as the skill of creating. Using art forgery concepts to help us overcome these obstacles, we walk through how to navigate the gaps in reporting and emulate versus simulating the adversary. Participants are encouraged to finish out the atomic tests and contribute to the public Atomic Red Team GitHub. Welcome to the club of legal copycats. Intended audience: International audience with English is a second language. Beginner to intermediate skill. Basic level of programing knowledge and cyber security concepts required. Students are expected to provide their own laptop. Have a GitHub account & understand the clone, git and pull commands.
\n\nSpeakerBio: Cat Self, Principal Adversary Emulation Engineer (MITRE ATT&CK)
\nCat Self is a Principal Adversary Emulation Engineer working as the macOS/Linux Lead for ATT&CK®, malware developer for MITRE ATT&CK® Evaluations, and SME for International Programs. Cat started her cyber security career at Target and has worked as a developer, internal red team operator, and threat hunter. Cat is a former military intelligence veteran and pays it forward through mentorship, workshops, and public speaking. Outside of work, she is often planning an epic adventure, climbing mountains in foreign lands, learning Chinese, or meeting great people salsa dancing.
\n\n\n\'',NULL,617590),('3_Saturday','15','14:00','15:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'CopyCat: An Artist Guide to Adversary Forgery\'','\'Cat Self\'','ADV_c5a5fe62cbc9b26c5f698c640d8381ca','\'\'',NULL,617591),('3_Saturday','16','16:00','17:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'Cyberjutsu Path to a Digital Martial Art\'','\'Alexandre CABROL PERALES,Quentin Fraty,Alaric Becker\'','ADV_d254896036f1baf4b781f145bd91f2dc','\'Title: Cyberjutsu Path to a Digital Martial Art
\nWhen: Saturday, Aug 10, 16:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage - Map
\n
\nDescription:
\nCyberjūtsu is a new way to teach cybersecurity inspired from martial arts trainings. It is an educational way which allows everyone (novice to expert) to practice together and improve themselves in cybersecurity through confrontation. It follows budō (judo, jujitsu, karate...) principles and ethical code. The goal is to reach \"maximum-efficient use of computer\" in a \"mutual benefit\" of a human confrontation. It\'s a digital martial art fight e-sport using linux shell. No matter your technical background—from 10-year-olds to technical experts like pentesters and red/blue teamers—this workshop is designed for you. The only prerequisite is basic reading, writing, and counting knowledge. Experience real live adversary sparring and see how even those with less knowledge can outmaneuver more experienced participants. Join us for an interactive session with 14 players participating and others welcome to watch. Enhance your cybersecurity skills through collaborative and practical exercises.
\n\nSpeakers:Alexandre CABROL PERALES,Quentin Fraty,Alaric Becker
\n
\nSpeakerBio: Alexandre CABROL PERALES, President of NPO multi-country WOCSA, Director of Managed Detection & Response at Sopra Steria, Teacher at French University Cyber Master
\nPresident of WOCSA France, Cyberjutsu Project Leader for WOCSA Head of Managed Detection and Response Services at Sopra Steria Cybersecurity External Professor at Cybersecurity Master (SSIR) for Science University of Toulouse, France. 1st dan Judo Jujitsu
\n\nSpeakerBio: Quentin Fraty, Threat Intelligence Analyst and Reverse at Sopra Steria
\nI\'m passionate about cybersecurity: since I joined my engineering school in 2021, I started organizing cybersecurity workshops for WOCSA. Attendees range from experiences pentesters to curious teenagers that simply want to have some fun, but I believe that we can all learn something from eachother.
\n\nSpeakerBio: Alaric Becker, SOC Analyst and Threat Hunter at Sopra Steria
\nWOCS\'HACK Project Leader for WOCSA France. Security Operation Center Analyst at Sopra Steria Cybersecurity. 3rd dan Judo Jujitsu
\n\n\n\'',NULL,617592),('3_Saturday','17','16:00','17:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'Cyberjutsu Path to a Digital Martial Art\'','\'Alexandre CABROL PERALES,Quentin Fraty,Alaric Becker\'','ADV_d254896036f1baf4b781f145bd91f2dc','\'\'',NULL,617593),('3_Saturday','11','11:00','11:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'Power To The Purple\'','\'Tyler Casey,Trey Bilbrey\'','ADV_7828f7a28d50baf8b39398a18dc543bd','\'Title: Power To The Purple
\nWhen: Saturday, Aug 10, 11:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage - Map
\n
\nDescription:
\nThe modern cybersecurity realm is no longer one where defenders can work in a vacuum and be successful. Conversely, many people are starting to lose faith in the value of penetration testing as a mechanism to measure their organizational security posture. A collaborative milestone driven approach where Red and Blue teams operate in tandem, is necessary to ensure a proactive approach to enhancing the security of our organizations. This is where Purple Teaming comes into play. In this 2-hour hands-on workshop you will be introduced to Purple Team Exercises and play the role of a Cyber Threat Intelligence analyst, Red Team operator, and Blue Team security analyst. We have set up an isolated environment for each attendee to go through a Purple Team Exercise following the Purple Team Exercise Framework (PTEF). This event will give participants a chance to test out new tools, techniques, and procedures learned during the workshop.
\n\nSpeakers:Tyler Casey,Trey Bilbrey
\n
\nSpeakerBio: Tyler Casey, Deputy of SCYTHE Labs
\nTyler Casey is a seasoned Cyber Professional with over a decade of experience in Defensive Cyber Operations (DCO). Currently serving as Detection Engineer and Deputy at Scythe Labs, Tyler specializes in developing and implementing robust defensive cybersecurity measures to detect and mitigate evolving threats. Prior to joining SCYTHE, Tyler worked in DCO Operations for the U.S. Government, both as a Federal Civilian and Active-Duty Marine. During that tenure, Tyler deployed internationally in support of incident response and targeted threat hunting. Throughout his career, he has been dedicated to enhancing cyber defenses, ensuring the security of critical systems, and contributing to the broader cybersecurity community.
\n\nSpeakerBio: Trey Bilbrey, Lead at SCYTHE Labs
\nTrey Bilbrey is the Lead of SCYTHE Labs, specializing in Purple Team Exercises, Threat Emulation, Critical Infrastructure, and holistic cyber operations. Trey\'s 15+ years of industry experience has allowed him to become an excellent educator, defender of networks, and a cultivator of cybersecurity professionals. Prior to joining SCYTHE, Trey held positions at notable organizations such as Hack The Box (HTB Academy content Developer), The Army Corps of Engineers (ICS/SCADA Penetration Testing), and a veteran of the United States Marine Corps (Defensive and Offensive Cyber Operations). Current certifications include the CISSP, GICSP, GCIP, and K>FiveFour RTAC.
\n\n\n\'',NULL,617594),('4_Sunday','12','12:00','12:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage','\'Village closing\'','\'Adversary Village Crew\'','ADV_277e11f832faf6cb551b364050ff7e16','\'Title: Village closing
\nWhen: Sunday, Aug 11, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV stage - Map
\n
\nDescription:
\nVillage closing ceremony
\n\nSpeakerBio: Adversary Village Crew
\nNo BIO available
\n\n\'',NULL,617595),('4_Sunday','12','12:00','12:59','N','MISC','LVCC West/Floor 1/Hall 3/HW3-06-03','\'DCNextGen Awards and Closing Ceremony\'','\'\'','MISC_b374e584523a47e962daf59aecd53ff3','\'Title: DCNextGen Awards and Closing Ceremony
\nWhen: Sunday, Aug 11, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-03 - Map
\n
\nDescription:
\nWe will be handing out the CTF Prizes and awards. Must be present to win!
\n\n\'',NULL,617596),('2_Friday','14','14:00','14:59','N','MISC','LVCC West/Floor 1/Hall 2/HW2-08-02','\'Hard Hat Brigade Maker Panel\'','\'\'','MISC_3e168131bac4b33f3c1f20d4afbecb8e','\'Title: Hard Hat Brigade Maker Panel
\nWhen: Friday, Aug 9, 14:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-02 - Map
\n
\nDescription:
\nAsk other hard hat enthusiasts about tips, tricks, and techniques during the Hard Hat Makers Panel. Power? Bling? Warez? Process? Let us help you on your own build journey.
\n\n\'',NULL,617597),('2_Friday','10','10:00','10:02','N','CPV','LVCC West/Floor 1/Hall 2/HW2-09-02','\'CPV: Day 1 Welcome\'','\'\'','CPV_c96bff9e4163502fa5002d5fdf321988','\'Title: CPV: Day 1 Welcome
\nWhen: Friday, Aug 9, 10:00 - 10:02 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-02 - Map
\n
\nDescription:
\nWelcome to the 11th CPV at DEF CON! This will be the absolute fastest state of the village sharing talks for the day, plus what\'s available at the village.
\n\n\'',NULL,617598),('2_Friday','14','14:00','14:30','N','CPV','LVCC West/Floor 1/Hall 2/HW2-09-02','\'Data Brokers and the Threat to Your Privacy\'','\'Yael Grauer\'','CPV_65445f3d09f0fd07b2f4a691a4024b42','\'Title: Data Brokers and the Threat to Your Privacy
\nWhen: Friday, Aug 9, 14:00 - 14:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-02 - Map
\n
\nDescription:
\nData brokers, and in particular people-search sites, are a headache for those of us trying to keep our addresses off the internet… and an absolute nightmare for people who are targeted due to their identity, profession, or political beliefs. In this talk, I’ll present the results of a collaborative research project by Tall Poppy and Consumer Reports that evaluates paid people-search removal services. I’ll also discuss how data brokers harm people, what you can do to protect yourself, why it’s so difficult, and what we can do as individuals and at a policy/advocacy level to solve this pernicious privacy problem.
\n\nSpeakerBio: Yael Grauer
\nYael Grauer is an investigative tech reporter. She currently works at Consumer Reports managing Security Planner, an easy-to-use guide to staying safer online. Yael has over a decade of experience covering privacy and security, digital freedom, hacking, and mass surveillance for various tech publications and has extensively researched the privacy and security (or lack thereof) of VPNs, street-level surveillance, and more. She’s been maintaining the Big Ass Data Broker Opt-Out List since 2017.
\n\n\n\'',NULL,617599),('3_Saturday','10','10:25','10:30','N','CPV','LVCC West/Floor 1/Hall 2/HW2-09-02','\'CPV: Day 2 Welcome\'','\'\'','CPV_bcb0bad45375e3bf6b5f396226a4dcde','\'Title: CPV: Day 2 Welcome
\nWhen: Saturday, Aug 10, 10:25 - 10:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-02 - Map
\n
\nDescription:
\nWelcome to Day 2 of the 11th CPV at DEF CON! A brief overview of the state of the village, talks for the day, plus what\'s available at the village and what\'s gone, we might actually run out of friendship bracelet supplies this time around…
\n\n\'',NULL,617600),('2_Friday','13','13:00','13:15','N','CPV','LVCC West/Floor 1/Hall 2/HW2-09-02','\'CPV: Intro to Cyphers\'','\'\'','CPV_f2b5602ccda1a01e04dcb1fa52e51757','\'Title: CPV: Intro to Cyphers
\nWhen: Friday, Aug 9, 13:00 - 13:15 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-02 - Map
\n
\nDescription:
\nAre you getting stuck on solving ciphers in challenges? Not sure who or what Caesar is? What is \"polyalphabetic\" or \"transposition\"? Is this even relevant to modern day cryptography? Come on over for the Intro to Ciphers talk! Talk time: 5-15 minutes
\n\n\'',NULL,617601),('3_Saturday','10','10:30','10:45','N','CPV','LVCC West/Floor 1/Hall 2/HW2-09-02','\'CPV: Intro to Cyphers\'','\'\'','CPV_9ee6025835e8cddb37bb780ed7d951f5','\'Title: CPV: Intro to Cyphers
\nWhen: Saturday, Aug 10, 10:30 - 10:45 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-02 - Map
\n
\nDescription:
\nAre you getting stuck on solving ciphers in challenges? Not sure who or what Caesar is? What is \"polyalphabetic\" or \"transposition\"? Is this even relevant to modern day cryptography? Come on over for the Intro to Ciphers talk! Talk time: 5-15 minutes
\n\n\'',NULL,617602),('3_Saturday','13','13:00','13:15','N','CPV','LVCC West/Floor 1/Hall 2/HW2-09-02','\'CPV: Intro to Cyphers\'','\'\'','CPV_b4db95852af30f0a00b93ca3d4b17f3e','\'Title: CPV: Intro to Cyphers
\nWhen: Saturday, Aug 10, 13:00 - 13:15 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-02 - Map
\n
\nDescription:
\nAre you getting stuck on solving ciphers in challenges? Not sure who or what Caesar is? What is \"polyalphabetic\" or \"transposition\"? Is this even relevant to modern day cryptography? Come on over for the Intro to Ciphers talk! Talk time: 5-15 minutes
\n\n\'',NULL,617603),('3_Saturday','16','16:00','16:30','N','CPV','LVCC West/Floor 1/Hall 2/HW2-09-02','\'A Whirlwind Tour of the FBI\'s Secret Encrypted Chat App\'','\'Joseph Cox\'','CPV_243220426cd03a55dbd244ed0fa90eff','\'Title: A Whirlwind Tour of the FBI\'s Secret Encrypted Chat App
\nWhen: Saturday, Aug 10, 16:00 - 16:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-02 - Map
\n
\nDescription:
\nThe FBI ran an encrypted app called Anom, intercepting all of its messages. The operation ended in the arrest of hundreds of criminals. But what happens now? Are apps that we all use, like Signal, under threat too? This talk will give a blistering dive into what the app was, how it worked, and what it means for all of our privacy now.
\n\nSpeakerBio: Joseph Cox, Co-Founder at 404 Media
\nJoseph Cox is an investigative journalist and author of DARK WIRE, the inside story of how the FBI secretly ran its own encrypted phone company called Anom to wiretap the world. He produced a series of exclusive articles on Anom for VICE’s Motherboard, and is now a co-founder of 404 Media.
\n\n\n\'',NULL,617604),('2_Friday','12','12:00','12:59','N','CON','LVCC West/Floor 1/Hall 2/HW2-09-02','\'Gold Bug: Welcome\'','\'\'','CON_c6dd6491d82683b8d241e2d1e2608431','\'Title: Gold Bug: Welcome
\nWhen: Friday, Aug 9, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-02 - Map
\n
\nDescription:
\nWelcome to the Gold Bug at the 11th annual Crypto & Privacy Village! This opening talk compliments the Gold Bug: Puzzle Panel on Day 2.
\n\nThe Gold Bug Team 2024 at the Crypto & Privacy Village: 0xCryptok, tseven, llamaprincess, pleoxconfusa, Pascal-0x90, Delta_JRM, are the beloved puzzle-makers within Crypto & Privacy Village. We make a special effort to include accessible puzzles at all skill levels. It is our hope that anyone, from new puzzlers (even kids!) to seasoned puzzle hunters, can participate in and enjoy this contest.
\n\nThe GoldBug team also runs Crypto & Privacy Village\'s Junior Cryptography at DC NextGen.
\n\n\'',NULL,617605),('3_Saturday','14','14:00','14:59','N','CON','LVCC West/Floor 1/Hall 2/HW2-09-02','\'Gold Bug: Puzzle Panel\'','\'\'','CON_0d8755ee9e23f06e40def761d940f66f','\'Title: Gold Bug: Puzzle Panel
\nWhen: Saturday, Aug 10, 14:00 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-02 - Map
\n
\nDescription:
\nWelcome to Day 2 of the Gold Bug at the 11th annual Crypto & Privacy Village! Join the Gold Bug Team for the latest updates, panel-exclusive hints, and more. This panel compliments the Gold Bug: Welcome on Day 1.
\n\n\'',NULL,617606),('2_Friday','10','10:00','17:59','N','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_5bd7678578c217ca88d1d04d9b74e266','\'Title: Tamper Evident Village Activities
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\n\"Tamper-evident\" refers to a physical security technology that provides evidence of tampering (access, damage, repair, or replacement) to determine authenticity or integrity of a container or object(s). In practical terms, this can be a piece of tape that closes an envelope, a plastic detainer that secures a hasp, or an ink used to identify a legitimate document. Tamper-evident technologies are often confused with \"tamper resistant\" or \"tamper proof\" technologies which attempt to prevent tampering in the first place. Referred to individually as \"seals,\" many tamper technologies are easy to destroy, but a destroyed (or missing) seal would provide evidence of tampering! The goal of the TEV is to teach attendees how these technologies work and how many can be tampered with without leaving evidence.
\n\nThe Tamper-Evident Village includes the following contests and events:
\n\n\n- The Box; an electronic tamper challenge. An extremely realistic explosive with traps, alarms, and a timer ticking down. One mistake and BOOM, you\'re dead. Make every second count! Sign ups on-site when the TEV begins.
\n- Tamper-Evident King of the Hill; a full-featured tamper challenge. Tamper single items at your leisure and attempt to beat the current best. There can be only ONE! No sign ups required, play on-site when the TEV begins.
\n- Badge Counterfeiting Contest; submit your best forgery of a DEF CON human badge. Other target badges are also available for those looking for more counterfeit fun!
\n- For your viewing pleasure, collections of high-security tamper-evident seals from around the world.
\n- Presentations & demonstrations on various aspects of tamper-evident seals and methods to defeat them.
\n- Hands-on fun with adhesive seals, mechanical seals, envelopes, and evidence bags.
\n
\n\n\'',NULL,617607),('2_Friday','11','10:00','17:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_5bd7678578c217ca88d1d04d9b74e266','\'\'',NULL,617608),('2_Friday','12','10:00','17:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_5bd7678578c217ca88d1d04d9b74e266','\'\'',NULL,617609),('2_Friday','13','10:00','17:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_5bd7678578c217ca88d1d04d9b74e266','\'\'',NULL,617610),('2_Friday','14','10:00','17:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_5bd7678578c217ca88d1d04d9b74e266','\'\'',NULL,617611),('2_Friday','15','10:00','17:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_5bd7678578c217ca88d1d04d9b74e266','\'\'',NULL,617612),('2_Friday','16','10:00','17:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_5bd7678578c217ca88d1d04d9b74e266','\'\'',NULL,617613),('2_Friday','17','10:00','17:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_5bd7678578c217ca88d1d04d9b74e266','\'\'',NULL,617614),('4_Sunday','10','10:00','12:59','N','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_3cb582a2a47c6024b9b694632435ca2d','\'Title: Tamper Evident Village Activities
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\n\"Tamper-evident\" refers to a physical security technology that provides evidence of tampering (access, damage, repair, or replacement) to determine authenticity or integrity of a container or object(s). In practical terms, this can be a piece of tape that closes an envelope, a plastic detainer that secures a hasp, or an ink used to identify a legitimate document. Tamper-evident technologies are often confused with \"tamper resistant\" or \"tamper proof\" technologies which attempt to prevent tampering in the first place. Referred to individually as \"seals,\" many tamper technologies are easy to destroy, but a destroyed (or missing) seal would provide evidence of tampering! The goal of the TEV is to teach attendees how these technologies work and how many can be tampered with without leaving evidence.
\n\nThe Tamper-Evident Village includes the following contests and events:
\n\n\n- The Box; an electronic tamper challenge. An extremely realistic explosive with traps, alarms, and a timer ticking down. One mistake and BOOM, you\'re dead. Make every second count! Sign ups on-site when the TEV begins.
\n- Tamper-Evident King of the Hill; a full-featured tamper challenge. Tamper single items at your leisure and attempt to beat the current best. There can be only ONE! No sign ups required, play on-site when the TEV begins.
\n- Badge Counterfeiting Contest; submit your best forgery of a DEF CON human badge. Other target badges are also available for those looking for more counterfeit fun!
\n- For your viewing pleasure, collections of high-security tamper-evident seals from around the world.
\n- Presentations & demonstrations on various aspects of tamper-evident seals and methods to defeat them.
\n- Hands-on fun with adhesive seals, mechanical seals, envelopes, and evidence bags.
\n
\n\n\'',NULL,617615),('4_Sunday','11','10:00','12:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_3cb582a2a47c6024b9b694632435ca2d','\'\'',NULL,617616),('4_Sunday','12','10:00','12:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_3cb582a2a47c6024b9b694632435ca2d','\'\'',NULL,617617),('3_Saturday','10','10:00','17:59','N','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_c8411128f59fae1af8326c4940c0e599','\'Title: Tamper Evident Village Activities
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-07-03 - Map
\n
\nDescription:
\n\"Tamper-evident\" refers to a physical security technology that provides evidence of tampering (access, damage, repair, or replacement) to determine authenticity or integrity of a container or object(s). In practical terms, this can be a piece of tape that closes an envelope, a plastic detainer that secures a hasp, or an ink used to identify a legitimate document. Tamper-evident technologies are often confused with \"tamper resistant\" or \"tamper proof\" technologies which attempt to prevent tampering in the first place. Referred to individually as \"seals,\" many tamper technologies are easy to destroy, but a destroyed (or missing) seal would provide evidence of tampering! The goal of the TEV is to teach attendees how these technologies work and how many can be tampered with without leaving evidence.
\n\nThe Tamper-Evident Village includes the following contests and events:
\n\n\n- The Box; an electronic tamper challenge. An extremely realistic explosive with traps, alarms, and a timer ticking down. One mistake and BOOM, you\'re dead. Make every second count! Sign ups on-site when the TEV begins.
\n- Tamper-Evident King of the Hill; a full-featured tamper challenge. Tamper single items at your leisure and attempt to beat the current best. There can be only ONE! No sign ups required, play on-site when the TEV begins.
\n- Badge Counterfeiting Contest; submit your best forgery of a DEF CON human badge. Other target badges are also available for those looking for more counterfeit fun!
\n- For your viewing pleasure, collections of high-security tamper-evident seals from around the world.
\n- Presentations & demonstrations on various aspects of tamper-evident seals and methods to defeat them.
\n- Hands-on fun with adhesive seals, mechanical seals, envelopes, and evidence bags.
\n
\n\n\'',NULL,617618),('3_Saturday','11','10:00','17:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_c8411128f59fae1af8326c4940c0e599','\'\'',NULL,617619),('3_Saturday','12','10:00','17:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_c8411128f59fae1af8326c4940c0e599','\'\'',NULL,617620),('3_Saturday','13','10:00','17:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_c8411128f59fae1af8326c4940c0e599','\'\'',NULL,617621),('3_Saturday','14','10:00','17:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_c8411128f59fae1af8326c4940c0e599','\'\'',NULL,617622),('3_Saturday','15','10:00','17:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_c8411128f59fae1af8326c4940c0e599','\'\'',NULL,617623),('3_Saturday','16','10:00','17:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_c8411128f59fae1af8326c4940c0e599','\'\'',NULL,617624),('3_Saturday','17','10:00','17:59','Y','TEV','LVCC West/Floor 1/Hall 2/HW2-07-03','\'Tamper Evident Village Activities\'','\'\'','TEV_c8411128f59fae1af8326c4940c0e599','\'\'',NULL,617625),('3_Saturday','10','10:00','17:59','N','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_c688a2a55f43a58c13f0ac320972602e','\'Title: LHC Meshtastic Activities and CTF
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nLonely Hackers Club is conducting some meshtastic activities during DEF CON 32.
\n\nThe Lonely Hackers Club is hosting a CTF over Meshtastic. To participate you will need a Meshtastic node. There will be additional flags located in or near the LHC room. For more information check out our Meshtastic page.
\n\nGetting Started
\n\nLearn more here.
\n\nDefault LongFast Mesh + LHC Channel, Use before DEF CON
\n\nTap here to reconfigure your device
\n\nDEFCONnect ShortFast Mesh + LHC Channel, Use during DEF CON
\n\nTap here to reconfigure your device
\n\n\'',NULL,617626),('3_Saturday','11','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_c688a2a55f43a58c13f0ac320972602e','\'\'',NULL,617627),('3_Saturday','12','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_c688a2a55f43a58c13f0ac320972602e','\'\'',NULL,617628),('3_Saturday','13','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_c688a2a55f43a58c13f0ac320972602e','\'\'',NULL,617629),('3_Saturday','14','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_c688a2a55f43a58c13f0ac320972602e','\'\'',NULL,617630),('3_Saturday','15','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_c688a2a55f43a58c13f0ac320972602e','\'\'',NULL,617631),('3_Saturday','16','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_c688a2a55f43a58c13f0ac320972602e','\'\'',NULL,617632),('3_Saturday','17','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_c688a2a55f43a58c13f0ac320972602e','\'\'',NULL,617633),('2_Friday','10','10:00','17:59','N','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_6bc456d48a0eca9d94d9ff7737f89d79','\'Title: LHC Meshtastic Activities and CTF
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nLonely Hackers Club is conducting some meshtastic activities during DEF CON 32.
\n\nThe Lonely Hackers Club is hosting a CTF over Meshtastic. To participate you will need a Meshtastic node. There will be additional flags located in or near the LHC room. For more information check out our Meshtastic page.
\n\nGetting Started
\n\nLearn more here.
\n\nDefault LongFast Mesh + LHC Channel, Use before DEF CON
\n\nTap here to reconfigure your device
\n\nDEFCONnect ShortFast Mesh + LHC Channel, Use during DEF CON
\n\nTap here to reconfigure your device
\n\n\'',NULL,617634),('2_Friday','11','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_6bc456d48a0eca9d94d9ff7737f89d79','\'\'',NULL,617635),('2_Friday','12','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_6bc456d48a0eca9d94d9ff7737f89d79','\'\'',NULL,617636),('2_Friday','13','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_6bc456d48a0eca9d94d9ff7737f89d79','\'\'',NULL,617637),('2_Friday','14','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_6bc456d48a0eca9d94d9ff7737f89d79','\'\'',NULL,617638),('2_Friday','15','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_6bc456d48a0eca9d94d9ff7737f89d79','\'\'',NULL,617639),('2_Friday','16','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_6bc456d48a0eca9d94d9ff7737f89d79','\'\'',NULL,617640),('2_Friday','17','10:00','17:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_6bc456d48a0eca9d94d9ff7737f89d79','\'\'',NULL,617641),('4_Sunday','10','10:00','12:59','N','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_055b5778fc9f4c3d81f22430edf5fadd','\'Title: LHC Meshtastic Activities and CTF
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W208 - Map
\n
\nDescription:
\nLonely Hackers Club is conducting some meshtastic activities during DEF CON 32.
\n\nThe Lonely Hackers Club is hosting a CTF over Meshtastic. To participate you will need a Meshtastic node. There will be additional flags located in or near the LHC room. For more information check out our Meshtastic page.
\n\nGetting Started
\n\nLearn more here.
\n\nDefault LongFast Mesh + LHC Channel, Use before DEF CON
\n\nTap here to reconfigure your device
\n\nDEFCONnect ShortFast Mesh + LHC Channel, Use during DEF CON
\n\nTap here to reconfigure your device
\n\n\'',NULL,617642),('4_Sunday','11','10:00','12:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_055b5778fc9f4c3d81f22430edf5fadd','\'\'',NULL,617643),('4_Sunday','12','10:00','12:59','Y','MISC','LVCC West/Floor 2/W208','\'LHC Meshtastic Activities and CTF\'','\'\'','MISC_055b5778fc9f4c3d81f22430edf5fadd','\'\'',NULL,617644),('2_Friday','10','10:00','17:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_2d4efa0cf764f76217600777f182b455','\'Title: Game Hacking Community Activities & CTF
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-03 - Map
\n
\nDescription:
\nWelcome to the inaugural GameHacking.GG @ DEF CON 32, where gaming and cybersecurity intersect in exciting and interactive ways. Our mission is to delve into various aspects of game security, fostering an environment of exploration, play, and learning. The DEFCON32 event is constructed to make game security accessible and playable at all skill levels.
\n\nAt the Game Hacking DEF CON 32 event, participants can engage in activities ranging from modding games to exploring the intricacies of memory hacking and multiplayer cheats. In future iterations of the event we hope to expand to learning about game malware and maybe even some hardware hacks. Whether you\'re a beginner or an experienced hacker, we will have presentations and activities to challenge your skills.
\n\nBe part of the evolution of game security. Dive into our activities, engage with other game hackers, and explore opportunities to contribute to and support the Game Hacking Community. Let’s play, learn, exploit, and perhaps even profit.
\n\n\'',NULL,617645),('2_Friday','11','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_2d4efa0cf764f76217600777f182b455','\'\'',NULL,617646),('2_Friday','12','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_2d4efa0cf764f76217600777f182b455','\'\'',NULL,617647),('2_Friday','13','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_2d4efa0cf764f76217600777f182b455','\'\'',NULL,617648),('2_Friday','14','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_2d4efa0cf764f76217600777f182b455','\'\'',NULL,617649),('2_Friday','15','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_2d4efa0cf764f76217600777f182b455','\'\'',NULL,617650),('2_Friday','16','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_2d4efa0cf764f76217600777f182b455','\'\'',NULL,617651),('2_Friday','17','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_2d4efa0cf764f76217600777f182b455','\'\'',NULL,617652),('4_Sunday','10','10:00','10:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_a16ac0b56af66b951df43fd4d9a16e03','\'Title: Game Hacking Community Activities & CTF
\nWhen: Sunday, Aug 11, 10:00 - 10:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-03 - Map
\n
\nDescription:
\nWelcome to the inaugural GameHacking.GG @ DEF CON 32, where gaming and cybersecurity intersect in exciting and interactive ways. Our mission is to delve into various aspects of game security, fostering an environment of exploration, play, and learning. The DEFCON32 event is constructed to make game security accessible and playable at all skill levels.
\n\nAt the Game Hacking DEF CON 32 event, participants can engage in activities ranging from modding games to exploring the intricacies of memory hacking and multiplayer cheats. In future iterations of the event we hope to expand to learning about game malware and maybe even some hardware hacks. Whether you\'re a beginner or an experienced hacker, we will have presentations and activities to challenge your skills.
\n\nBe part of the evolution of game security. Dive into our activities, engage with other game hackers, and explore opportunities to contribute to and support the Game Hacking Community. Let’s play, learn, exploit, and perhaps even profit.
\n\n\'',NULL,617653),('3_Saturday','10','10:00','17:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_850d00378f9dc45711c7cb3e6d2e2b35','\'Title: Game Hacking Community Activities & CTF
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-03 - Map
\n
\nDescription:
\nWelcome to the inaugural GameHacking.GG @ DEF CON 32, where gaming and cybersecurity intersect in exciting and interactive ways. Our mission is to delve into various aspects of game security, fostering an environment of exploration, play, and learning. The DEFCON32 event is constructed to make game security accessible and playable at all skill levels.
\n\nAt the Game Hacking DEF CON 32 event, participants can engage in activities ranging from modding games to exploring the intricacies of memory hacking and multiplayer cheats. In future iterations of the event we hope to expand to learning about game malware and maybe even some hardware hacks. Whether you\'re a beginner or an experienced hacker, we will have presentations and activities to challenge your skills.
\n\nBe part of the evolution of game security. Dive into our activities, engage with other game hackers, and explore opportunities to contribute to and support the Game Hacking Community. Let’s play, learn, exploit, and perhaps even profit.
\n\n\'',NULL,617654),('3_Saturday','11','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_850d00378f9dc45711c7cb3e6d2e2b35','\'\'',NULL,617655),('3_Saturday','12','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_850d00378f9dc45711c7cb3e6d2e2b35','\'\'',NULL,617656),('3_Saturday','13','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_850d00378f9dc45711c7cb3e6d2e2b35','\'\'',NULL,617657),('3_Saturday','14','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_850d00378f9dc45711c7cb3e6d2e2b35','\'\'',NULL,617658),('3_Saturday','15','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_850d00378f9dc45711c7cb3e6d2e2b35','\'\'',NULL,617659),('3_Saturday','16','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_850d00378f9dc45711c7cb3e6d2e2b35','\'\'',NULL,617660),('3_Saturday','17','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Activities & CTF\'','\'\'','MISC_850d00378f9dc45711c7cb3e6d2e2b35','\'\'',NULL,617661),('4_Sunday','12','12:00','12:59','N','MISC','LVCC West/Floor 1/Hall 4/HW4-01-03','\'Game Hacking Community Closing Talk & Awards Ceremony\'','\'\'','MISC_c643ddb8cb6526c840ed7d43e903bf72','\'Title: Game Hacking Community Closing Talk & Awards Ceremony
\nWhen: Sunday, Aug 11, 12:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-01-03 - Map
\n
\nDescription:
\n\n\n\'',NULL,617662),('3_Saturday','10','10:00','17:59','N','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_1613f92065c0b32c5dcfa1d9ff1fb6ea','\'Title: Robo Sumo
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-10-01 - Map
\n
\nDescription:
\nIf you have never participated in a Robo Sumo event before, welcome to the crowd! There are a number of resources online on this topic. We are lucky enough to have Pololu as a local resource. Their office is a short distance from the strip. They have have robots and parts to make robots. They can ship to your hotel if desired. Put something together and bring it down to show off and shove other bots around.
\n\nPlease follow the \"more info\" link if you would like to know more.
\n\n\'',NULL,617663),('3_Saturday','11','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_1613f92065c0b32c5dcfa1d9ff1fb6ea','\'\'',NULL,617664),('3_Saturday','12','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_1613f92065c0b32c5dcfa1d9ff1fb6ea','\'\'',NULL,617665),('3_Saturday','13','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_1613f92065c0b32c5dcfa1d9ff1fb6ea','\'\'',NULL,617666),('3_Saturday','14','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_1613f92065c0b32c5dcfa1d9ff1fb6ea','\'\'',NULL,617667),('3_Saturday','15','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_1613f92065c0b32c5dcfa1d9ff1fb6ea','\'\'',NULL,617668),('3_Saturday','16','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_1613f92065c0b32c5dcfa1d9ff1fb6ea','\'\'',NULL,617669),('3_Saturday','17','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_1613f92065c0b32c5dcfa1d9ff1fb6ea','\'\'',NULL,617670),('4_Sunday','10','10:00','12:59','N','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_7eabdd1510745e84aa045e5f3e4dbd40','\'Title: Robo Sumo
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-10-01 - Map
\n
\nDescription:
\nIf you have never participated in a Robo Sumo event before, welcome to the crowd! There are a number of resources online on this topic. We are lucky enough to have Pololu as a local resource. Their office is a short distance from the strip. They have have robots and parts to make robots. They can ship to your hotel if desired. Put something together and bring it down to show off and shove other bots around.
\n\nPlease follow the \"more info\" link if you would like to know more.
\n\n\'',NULL,617671),('4_Sunday','11','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_7eabdd1510745e84aa045e5f3e4dbd40','\'\'',NULL,617672),('4_Sunday','12','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_7eabdd1510745e84aa045e5f3e4dbd40','\'\'',NULL,617673),('2_Friday','10','10:00','17:59','N','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_8d52f029c0136f6c63d7da35bf7c92bf','\'Title: Robo Sumo
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-10-01 - Map
\n
\nDescription:
\nIf you have never participated in a Robo Sumo event before, welcome to the crowd! There are a number of resources online on this topic. We are lucky enough to have Pololu as a local resource. Their office is a short distance from the strip. They have have robots and parts to make robots. They can ship to your hotel if desired. Put something together and bring it down to show off and shove other bots around.
\n\nPlease follow the \"more info\" link if you would like to know more.
\n\n\'',NULL,617674),('2_Friday','11','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_8d52f029c0136f6c63d7da35bf7c92bf','\'\'',NULL,617675),('2_Friday','12','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_8d52f029c0136f6c63d7da35bf7c92bf','\'\'',NULL,617676),('2_Friday','13','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_8d52f029c0136f6c63d7da35bf7c92bf','\'\'',NULL,617677),('2_Friday','14','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_8d52f029c0136f6c63d7da35bf7c92bf','\'\'',NULL,617678),('2_Friday','15','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_8d52f029c0136f6c63d7da35bf7c92bf','\'\'',NULL,617679),('2_Friday','16','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_8d52f029c0136f6c63d7da35bf7c92bf','\'\'',NULL,617680),('2_Friday','17','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Robo Sumo\'','\'\'','MISC_8d52f029c0136f6c63d7da35bf7c92bf','\'\'',NULL,617681),('4_Sunday','10','10:00','12:59','N','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_622169e0cefac47efe83f429b659be2f','\'Title: HHV Rube Goldberg Machine
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-10-01 - Map
\n
\nDescription:
\nTo celebrate DEF CON 32, the Hardware Hacking Village (HHV) is hosting a Rube Goldberg Machine (RGM) Event! This idea has been kicking around the HHV volunteer circle in one shape or another since at least DEF CON 20, so it’s about time that it happened! The goal is to create a series of devices that combine to form an end-to-end Rube Goldberg machine for transmitting messages. The hope is that all sorts of creative devices will be connected up to each other to move bits through various complicated and fun analog/digital methods. Ideas have ranged from simply wiring RX to TX — to using radios to bounce the message off the moon!
\n\n\'',NULL,617682),('4_Sunday','11','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_622169e0cefac47efe83f429b659be2f','\'\'',NULL,617683),('4_Sunday','12','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_622169e0cefac47efe83f429b659be2f','\'\'',NULL,617684),('2_Friday','10','10:00','17:59','N','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_5048b45f17341e18bbc8d4d2bd50f844','\'Title: HHV Rube Goldberg Machine
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-10-01 - Map
\n
\nDescription:
\nTo celebrate DEF CON 32, the Hardware Hacking Village (HHV) is hosting a Rube Goldberg Machine (RGM) Event! This idea has been kicking around the HHV volunteer circle in one shape or another since at least DEF CON 20, so it’s about time that it happened! The goal is to create a series of devices that combine to form an end-to-end Rube Goldberg machine for transmitting messages. The hope is that all sorts of creative devices will be connected up to each other to move bits through various complicated and fun analog/digital methods. Ideas have ranged from simply wiring RX to TX — to using radios to bounce the message off the moon!
\n\n\'',NULL,617685),('2_Friday','11','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_5048b45f17341e18bbc8d4d2bd50f844','\'\'',NULL,617686),('2_Friday','12','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_5048b45f17341e18bbc8d4d2bd50f844','\'\'',NULL,617687),('2_Friday','13','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_5048b45f17341e18bbc8d4d2bd50f844','\'\'',NULL,617688),('2_Friday','14','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_5048b45f17341e18bbc8d4d2bd50f844','\'\'',NULL,617689),('2_Friday','15','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_5048b45f17341e18bbc8d4d2bd50f844','\'\'',NULL,617690),('2_Friday','16','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_5048b45f17341e18bbc8d4d2bd50f844','\'\'',NULL,617691),('2_Friday','17','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_5048b45f17341e18bbc8d4d2bd50f844','\'\'',NULL,617692),('3_Saturday','10','10:00','17:59','N','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_039a2d27aa199c9ca3bcfe6f73a8d047','\'Title: HHV Rube Goldberg Machine
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-10-01 - Map
\n
\nDescription:
\nTo celebrate DEF CON 32, the Hardware Hacking Village (HHV) is hosting a Rube Goldberg Machine (RGM) Event! This idea has been kicking around the HHV volunteer circle in one shape or another since at least DEF CON 20, so it’s about time that it happened! The goal is to create a series of devices that combine to form an end-to-end Rube Goldberg machine for transmitting messages. The hope is that all sorts of creative devices will be connected up to each other to move bits through various complicated and fun analog/digital methods. Ideas have ranged from simply wiring RX to TX — to using radios to bounce the message off the moon!
\n\n\'',NULL,617693),('3_Saturday','11','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_039a2d27aa199c9ca3bcfe6f73a8d047','\'\'',NULL,617694),('3_Saturday','12','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_039a2d27aa199c9ca3bcfe6f73a8d047','\'\'',NULL,617695),('3_Saturday','13','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_039a2d27aa199c9ca3bcfe6f73a8d047','\'\'',NULL,617696),('3_Saturday','14','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_039a2d27aa199c9ca3bcfe6f73a8d047','\'\'',NULL,617697),('3_Saturday','15','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_039a2d27aa199c9ca3bcfe6f73a8d047','\'\'',NULL,617698),('3_Saturday','16','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_039a2d27aa199c9ca3bcfe6f73a8d047','\'\'',NULL,617699),('3_Saturday','17','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'HHV Rube Goldberg Machine\'','\'\'','MISC_039a2d27aa199c9ca3bcfe6f73a8d047','\'\'',NULL,617700),('2_Friday','10','10:00','17:59','N','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_f033b144e49071cb753ad1d42f9237e3','\'Title: Hardware Hacking and Soldering Skills Village Open (HHV-SSV)
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-10-01 - Map
\n
\nDescription:
\n\n\n\'',NULL,617701),('2_Friday','11','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_f033b144e49071cb753ad1d42f9237e3','\'\'',NULL,617702),('2_Friday','12','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_f033b144e49071cb753ad1d42f9237e3','\'\'',NULL,617703),('2_Friday','13','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_f033b144e49071cb753ad1d42f9237e3','\'\'',NULL,617704),('2_Friday','14','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_f033b144e49071cb753ad1d42f9237e3','\'\'',NULL,617705),('2_Friday','15','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_f033b144e49071cb753ad1d42f9237e3','\'\'',NULL,617706),('2_Friday','16','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_f033b144e49071cb753ad1d42f9237e3','\'\'',NULL,617707),('2_Friday','17','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_f033b144e49071cb753ad1d42f9237e3','\'\'',NULL,617708),('4_Sunday','10','10:00','12:59','N','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_ead171b9b3aad7ebfdf305115bb7ced8','\'Title: Hardware Hacking and Soldering Skills Village Open (HHV-SSV)
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-10-01 - Map
\n
\nDescription:
\n\n\n\'',NULL,617709),('4_Sunday','11','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_ead171b9b3aad7ebfdf305115bb7ced8','\'\'',NULL,617710),('4_Sunday','12','10:00','12:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_ead171b9b3aad7ebfdf305115bb7ced8','\'\'',NULL,617711),('3_Saturday','10','10:00','17:59','N','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_16e3f203d30aa9da6ebd11b8a258fc12','\'Title: Hardware Hacking and Soldering Skills Village Open (HHV-SSV)
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-10-01 - Map
\n
\nDescription:
\n\n\n\'',NULL,617712),('3_Saturday','11','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_16e3f203d30aa9da6ebd11b8a258fc12','\'\'',NULL,617713),('3_Saturday','12','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_16e3f203d30aa9da6ebd11b8a258fc12','\'\'',NULL,617714),('3_Saturday','13','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_16e3f203d30aa9da6ebd11b8a258fc12','\'\'',NULL,617715),('3_Saturday','14','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_16e3f203d30aa9da6ebd11b8a258fc12','\'\'',NULL,617716),('3_Saturday','15','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_16e3f203d30aa9da6ebd11b8a258fc12','\'\'',NULL,617717),('3_Saturday','16','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_16e3f203d30aa9da6ebd11b8a258fc12','\'\'',NULL,617718),('3_Saturday','17','10:00','17:59','Y','MISC','LVCC West/Floor 1/Hall 2/HW2-10-01','\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','\'\'','MISC_16e3f203d30aa9da6ebd11b8a258fc12','\'\'',NULL,617719),('3_Saturday','10','10:00','17:59','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_c4c222fbeb1db6238edd4d0848a59720','\'Title: Radio Frequency Village Events
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nIn addition to the CTF and talks which are elsewhere on the schedule, the RF Village is also a place to hang out and chat with like minded folks who share your interests.
\n\n\'',NULL,617720),('3_Saturday','11','10:00','17:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_c4c222fbeb1db6238edd4d0848a59720','\'\'',NULL,617721),('3_Saturday','12','10:00','17:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_c4c222fbeb1db6238edd4d0848a59720','\'\'',NULL,617722),('3_Saturday','13','10:00','17:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_c4c222fbeb1db6238edd4d0848a59720','\'\'',NULL,617723),('3_Saturday','14','10:00','17:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_c4c222fbeb1db6238edd4d0848a59720','\'\'',NULL,617724),('3_Saturday','15','10:00','17:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_c4c222fbeb1db6238edd4d0848a59720','\'\'',NULL,617725),('3_Saturday','16','10:00','17:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_c4c222fbeb1db6238edd4d0848a59720','\'\'',NULL,617726),('3_Saturday','17','10:00','17:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_c4c222fbeb1db6238edd4d0848a59720','\'\'',NULL,617727),('2_Friday','10','10:00','17:59','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_aedced8ac0a3156a60e11ced3b86ea14','\'Title: Radio Frequency Village Events
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nIn addition to the CTF and talks which are elsewhere on the schedule, the RF Village is also a place to hang out and chat with like minded folks who share your interests.
\n\n\'',NULL,617728),('2_Friday','11','10:00','17:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_aedced8ac0a3156a60e11ced3b86ea14','\'\'',NULL,617729),('2_Friday','12','10:00','17:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_aedced8ac0a3156a60e11ced3b86ea14','\'\'',NULL,617730),('2_Friday','13','10:00','17:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_aedced8ac0a3156a60e11ced3b86ea14','\'\'',NULL,617731),('2_Friday','14','10:00','17:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_aedced8ac0a3156a60e11ced3b86ea14','\'\'',NULL,617732),('2_Friday','15','10:00','17:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_aedced8ac0a3156a60e11ced3b86ea14','\'\'',NULL,617733),('2_Friday','16','10:00','17:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_aedced8ac0a3156a60e11ced3b86ea14','\'\'',NULL,617734),('2_Friday','17','10:00','17:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_aedced8ac0a3156a60e11ced3b86ea14','\'\'',NULL,617735),('4_Sunday','10','10:00','12:59','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_68e5b6d5dde1b29d98d7ae6c05e8c6f5','\'Title: Radio Frequency Village Events
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\nIn addition to the CTF and talks which are elsewhere on the schedule, the RF Village is also a place to hang out and chat with like minded folks who share your interests.
\n\n\'',NULL,617736),('4_Sunday','11','10:00','12:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_68e5b6d5dde1b29d98d7ae6c05e8c6f5','\'\'',NULL,617737),('4_Sunday','12','10:00','12:59','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'Radio Frequency Village Events\'','\'\'','RFV_68e5b6d5dde1b29d98d7ae6c05e8c6f5','\'\'',NULL,617738),('4_Sunday','11','11:00','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 1','\'Arsenal: Kubescape - OSS security from left to right and everything in the middle\'','\'ben@armosec.io\'','APV_588331384946c6cb125a317b411f0e25','\'Title: Arsenal: Kubescape - OSS security from left to right and everything in the middle
\nWhen: Sunday, Aug 11, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 1 - Map
\n
\nDescription:
\nAs a security practitioner, you may find yourself tasked with securing cloud-native applications. The problem is that there are so many moving parts, that you just wish somebody would shine a light on the alerts that count, so you could focus. You also wish somebody could automate away the trial and error involved in getting the really complex things like network policies and seccomp profiles just right.
\n\nSpeakerBio: ben@armosec.io, CTO & Co-Founder at ARMO
\nBen is a veteran cybersecurity and DevOps professional, as well as computer science lecturer. Today, he is the co-founder at ARMO, with a vision of making end-to-end Kubernetes security simple for everyone, and a core maintainer of the open source Kubescape project. He teaches advanced information security academically in both undergrad and graduate courses. In his previous capacities, he has been a security researcher and architect, pen-tester and lead developer at Cisco, NDS and Siemens.
\n\n\n\'',NULL,617739),('4_Sunday','12','11:00','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Arsenal 1','\'Arsenal: Kubescape - OSS security from left to right and everything in the middle\'','\'ben@armosec.io\'','APV_588331384946c6cb125a317b411f0e25','\'\'',NULL,617740),('2_Friday','11','11:30','11:50','N','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'SMOKE: Signature Management using Operational Knowledge and Environments\'','\'Tejas Patel\'','AIxCC_33f33cc18a2b3fe6f610c08f1ee47024','\'Title: SMOKE: Signature Management using Operational Knowledge and Environments
\nWhen: Friday, Aug 9, 11:30 - 11:50 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage - Map
\n
\nDescription:
\nLearn how DARPA\'s Signature Management using Operational Knowledge and Environments (SMOKE) program aims to develop data-driven tools to automate the planning and execution of emulated threat actor infrastructure needed for red team operations.
\n\nSpeakerBio: Tejas Patel, Program Manager at Defense Advanced Research Projects Agency (DARPA)
\nHacker Turned Program Manager! Don’t hold it against me!
\n\n\n\'',NULL,617741),('2_Friday','15','15:00','15:45','N','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'Closing the Software Vulnerability Gap\'','\'Dr. Kathleen Fisher\'','AIxCC_61d4c18000ea762f7a352fa000e43556','\'Title: Closing the Software Vulnerability Gap
\nWhen: Friday, Aug 9, 15:00 - 15:45 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage - Map
\n
\nDescription:
\nOur software systems are vulnerable. Imagine a world where they\'re not. DARPA\'s Information Innovation Office discusses the agency\'s mission in closing the software vulnerability gap
\n\nSpeakerBio: Dr. Kathleen Fisher, DARPA Information Innovation Office Director at DARPA
\nDr. Kathleen Fisher assumed the role of office director for DARPA’s Information Innovation Office (I2O) in May 2022. In this position, she leads program managers who are funding the development of programs, technologies, and capabilities to ensure an information advantage for the United States and its allies, and coordinates this work across the Department of Defense and U.S. government.
\n\nFisher was previously the deputy office director for I2O from October 2021 to April 2022. This is Fisher’s second tour at DARPA, having previously served as a program manager in I2O from 2011 to 2014. As a program manager, she conceptualized, created, and executed programs in high-assurance computing and machine learning. Her High-Assurance Cyber Military Systems (HACMS) and Probabilistic Programming for Advancing Machine Learning (PPAML) programs continue to benefit the Department of Defense and U.S. commercial industry.
\n\nFisher joined DARPA from Tufts University, where she was a professor in the Department of Computer Science, and served as chair of the department from 2016 to 2021. Earlier in her career, she was a principal member of the technical staff at AT&T Labs.
\n\nShe is a AAAS fellow, an ACM fellow, and a Hertz Foundation fellow. Fisher has served as chair of the ACM Special Interest Group in Programming Languages (SIGPLAN) and as program chair for three of SIGPLAN\'s marquee conferences: PLDI, OOPSLA, ICFP. She has also served as an associate editor for TOPLAS and as an editor of the Journal of Functional Programming.
\n\nFisher has long been a leader in the effort to increase diversity and inclusion in computer science. She was co-chair of the Computing Research Association\'s Committee on the Status of Women (CRA-W) for three years, and she co-founded SIGPLAN\'s Programming Language Mentoring Workshop (PLMW) series. Fisher is a recipient of the SIGPLAN Distinguished Service Award. She is a past chair of DARPA\'s Information Science and Technology (ISAT) Study Group and a member of the Board of Trustees of Harvey Mudd College.
\n\nFisher holds a doctorate in computer science from Stanford University.
\n\n\n\'',NULL,617742),('2_Friday','16','16:00','16:45','N','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'Industry Panel: The Modern Evolution of LLMs\'','\'Dr. Matt Turek,Heather Adkins,Jason Clinton,Matt Knight,David Weston\'','AIxCC_816d7371f84ed96a131588bd87dcc446','\'Title: Industry Panel: The Modern Evolution of LLMs
\nWhen: Friday, Aug 9, 16:00 - 16:45 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage - Map
\n
\nDescription:
\nAIxCC Collaborator Panel Discussion
\n\nSpeakers:Dr. Matt Turek,Heather Adkins,Jason Clinton,Matt Knight,David Weston
\n
\nSpeakerBio: Dr. Matt Turek, Deputy Office Director for DARPA\'s Information Innovation Office (I2O) at DARPA
\nDr. Matt Turek assumed the role of deputy office director for DARPA\'s Information Innovation Office (I2O) in May 2022. In this position, he provides technical leadership and works with program managers to envision, create, and transition capabilities that ensure enduring information advantage for the United States and its allies.
\n\nTurek joined DARPA in July 2018 as an I2O program manager, and served as acting deputy director of I2O from June 2021 to October 2021. He previously managed the Media Forensics (MediFor), Semantic Forensics (SemaFor), Machine Common Sense (MCS), and Explainable AI (XAI) programs as well as the Reverse Engineering of Deception (RED) AI Exploration program (AIE). His research interests include computer vision, machine learning, artificial intelligence, and their application to problems with significant societal impact.
\n\nPrior to his position at DARPA, Turek was at Kitware, Inc., where he led a team developing computer vision technologies. His research focused on multiple areas, including large scale behavior recognition and modeling; object detection and tracking; activity recognition; normalcy modeling and anomaly detection; and image indexing and retrieval. Turek has made significant contributions to multiple DARPA and Air Force Research Lab (AFRL) efforts and has transitioned large scale systems for operational use. Before joining Kitware, Turek worked for GE Global Research, conducting research in medical imaging and industrial inspection.
\n\nTurek holds a doctorate of philosophy in computer science from Rensselaer Polytechnic Institute, a Master of Science in electrical engineering from Marquette University, and a Bachelor of Science in electrical engineering from Clarkson University. His doctoral work focused on combinatorial optimization techniques for computer vision problems. Turek is a co-inventor on several patents and co-author of multiple publications, primarily in computer vision.
\n\nSpeakerBio: Heather Adkins, Vice President of Security Engineering at Google
\nHeather Adkins is a 22-year Google veteran and founding member of the Google Security Team. As head of Google’s Office of Cybersecurity Resilience she leads the efforts to maintain the safety and security of Google’s networks, systems and applications, and represents Google in government and industry forums globally. As deputy chair of CISA’s Cyber Safety Review Board, she works to isolate the root causes of major security incidents impacting national security and make recommendations to policy-makers, standards bodies, and industry on improving the safety posture of modern computing. She is co-author of Building Secure and Reliable Systems (O’Reilly, 2020), is sought out to speak at high-profile conferences, and serves on the BlackHat review board. Heather advises numerous organizations on how to adopt modern defendable architectures, is a strategic advisor for a number of publicly-traded cybersecurity companies, and is a member of the steering committee for the IST Ransomware Taskforce. She is passionate about election security and was a senior advisor on the Defending Digital Democracy project at the Harvard Kennedy School’s Belfer Center.
\n\nHeather Adkins, a seasoned cybersecurity expert with over two decades at Google, is a founding member of the Google Security Team. Currently heading Google\'s Office of Cybersecurity Resilience, she safeguards Google\'s vast digital infrastructure and represents the company in global technology and policy forums. Her influence extends to national security, as deputy chair of CISA\'s Cyber Safety Review Board, where she analyzes major security incidents and makes recommendations for policy-makers, standards bodies and industry. A recognized thought leader, Heather co-authored Building Secure and Reliable Systems (O’Reilly, 2020), is a sought-after speaker at major conferences, and serves on the BlackHat review board. She advises numerous organizations on modern security practices, including publicly-traded cybersecurity companies and as a member of the steering committee for the IST Ransomware Taskforce. A passionate advocate for election security, Heather served as a senior advisor on the Defending Digital Democracy project at Harvard\'s Kennedy School.
\n\nSpeakerBio: Jason Clinton, Chief Information Security Officer at Anthropic
\nJason is Chief Information Security Officer at Anthropic. Previously, he led Chrome Infrastructure Security at Google. Earlier work includes ChromeOS build integrity, Android Pay security, digital coupons, beowulf computing, and secure thin clients. He\'s the author of Ruby Phrasebook and contributed to the GNOME project.
\n\nSpeakerBio: Matt Knight, Head of Security at OpenAI
\nNo BIO available
\nSpeakerBio: David Weston, Microsoft
\nNo BIO available
\n\n\'',NULL,617743),('2_Friday','16','16:55','17:15','N','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'No Time for Complacency: The Stakes of AI in Cybersecurity\'','\'Heather Adkins\'','AIxCC_8082182d7eb8ffda6cbed6cfd5503c91','\'Title: No Time for Complacency: The Stakes of AI in Cybersecurity
\nWhen: Friday, Aug 9, 16:55 - 17:15 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage - Map
\n
\nDescription:
\nHeather Adkins will pull from over 25 years of experience, including responding to major security incidents that impacted national security, to detail how the threat landscape has evolved into what it is today with the introduction of AI. She\'ll provide lessons learned by the industry in applying AI for security over the years, and explain how AI can be used in arming cyber defenders tasked with protecting the critical infrastructure we rely upon every day.
\n\nSpeakerBio: Heather Adkins, Vice President of Security Engineering at Google
\nHeather Adkins is a 22-year Google veteran and founding member of the Google Security Team. As head of Google’s Office of Cybersecurity Resilience she leads the efforts to maintain the safety and security of Google’s networks, systems and applications, and represents Google in government and industry forums globally. As deputy chair of CISA’s Cyber Safety Review Board, she works to isolate the root causes of major security incidents impacting national security and make recommendations to policy-makers, standards bodies, and industry on improving the safety posture of modern computing. She is co-author of Building Secure and Reliable Systems (O’Reilly, 2020), is sought out to speak at high-profile conferences, and serves on the BlackHat review board. Heather advises numerous organizations on how to adopt modern defendable architectures, is a strategic advisor for a number of publicly-traded cybersecurity companies, and is a member of the steering committee for the IST Ransomware Taskforce. She is passionate about election security and was a senior advisor on the Defending Digital Democracy project at the Harvard Kennedy School’s Belfer Center.
\n\nHeather Adkins, a seasoned cybersecurity expert with over two decades at Google, is a founding member of the Google Security Team. Currently heading Google\'s Office of Cybersecurity Resilience, she safeguards Google\'s vast digital infrastructure and represents the company in global technology and policy forums. Her influence extends to national security, as deputy chair of CISA\'s Cyber Safety Review Board, where she analyzes major security incidents and makes recommendations for policy-makers, standards bodies and industry. A recognized thought leader, Heather co-authored Building Secure and Reliable Systems (O’Reilly, 2020), is a sought-after speaker at major conferences, and serves on the BlackHat review board. She advises numerous organizations on modern security practices, including publicly-traded cybersecurity companies and as a member of the steering committee for the IST Ransomware Taskforce. A passionate advocate for election security, Heather served as a senior advisor on the Defending Digital Democracy project at Harvard\'s Kennedy School.
\n\n\n\'',NULL,617744),('2_Friday','17','16:55','17:15','Y','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'No Time for Complacency: The Stakes of AI in Cybersecurity\'','\'Heather Adkins\'','AIxCC_8082182d7eb8ffda6cbed6cfd5503c91','\'\'',NULL,617745),('2_Friday','17','17:20','17:59','N','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'How Competitions Can Fuel Innovation\'','\'Mike Walker,Matt Knight,Ruoyu \"Fish\" Wang\'','AIxCC_baffbd7510180f45a291a82812df55f0','\'Title: How Competitions Can Fuel Innovation
\nWhen: Friday, Aug 9, 17:20 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage - Map
\n
\nDescription:
\nFireside Chat with Past Challenge Participants
\n\nSpeakers:Mike Walker,Matt Knight,Ruoyu \"Fish\" Wang
\n
\nSpeakerBio: Mike Walker, Senior Director at Microsoft Research
\nMike Walker is a Senior Director at Microsoft Research building special projects:
\n\n\n- Project Freta – A prototype exploration of automated memory introspection: trusted sensing of threats to power the future of automated cloud defense.
\n- Fuzzing for Developers – An open source self-hosted developer fuzzing platform for Azure developed in partnership with many of Microsoft’s core product teams.
\n
\n\nPrior to joining Microsoft, Mike led DARPA’s Cyber Grand Challenge, a two-year $58M contest to construct & compete the first prototypes of reasoning cyberdefense AI. In 2016 at the DEF CON hacking contest, these prototypes took their first flight into the game of hackers, Capture the Flag, landing zero-day exploits and writing patches in a fully autonomous battle. Read about these AI prototypes in the New York Times (opens in new tab), Wired, and Popular Science (opens in new tab) or watch Mike on 60 Minutes (opens in new tab).
\n\nMike has worked in a policy advisory role, testifying to the President’s Commission on Cybersecurity and serving as contributor and panelist to CNAS’s Surviving on a Diet of Poisoned Fruit. Prior to joining DARPA he worked as a research lab leader and principal vulnerability researcher focusing on tools to bring the power of supercompute automation to the field of software safety.
\n\nAs a principal at the Intrepidus Group, Mike worked on Red Teams that tested America’s financial and energy infrastructure for security weaknesses. As part of the DARPA SAFER Red Team, Mike discovered flaws in prototype anonymity technologies.
\n\nMike has played in and designed globally competitive hacking contests (“CTF”) and coached competitive hacking teams throughout his career.
\n\nSpeakerBio: Matt Knight, Head of Security at OpenAI
\nNo BIO available
\nSpeakerBio: Ruoyu \"Fish\" Wang, Assistant Professor at School of Computing and Augmented Intelligence
\nNo BIO available
\n\n\'',NULL,617746),('3_Saturday','10','10:00','10:45','N','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'Securing Health Care: AIxCC, DIGIHEALS, and UPGRADE\'','\'Dr. Jennifer Roberts,Dr. Susan Coller Monarez,Andrew Carney\'','AIxCC_968e90d36ec08f1e2423370b052a0204','\'Title: Securing Health Care: AIxCC, DIGIHEALS, and UPGRADE
\nWhen: Saturday, Aug 10, 10:00 - 10:45 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage - Map
\n
\nDescription:
\nARPA-H accelerates better health outcomes for everyone by supporting the development of high-impact solutions to society\'s most challenging health problems. Join us in discussing why strong cybersecurity security is a critical piece of healthcare innovation and how ARPA-H is enabling this through the AIxCC, DIGIHEALS, and UPGRADE programs.
\n\nSpeakers:Dr. Jennifer Roberts,Dr. Susan Coller Monarez,Andrew Carney
\n
\nSpeakerBio: Dr. Jennifer Roberts, Office Director of Resilient Systems at ARPA-HPhD
\nDr. Jennifer Roberts joined ARPA-H in February 2023 from the White House Office of Science and Technology Policy, where she was the assistant director of Health Technologies. She has a broad background in both engineering and computer science and has overseen research programs and strategy development on topics such as cyber security, healthcare data interoperability, artificial intelligence for synthetic biology, and information integrity.
\n\nBefore joining the White House, Roberts worked for the Defense Advanced Research Projects Agency as deputy director of the Information Innovation Office. During this time, she received the prestigious Superior Public Service Medal for her contributions to the fields of artificial intelligence and cyber security. Roberts has a Ph.D. in computer science from MIT, which she attended as both a National Science Foundation and Hertz Foundation Fellow.
\n\nSpeakerBio: Dr. Susan Coller Monarez, Deputy Director at ARPA-HPhD
\nDr. Susan Coller Monarez is a globally recognized leader with more than 20 years of experience in health innovation. Throughout her career, Monarez has focused on understanding the critical challenges within the health ecosystem and the greatest opportunities for innovation to meet these challenges. Prior to serving as ARPA-H deputy director, Monarez led innovation at the Health Resources and Services Administration, focused on ethical use of AI/ML to support improved health outcomes, novel approaches to addressing social determinants of health, expanding access to behavioral health, ending the opioid epidemic, addressing health equity gaps in maternal and infant mortality, and improving the country’s organ donation and transplantation programs.
\n\nMonarez has also served at the White House as the assistant director for National Health Security and International Affairs in the Office of Science and Technology Policy and as the director of Medical Preparedness Policy on the National Security Council. In both White House roles, she led efforts to enhance the nation’s biomedical innovation capabilities including combating antibiotic resistant bacteria and MDR/XDR TB, expanding telehealth and remote patient monitoring, establishing safeguards to ensure personal health data privacy, and improving pandemic preparedness. Monarez led the development of several Presidential-level national strategies, action plans, and policy directives related to domestic and global health.
\n\nMonarez also served in leadership positions at the Homeland Security Advanced Research Projects Agency within the Department of Homeland Security and the Biomedical Advanced Research Projects Agency within HHS. In addition to leadership roles within the federal government, Monarez has served on numerous advisory panels, including for the National Academies of Science, the National Science Advisory Board for Biosecurity, and the Organization for Economic Cooperation and Development. Monarez has also served as the U.S. representative on several international cooperative initiatives including with the European Union, Canada, France, the Netherlands, and the United Kingdom in bilateral and multilateral engagements.
\n\nMonarez was a Science and Technology Policy fellow with the American Association for the Advancement of Science. Prior to government service, Monarez was a postdoctoral fellow and graduate student, respectively, at Stanford University and the University of Wisconsin, where she focused on technology development to prevent, diagnose, and treat infectious diseases with a focus on people living in low- and middle-income countries.
\n\nSpeakerBio: Andrew Carney, Program Manager at Advanced Research Projects Agency for Health (ARPA-H)
\nAndrew Carney joined ARPA-H in July 2023 from HSBC’s Cybersecurity Science and Analytics group, where he worked as a principal researcher. He has over 15 years of experience in software and hardware vulnerability research, technical education and training, and management of research and development teams.
\n\nIn addition to his role as program manager with ARPA-H, Carney holds a joint program manager appointment with the Defense Advanced Research Projects Agency (DARPA) for the AI Cyber Challenge (AIxCC), a competition focused on securing software in critical infrastructure. Before HSBC, Carney was a technical advisor and contractor for the Defense Advanced Research Projects Agency (DARPA). At DARPA, he supported research efforts focused on reverse engineering, program analysis, human-machine teaming, and automated program repair. Throughout his career, Carney has been involved in competitive hacking (called Capture the Flag, or CTF) as both a player and a competition organizer. He holds a master’s degree in computer science from The Johns Hopkins University.
\n\n\n\'',NULL,617747),('3_Saturday','11','11:30','11:50','N','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'Spotting Deepfakes in a World with Generative AI\'','\'Dr. William Corvey\'','AIxCC_325f42d83597376a18531bb3894f847c','\'Title: Spotting Deepfakes in a World with Generative AI
\nWhen: Saturday, Aug 10, 11:30 - 11:50 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage - Map
\n
\nDescription:
\nLearn about DARPA\'s approach to developing tools to identify and flag multi-model media assets that have been generated or malicious purposes under the Semantic Forensics (SemaFor) program.
\n\nSpeakerBio: Dr. William Corvey, SEMAFOR Program Manager at DARPA Information Innovation Office
\nDr. Wil Corvey joined DARPA as a program manager in the Information Innovation Office (I2O) in June 2020 to develop, execute, and transition programs in human language technology, artificial intelligence, and related areas. Prior to joining DARPA, Corvey served as a computational linguist with the United States Department of Defense. In this role they performed human language technology R&D, including multilingual natural language processing, information retrieval, and machine learning, with experience in knowledge-based, statistical, and neural techniques for automated linguistic analysis.
\n\n\n\'',NULL,617748),('3_Saturday','14','14:00','14:20','N','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'The Cat-and-Mouse Game of Adversarial Artificial Intelligence\'','\'Alvaro Velasquez\'','AIxCC_41d853d682a945fd6b1a89efc50461b1','\'Title: The Cat-and-Mouse Game of Adversarial Artificial Intelligence
\nWhen: Saturday, Aug 10, 14:00 - 14:20 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage - Map
\n
\nDescription:
\nAdversarial AI has come a long way since its resurgence ten years ago. In this talk, we discuss how the landscape of attacks and defenses has shifted in recent years as a result of DARPA’s program on Guaranteeing AI Robustness against Deception (GARD) as well as the rise of LLMs.
\n\nSpeakerBio: Alvaro Velasquez, GARD Program Manager at DARPA Information Innovation Office
\nDr. Alvaro Velasquez joined DARPA in August of 2022 as a program manager focused on artificial intelligence. His current research interests are at the intersection of formal language theory and machine learning for sequential decision-making. He holds an interdisciplinary research record of more than 50 publications, including work in the areas of artificial intelligence, combinatorial optimization, and logic and circuit design.
\n\n\n\'',NULL,617749),('3_Saturday','14','14:30','14:59','N','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'Establishing the first Open Source Program Office at a United States Federal Agency\'','\'Remy DeCausemaker\'','AIxCC_fc3510cbc35d6ee4bad1fbb0cf7ba0b4','\'Title: Establishing the first Open Source Program Office at a United States Federal Agency
\nWhen: Saturday, Aug 10, 14:30 - 14:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage - Map
\n
\nDescription:
\nOpen Source Program Offices (OSPOs) are an increasingly adopted approach to establishing and cultivating a culture of contribution. The Digital Service at CMS.gov will share the programs, policies, and projects they’re building to identify and mitigate continuity and security risks in the software supply chain across the Federal Ecosystem.
\n\nSpeakerBio: Remy DeCausemaker, Open Source Lead at Center for Medicare and Medicaid Services
\nWearing the Suit so Hackers don’t have to.
\n\n\n\'',NULL,617750),('3_Saturday','15','15:00','15:30','N','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'Contextualizing Open Source Software’s Importance to CISA\'s Mission\'','\'Aeva Black\'','AIxCC_aa3e85280005a7ccbb1443536f3e9a5b','\'Title: Contextualizing Open Source Software’s Importance to CISA\'s Mission
\nWhen: Saturday, Aug 10, 15:00 - 15:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage - Map
\n
\nDescription:
\n\n\nSpeakerBio: Aeva Black, DHS Cyber Security and Infrastructure Security Agency
\nAeva Black is an open-source hacker and international public speaker with 25 years of experience building digital infrastructure and leading open-source projects. They previously served on the OpenSSF Technical Advisory Committee, OpenStack Technical Committee, Kubernetes Code of Conduct Committee, and led open-source security strategy within the Microsoft Azure Office of the CTO. In their spare time, Aeva serves on the Board of the Open-Source Initiative and enjoys riding motorcycles and supporting the local LGBTQ+ community.
\n\n\n\'',NULL,617751),('3_Saturday','15','15:45','16:30','N','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'A Reverse Engineer\'s Guide to AI Interpretability\'','\'Dr. Andrew Fasano\'','AIxCC_de3f16e28506967016681fa7d5f939c9','\'Title: A Reverse Engineer\'s Guide to AI Interpretability
\nWhen: Saturday, Aug 10, 15:45 - 16:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage - Map
\n
\nDescription:
\nWhile the world buzzes about AI-augmented reverse engineering, what about turning the tables and reverse engineering AI itself? As artificial intelligence systems grow increasingly complex and pervasive, decoding their inner workings has become not just a fun challenge, but a critical necessity. This talk introduces the emerging field of mechanistic interpretability to the reverse engineering community, revealing how the frontier of AI research is reinventing wheels long familiar to RE experts. We\'ll explore how traditional reverse engineering techniques are finding new life in dissecting neural networks, and why the RE community\'s hard-earned wisdom is more relevant than ever in the age of AI.
\n\nSpeakerBio: Dr. Andrew Fasano, Cyber System Assessments at MIT Lincoln Laboratory
\nDr. Andrew Fasano is a member of the technical staff in the Cyber System Assessment group at MIT Lincoln Laboratory. A former DEF CON CTF team captain, he holds a PhD from Northeastern University and is a maintainer of multiple open-source reverse engineering tools. Recently, Dr. Fasano has been applying his reverse engineering expertise to the emerging field of AI interpretability.
\n\n\n\'',NULL,617752),('3_Saturday','16','15:45','16:30','Y','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'A Reverse Engineer\'s Guide to AI Interpretability\'','\'Dr. Andrew Fasano\'','AIxCC_de3f16e28506967016681fa7d5f939c9','\'\'',NULL,617753),('3_Saturday','17','17:15','17:59','N','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'Visualizing AIxCC: Bringing Your Code to Life\'','\'Mark Griffin\'','AIxCC_6a704545bf4351e42ae833c1ff0147a6','\'Title: Visualizing AIxCC: Bringing Your Code to Life
\nWhen: Saturday, Aug 10, 17:15 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage - Map
\n
\nDescription:
\nThere are few opportunities to learn how code can be transformed into a visualization project. Tune in as Mark Griffin from UnDaunted shares about how his team took the competitor submissions and translated them into the AIxCC competition experience at DEF CON.
\n\nSpeakerBio: Mark Griffin, Undaunted
\nI’m an developer, hacker, and software explainer.
\n\nAfter writing/reading software and finding bugs in code professionally for over a decade, I became fascinated by how people understand and interact with code… so I’ve made it my mission to help people see and understand code better.
\n\nI started my career in a variety of cyber security roles: doing network traffic analysis, analyzing code security, reverse-engineering malware, etc. Along the way I’ve been lucky to have worked with truly awesome people on cool projects, and have done a bunch of amazing and random things like:
\n\n\n- Spoke at ShmooCon and several smaller conferences
\n- Wrote code for a variety of projects in areas like custom debugging, security, fuzzing, and RE (such as bncov and Ariadne)
\n- Served as adjunct faculty, instructor, and trainer in several roles, including teaching an undergrad course
\n- Found some bugs in well known-software (some public CVEs, but mostly private engagements on software ranging from embedded systems to decentralized finance)
\n- Played in numerous Capture-the-Flag (CTF) computer security competitions, and helped organize a couple (such as LiveCTF)
\n
\n\n\n\'',NULL,617754),('4_Sunday','11','11:30','12:15','N','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'From research to release: Transferring AIxCC results to open source software\'','\'Dr. David A. Wheeler,Jeff Diecks,Chris Aniszczyk\'','AIxCC_f6234eab60abe5fefe55045ebc16581d','\'Title: From research to release: Transferring AIxCC results to open source software
\nWhen: Sunday, Aug 11, 11:30 - 12:15 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage - Map
\n
\nDescription:
\nFireside Chat on the importance of open-sourcing solutions and how AIxCC\'s approach can have a far-reaching, positive impact\nDavid A. Wheeler, Director of Open Source Supply Chain Security, Open Source Security Foundation (OpenSSF)\nJeff Diecks, Technical Project Manager - AIxCC, Open Source Security Foundation (Open SSF)\nChris Aniszczyk, CTO, Cloud Native Computing Foundation (CNCF)
\n\nSpeakers:Dr. David A. Wheeler,Jeff Diecks,Chris Aniszczyk
\n
\nSpeakerBio: Dr. David A. Wheeler, Director of Open Source Supply Chain Security at Open Source Security Foundation (OpenSSF)
\n\"Dr. David A. Wheeler is an expert on open source software (OSS) and on developing secure software. His works on developing secure software include \"\"Secure Programming HOWTO\"\", the Open Source Security Foundation (OpenSSF) Secure Software Development Fundamentals Courses, and \"\"Fully Countering Trusting Trust through Diverse Double-Compiling (DDC)\"\". He also helped develop the 2009 U.S. Department of Defense (DoD) policy on OSS. Other works of his include \"\"Software Inspection: An Industry Best Practice\"\" and \"\"Ada 95: The Lovelace Tutorial\"\".
\n\nDavid A. Wheeler is the Director of Open Source Supply Chain Security at the Linux Foundation and teaches a graduate course in developing secure software at George Mason University (GMU). Dr. Wheeler has a PhD in Information Technology, a Master\'s in Computer Science, a certificate in Information Security, a certificate in Software Engineering, and a B.S. in Electronics Engineering, all from George Mason University (GMU). He is a Certified Information Systems Security Professional (CISSP) and a Senior Member of the Institute of Electrical and Electronics Engineers (IEEE).\"
\n\nSpeakerBio: Jeff Diecks
\nJeff Diecks has more than two decades of experience in technology and communications with a diverse background in operations, project management and executive leadership. A participant in open source since 1999, he’s delivered digital products and applications for dozens of universities, six professional sports leagues, state governments, global media companies, non-profits, and corporate clients.
\n\nJeff spent 14 years in the digital agency space, scaling a team to more than 90 people and leading it through a successful acquisition and exits of the co-founders. Prior to agency work, he managed operations teams at Turner Broadcasting and produced the web site for Major League Soccer in its early years (when FTP’ing flat HTML files was a thing).
\n\nJeff and his wife live in Alpharetta, GA, and are parents of a current sophomore at SCAD Atlanta.
\n\nSpeakerBio: Chris Aniszczyk, Cloud Native Computing Foundation (CNCF)
\nChris Aniszczyk is an open source technologist with a passion for building a better world through open collaboration. He\'s currently a CTO at the Linux Foundation focused on developer experience and running the Cloud Native Computing Foundation (CNCF). Furthermore, he\'s a Partner at Capital Factory where he focuses on mentoring, advising and investing in open source and infrastructure focused startups. In a previous life, he created Twitter/X\'s open source program and led their open source efforts. He also served for many years on the Eclipse Foundation\'s Board of Directors representing the committer community and the Java Community Process (JCP) Executive Committee.
\n\n\n\'',NULL,617755),('4_Sunday','12','11:30','12:15','Y','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'From research to release: Transferring AIxCC results to open source software\'','\'Dr. David A. Wheeler,Jeff Diecks,Chris Aniszczyk\'','AIxCC_f6234eab60abe5fefe55045ebc16581d','\'\'',NULL,617756),('4_Sunday','13','13:15','13:59','N','AIxCC','LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage','\'The Challenge in Building a Challenge\'','\'\'','AIxCC_2af9385e0cf5f887f0329843e9bc7ee3','\'Title: The Challenge in Building a Challenge
\nWhen: Sunday, Aug 11, 13:15 - 13:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-06/HW3-05-06-Stage - Map
\n
\nDescription:
\nTechnical challenge development team presentation
\n\n\'',NULL,617757),('2_Friday','13','13:30','13:45','N','CPV','LVCC West/Floor 1/Hall 2/HW2-09-02','\'Surprise Talk\'','\'Rachel Cummings\'','CPV_1461a5ab415dc93d97a2e8762110f32f','\'Title: Surprise Talk
\nWhen: Friday, Aug 9, 13:30 - 13:45 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-02 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Rachel Cummings, Associate Professor of Industrial Engineering and Operations Research at Columbia University
\nDr. Rachel Cummings is an Associate Professor of Industrial Engineering and Operations Research and (by courtesy) Computer Science at Columbia University, where she is also a member of the Data Science Institute and co-chairs the Cybersecurity Research Center. She is also a Fellow at the Center for Democracy & Technology. Before joining Columbia, she was an Assistant Professor of Industrial and Systems Engineering and (by courtesy) Computer Science at the Georgia Institute of Technology, and she previously received her Ph.D. in Computing and Mathematical Sciences at the California Institute of Technology. Her research interests lie primarily in data privacy, with connections to machine learning, algorithmic economics, optimization, statistics, and public policy. Dr. Cummings is the recipient of numerous awards including an NSF CAREER award, a DARPA Young Faculty Award, a DARPA Director\'s Fellowship, an Early Career Impact Award, multiple industry research awards, a Provost’s Teaching Award, two doctoral dissertation awards, and Best Paper Awards at DISC 2014, CCS 2021, and SaTML 2023. Dr. Cummings also serves on the ACM U.S. Technology Policy Committee, the IEEE Standards Association, and the Future of Privacy Forum\'s Advisory Board.
\n\n\n\'',NULL,617758),('3_Saturday','15','15:00','16:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3','\'Activity: API Security 101: Testing and Trivia by Akto.io\'','\'Ankush Jain,Ankita Gupta\'','APV_92a0f273aa14298e4fa46fd60083b80f','\'Title: Activity: API Security 101: Testing and Trivia by Akto.io
\nWhen: Saturday, Aug 10, 15:00 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3 - Map
\n
\nDescription:
\nIn this activity, participants will see an API Security presentation with examples and engage in a trivia game centered around the topic.
\n\nLearn about the wide range of API vulnerabilities with real-world examples of data breaches and what it means to secure APIs through tests. And then it’s trivia time!
\n\nParticipants will have to answer 10-15 questions on API Security based on their learnings. You will get swags for each answer you get right!
\n\nSpeakers:Ankush Jain,Ankita Gupta
\n
\nSpeakerBio: Ankush Jain, Co-founder & CTO at Akto
\nAnkush is the co-founder & CTO at Akto (https://www.akto.io). Prior to starting Akto he worked at CleverTap as VP of Engineering. He has also worked for 5 years as a Quant at Morgan Stanley. He has acquired US patents at Microsoft at CleverTap.
\n\nSpeakerBio: Ankita Gupta
\nNo BIO available
\n\n\'',NULL,617759),('3_Saturday','16','15:00','16:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3','\'Activity: API Security 101: Testing and Trivia by Akto.io\'','\'Ankush Jain,Ankita Gupta\'','APV_92a0f273aa14298e4fa46fd60083b80f','\'\'',NULL,617760),('3_Saturday','11','11:00','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2','\'Activity: API Security 101: Testing and Trivia by Akto.io\'','\'Ankush Jain,Ankita Gupta\'','APV_8431345e223b580dd41484d5cb9d07e4','\'Title: Activity: API Security 101: Testing and Trivia by Akto.io
\nWhen: Saturday, Aug 10, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2 - Map
\n
\nDescription:
\nIn this activity, participants will see an API Security presentation with examples and engage in a trivia game centered around the topic.
\n\nLearn about the wide range of API vulnerabilities with real-world examples of data breaches and what it means to secure APIs through tests. And then it’s trivia time!
\n\nParticipants will have to answer 10-15 questions on API Security based on their learnings. You will get swags for each answer you get right!
\n\nSpeakers:Ankush Jain,Ankita Gupta
\n
\nSpeakerBio: Ankush Jain, Co-founder & CTO at Akto
\nAnkush is the co-founder & CTO at Akto (https://www.akto.io). Prior to starting Akto he worked at CleverTap as VP of Engineering. He has also worked for 5 years as a Quant at Morgan Stanley. He has acquired US patents at Microsoft at CleverTap.
\n\nSpeakerBio: Ankita Gupta
\nNo BIO available
\n\n\'',NULL,617761),('3_Saturday','12','11:00','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2','\'Activity: API Security 101: Testing and Trivia by Akto.io\'','\'Ankush Jain,Ankita Gupta\'','APV_8431345e223b580dd41484d5cb9d07e4','\'\'',NULL,617762),('2_Friday','13','13:00','14:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1','\'Activity: Capture the Container by Chainguard\'','\'Jonathan Leitschuh\'','APV_dfb4fa41c2b002453b6ba6c8d94f65b0','\'Title: Activity: Capture the Container by Chainguard
\nWhen: Friday, Aug 9, 13:00 - 14:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1 - Map
\n
\nDescription:
\nJoin us for an exhilarating container security CTF where you can go head-to-head with your peers. In this session, we will explore the world of container security, including image analysis, enumeration, and the most up-to-date container escape techniques. Put your skills to the test and compete for the top spot! Participants will gain valuable knowledge in container security and have the chance to win some exciting prizes. Don\'t miss out on this thrilling opportunity to showcase your expertise!
\n\nSpeakerBio: Jonathan Leitschuh
\nNo BIO available
\n\n\'',NULL,617763),('2_Friday','14','13:00','14:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1','\'Activity: Capture the Container by Chainguard\'','\'Jonathan Leitschuh\'','APV_dfb4fa41c2b002453b6ba6c8d94f65b0','\'\'',NULL,617764),('3_Saturday','11','11:00','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3','\'Activity: Capture the Container by Chainguard\'','\'Jonathan Leitschuh\'','APV_664ab573b35c2af690e9fc4680631610','\'Title: Activity: Capture the Container by Chainguard
\nWhen: Saturday, Aug 10, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3 - Map
\n
\nDescription:
\nJoin us for an exhilarating container security CTF where you can go head-to-head with your peers. In this session, we will explore the world of container security, including image analysis, enumeration, and the most up-to-date container escape techniques. Put your skills to the test and compete for the top spot! Participants will gain valuable knowledge in container security and have the chance to win some exciting prizes. Don\'t miss out on this thrilling opportunity to showcase your expertise!
\n\nSpeakerBio: Jonathan Leitschuh
\nNo BIO available
\n\n\'',NULL,617765),('3_Saturday','12','11:00','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3','\'Activity: Capture the Container by Chainguard\'','\'Jonathan Leitschuh\'','APV_664ab573b35c2af690e9fc4680631610','\'\'',NULL,617766),('4_Sunday','11','11:00','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1','\'Activity: Hacking Developers’ Trust – Faking GitHub Contribution by Checkmarx\'','\'Tal Folkman,Ori Ron,Mário Leitão-Teixeira\'','APV_3f3666e792280a6c783cdda643ff3479','\'Title: Activity: Hacking Developers’ Trust – Faking GitHub Contribution by Checkmarx
\nWhen: Sunday, Aug 11, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1 - Map
\n
\nDescription:
\nJoin us for a revealing exploration of open-source trust and its vulnerabilities. In this captivating activity, we will delve into the fascinating world of developer credibility and the unsettling phenomenon of faking GitHub contributions. With open source becoming an integral part of software development, we find ourselves relying on strangers to provide us with code. Trust is often based on factors like the number of stars on a package or the credibility of the package’s maintainer on GitHub. However, what if I told you that all of this could be convincingly spoofed?
\n\nSpeakers:Tal Folkman,Ori Ron,Mário Leitão-Teixeira
\n
\nSpeakerBio: Tal Folkman
\nTal brings over 7 years of experience to her role as a supply chain security research team lead within Checkmarx Supply Chain Security group. She is in charge of detecting tracking and stopping Opensource attacks.
\n\nSpeakerBio: Ori Ron
\nOri Ron, an experienced Application Security Researcher at Checkmarx, joined the company in 2016. With over eight years of expertise in the field, Ori specializes in identifying and mitigating security vulnerabilities in software systems. His research spans the application security aspects of many programming languages, technologies, and environments.
\n\nSpeakerBio: Mário Leitão-Teixeira
\n\"Vulnerability\" is part of my daily vocabulary at Checkmarx, and I never get sick of it. I dub myself a \'self-certified idiot\' because I love learning and hatching ideas. So much, that I\'ve made brainstorming a hobby and kickstarted a team initiative to keep us on the pulse of InfoSec. As a result, we have learned about CVSSv4 before it was cool.
\n\nWell, CVSSv4 isn\'t cool yet since it\'s yet to be fully adopted, but in the meantime, I\'ve researched and come up with this talk.\nI wasn\'t given the opportunity to win a \'Best Speaker\' award yet. However, I published a few blog posts for Checkmarx and am brewing many other initiatives. I\'m also currently studying to pass the CEH certification. Contributing to the AppSec Village at RSAC in San Francisco last year. Check.
\n\nBeyond the keyboard, you catch me reading, writing, or practicing martial arts. As in cybersecurity, I seek constant learning.
\n\n\n\'',NULL,617767),('4_Sunday','12','11:00','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1','\'Activity: Hacking Developers’ Trust – Faking GitHub Contribution by Checkmarx\'','\'Tal Folkman,Ori Ron,Mário Leitão-Teixeira\'','APV_3f3666e792280a6c783cdda643ff3479','\'\'',NULL,617768),('2_Friday','15','15:00','16:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3','\'Activity: Hacking Developers’ Trust – Faking GitHub Contribution by Checkmarx\'','\'Tal Folkman,Ori Ron,Mário Leitão-Teixeira\'','APV_e057c724109bc2eeaf7470365a8351f6','\'Title: Activity: Hacking Developers’ Trust – Faking GitHub Contribution by Checkmarx
\nWhen: Friday, Aug 9, 15:00 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3 - Map
\n
\nDescription:
\nJoin us for a revealing exploration of open-source trust and its vulnerabilities. In this captivating activity, we will delve into the fascinating world of developer credibility and the unsettling phenomenon of faking GitHub contributions. With open source becoming an integral part of software development, we find ourselves relying on strangers to provide us with code. Trust is often based on factors like the number of stars on a package or the credibility of the package’s maintainer on GitHub. However, what if I told you that all of this could be convincingly spoofed?
\n\nSpeakers:Tal Folkman,Ori Ron,Mário Leitão-Teixeira
\n
\nSpeakerBio: Tal Folkman
\nTal brings over 7 years of experience to her role as a supply chain security research team lead within Checkmarx Supply Chain Security group. She is in charge of detecting tracking and stopping Opensource attacks.
\n\nSpeakerBio: Ori Ron
\nOri Ron, an experienced Application Security Researcher at Checkmarx, joined the company in 2016. With over eight years of expertise in the field, Ori specializes in identifying and mitigating security vulnerabilities in software systems. His research spans the application security aspects of many programming languages, technologies, and environments.
\n\nSpeakerBio: Mário Leitão-Teixeira
\n\"Vulnerability\" is part of my daily vocabulary at Checkmarx, and I never get sick of it. I dub myself a \'self-certified idiot\' because I love learning and hatching ideas. So much, that I\'ve made brainstorming a hobby and kickstarted a team initiative to keep us on the pulse of InfoSec. As a result, we have learned about CVSSv4 before it was cool.
\n\nWell, CVSSv4 isn\'t cool yet since it\'s yet to be fully adopted, but in the meantime, I\'ve researched and come up with this talk.\nI wasn\'t given the opportunity to win a \'Best Speaker\' award yet. However, I published a few blog posts for Checkmarx and am brewing many other initiatives. I\'m also currently studying to pass the CEH certification. Contributing to the AppSec Village at RSAC in San Francisco last year. Check.
\n\nBeyond the keyboard, you catch me reading, writing, or practicing martial arts. As in cybersecurity, I seek constant learning.
\n\n\n\'',NULL,617769),('2_Friday','16','15:00','16:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3','\'Activity: Hacking Developers’ Trust – Faking GitHub Contribution by Checkmarx\'','\'Tal Folkman,Ori Ron,Mário Leitão-Teixeira\'','APV_e057c724109bc2eeaf7470365a8351f6','\'\'',NULL,617770),('2_Friday','11','11:00','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3','\'Activity: Spot the Reachable by Backslash\'','\'Czesia Glik,Yossi Pik\'','APV_a437b36715b1fb20757945b49a430d41','\'Title: Activity: Spot the Reachable by Backslash
\nWhen: Friday, Aug 9, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3 - Map
\n
\nDescription:
\nFind the reachable one! You’ve got 18x18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go! You\'ll have 5 minutes to place the cards in the correct order and find the true positive(s). The winner? Whoever finds the solution in the shortest amount of time!
\n\nSpeakers:Czesia Glik,Yossi Pik
\n
\nSpeakerBio: Czesia Glik
\nNo BIO available
\nSpeakerBio: Yossi Pik, CTO & Co-Founder at Backslash Security
\nNo BIO available
\n\n\'',NULL,617771),('2_Friday','12','11:00','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3','\'Activity: Spot the Reachable by Backslash\'','\'Czesia Glik,Yossi Pik\'','APV_a437b36715b1fb20757945b49a430d41','\'\'',NULL,617772),('3_Saturday','13','13:00','14:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1','\'Activity: Spot the Reachable by Backslash\'','\'Czesia Glik,Yossi Pik\'','APV_09ab16fd440002a6c0af364f2ae42231','\'Title: Activity: Spot the Reachable by Backslash
\nWhen: Saturday, Aug 10, 13:00 - 14:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1 - Map
\n
\nDescription:
\nFind the reachable one! You’ve got 18x18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go! You\'ll have 5 minutes to place the cards in the correct order and find the true positive(s). The winner? Whoever finds the solution in the shortest amount of time!
\n\nSpeakers:Czesia Glik,Yossi Pik
\n
\nSpeakerBio: Czesia Glik
\nNo BIO available
\nSpeakerBio: Yossi Pik, CTO & Co-Founder at Backslash Security
\nNo BIO available
\n\n\'',NULL,617773),('3_Saturday','14','13:00','14:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1','\'Activity: Spot the Reachable by Backslash\'','\'Czesia Glik,Yossi Pik\'','APV_09ab16fd440002a6c0af364f2ae42231','\'\'',NULL,617774),('3_Saturday','15','15:00','16:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1','\'Activity: Spot the Reachable by Backslash\'','\'Czesia Glik,Yossi Pik\'','APV_4a0c6cf5ff75fbbcafb6dc68d5622ad7','\'Title: Activity: Spot the Reachable by Backslash
\nWhen: Saturday, Aug 10, 15:00 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1 - Map
\n
\nDescription:
\nFind the reachable one! You’ve got 18x18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go! You\'ll have 5 minutes to place the cards in the correct order and find the true positive(s). The winner? Whoever finds the solution in the shortest amount of time!
\n\nSpeakers:Czesia Glik,Yossi Pik
\n
\nSpeakerBio: Czesia Glik
\nNo BIO available
\nSpeakerBio: Yossi Pik, CTO & Co-Founder at Backslash Security
\nNo BIO available
\n\n\'',NULL,617775),('3_Saturday','16','15:00','16:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1','\'Activity: Spot the Reachable by Backslash\'','\'Czesia Glik,Yossi Pik\'','APV_4a0c6cf5ff75fbbcafb6dc68d5622ad7','\'\'',NULL,617776),('3_Saturday','13','13:00','14:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3','\'Activity: Spot the Secrets: Finding Secrets Throughout Your Environments by GitGuardian\'','\'mcdwayne\'','APV_b2bab3a34f100b2c85e9ed53b50d6ffe','\'Title: Activity: Spot the Secrets: Finding Secrets Throughout Your Environments by GitGuardian
\nWhen: Saturday, Aug 10, 13:00 - 14:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3 - Map
\n
\nDescription:
\nBefore you can deal with secrets sprawl, you first need to understand how deep the issue of plaintext secrets can be. Improperly stored and shared secrets are a problem beyond just the top layer of code you put in production. It affects feature branches, old commits, logs, and communication and collaboration tools.
\n\nIn this exercise, you will be challenged to find all the secrets and then use a special tool to quickly validate the secrets and your work. Walk away from this exercise ready to apply the lessons learned to make your organization safer in no time.
\n\nSpeakerBio: mcdwayne
\nDwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.
\n\n\n\'',NULL,617777),('3_Saturday','14','13:00','14:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3','\'Activity: Spot the Secrets: Finding Secrets Throughout Your Environments by GitGuardian\'','\'mcdwayne\'','APV_b2bab3a34f100b2c85e9ed53b50d6ffe','\'\'',NULL,617778),('2_Friday','15','15:00','16:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2','\'Activity: Spot the Secrets: Finding Secrets Throughout Your Environments by GitGuardian\'','\'mcdwayne\'','APV_e35d43d8d0b5de2682fd3bbecc8d0654','\'Title: Activity: Spot the Secrets: Finding Secrets Throughout Your Environments by GitGuardian
\nWhen: Friday, Aug 9, 15:00 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2 - Map
\n
\nDescription:
\nBefore you can deal with secrets sprawl, you first need to understand how deep the issue of plaintext secrets can be. Improperly stored and shared secrets are a problem beyond just the top layer of code you put in production. It affects feature branches, old commits, logs, and communication and collaboration tools.
\n\nIn this exercise, you will be challenged to find all the secrets and then use a special tool to quickly validate the secrets and your work. Walk away from this exercise ready to apply the lessons learned to make your organization safer in no time.
\n\nSpeakerBio: mcdwayne
\nDwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.
\n\n\n\'',NULL,617779),('2_Friday','16','15:00','16:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2','\'Activity: Spot the Secrets: Finding Secrets Throughout Your Environments by GitGuardian\'','\'mcdwayne\'','APV_e35d43d8d0b5de2682fd3bbecc8d0654','\'\'',NULL,617780),('2_Friday','11','11:00','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2','\'Activity: Spot the Secrets: Finding Secrets Throughout Your Environments by GitGuardian\'','\'mcdwayne\'','APV_3d6372c03a909d92f5db185d0fcf3d48','\'Title: Activity: Spot the Secrets: Finding Secrets Throughout Your Environments by GitGuardian
\nWhen: Friday, Aug 9, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2 - Map
\n
\nDescription:
\nBefore you can deal with secrets sprawl, you first need to understand how deep the issue of plaintext secrets can be. Improperly stored and shared secrets are a problem beyond just the top layer of code you put in production. It affects feature branches, old commits, logs, and communication and collaboration tools.
\n\nIn this exercise, you will be challenged to find all the secrets and then use a special tool to quickly validate the secrets and your work. Walk away from this exercise ready to apply the lessons learned to make your organization safer in no time.
\n\nSpeakerBio: mcdwayne
\nDwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.
\n\n\n\'',NULL,617781),('2_Friday','12','11:00','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2','\'Activity: Spot the Secrets: Finding Secrets Throughout Your Environments by GitGuardian\'','\'mcdwayne\'','APV_3d6372c03a909d92f5db185d0fcf3d48','\'\'',NULL,617782),('2_Friday','13','13:00','14:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3','\'Activity: Test Your AppSec Knowledge by Deepfactor\'','\'Mike Larkin\'','APV_cb91d0e73460705a3ae6351d3aad2c6e','\'Title: Activity: Test Your AppSec Knowledge by Deepfactor
\nWhen: Friday, Aug 9, 13:00 - 14:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3 - Map
\n
\nDescription:
\nIt\'s in the Cards! Pick 5 cards with random levels of difficulty. Answer questions ranging from true/false to multiple choice to spot the vulnerable code. Test your knowledge on risky deployment scenarios, rack up the points, and get to the top of the leaderboard to win!
\n\nSpeakerBio: Mike Larkin
\nNo BIO available
\n\n\'',NULL,617783),('2_Friday','14','13:00','14:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3','\'Activity: Test Your AppSec Knowledge by Deepfactor\'','\'Mike Larkin\'','APV_cb91d0e73460705a3ae6351d3aad2c6e','\'\'',NULL,617784),('2_Friday','11','11:00','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1','\'Activity: Vulnerability Hunt - The Snippets Edition\'','\'Mário Leitão-Teixeira\'','APV_4c32cfe1fb0084b45e316988983bc541','\'Title: Activity: Vulnerability Hunt - The Snippets Edition
\nWhen: Friday, Aug 9, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1 - Map
\n
\nDescription:
\nPut your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
\n\nSpeakerBio: Mário Leitão-Teixeira
\n\"Vulnerability\" is part of my daily vocabulary at Checkmarx, and I never get sick of it. I dub myself a \'self-certified idiot\' because I love learning and hatching ideas. So much, that I\'ve made brainstorming a hobby and kickstarted a team initiative to keep us on the pulse of InfoSec. As a result, we have learned about CVSSv4 before it was cool.
\n\nWell, CVSSv4 isn\'t cool yet since it\'s yet to be fully adopted, but in the meantime, I\'ve researched and come up with this talk.\nI wasn\'t given the opportunity to win a \'Best Speaker\' award yet. However, I published a few blog posts for Checkmarx and am brewing many other initiatives. I\'m also currently studying to pass the CEH certification. Contributing to the AppSec Village at RSAC in San Francisco last year. Check.
\n\nBeyond the keyboard, you catch me reading, writing, or practicing martial arts. As in cybersecurity, I seek constant learning.
\n\n\n\'',NULL,617785),('2_Friday','12','11:00','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1','\'Activity: Vulnerability Hunt - The Snippets Edition\'','\'Mário Leitão-Teixeira\'','APV_4c32cfe1fb0084b45e316988983bc541','\'\'',NULL,617786),('3_Saturday','11','11:00','12:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1','\'Activity: Vulnerability Hunt - The Snippets Edition\'','\'Mário Leitão-Teixeira\'','APV_351cbc4021dbc683fd90f2078262af63','\'Title: Activity: Vulnerability Hunt - The Snippets Edition
\nWhen: Saturday, Aug 10, 11:00 - 12:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1 - Map
\n
\nDescription:
\nPut your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
\n\nSpeakerBio: Mário Leitão-Teixeira
\n\"Vulnerability\" is part of my daily vocabulary at Checkmarx, and I never get sick of it. I dub myself a \'self-certified idiot\' because I love learning and hatching ideas. So much, that I\'ve made brainstorming a hobby and kickstarted a team initiative to keep us on the pulse of InfoSec. As a result, we have learned about CVSSv4 before it was cool.
\n\nWell, CVSSv4 isn\'t cool yet since it\'s yet to be fully adopted, but in the meantime, I\'ve researched and come up with this talk.\nI wasn\'t given the opportunity to win a \'Best Speaker\' award yet. However, I published a few blog posts for Checkmarx and am brewing many other initiatives. I\'m also currently studying to pass the CEH certification. Contributing to the AppSec Village at RSAC in San Francisco last year. Check.
\n\nBeyond the keyboard, you catch me reading, writing, or practicing martial arts. As in cybersecurity, I seek constant learning.
\n\n\n\'',NULL,617787),('3_Saturday','12','11:00','12:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1','\'Activity: Vulnerability Hunt - The Snippets Edition\'','\'Mário Leitão-Teixeira\'','APV_351cbc4021dbc683fd90f2078262af63','\'\'',NULL,617788),('2_Friday','10','10:00','17:59','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_b93c2552b43fcfbf14a79d823a38967d','\'Title: Physical Security Village Activities
\nWhen: Friday, Aug 9, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-03 - Map
\n
\nDescription:
\nThe Physical Security Village explores the world of hardware bypasses and techniques generally outside of the realm of cyber-security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself.
\n\nWe’ll be covering the basics, like the under-the-door-tool and latch slipping attacks, as well as an in depth look at more complicated bypasses. Learn about elevator hacking, attacking alarm systems at the sensor and communication line, and cut-away and display models of common hardware to show how it works on the inside.
\n\nLooking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!
\n\n\'',NULL,617789),('2_Friday','11','10:00','17:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_b93c2552b43fcfbf14a79d823a38967d','\'\'',NULL,617790),('2_Friday','12','10:00','17:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_b93c2552b43fcfbf14a79d823a38967d','\'\'',NULL,617791),('2_Friday','13','10:00','17:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_b93c2552b43fcfbf14a79d823a38967d','\'\'',NULL,617792),('2_Friday','14','10:00','17:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_b93c2552b43fcfbf14a79d823a38967d','\'\'',NULL,617793),('2_Friday','15','10:00','17:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_b93c2552b43fcfbf14a79d823a38967d','\'\'',NULL,617794),('2_Friday','16','10:00','17:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_b93c2552b43fcfbf14a79d823a38967d','\'\'',NULL,617795),('2_Friday','17','10:00','17:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_b93c2552b43fcfbf14a79d823a38967d','\'\'',NULL,617796),('4_Sunday','10','10:00','12:59','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_990c579f10235192411bd00f40834656','\'Title: Physical Security Village Activities
\nWhen: Sunday, Aug 11, 10:00 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-03 - Map
\n
\nDescription:
\nThe Physical Security Village explores the world of hardware bypasses and techniques generally outside of the realm of cyber-security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself.
\n\nWe’ll be covering the basics, like the under-the-door-tool and latch slipping attacks, as well as an in depth look at more complicated bypasses. Learn about elevator hacking, attacking alarm systems at the sensor and communication line, and cut-away and display models of common hardware to show how it works on the inside.
\n\nLooking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!
\n\n\'',NULL,617797),('4_Sunday','11','10:00','12:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_990c579f10235192411bd00f40834656','\'\'',NULL,617798),('4_Sunday','12','10:00','12:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_990c579f10235192411bd00f40834656','\'\'',NULL,617799),('3_Saturday','10','10:00','17:59','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_cd180580973c705bdb8a94fa3ababefd','\'Title: Physical Security Village Activities
\nWhen: Saturday, Aug 10, 10:00 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-03 - Map
\n
\nDescription:
\nThe Physical Security Village explores the world of hardware bypasses and techniques generally outside of the realm of cyber-security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself.
\n\nWe’ll be covering the basics, like the under-the-door-tool and latch slipping attacks, as well as an in depth look at more complicated bypasses. Learn about elevator hacking, attacking alarm systems at the sensor and communication line, and cut-away and display models of common hardware to show how it works on the inside.
\n\nLooking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!
\n\n\'',NULL,617800),('3_Saturday','11','10:00','17:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_cd180580973c705bdb8a94fa3ababefd','\'\'',NULL,617801),('3_Saturday','12','10:00','17:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_cd180580973c705bdb8a94fa3ababefd','\'\'',NULL,617802),('3_Saturday','13','10:00','17:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_cd180580973c705bdb8a94fa3ababefd','\'\'',NULL,617803),('3_Saturday','14','10:00','17:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_cd180580973c705bdb8a94fa3ababefd','\'\'',NULL,617804),('3_Saturday','15','10:00','17:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_cd180580973c705bdb8a94fa3ababefd','\'\'',NULL,617805),('3_Saturday','16','10:00','17:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_cd180580973c705bdb8a94fa3ababefd','\'\'',NULL,617806),('3_Saturday','17','10:00','17:59','Y','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Physical Security Village Activities\'','\'\'','PSV_cd180580973c705bdb8a94fa3ababefd','\'\'',NULL,617807),('2_Friday','14','14:45','15:15','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Threat Modeling in the Age of AI\'','\'Adam Shostack\'','APV_3d7501beb579c9a49749922f1af2087b','\'Title: Threat Modeling in the Age of AI
\nWhen: Friday, Aug 9, 14:45 - 15:15 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage - Map
\n
\nDescription:
\nHow do we use the apparent magic of LLMs to help us threat model? What are the challenges? What works? What doesn’t?
\n\nSpeakerBio: Adam Shostack
\nNo BIO available
\n\n\'',NULL,617808),('2_Friday','15','14:45','15:15','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Main Stage','\'Threat Modeling in the Age of AI\'','\'Adam Shostack\'','APV_3d7501beb579c9a49749922f1af2087b','\'\'',NULL,617809),('2_Friday','11','11:00','11:30','N','ASV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'An adversarial approach to Airline Revenue Management Proving Ground\'','\'Craig Lester\'','ASV_d0742b8d694f5bdf05fb863c4b8c0816','\'Title: An adversarial approach to Airline Revenue Management Proving Ground
\nWhen: Friday, Aug 9, 11:00 - 11:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nRichard Branson is oft quoted with the quip that the quickest way to become a millionaire in the Airline Industry is to start as a billionaire. An Industry constrained by high fixed capital costs, bi-lateral capacity treaties, airport slots and curfews, labour etc; Airlines use the practice of revenue management to fill planes, maximise earnings and keep competitors at bay. But you’re not interested in an economics talk – this is a hacker con. I’m here to provide a birds-eye view and introduction into how fares and ticketing work, debunking some myths while outlining system constraints and limitations that introduce vulnerabilities. As an outcome, attendees should gain an introductory understanding of airline industry pricing, published fares and terminology. With most blogged \'deals\' patched quicker than RCEs, the deeper understanding of not what but how, facilitates a progression for those interested to interact on more specialised discussion forums.
\n\nSpeakerBio: Craig Lester
\nNo BIO available
\n\n\'',NULL,617810),('2_Friday','11','11:30','11:59','N','ASV','LVCC West/Floor 1/Hall 3/Creator Stage 2','\'Aviation cybersecurity lightning talk: Three topics in thirty minutes\'','\'Ken Munro\'','ASV_44eb85058e574c23d5d7b09c85c52888','\'Title: Aviation cybersecurity lightning talk: Three topics in thirty minutes
\nWhen: Friday, Aug 9, 11:30 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/Creator Stage 2 - Map
\n
\nDescription:
\nThis is going to be a lightning talk covering three short aviation cybersecurity topics. 1) What is the attack surface of an airport 2) How plane hacking is represented in the movies 3) What it takes to resolve a 3 year disclosure process for an EFB.
\n\nSpeakerBio: Ken Munro, Partner and Founder at Pen Test Partners
\nKen Munro is Partner and Founder of Pen Test Partners, a firm of ethical hackers. He and colleagues hold private pilot’s licenses and have been interested in aviation security for many years. They also publish and blog about their research into aviation cyber security, covering topics from airborne connectivity, the potential risks of publicly available avionics component information, and even the entire attack surface of the modern airport. Ken and Pen Test Partners have also been invited to speak at various aviation industry events, and on aviation at specialist security events such as DEF CON’s Aerospace Village, the Global Connected Aircraft Summit, and the Aviation ISAC Summit among others.
\n\n\n\'',NULL,617811),('3_Saturday','12','12:30','12:50','N','PLV','LVCC West/Floor 2/W237','\'Measuring the international balance of trade in Internet bandwidth: introducing Netflow to Ministries of Finance\'','\'Bill Woodcock\'','PLV_611768b3e9a47f490909f32b330af26b','\'Title: Measuring the international balance of trade in Internet bandwidth: introducing Netflow to Ministries of Finance
\nWhen: Saturday, Aug 10, 12:30 - 12:50 PDT
\nWhere: LVCC West/Floor 2/W237 - Map
\n
\nDescription:
\nInternet bandwidth, or transit, the thing that people pay for when they “connect to the Internet,” is largely transnational, and is balanced by substantial transborder flows of capital. As the Internet becomes our primary mode of communication, the international financial impact of trade in Internet bandwidth itself becomes a substantial risk for net-consumer countries like India and the United Arab Emirates, and a substantial opportunity for net-exporter countries like the Netherlands and Brazil. Governments are beginning to recognize these risks and opportunities, and seeking to manage them in an informed and deliberate way, which requires instrumentation of flows of bandwidth which haven’t existed ubiquitously since prior to the 1992 privatization of the Internet and dissolution of the centralized Internet backbone. This talk looks at the mechanisms and efforts underway in intergovernmental treaty organizations to coordinate harmonized and repeatable technical mechanisms of bandwidth measurement.
\n\nSpeakerBio: Bill Woodcock, Executive Director at Packet Clearing House
\nBill Woodcock is the executive director of Packet Clearing House, the intergovernmental treaty organization that supports the operation of critical Internet infrastructure, including Internet exchange points and the core of the domain name system. Since entering the Internet industry in 1985, Bill has helped establish more than three hundred Internet exchange points. In 1989, Bill developed the anycast routing technique that now protects the domain name system. In 1998 he was one of the principal drivers of California 17538.4, the world’s first anti-spam legislation. Bill was principal author of the Multicast DNS and Operator Requirements of Infrastructure Management Methods IETF drafts. In 2002 he co-founded INOC-DBA, the security-coordination hotline system that interconnects the network operations centers of more than three thousand Internet Service Providers and Security Operations Centers around the world. And in 2007, Bill was one of the two international liaisons deployed by NSP-Sec to the Estonian CERT during the Russian cyber-attack. In 2011, Bill authored the first survey of Internet interconnection agreements, as input to the OECD’s analysis of the Internet economy. Bill served on the Global Commission on the Stability of Cyberspace and on the Commission on Caribbean Communications Resilience. He\'s on the board of directors of the M3AA Foundation, and was on the board of the American Registry for Internet Numbers for fifteen years. Now, Bill’s work focuses principally on the security and economic stability of critical Internet infrastructure.
\n\n\n\'',NULL,617812),('3_Saturday','16','16:00','16:50','N','RTV','LVCC West/Floor 2/W204-W207/W204-W207-Infinity','\'Hacking Policy and Policy Hacking - A Red-Teamer Hacker Guide to the Universe of Cyber Policy\'','\'Amit Elazari\'','RTV_73bb93d8577fbcf6c3f0a31710d51645','\'Title: Hacking Policy and Policy Hacking - A Red-Teamer Hacker Guide to the Universe of Cyber Policy
\nWhen: Saturday, Aug 10, 16:00 - 16:50 PDT
\nWhere: LVCC West/Floor 2/W204-W207/W204-W207-Infinity - Map
\n
\nDescription:
\nCybersecurity Policy has transformed red teaming. Cyber and AI are the most emerging domains of the law, with strategies, regulations, and standards constantly emerging, globally. This domain also serves as an amazing opportunity for you explore to new paths, and opportunities, to drive impact at scale, and collaborate with the hacker ecosystem to drive better policies, and better security – that advance all users. This talk invites the audience to explore the latest trend in cyber policy globally, focusing on areas with broad impact on the red teaming community – such as AI red teaming, pen testing policy, secure development, legal limitations to vuln disclosure, and anti-hacking laws. We will cover the latest developments from CIRCIA to the EU Cyber Resilience Act and the AI EO – and introduce the audience to the world of policy hacking, and policy “hacking”. We will cover case studies and
\n\nSpeakerBio: Amit Elazari
\nNo BIO available
\n\n\'',NULL,617813),('2_Friday','10','10:00','12:59','N','VMV','Virtual','\'SIV Internet Voting Hacking Challenge\'','\'SIV\'','VMV_210d6561a3d3bdf20f4d74de651d0823','\'Title: SIV Internet Voting Hacking Challenge
\nWhen: Friday, Aug 9, 10:00 - 12:59 PDT
\nWhere: Virtual
\n
\nDescription:
\nExperts have long agreed that secure internet voting in public elections is not feasible with today\'s technology, nor with any technologies of the foreseeable future. The challenges are numerous, including many fundamental threats such as vulnerability to malicious clients, authentication attacks, privacy attacks, network and Internet infrastructure attacks, server penetration attacks, and various kinds of denial of service attacks. Internet voting systems also suffer from a lack of any meaningful end-to-end auditability. In this hacking challenge, we will set aside these broader concerns to focus on a specific proposed internet voting system called SIV (Secure Internet Voting) intended for real public elections in the United States. They are conducting a mock online election this week with the specific goal of challenging anyone to break their system.
\n\nSpeakerBio: SIV
\nNo BIO available
\n\n\'',NULL,617814),('2_Friday','11','10:00','12:59','Y','VMV','Virtual','\'SIV Internet Voting Hacking Challenge\'','\'SIV\'','VMV_210d6561a3d3bdf20f4d74de651d0823','\'\'',NULL,617815),('2_Friday','12','10:00','12:59','Y','VMV','Virtual','\'SIV Internet Voting Hacking Challenge\'','\'SIV\'','VMV_210d6561a3d3bdf20f4d74de651d0823','\'\'',NULL,617816),('2_Friday','10','10:00','10:45','N','VMV','LVCC West/Floor 2/W223-W224','\'What is the Voting Village?\'','\'Catherine Terranova,Matt Blaze,Harri Hursti\'','VMV_0a015eef1d42407511019e2c7bb6e4d8','\'Title: What is the Voting Village?
\nWhen: Friday, Aug 9, 10:00 - 10:45 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nBrief overview of what the Voting Village is, it’s mission, it’s goals, and it’s history.
\n\nSpeakers:Catherine Terranova,Matt Blaze,Harri Hursti
\n
\nSpeakerBio: Catherine Terranova
\nCatherine Terranova is a Columbia University alumna and researcher. Her current focus is on cyber security and election integrity with an emphasis on misinformation, disinformation, and malinformation, known as information integrity. Ms. Terranova joined the team in 2021 and has been growing and developing the Voting Village since DEF CON 29. She heads all aspects of the program and manages other related projects focused on the global preservation of democracy.
\n\nSpeakerBio: Matt Blaze
\nMatt Blaze is one of the original co-founders of the Voting Village and is currently the McDevitt Professor of Computer Science and Law at Georgetown University. He has over two decades of experience with election system security, and his current research focuses on security, privacy, and robustness in large scale systems with an emphasis on problems at the intersection of technology and public policy.
\n\nSpeakerBio: Harri Hursti
\nNo BIO available
\n\n\'',NULL,617817),('2_Friday','10','10:45','11:45','N','VMV','LVCC West/Floor 2/W223-W224','\'Play by Play of the Curling v. Raffensperger Lawsuit\'','\'Susan Greenhalgh,Mary Kaiser,Drew Springall,Philip Stark\'','VMV_aa0ef7136221a1615f6a86be71dd930e','\'Title: Play by Play of the Curling v. Raffensperger Lawsuit
\nWhen: Friday, Aug 9, 10:45 - 11:45 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nFor three weeks in January 2024, a federal judge heard arguments that Ballot Marking Devices (BMDs) as they are uniformly used in Georgia burden the right to vote to the extent that their continued use is unconstitutional. In 2019, the same court banned the use of Direct Recording Equipment (DRE) on the same grounds. Banning BMDs would have national repercussions. The case was litigated in a bench trial, a lawsuit not tried in front of a jury.
\n\nUsing actual court presentations and documents, the proposed panel will summarize the arguments made by attorneys and experts for the Plaintiffs (a coalition of cybersecurity and voting systems experts and voting rights activists) and the Defendant (Georgia Secretary of State Raffmsperger). Panelists include representatives of the plaintiffs, defendants, and independent experts, moderated by a distinguished legal journalist. Observers will explain the extraordinary coincidences surrounding this lawsuit, including the events of January 6th, the Trump allies’ successful efforts to steal the state’s software, and the attempt by backers of then-President Donald Trump and the attempt to brand Plaintiffs as election deniers. Panelists will also recreate technical demonstrations used in court.
\n\nThe panel will use a novel “steelman” analysis of the Defense’s arguments. Unlike strawman analysis, a steelman (often called charitable analysis) argument crafts the most favorable interpretation of the responses to the Plaintiff\'s complaint, strengthening and in some cases correcting errors.
\n\nSpeakers:Susan Greenhalgh,Mary Kaiser,Drew Springall,Philip Stark
\n
\nSpeakerBio: Susan Greenhalgh
\nSusan Greenhalgh is the Senior Advisor on Election Security for\nFree Speech For People. Ms. Greenhalgh has previously served as\nvice president of programs at Verified Voting and at the National\nElection Defense Coalition, advocating for secure election\nprotocols, paper ballot voting systems and post-election audits.\nRecognized as an expert on election security, she has been invited\nto testify before the U.S. Commission on Civil Rights and has been\nan invited speaker at meetings of the MITRE Corporation, the\nNational Conference of State Legislatures, the Mid-West Election\nOfficials Conference, the International Association of Government\nOfficials, the Election Verification Network and the E-Vote-ID\nconference in Bregenz, Austria. She is a frequent source for\nreporters from The New York Times, The Washington Post, The
\n\nWall Street Journal, Politico, USA Today, Associated Press,\nNational Public Radio and other leading news outlets. She has\nappeared on CNN and MSNBC’s The Rachel Maddow Show, and\nvarious other television news shows. She has a BA in Chemistry\nfrom the University of Vermont.
\n\nSpeakerBio: Mary Kaiser
\nMary Kaiser is a partner in Goodwin’s Antitrust and Competition practice and a member of the firm’s Complex Litigation & Dispute Resolution practice. Mary represents domestic and multinational companies as both plaintiffs and defendants in antitrust and competition-related matters, including federal and state court proceedings, arbitrations, and government antitrust enforcement proceedings.
\n\nSpeakerBio: Drew Springall
\nDrew Springall is an assistant professor of computer science at\nAuburn University. He served as an expert to the plaintiffs in the\nCurling v. Raffensperger case, and received access by court order\nto conduct a security assessment of Georgia’s touchscreen ballot\nmarking devices.
\n\nSpeakerBio: Philip Stark
\nPhilip B. Stark is Distinguished Professor of Statistics at the University of California, Berkeley, where he currently focuses on methodology and applications in physical, life, and social sciences. In 2007, he invented risk limiting audits, endorsed by the National Academies of Science, Engineering, and Medicine and the American Statistical Association, among others, and is now required or authorized by law in about 15 states.
\n\n\n\'',NULL,617818),('2_Friday','11','10:45','11:45','Y','VMV','LVCC West/Floor 2/W223-W224','\'Play by Play of the Curling v. Raffensperger Lawsuit\'','\'Susan Greenhalgh,Mary Kaiser,Drew Springall,Philip Stark\'','VMV_aa0ef7136221a1615f6a86be71dd930e','\'\'',NULL,617819),('2_Friday','11','11:45','12:45','N','VMV','LVCC West/Floor 2/W223-W224','\'How to Steal Voting Software and Get Away With It\'','\'Susan Greenhalgh,Anna Bower,Rich DeMillo,Marilyn Marks\'','VMV_995036d632c4ebf68dd7717c667c1771','\'Title: How to Steal Voting Software and Get Away With It
\nWhen: Friday, Aug 9, 11:45 - 12:45 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nIn 2021, Georgia’s voting system suffered the most severe security\nbreach known in US history when partisan operatives entered the\nelection offices in Coffee County, a small county in south Georgia,\nand took forensic images of all components of the voting system.\nAnd because Georgia uses one voting system statewide, the\nsoftware stolen from Coffee is the same in use across the state.\nRemarkably, even though the crimes were caught on surveillance\ncamera, the security breach did not come to light until 15 months\nlater, when the plaintiffs in the civil litigation, Curling v.\nRaffensperger uncovered not just the surveillance camera footage,\nbut emails, documents and contracts that showed this was an\nextensive and coordinated plot to unlawfully take voting software\nfrom Georgia and other states too.\nDespite the extensive evidentiary record the plaintiffs have\ndeveloped, neither the local DA or the state Attorney General\nsought to charge these crimes. However, Fulton County District\nAttorney Fani Willis included computer trespass, computer identity\ntheft and computer theft alleged in Coffee County as predicate\ncrimes in her RICO indictment, charging four individuals specifically\nwith that element of the conspiracy. Two of those charged, Sidney\nPowell and Scott Hall, have pleaded guilty.\nThis panel will explain how these events took place, and how they\nwere uncovered, not by the Secretary of State, other election\nofficials or federal or Georgia law enforcement; but by a small\nnon-profit and its fellow plaintiffs and attorneys in civil litigation. The\npresentation will also discuss how these events are connected to\nother voting system software breaches in other states, and what\nthis could mean for the 2024 elections and beyond.
\n\nSpeakers:Susan Greenhalgh,Anna Bower,Rich DeMillo,Marilyn Marks
\n
\nSpeakerBio: Susan Greenhalgh
\nSusan Greenhalgh is the Senior Advisor on Election Security for\nFree Speech For People. Ms. Greenhalgh has previously served as\nvice president of programs at Verified Voting and at the National\nElection Defense Coalition, advocating for secure election\nprotocols, paper ballot voting systems and post-election audits.\nRecognized as an expert on election security, she has been invited\nto testify before the U.S. Commission on Civil Rights and has been\nan invited speaker at meetings of the MITRE Corporation, the\nNational Conference of State Legislatures, the Mid-West Election\nOfficials Conference, the International Association of Government\nOfficials, the Election Verification Network and the E-Vote-ID\nconference in Bregenz, Austria. She is a frequent source for\nreporters from The New York Times, The Washington Post, The
\n\nWall Street Journal, Politico, USA Today, Associated Press,\nNational Public Radio and other leading news outlets. She has\nappeared on CNN and MSNBC’s The Rachel Maddow Show, and\nvarious other television news shows. She has a BA in Chemistry\nfrom the University of Vermont.
\n\nSpeakerBio: Anna Bower
\nAnna Bower is Lawfare’s Legal Fellow and Courts Correspondent.\nAnna holds a Bachelor of Laws from the University of Cambridge\nand a Juris Doctorate from Harvard Law School. She joined\nLawfare as a recipient of Harvard’s Sumner M. Redstone\nFellowship in Public Service. Prior to law school, Anna worked as a\njudicial assistant for a Superior Court judge in the Northeastern\nJudicial Circuit of Georgia. She also previously worked as a\nFulbright Fellow at Anadolu University in Eskişehir, Turkey. A native\nof Georgia, Anna is based in Atlanta and Washington, D.C.
\n\nSpeakerBio: Rich DeMillo
\nRichard DeMillo is the Charlotte B. and Roger C. Warren Chair in Computing at the Georgia Institute of Technology. With Cybersecurity threats on the rise, he founded and led Georgia Tech’s School of Cybersecurity and Privacy, the first-of-a-kind at a top research university. He was formerly the John P. Imlay Dean of Computing. Positions he held before joining Georgia Tech include Chief Technology Officer for Hewlett-Packard, Vice President of Computing Research for Bell Communications Research, Director of the Computer Research Division for the National Science Foundation, and Director of the Software Test and Evaluation Project for the Office of the Secretary of Defense. He has also held faculty positions at the University of Wisconsin, Purdue University, and the University of Padua, Italy.
\n\nSpeakerBio: Marilyn Marks
\nIs a retired CEO of a truck-trailer manufacturing business, applying\nbusiness and leadership skills to election policy reform. In 2009,\nafter a narrow loss to become the Mayor of Aspen, Marilyn\nrecognized the vulnerabilities in Colorado’s election systems. She\nthen devoted full time to election integrity litigation and lobbying\nefforts for more transparent and verifiable elections. She\nsuccessfully litigated the effort to make Colorado ballots open\npublic records for post-election reviews, followed by dozens of\nelection-related cases involving election security, transparency, and\nvoter privacy. After moving back east to North Carolina, her focus\nbecame primarily CGG’s work in southern states, including\nGeorgia, where CGG has intensely focused on Georgia’s insecure\nand unauditable electronic voting system and the anti-democratic\nand anti-transparency provisions of SB202 passed in 2021.
\n\n\n\'',NULL,617820),('2_Friday','12','11:45','12:45','Y','VMV','LVCC West/Floor 2/W223-W224','\'How to Steal Voting Software and Get Away With It\'','\'Susan Greenhalgh,Anna Bower,Rich DeMillo,Marilyn Marks\'','VMV_995036d632c4ebf68dd7717c667c1771','\'\'',NULL,617821),('2_Friday','13','13:00','13:59','N','VMV','LVCC West/Floor 2/W223-W224','\'Risk Limiting Audits From the Source\'','\'Philip Stark\'','VMV_477d209685a286a502065fc1be95dd95','\'Title: Risk Limiting Audits From the Source
\nWhen: Friday, Aug 9, 13:00 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nRisk Limiting Audits are a powerful statistical technique for determining whether or not election outcomes, determined provisionally by machine counts, are likely to be correct. Join us for an overview of Risk Limiting Audits by the person who invented them. This is an incredible opportunity to understand what a true Risk Limiting Audit is. Many people have misconceptions of what audits and recounts are, and unfortunately do not understand the fundamental basics of what a true audit of an election would look like. Professor Stark will be giving a full overview. Don’t miss out! Following this talk Professor Stark will be giving a Risk Limiting Audit demo in our Voting Machine Lab that we highly recommend you check out!
\n\nSpeakerBio: Philip Stark
\nPhilip B. Stark is Distinguished Professor of Statistics at the University of California, Berkeley, where he currently focuses on methodology and applications in physical, life, and social sciences. In 2007, he invented risk limiting audits, endorsed by the National Academies of Science, Engineering, and Medicine and the American Statistical Association, among others, and is now required or authorized by law in about 15 states.
\n\n\n\'',NULL,617822),('2_Friday','14','14:00','14:45','N','VMV','LVCC West/Floor 2/W223-W224','\'Election 2024 Freedom of Choice: A Psybernomic Conundrum\'','\'Hallie Stern,Tina Schneibs\'','VMV_4e810754bbcf30ad0097733a3b27f4b1','\'Title: Election 2024 Freedom of Choice: A Psybernomic Conundrum
\nWhen: Friday, Aug 9, 14:00 - 14:45 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nThis presentation delves into the geopolitical landscape of the United States and\nbeyond, providing a critical examination of the evolving societal attitudes toward democracy, globalism,\nand privacy. Through the lens of psychological influence and cognitive security, we explore how cyber\nand economic warfare shape human behavior and decision-making processes. By bringing awareness to\nthe myriad forces that drive individual choices—from mundane daily activities like selecting breakfast to\nsignificant actions such as voting in elections—we aim to elucidate the intricate web of influence. This\nincludes an analysis of historical strategies employed in influence campaigns and a critical look at the\ntechnical and non-technical tactics used today. We highlight the economic underpinnings and financial\nmechanisms that support these campaigns, revealing the sophisticated interplay between economic\nwarfare and psychological manipulation. Through this exploration, we seek to equip participants with a\ndeeper understanding of the strategies behind modern influence campaigns and their profound impact on\nboth individual and collective decision-making within democratic societies.
\n\nSpeakers:Hallie Stern,Tina Schneibs
\n
\nSpeakerBio: Hallie Stern
\nHallie Stern is an Information Scientist specializing in emerging technology and psyber security,\ninvestigating how behavioral data shapes digital interactions and influences offline responses. Her\ninterdisciplinary expertise spans digital humanities, algorithmic modeling, and global media, with a focus\non identifying technical vulnerabilities in the information landscape.Hallie earned a B.A. in Integrative\nMedia Studies from The University of Redlands and an M.S. in Global Security, Conflict, and Cybercrime\nfrom NYU. Her leadership extends to conducting workshops at esteemed events such as The Nobel\nPrize Summit, UNGA, Harvard University, and DefCon. She currently serves as the AI and technology\nresident fellow at the McCain Institute in Washington DC.
\n\nSpeakerBio: Tina Schneibs
\nTina Schniebs is an experienced financial risk management consultant with over 20 years of experience\nin financial analysis and management, IT integration, and legal investigation. Extensive experience in project management, IT project life-cycle development, strategic organization, criminal, civil, and appellate law; and a unique awareness of financial risk vectors to organizations. Tina is currently a Risk\nManagement Consultant for Ridgeline International, Inc., advising commercial, IC and DOD customers\non global financial and regulatory risks to their organizations.
\n\n\n\'',NULL,617823),('2_Friday','14','14:30','14:45','N','VMV','LVCC West/Floor 2/W223-W224','\'Risk Limiting Audit DEMO by Philip Stark\'','\'Philip Stark\'','VMV_7263bfa9a50facc9d8a2b6aed90c60b0','\'Title: Risk Limiting Audit DEMO by Philip Stark
\nWhen: Friday, Aug 9, 14:30 - 14:45 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nJoin the inventor of Risk Limiting Audits for an up close hands on demo of how true Risk Limiting Audits work. Lean the principals and practice of conducting Risk Liming Audits. We will actually be conducting a Risk Limiting Audit during this demo and the audience will participate.
\n\nSpeakerBio: Philip Stark
\nPhilip B. Stark is Distinguished Professor of Statistics at the University of California, Berkeley, where he currently focuses on methodology and applications in physical, life, and social sciences. In 2007, he invented risk limiting audits, endorsed by the National Academies of Science, Engineering, and Medicine and the American Statistical Association, among others, and is now required or authorized by law in about 15 states.
\n\n\n\'',NULL,617824),('3_Saturday','11','11:45','12:15','N','VMV','LVCC West/Floor 2/W223-W224','\'The Threat of Deepfakes and Synthetic Media to Election Integrity\'','\'Dr. Matthew Canham\'','VMV_30d0f7facc6d058858f0c72fa92e0f8e','\'Title: The Threat of Deepfakes and Synthetic Media to Election Integrity
\nWhen: Saturday, Aug 10, 11:45 - 12:15 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nHow the Deepfake & Synthetic Media Framework (DSMAF) can be applied to an election\ncontext to more effectively differentiate deceptive from legitimate content and to better\nunderstand the nature of the threats posed by deceptive online content (both deepfakes\nand non-deepfakes). This will include a demonstration of the 2024 U.S. Presidential\nElection Deepfake Threat Tracker and a tutorial for how to effectively use this resource.
\n\nSpeakerBio: Dr. Matthew Canham
\nDr. Matthew Canham, Co-founder of Psyber Labs and is currently the Director of Human-\nMachine Psychology. Dr. Canham is a former Supervisory Special Agent with the Federal
\n\nBureau of Investigation (FBI), he has a combined twenty-one years of experience in\nconducting human-technology and security research. He currently holds an affiliated\nfaculty appointment with George Mason University, where his research focuses on the\ncognitive factors in synthetic media social engineering and online influence campaigns. He\nhas provided synthetic media and deepfake threat awareness training to NASA (Kennedy\nSpace Center), DARPA, MIT, US Army DevCom, the NATO Cognitive Warfare Working Group,\nthe Misinformation Village at DefCon, and the BSidesLV and Black Hat USA security\nconferences.
\n\n\n\'',NULL,617825),('3_Saturday','12','11:45','12:15','Y','VMV','LVCC West/Floor 2/W223-W224','\'The Threat of Deepfakes and Synthetic Media to Election Integrity\'','\'Dr. Matthew Canham\'','VMV_30d0f7facc6d058858f0c72fa92e0f8e','\'\'',NULL,617826),('2_Friday','15','15:30','16:15','N','VMV','LVCC West/Floor 2/W223-W224','\'Breaking Through Election Myths\'','\'Will Baggett\'','VMV_b295edfc7c37eb498aa08c96963a8ff0','\'Title: Breaking Through Election Myths
\nWhen: Friday, Aug 9, 15:30 - 16:15 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nThis talk will cover common voting machine myths and dispel common voting machine cases and fallacies that are prevalent in the media during election cycles and disinformation from social media and ‘experts’ from the perspective of a CIA HUMINT/Technical Officer now in the Cybersecurity field investigating corporate espionage and intentional sabotage. I will show- with pictures and evidence from previous Voting Machine Village work- that the sensational news headlines are not related to the reality of digital voting.
\n\nSpeakerBio: Will Baggett
\nWill Baggett is a Lead Investigator for Digital Forensics and Insider Threat\nat a Fiscal Infrastructure organization. He is also Director of Digital\nForensics at Operation Safe Escape (volunteer role), a non-profit\norganization providing assistance to victims of domestic abuse. Will\ndraws from his experience as a former CIA officer specializing in\nTechnical and HUMINT Operations as well as a NATO SOF Cyber Security\nSME. He has extensive experience in the voting machine security effort\nand works to mitigate misinformation in this space with digital forensic\nanalysis and facts.
\n\n\n\'',NULL,617827),('2_Friday','16','15:30','16:15','Y','VMV','LVCC West/Floor 2/W223-W224','\'Breaking Through Election Myths\'','\'Will Baggett\'','VMV_b295edfc7c37eb498aa08c96963a8ff0','\'\'',NULL,617828),('2_Friday','16','16:15','16:59','N','VMV','LVCC West/Floor 2/W223-W224','\'Maricopa County -Preparing for the 2024 Elections Cycle\'','\'Nate Young,Jason Butryn\'','VMV_21e573886c997f12336723a81b8c0c25','\'Title: Maricopa County -Preparing for the 2024 Elections Cycle
\nWhen: Friday, Aug 9, 16:15 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nA comprehensive presentation on the evolving landscape of elections in Maricopa County since the continuous 2020 Presidential Election. We will begin with an introduction to Maricopa County, highlighting its demographic and political significance. Following this, we will outline the key dates and events in the 2024 election calendar, ensuring you are well-prepared for the upcoming electoral cycle. Delving into the voting methods available to Maricopa residents, including in-person, mail-in, and early voting options, emphasizing accessibility and convenience we will explore major changes implemented since the 2020 elections. Focusing on improvements in technology, security, and voter engagement, and reflect on the critical lessons learned from the 2022 elections that have shaped current practices and policies.Looking ahead to the 2024 elections, we will provide an overview of anticipated challenges and opportunities for voter participation. Security is paramount, and we will detail the physical security enhancements made at the voting tabulation center, as well as the strategies and protocols in place for effective coordination with law enforcement. Understanding and mitigating insider threats is essential, and we will cover the measures taken to protect against internal risks. We will also review recent statutory changes affecting elections and their implications for voters and election officials. Finally, we will highlight the importance of social media training for election staff to combat misinformation and engage with the community effectively. Join us for this informative session to gain a deeper understanding of Maricopa County’s election processes and the continuous efforts to enhance transparency, security, and voter confidence.
\n\nSpeakers:Nate Young,Jason Butryn
\n
\nSpeakerBio: Nate Young
\nNate Young is the Chief Information Officer at the Maricopa County Recorders & Elections departments. Nate has worked with Maricopa County since 2018 and is current responsible for the County Document Recordation functions and Elections Technology operation processes. Nate actively participates in Elections and Technology committees and helped represent the County during the Arizona Senate Audit of the 2020 Presidential Election by the Cyber Ninjas.
\n\nSpeakerBio: Jason Butryn
\nJason Butryn is the Information Security Officer (ISO) for the Maricopa County Recorder and Elections. He has been in Information Technology for the past 20 years and other than working for the San Manuel Band of Mission Indians to start his career, he has been working in the public sector his entire career. He started out in infrastructure engineering and management and has pivoted his career to Information Security.
\n\n\n\'',NULL,617829),('2_Friday','17','17:00','17:45','N','VMV','LVCC West/Floor 2/W223-W224','\'Hacking the Vote: How Hackers Caused the Downfall of the Dutch Voting Machines\'','\'Fleur van Leusden\'','VMV_9958a60ba2fe786d33686312b089654c','\'Title: Hacking the Vote: How Hackers Caused the Downfall of the Dutch Voting Machines
\nWhen: Friday, Aug 9, 17:00 - 17:45 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nIt’s 2007 when the Dutch Ministry of Internal Affairs orders a ban on voting\nmachines. Voting machines that have been in use for over a decade by then. The\nreason? The Dutch Secret Service has declared the TEMPEST radiation emitted by\nthe voting machines makes it possible for someone outside the polling station to\nsee what someone is voting.\nBut that is just the tip of the voting machine-ice berg. What came before is two\nyears of a foundation started by a group off Dutch hackers that fought to prove\nthat voting machines in their current form are unreliable, cannot be checked and\ncan be manipulated to show any result you want, regardless of the votes that are\ngiven as input.\nWhat followed is a lengthy report of a government ordered commission that\ndescribes 8 principles of trustworthy elections. These principles are very difficult to\nadhere to using voting machines, even modern voting machines. The reason for\nthis are some fundamental issues that come with computers: a lack of\ntransparency for those without a technical background as well as the issue of\nvoting secrecy (nobody being able to tell what a specific person voted for).\nIn this presentation; I outline the history of the Dutch voting machines and their\ndemise, what a group of hackers had to do with this, as well as the fundamental\nissues that we still struggle with to this day. Listeners can take this information as\nlessons for their own election processes.\nMind you, we are not saying not to use voting machines. We are not against the\nidea of voting machines. However, the issues we as the Netherlands are struggling\nwith have still not been resolved to this very day.
\n\nSpeakerBio: Fleur van Leusden
\nFleur van Leusden is an experienced CISO working for various Dutch government organizations in the past decade. She has done\nresearch on security in cars using autonomous driving software as well as working for the Amsterdam police department as an internet\ndetective. She currently works for the Dutch Electoral Council as their first ever CISO, where her job is\nto keep the election process in the Netherlands secure. This government body has existed for over 100 years and is responsible for organizing\nthe elections in the Netherlands as well as advising around law and other matters surrounding the subject.
\n\n\n\'',NULL,617830),('3_Saturday','10','10:00','10:45','N','VMV','LVCC West/Floor 2/W223-W224','\'Voting Village Opening Remarks\'','\'Catherine Terranova,Harri Hursti,Matt Blaze\'','VMV_fd8309335bb2f63cb1228090f8a2dd1f','\'Title: Voting Village Opening Remarks
\nWhen: Saturday, Aug 10, 10:00 - 10:45 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\n\n\nSpeakers:Catherine Terranova,Harri Hursti,Matt Blaze
\n
\nSpeakerBio: Catherine Terranova
\nCatherine Terranova is a Columbia University alumna and researcher. Her current focus is on cyber security and election integrity with an emphasis on misinformation, disinformation, and malinformation, known as information integrity. Ms. Terranova joined the team in 2021 and has been growing and developing the Voting Village since DEF CON 29. She heads all aspects of the program and manages other related projects focused on the global preservation of democracy.
\n\nSpeakerBio: Harri Hursti
\nNo BIO available
\nSpeakerBio: Matt Blaze
\nMatt Blaze is one of the original co-founders of the Voting Village and is currently the McDevitt Professor of Computer Science and Law at Georgetown University. He has over two decades of experience with election system security, and his current research focuses on security, privacy, and robustness in large scale systems with an emphasis on problems at the intersection of technology and public policy.
\n\n\n\'',NULL,617831),('3_Saturday','11','11:00','11:45','N','VMV','LVCC West/Floor 2/W223-W224','\'Democracy From Around the World\'','\'Harri Hursti\'','VMV_80d26333ef71d595741357f5036fb2fe','\'Title: Democracy From Around the World
\nWhen: Saturday, Aug 10, 11:00 - 11:45 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nAmerica is the second largest democracy in the world. India is the largest. Indonesia is the third. Often times democracy is associated with American Values, but democracies around the globe all share a common thread and have an impact on each other. Join us to hear word=d
\n\nSpeakerBio: Harri Hursti
\nNo BIO available
\n\n\'',NULL,617832),('3_Saturday','11','11:00','11:59','N','VMV','LVCC West/Floor 2/W223-W224','\'First Time TSX Hacking Challenge\'','\'Tailor Tolliver\'','VMV_640feea0050272857bc9c77e3b4de9ef','\'Title: First Time TSX Hacking Challenge
\nWhen: Saturday, Aug 10, 11:00 - 11:59 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nNever hacked into anything before? Join us at the Voting Village to learn how to hack into a voting machine yourself! No hacking skills required.
\n\nSpeakerBio: Tailor Tolliver
\nNo BIO available
\n\n\'',NULL,617833),('2_Friday','14','14:45','15:30','N','VMV','LVCC West/Floor 2/W223-W224','\'What Does it Mean to be an American?\'','\'Kendall Spencer\'','VMV_f8bdecf087335b853b84fb79693bc948','\'Title: What Does it Mean to be an American?
\nWhen: Friday, Aug 9, 14:45 - 15:30 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nWhat does it mean to be an American? Or perhaps what should it mean? The world we live is now more complex then ever, with technology, law, policy, threats to personal wellbeing and international conflict dominating the headlines, how do Americans manage to stay in engaged in the affairs that control their society? This talk will be structured as a short presentation leading to an open forum discussion positioned to discover what it means to be an American in this current climate. We’ll discuss civics, generational gaps, and the role of technology in addressing the active citizen today. We’re all here to defend and support democracy, but that starts with a conversation.
\n\nSpeakerBio: Kendall Spencer
\nKendall Spencer wears a variety of interesting hats on a day to day basis. As a professional athlete, he’s represented the United States in competition globally. But he is also the first black antique and rare book dealer in the US. Specializing in American history, he uses his experiences in the book trade to address how we might learn from history and restore democracy. Currently he is a lawyer at Ropes & Gray LLP, where he specializes in technology, cybersecurity, and corporate transactions.
\n\n\n\'',NULL,617834),('2_Friday','15','14:45','15:30','Y','VMV','LVCC West/Floor 2/W223-W224','\'What Does it Mean to be an American?\'','\'Kendall Spencer\'','VMV_f8bdecf087335b853b84fb79693bc948','\'\'',NULL,617835),('3_Saturday','12','12:15','13:15','N','VMV','LVCC West/Floor 2/W223-W224','\'Indivisible\'','\'Michael Moore\'','VMV_10820599e124190f9eef177b6ca21aff','\'Title: Indivisible
\nWhen: Saturday, Aug 10, 12:15 - 13:15 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nArizona Secretary of State Adrian Fontes has been educating election officials about the capabilities of current tools to create synthetic content: GenAI used to create text for advanced spear phish targeting election officials, cloned voices of election officials explaining to their real
\ncounterparts how their voices could be weaponized to confuse staff and poll workers, lastly, high quality deepfakes of Secretary Fontes himself showing how easy it could be to use an elected official’s own likeness against them. This presentation will be a deep dive into how we predict GenAI attacks will be used during the 2024 General Election and will provide a framework for the audience, hardening them against
\nwhat is coming.
\n\n\n\nSpeakerBio: Michael Moore
\nAfter volunteering to be a poll worker, Michael Moore developed a passion for Election Security.\nHe was the first Information Security Officer for the Maricopa County Recorder\'s office and is\nnow the first Chief Information Security Officer for the Arizona Secretary of State.Michael believes it is only through effective federal, state, and local government partnerships, as\nwell as assistance from trusted vendors that we can protect our democracy and fulfill our duty to\nthe American voter. The greatest threats to elections are MDM and the resulting insider threat caused by radicalized\ncitizens. The best protection against these threats is combatting lies with the truth, developing secure and resilient systems that prevent attacks whenever possible, allow for detections of compromise and facilitate accurate and rapid recovery. Michael has pushed forward these initiatives in his own organizations as well as across the Michael is an alumnus of Arizona State University with a B.S. in Mathematics and a B.A. in\nEducation,CISSP, Certified Election Official (CEO) and Certified Public Manager (CPM).Elections community.
\n\n\n\'',NULL,617836),('3_Saturday','13','12:15','13:15','Y','VMV','LVCC West/Floor 2/W223-W224','\'Indivisible\'','\'Michael Moore\'','VMV_10820599e124190f9eef177b6ca21aff','\'\'',NULL,617837),('3_Saturday','13','13:15','13:59','N','VMV','LVCC West/Floor 2/W223-W224','\'Stanford Digital Observatory\'','\'Renée DiResta\'','VMV_77a1fcec4174d2b4fd7aba0f2f0d3b94','\'Title: Stanford Digital Observatory
\nWhen: Saturday, Aug 10, 13:15 - 13:59 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nThis talk with cover the networks that generate and spread misinformation over social media. This talk will dive deep into the challenges a think tank of this type is at risk of facing, and will give us an update on what is currently happening with the program. There will be a general overview of what happened and how the increasing threats came to be as well as an update on where things stand now.
\n\nSpeakerBio: Renée DiResta
\nMy name is Renée DiResta. I\'m the technical research manager at Stanford Internet Observatory, a cross-disciplinary program of research, teaching and policy engagement for the study of adversarial abuse in current information technologies. This means that I study the many ways that people attempt to manipulate, harass, or target others online. Sometimes that\'s influence operations, sometimes it\'s spam and scams, child safety issues, or novel ways of abusing generative AI technology. The internet is an ecosystem, and these things are interconnected: new technologies transform old problems. My name is Renée DiResta. I\'m the technical research manager at Stanford Internet Observatory, a cross-disciplinary program of research, teaching and policy engagement for the study of adversarial abuse in current information technologies. This means that I study the many ways that people attempt to manipulate, harass, or target others online. Sometimes that\'s influence operations, sometimes it\'s spam and scams, child safety issues, or novel ways of abusing generative AI technology. The internet is an ecosystem, and these things are interconnected: new technologies transform old problems.I do research into novel and rapidly-developing problems, then communicate findings both to the public and to those best positioned to mitigate them. Over the years I\'ve briefed world leaders and government bodies. I\'ve advised Congress, the State Department, and myriad academic, civil society, and business organizations on the mechanics of online manipulation in its many forms, including computational propaganda, conspiracy theories, terrorist activity, and state-sponsored information warfare.
\n\n\n\'',NULL,617838),('3_Saturday','14','14:00','14:45','N','VMV','LVCC West/Floor 2/W223-W224','\'Understanding the Role of Secretary of States in Elections\'','\'Dave Scanlan\'','VMV_6f22afda99e6d768cb0146e668e40b84','\'Title: Understanding the Role of Secretary of States in Elections
\nWhen: Saturday, Aug 10, 14:00 - 14:45 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nThis talk will cover the role that Secretaries of State’s offices play in Elections. This talk with also dive into the election processes that the State of NH follow and all the ways they do whatever they can to keep elections secure. It is a rare opportunity to hear directly from a Secretary of State the roll they play in national elections. This talk will allow audiences to have a better understanding of how these processes work and why Secretary of States play such a critical role in elections.
\n\nSpeakerBio: Dave Scanlan, Secretary of State at New Hampshire
\nDavid M. Scanlan (born June 14, 1956) is an American politician and election official serving as the 54th secretary of state of New Hampshire. A Republican, he assumed office as acting secretary of state upon the resignation of Bill Gardner on January 10, 2022. He was elected to a new two-year term as secretary of state by the New Hampshire General Court (state legislature) on December 7, 2022. He previously served as deputy secretary of state, since 2002[ and served in the New Hampshire House of Representatives from 1984 to 2002, becoming majority leader.
\n\n\n\'',NULL,617839),('3_Saturday','14','14:45','15:30','N','VMV','LVCC West/Floor 2/W223-W224','\'Understanding Cognitive Warefare in a Geopolitcal Context\'','\'Constantine Nicolaidis\'','VMV_229772c4a2c0222c453db37cee224c2c','\'Title: Understanding Cognitive Warefare in a Geopolitcal Context
\nWhen: Saturday, Aug 10, 14:45 - 15:30 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nWe are living through a secular (once in a lifetime) crisis period that presents an existential risk to democracy, both at home and abroad. There are various underlying sociological, geopolitical and economic forces that give rise to a crises of this magnitude. How are authoritarian actors exploiting this to weaken the liberal democratic order? How can these dynamics help us create a frame to better understand the nature of Cognitive Warfare? Our liberal democratic system is under increasing levels of attack. Who are the internal and external threat actors behind this? Are they working together? Our liberal democratic system is under increasing levels of attack. Who are the internal and external threat actors behind this? Are they working together? The terms disinformation and misinformation are often used to describe cognitive warfare influents (instances of influence used in a CW campaign), but these terms can also limit our ability to detect and defend. Let’s explore a model of Cognitive Warfare that helps us understand the broad range of tactics being used as well as who is being targeted and how.We will also explore how Cognitive Warfare can complement other domains of conflict and how CW has even been used as part of kinetic combat operations. What are some of the natural asymmetries when CW is being used in conflicts between authoritative and democratic systems? Join us as we work to grow and model our understanding this new and critical domain of conflict.
\n\nSpeakerBio: Constantine Nicolaidis
\nConstantine leads a Risk Management practice that focuses on securing U.S. privately owned critical infrastructure. Over the last decade he has leveraged his expertise in security and data-based product development to create tools for security professionals. Constantine has also spent the last 5 years developing a geopolitical modeling system to help forecast and describe the nature of political and social crises. He advises various security groups on the nature of modern multi-domain warfare with an emphasis on the cyber and cognitive domains. Constantine holds a Master’s Degree in Human-Computer Interaction from the Carnegie Mellon School of Computer Science and is currently enrolled in the Master’s in Cybersecurity Degree program at the SANS Technology Institute.
\n\n\n\'',NULL,617840),('3_Saturday','15','14:45','15:30','Y','VMV','LVCC West/Floor 2/W223-W224','\'Understanding Cognitive Warefare in a Geopolitcal Context\'','\'Constantine Nicolaidis\'','VMV_229772c4a2c0222c453db37cee224c2c','\'\'',NULL,617841),('3_Saturday','15','15:30','16:30','N','VMV','LVCC West/Floor 2/W223-W224','\'Cognative Weather Report\'','\'Constantine Nicolaidis,Catherine Terranova\'','VMV_9a4dc0a1f2ceb3bbd5a2f8a556574060','\'Title: Cognative Weather Report
\nWhen: Saturday, Aug 10, 15:30 - 16:30 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nWe are living through a time period where not only are wars being fought, on land, sea, air, and cyber, but we have all been drafted into a misinformation, disinformation, and malinformation war that many of us were not given the proper tools or training for. The times we exist in are unprecedented, and the more that people primarily consume their information online, the more susceptible we all are to becoming influenced by operations that are coming foreign adversaries as a means of not only spreading misinformation, disinformation, and malformation, but as means of dividing and polarizing our nation. How can we resist that? What can we look for? Is there a framework the average voter can use? Join us for this fireside chat to learn more and equip yourself for the upcoming election.
\n\nSpeakers:Constantine Nicolaidis,Catherine Terranova
\n
\nSpeakerBio: Constantine Nicolaidis
\nConstantine leads a Risk Management practice that focuses on securing U.S. privately owned critical infrastructure. Over the last decade he has leveraged his expertise in security and data-based product development to create tools for security professionals. Constantine has also spent the last 5 years developing a geopolitical modeling system to help forecast and describe the nature of political and social crises. He advises various security groups on the nature of modern multi-domain warfare with an emphasis on the cyber and cognitive domains. Constantine holds a Master’s Degree in Human-Computer Interaction from the Carnegie Mellon School of Computer Science and is currently enrolled in the Master’s in Cybersecurity Degree program at the SANS Technology Institute.
\n\nSpeakerBio: Catherine Terranova
\nCatherine Terranova is a Columbia University alumna and researcher. Her current focus is on cyber security and election integrity with an emphasis on misinformation, disinformation, and malinformation, known as information integrity. Ms. Terranova joined the team in 2021 and has been growing and developing the Voting Village since DEF CON 29. She heads all aspects of the program and manages other related projects focused on the global preservation of democracy.
\n\n\n\'',NULL,617842),('3_Saturday','16','15:30','16:30','Y','VMV','LVCC West/Floor 2/W223-W224','\'Cognative Weather Report\'','\'Constantine Nicolaidis,Catherine Terranova\'','VMV_9a4dc0a1f2ceb3bbd5a2f8a556574060','\'\'',NULL,617843),('3_Saturday','16','16:30','16:59','N','VMV','LVCC West/Floor 2/W223-W224','\'What Do Long Voter Registration Lines Mean?\'','\'Jake Braun\'','VMV_0c172d7e7c22a81511842395e40e490d','\'Title: What Do Long Voter Registration Lines Mean?
\nWhen: Saturday, Aug 10, 16:30 - 16:59 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nWe often hear about long lines at polling places and in particular at voter registration sites. Unfortunately, we rarely get insight into why this is happening and why this happens in such specific geographic locations. Join us to hear the full breakdown of what is happening from one of the Voting Village original founders and former White House Principal Deputy National Cyber Director and premier voting expert.
\n\nSpeakerBio: Jake Braun
\nJake Braun was appointed by President Joseph Biden as Senior Advisor to the Department of Homeland Security in February of 2021 where he focuses on Management issues. He is also a lecturer at the University of Chicago Harris School of Public Policy. He works at the center of politics, technology and national security to advance the field of cyber policy. He is the author of Democracy in Danger: How Hackers and Activists Exposed Fatal Flaws in the Election System and has co-authored two award-winning and seminal works on election infrastructure cyber vulnerabilities. Mr. Braun has worked extensively on national security and finance issues throughout the U.S., Europe, Asia, Africa, Middle East and Latin America. Prior to joining the University of Chicago Harris School of Public Policy faculty and Cambridge Global Advisers, Mr. Braun was appointed by President Obama as White House Liaison to the Department of Homeland Security (DHS) where he oversaw some of the most high profile public engagements executed at DHS. He was instrumental in the effort to gain passage in the European Parliament of the largest big data sharing agreement in history between the United States and the European Union. In addition, he designed and implemented a program to modernize the DHS cybersecurity workforce. Mr. Braun also oversaw stakeholder crisis communications for the White House during the 2010 Deep Water Horizon Gulf Oil Spill.Prior to his tenure as White House Liaison, Mr. Braun served on the Presidential Transition Team for the Obama Administration as Deputy Director for the National Security Agencies Review. In this capacity he oversaw agency review programs for all national security agencies including the State Department, DOD, DHS, CIA, USAID, etc. and guided policy assessments from their inception to the President-Elect’s desk. Mr. Braun also designs and implements political campaigns in the U.S., Asia, Africa, Latin America and Europe. Before coming to Washington, Mr. Braun served as the National Deputy Field Director to the 2008 Obama for America Campaign, overseeing an effort that utilized the most sophisticated grassroots, social media and data analysis available.In addition to his role at Harris, Mr. Braun is co-founder of the DEF CON Voting Machine Hacking Village, in the President’s Circle on the Chicago Council on Global Affairs, and a strategic advisor to the Department of Homeland Security and the Pentagon on cybersecurity. DEF CON is the largest hacker conference in the world and in cooperation with them he has co-authored two fundamental and critically acclaimed reports on election infrastructure cyber vulnerabilities, The DEF CON 25 and 26 Voting Village Reports.
\n\n\n\'',NULL,617844),('3_Saturday','17','17:00','17:45','N','VMV','LVCC West/Floor 2/W223-W224','\'Misinformation, Disinformation, and Malformation in 2024\'','\'Nicole Tisdale,Michael Moore,Nate Young,Jake Braun,Derek DelGaudio,Kendall Spencer\'','VMV_49f866da36db035f097cb782a2d91ec1','\'Title: Misinformation, Disinformation, and Malformation in 2024
\nWhen: Saturday, Aug 10, 17:00 - 17:45 PDT
\nWhere: LVCC West/Floor 2/W223-W224 - Map
\n
\nDescription:
\nThis panel will cover the misinformation, disinformation, and malinformation that we are seeing across different mediums prior to the upcoming presidential election. Join us for an all star panel of misinformation, disinformation, and malformation experts discuss the threats they are currently observing and what their biggest concerns are for the upcoming election. Audiences will also learn what kind of precautions are being taken and what individuals can do to prepare themselves and increase their media literacy and ability to identify information that actually has information integrity.
\n\nSpeakers:Nicole Tisdale,Michael Moore,Nate Young,Jake Braun,Derek DelGaudio,Kendall Spencer
\n
\nSpeakerBio: Nicole Tisdale
\nFor fourteen years, Nicole Tisdale has served as a national security expert at The White House - National Security Council (NSC) and the U.S. Congress’ House Committee on Homeland Security. She is a policy expert on cybersecurity, counterintelligence, foreign malign influence, disinformation, and election security. \nShe founded Advocacy Blueprints, and authored Right To Petition, a guide to exercising the First Amendment right to advocate. Originally from Nettleton, MS, Nicole is a barred attorney and alumna of The University of Mississippi (BA, 2006; JD, 2009).
\n\nSpeakerBio: Michael Moore
\nAfter volunteering to be a poll worker, Michael Moore developed a passion for Election Security.\nHe was the first Information Security Officer for the Maricopa County Recorder\'s office and is\nnow the first Chief Information Security Officer for the Arizona Secretary of State.Michael believes it is only through effective federal, state, and local government partnerships, as\nwell as assistance from trusted vendors that we can protect our democracy and fulfill our duty to\nthe American voter. The greatest threats to elections are MDM and the resulting insider threat caused by radicalized\ncitizens. The best protection against these threats is combatting lies with the truth, developing secure and resilient systems that prevent attacks whenever possible, allow for detections of compromise and facilitate accurate and rapid recovery. Michael has pushed forward these initiatives in his own organizations as well as across the Michael is an alumnus of Arizona State University with a B.S. in Mathematics and a B.A. in\nEducation,CISSP, Certified Election Official (CEO) and Certified Public Manager (CPM).Elections community.
\n\nSpeakerBio: Nate Young
\nNate Young is the Chief Information Officer at the Maricopa County Recorders & Elections departments. Nate has worked with Maricopa County since 2018 and is current responsible for the County Document Recordation functions and Elections Technology operation processes. Nate actively participates in Elections and Technology committees and helped represent the County during the Arizona Senate Audit of the 2020 Presidential Election by the Cyber Ninjas.
\n\nSpeakerBio: Jake Braun
\nJake Braun was appointed by President Joseph Biden as Senior Advisor to the Department of Homeland Security in February of 2021 where he focuses on Management issues. He is also a lecturer at the University of Chicago Harris School of Public Policy. He works at the center of politics, technology and national security to advance the field of cyber policy. He is the author of Democracy in Danger: How Hackers and Activists Exposed Fatal Flaws in the Election System and has co-authored two award-winning and seminal works on election infrastructure cyber vulnerabilities. Mr. Braun has worked extensively on national security and finance issues throughout the U.S., Europe, Asia, Africa, Middle East and Latin America. Prior to joining the University of Chicago Harris School of Public Policy faculty and Cambridge Global Advisers, Mr. Braun was appointed by President Obama as White House Liaison to the Department of Homeland Security (DHS) where he oversaw some of the most high profile public engagements executed at DHS. He was instrumental in the effort to gain passage in the European Parliament of the largest big data sharing agreement in history between the United States and the European Union. In addition, he designed and implemented a program to modernize the DHS cybersecurity workforce. Mr. Braun also oversaw stakeholder crisis communications for the White House during the 2010 Deep Water Horizon Gulf Oil Spill.Prior to his tenure as White House Liaison, Mr. Braun served on the Presidential Transition Team for the Obama Administration as Deputy Director for the National Security Agencies Review. In this capacity he oversaw agency review programs for all national security agencies including the State Department, DOD, DHS, CIA, USAID, etc. and guided policy assessments from their inception to the President-Elect’s desk. Mr. Braun also designs and implements political campaigns in the U.S., Asia, Africa, Latin America and Europe. Before coming to Washington, Mr. Braun served as the National Deputy Field Director to the 2008 Obama for America Campaign, overseeing an effort that utilized the most sophisticated grassroots, social media and data analysis available.In addition to his role at Harris, Mr. Braun is co-founder of the DEF CON Voting Machine Hacking Village, in the President’s Circle on the Chicago Council on Global Affairs, and a strategic advisor to the Department of Homeland Security and the Pentagon on cybersecurity. DEF CON is the largest hacker conference in the world and in cooperation with them he has co-authored two fundamental and critically acclaimed reports on election infrastructure cyber vulnerabilities, The DEF CON 25 and 26 Voting Village Reports.
\n\nSpeakerBio: Derek DelGaudio
\nNo BIO available
\nSpeakerBio: Kendall Spencer
\nKendall Spencer wears a variety of interesting hats on a day to day basis. As a professional athlete, he’s represented the United States in competition globally. But he is also the first black antique and rare book dealer in the US. Specializing in American history, he uses his experiences in the book trade to address how we might learn from history and restore democracy. Currently he is a lawyer at Ropes & Gray LLP, where he specializes in technology, cybersecurity, and corporate transactions.
\n\n\n\'',NULL,617845),('3_Saturday','20','20:00','23:59','N','SOC','Other / See Description','\'AIV + BTV Pool Party featuring DUNK-A-FED\'','\'\'','SOC_ca5e54819fe5b5fe29691a9caee72483','\'Title: AIV + BTV Pool Party featuring DUNK-A-FED
\nWhen: Saturday, Aug 10, 20:00 - 23:59 PDT
\nWhere: Other / See Description
\n
\nDescription:
\nThe AI Village and Blue Team Village Pool Party will feature free tacos, cash bars, sponsor cabanas, with entertainment by DJ R.O.C.K.M.A.N. and \"Dunk A Fed\" benefitting Blacks in Cyber and Women in Security and Privacy. Sahara Azilo Pool, Saturday, August 10, 8pm to midnight. DEF CON badge required for entry. All ages. Visit Blacks In Cyber Village or WISP at DEF CON for your Dunk A Fed raffle ticket.
\n\n\'',NULL,617846),('3_Saturday','21','20:00','23:59','Y','SOC','Other / See Description','\'AIV + BTV Pool Party featuring DUNK-A-FED\'','\'\'','SOC_ca5e54819fe5b5fe29691a9caee72483','\'\'',NULL,617847),('3_Saturday','22','20:00','23:59','Y','SOC','Other / See Description','\'AIV + BTV Pool Party featuring DUNK-A-FED\'','\'\'','SOC_ca5e54819fe5b5fe29691a9caee72483','\'\'',NULL,617848),('3_Saturday','23','20:00','23:59','Y','SOC','Other / See Description','\'AIV + BTV Pool Party featuring DUNK-A-FED\'','\'\'','SOC_ca5e54819fe5b5fe29691a9caee72483','\'\'',NULL,617849),('2_Friday','14','14:30','15:30','N','BTV','LVCC West/Floor 3/W311-W313','\'BTV Conversations: Exploring the Cyberpsychology of Cyber Defender Acceptance Behaviors and Personality Traits\'','\'Todd Fletcher\'','BTV_0b1998a697825d5140d2012d6eb0b3e7','\'Title: BTV Conversations: Exploring the Cyberpsychology of Cyber Defender Acceptance Behaviors and Personality Traits
\nWhen: Friday, Aug 9, 14:30 - 15:30 PDT
\nWhere: LVCC West/Floor 3/W311-W313 - Map
\n
\nDescription:
\nBTV Conversations explores creative, personal, or cutting-edge Blue Team topics in an interactive, conversational format.
\n\nTodd Fletcher will introduce listeners to the topic of cyberpsychology. This discussion investigates the psychological and ethical dimensions influencing cybersecurity practitioners\' behaviors towards cyber defense, utilizing Q-Methodology to elucidate diverse motivations and ethical perspectives within the community. The connected study involves participants sorting statements reflecting their views on cybersecurity, providing insights into common typologies and perspectives. Findings aim to inform nuanced cybersecurity strategies that prioritize both security and practitioners\' mental well-being, adhering to strict ethical standards. This research contributes significantly to Cyberpsychology, enhancing understanding and practical approaches to contemporary cybersecurity challenges.
\n\nSpeakerBio: Todd Fletcher, Principal Consultant at CrowdStrike
\nWith over 25 years of experience in IT leadership, network, application, and security engineering, I am a Principal Consultant at CrowdStrike, a leading provider of cloud-native endpoint and workload protection solutions. I hold a Master of Science in Cybersecurity and Information Assurance, and a Certified Information Systems Security Professional (CISSP) credential.
\n\nAs a consultant, I assist information security teams from various sectors to assess their security posture, and develop plans to close security gaps while achieving technical and executive success. I am skilled in agile project management, systems automation, SIEM, SOAR, penetration tools, and security program development based on the NIST and other frameworks. I have also conducted cloud security and automation with Azure DevSecOps.
\n\nBesides my consulting role, I am pursuing a PhD in cyberpsychology at Birmingham City University, where I explore the psychological aspects of cybersecurity, such as user behavior, motivation, trust, and risk perception. I am passionate about pushing the boundaries of how to drive successful security initiatives from both a technical and psychological perspective with organizations across many industries.
\n\n\n\'',NULL,617850),('2_Friday','15','14:30','15:30','Y','BTV','LVCC West/Floor 3/W311-W313','\'BTV Conversations: Exploring the Cyberpsychology of Cyber Defender Acceptance Behaviors and Personality Traits\'','\'Todd Fletcher\'','BTV_0b1998a697825d5140d2012d6eb0b3e7','\'\'',NULL,617851),('2_Friday','15','15:30','16:30','N','BTV','LVCC West/Floor 3/W311-W313','\'BTV Conversations: Touch Grass to Combat Burnout\'','\'CtrlAltFu\'','BTV_4bc888c660304d78b5a72d318458338b','\'Title: BTV Conversations: Touch Grass to Combat Burnout
\nWhen: Friday, Aug 9, 15:30 - 16:30 PDT
\nWhere: LVCC West/Floor 3/W311-W313 - Map
\n
\nDescription:
\nBTV Conversations explores creative, personal, or cutting-edge Blue Team topics in an interactive, conversational format.
\n\nCtrlAltFu will share personal experiences combatting work stress and burnout through physical activity, and invite a conversation about others’ experiences and strategies to combat burnout.
\n\nSpeakerBio: CtrlAltFu
\nNo BIO available
\n\n\'',NULL,617852),('2_Friday','16','15:30','16:30','Y','BTV','LVCC West/Floor 3/W311-W313','\'BTV Conversations: Touch Grass to Combat Burnout\'','\'CtrlAltFu\'','BTV_4bc888c660304d78b5a72d318458338b','\'\'',NULL,617853),('4_Sunday','10','10:00','11:59','N','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Correlating slow & stealthy APT traces hiding in the sheer noise\'','\'Ezz Tahoun\'','ADV_d1c3d4f2273d07e5de8b69608e182de8','\'Title: Correlating slow & stealthy APT traces hiding in the sheer noise
\nWhen: Sunday, Aug 11, 10:00 - 11:59 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area - Map
\n
\nDescription:
\n\n\nSpeakerBio: Ezz Tahoun
\nEzz Tahoun, a distinguished cyber-security data scientist, who won AI & innovation awards at Yale, Princeton and Northwestern. He also got innovation awards from Canada’s Communications Security Establishment, Microsoft US, Trustwave US, PIA US, NATO, and more. He ran data science innovation programs and projects for OrangeCyber Defense, Forescout Technologies, Royal bank of Canada, Governments, and Huawei Technologies US. He has published 20 papers, countless articles and 15 open source projects in the domain. When he was 19 years old he started his CS PhD in one of the top 5 labs in the world for cyber & AI, in the prestigious University of Waterloo, where he published numerous papers and became a reviewer for top conferences. His designations include: SANS/GIAC-Advisory-Board, aCCISO, CISM, CRISC, GCIH, GFACT, GSEC, CEH, GCP-Professional-Cloud-Architect, PMP, BENG and MMATH. He was an adjunct professor of cyber defense and warfare at Toronto’s school of management.
\n\n\n\'',NULL,617854),('4_Sunday','11','10:00','11:59','Y','ADV','LVCC West/Floor 1/Hall 4/HW4-03-05/ADV Hands-on Area','\'Correlating slow & stealthy APT traces hiding in the sheer noise\'','\'Ezz Tahoun\'','ADV_d1c3d4f2273d07e5de8b69608e182de8','\'\'',NULL,617855),('2_Friday','12','12:00','12:45','N','MISC','LVCC West/Floor 2/W213-W214','\'Bridging the Gap: How the American Legion Provides Veterans with a Sense of Belonging and Support\'','\'Chris Davis\'','MISC_894a3530941862332e3f6d8a263867bb','\'Title: Bridging the Gap: How the American Legion Provides Veterans with a Sense of Belonging and Support
\nWhen: Friday, Aug 9, 12:00 - 12:45 PDT
\nWhere: LVCC West/Floor 2/W213-W214 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Chris Davis
\nNo BIO available
\n\n\'',NULL,617856),('2_Friday','13','13:00','13:45','N','MISC','LVCC West/Floor 2/W213-W214','\'No CTF? No Problem! Leveraging Alternate Reality Games to Develop OSINT and Cryptography Skills\'','\'John \"2PAC\" Smithberger\'','MISC_78489a4c07067869aeb589cedb00db40','\'Title: No CTF? No Problem! Leveraging Alternate Reality Games to Develop OSINT and Cryptography Skills
\nWhen: Friday, Aug 9, 13:00 - 13:45 PDT
\nWhere: LVCC West/Floor 2/W213-W214 - Map
\n
\nDescription:
\n\n\nSpeakerBio: John \"2PAC\" Smithberger
\nNo BIO available
\n\n\'',NULL,617857),('2_Friday','14','14:00','14:45','N','MISC','LVCC West/Floor 2/W213-W214','\'Book Signing: Visual Threat Intelligence: An Illustrated Guide for Threat Researchers\'','\'Thomas Roccia\'','MISC_73a210098ba4cd684d3100bb3ff2ab13','\'Title: Book Signing: Visual Threat Intelligence: An Illustrated Guide for Threat Researchers
\nWhen: Friday, Aug 9, 14:00 - 14:45 PDT
\nWhere: LVCC West/Floor 2/W213-W214 - Map
\n
\nDescription:
\nThe first 35 Veterans can receive a free autographed vopy of Mr Roccia\'s new book, Visual Threat Intelligence: An Illustrated Guide for Threat Researchers, courtesy of VETCON.
\n\nSpeakerBio: Thomas Roccia, Senior Security Researcher at Microsoft
\nThomas Roccia is working as a Senior Security Researcher at Microsoft and works on malware research, generative AI and threat intelligence. In addition to his work at Microsoft, Thomas also runs SecurityBreak, an online platform where he showcases his latest projects and research findings.
\n\nThomas has travelled the world to manage critical outbreaks and has been on the front lines of some of the most well-known threats. He has tracked cybercrime and nation-state campaigns and has worked closely with law enforcement agencies.
\n\nIn addition to his professional work, Thomas is a regular speaker at security conferences and is committed to contributing to the open-source community through various projects. He runs the Unprotect Project, an open malware evasion techniques database, since 2015. He is also the author of the book Visual Threat Intelligence, an illustrated guide for threat researchers. Thomas\'s work has been quoted by multiple media outlets around the world.
\n\n\n\'',NULL,617858),('2_Friday','15','15:00','15:45','N','MISC','LVCC West/Floor 2/W213-W214','\'Generative AI vs Crusty NCO\'','\'Col Travis Hartman\'','MISC_3954e596c6f07ff5e3ebca880818f4b0','\'Title: Generative AI vs Crusty NCO
\nWhen: Friday, Aug 9, 15:00 - 15:45 PDT
\nWhere: LVCC West/Floor 2/W213-W214 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Col Travis Hartman
\nNo BIO available
\n\n\'',NULL,617859),('3_Saturday','12','12:00','12:45','N','MISC','LVCC West/Floor 2/W213-W214','\'3D Printing My Way to Sanity: The Self-Funding Hobby That Changed Everything\'','\'Steve Dossey\'','MISC_ba082380da56d54ae3e475b1fab1ff21','\'Title: 3D Printing My Way to Sanity: The Self-Funding Hobby That Changed Everything
\nWhen: Saturday, Aug 10, 12:00 - 12:45 PDT
\nWhere: LVCC West/Floor 2/W213-W214 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Steve Dossey
\nNo BIO available
\n\n\'',NULL,617860),('3_Saturday','13','13:00','13:45','N','MISC','LVCC West/Floor 2/W213-W214','\'Don\'t go too far… your job is not done!\'','\'Chris Cleary\'','MISC_c367f9ab99314718dccea8e06dac7d9e','\'Title: Don\'t go too far… your job is not done!
\nWhen: Saturday, Aug 10, 13:00 - 13:45 PDT
\nWhere: LVCC West/Floor 2/W213-W214 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Chris Cleary
\nNo BIO available
\n\n\'',NULL,617861),('3_Saturday','14','14:00','14:45','N','MISC','LVCC West/Floor 2/W213-W214','\'Navigating Bureaucracy: Strategies for a Post-Military Career Encore\'','\'Nia Luckey\'','MISC_7f49feabc928dd91af3c8f711d87f87c','\'Title: Navigating Bureaucracy: Strategies for a Post-Military Career Encore
\nWhen: Saturday, Aug 10, 14:00 - 14:45 PDT
\nWhere: LVCC West/Floor 2/W213-W214 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Nia Luckey
\nNo BIO available
\n\n\'',NULL,617862),('3_Saturday','15','15:00','15:45','N','MISC','LVCC West/Floor 2/W213-W214','\'Cybersecurity for Veterans: Bridging the Gap from Military to Civilian Careers\'','\'Matt James\'','MISC_1c1eb2cd794bd881ff61565c3fbe4199','\'Title: Cybersecurity for Veterans: Bridging the Gap from Military to Civilian Careers
\nWhen: Saturday, Aug 10, 15:00 - 15:45 PDT
\nWhere: LVCC West/Floor 2/W213-W214 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Matt James
\nNo BIO available
\n\n\'',NULL,617863),('2_Friday','13','13:00','14:59','N','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2','\'Q&A With OWASP\'','\'\'','APV_91907a0505de658355bc7d1a56a8c5ce','\'Title: Q&A With OWASP
\nWhen: Friday, Aug 9, 13:00 - 14:59 PDT
\nWhere: LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2 - Map
\n
\nDescription:
\n\n\n\'',NULL,617864),('2_Friday','14','13:00','14:59','Y','APV','LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2','\'Q&A With OWASP\'','\'\'','APV_91907a0505de658355bc7d1a56a8c5ce','\'\'',NULL,617865),('2_Friday','11','11:30','17:30','N','MISC','LVCC West/Floor 1/Hall 4/HW4-04-04','\'Book Signings\'','\'\'','MISC_a53b8d20728b52a068d44a79ce4d6ba8','\'Title: Book Signings
\nWhen: Friday, Aug 9, 11:30 - 17:30 PDT
\nWhere: LVCC West/Floor 1/Hall 4/HW4-04-04 - Map
\n
\nDescription:
\nBook Signing Schedule
\n\nFriday, August 9\n11:30 a.m. Tim Arnold, Black Hat Python, 2nd Edition\n12:00 p.m. Jack Rhysider from Darknet Diaries\n12:30 p.m. James Forshaw, Windows Security Internals \n1:30 p.m. Nick Aleks, Black Hat Bash [DEF CON edition] and Black Hat GraphQL\n2:30 p.m. Jim O\'Gorman and Daniel Graham, Metasploit, 2nd Edition [DEF CON edition]\n3:30 p.m. Corey Ball, Hacking APIs\n4:30 p.m. Elonka Dunin and Klaus Schmeh, Codebreaking
\n\nSaturday, August 10\n10:30 a.m. Travis Goodspeed, Microcontroller Exploitsand PoC||GTFO, Volumes 1, 2, and 3\n12:30 p.m. Micah Lee, Hacks, Leaks, and Revelations\n1:30 p.m. Jon DiMaggio, The Art of Cyberwarfare \n2:30 p.m. Matt Burrough and Jos Weyers, Locksport\n3:30 p.m. Chris Eagle and Kara Nance, The Ghidra Book\n4:30 p.m. Alex Matrosov, Rootkits and Bootkits
\n\nSunday, August 11\n11:30 a.m. Beau Woods, Fotios Chantzis, and Paulino Calderon, Practical IoT Hacking
\n\n\'',NULL,617866),('2_Friday','12','11:30','17:30','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-04','\'Book Signings\'','\'\'','MISC_a53b8d20728b52a068d44a79ce4d6ba8','\'\'',NULL,617867),('2_Friday','13','11:30','17:30','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-04','\'Book Signings\'','\'\'','MISC_a53b8d20728b52a068d44a79ce4d6ba8','\'\'',NULL,617868),('2_Friday','14','11:30','17:30','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-04','\'Book Signings\'','\'\'','MISC_a53b8d20728b52a068d44a79ce4d6ba8','\'\'',NULL,617869),('2_Friday','15','11:30','17:30','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-04','\'Book Signings\'','\'\'','MISC_a53b8d20728b52a068d44a79ce4d6ba8','\'\'',NULL,617870),('2_Friday','16','11:30','17:30','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-04','\'Book Signings\'','\'\'','MISC_a53b8d20728b52a068d44a79ce4d6ba8','\'\'',NULL,617871),('2_Friday','17','11:30','17:30','Y','MISC','LVCC West/Floor 1/Hall 4/HW4-04-04','\'Book Signings\'','\'\'','MISC_a53b8d20728b52a068d44a79ce4d6ba8','\'\'',NULL,617872),('2_Friday','15','15:00','15:30','N','CPV','LVCC West/Floor 1/Hall 2/HW2-09-02','\'Basic Mobile Phone Privacy\'','\'Grey Fox\'','CPV_b97254d4d8e2a7d76e740cb6884529be','\'Title: Basic Mobile Phone Privacy
\nWhen: Friday, Aug 9, 15:00 - 15:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-02 - Map
\n
\nDescription:
\nCurious about mobile phone privacy? Come on over for this workshop with lots of direct Q&A!
\n\nSpeakerBio: Grey Fox
\nGrey Fox, the callsign assigned to him by a DHS colleague, recently retired from the U.S. military after 20 years of service as an intelligence analyst, language analyst, digital network intelligence targeter, cyberspace mission leader, and digital defense education program leader. Having deployed eight times supporting front line combat teams, his experience ranges from offensive cyberspace operations planning and execution to military information support operations. Along the way, Grey Fox acquired multiple creds, including GCTI, GASF, GAWN, and CWNA. He currently instructs Digital OPSEC at the U.S. Army Security Cooperation Officer course and the U.S. Air Force Research Lab, as well as SDR foundations and Wi-Fi hacking at the U.S. Army Signal School.
\n\n\n\'',NULL,617873),('3_Saturday','12','12:30','12:59','N','CPV','LVCC West/Floor 1/Hall 2/HW2-09-02','\'Basic Mobile Phone Privacy\'','\'Grey Fox\'','CPV_9de2ee132c9721da825c2a74c872fdb0','\'Title: Basic Mobile Phone Privacy
\nWhen: Saturday, Aug 10, 12:30 - 12:59 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-09-02 - Map
\n
\nDescription:
\nCurious about mobile phone privacy? Come on over for this workshop with lots of direct Q&A!
\n\nSpeakerBio: Grey Fox
\nGrey Fox, the callsign assigned to him by a DHS colleague, recently retired from the U.S. military after 20 years of service as an intelligence analyst, language analyst, digital network intelligence targeter, cyberspace mission leader, and digital defense education program leader. Having deployed eight times supporting front line combat teams, his experience ranges from offensive cyberspace operations planning and execution to military information support operations. Along the way, Grey Fox acquired multiple creds, including GCTI, GASF, GAWN, and CWNA. He currently instructs Digital OPSEC at the U.S. Army Security Cooperation Officer course and the U.S. Air Force Research Lab, as well as SDR foundations and Wi-Fi hacking at the U.S. Army Signal School.
\n\n\n\'',NULL,617874),('3_Saturday','13','13:00','13:30','N','PSV','LVCC West/Floor 1/Hall 2/HW2-08-03','\'Smart Shopping Cart Wheels - How they Work\'','\'Joseph\'','PSV_9daa8f35abd647111f7d5877f06d3733','\'Title: Smart Shopping Cart Wheels - How they Work
\nWhen: Saturday, Aug 10, 13:00 - 13:30 PDT
\nWhere: LVCC West/Floor 1/Hall 2/HW2-08-03 - Map
\n
\nDescription:
\nThis talk covers the systems used to physically restrict the motion of shopping carts by locking one or more of their wheels. Topics cover what they are, how they work, and methods to bypass them.
\n\nSpeakerBio: Joseph
\nJoseph is a robotics engineer turned hacker, who takes apart smart shopping cart wheels to see how they work.
\n\n\n\'',NULL,617875),('3_Saturday','11','11:30','12:30','N','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'AMA on Proxmark3 with Iceman\'','\'Iceman\'','RFV_b842e5aca56fef4ef7fe8b0b65439659','\'Title: AMA on Proxmark3 with Iceman
\nWhen: Saturday, Aug 10, 11:30 - 12:30 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-05-03 - Map
\n
\nDescription:
\n\n\nSpeakerBio: Iceman
\nNo BIO available
\n\n\'',NULL,617876),('3_Saturday','12','11:30','12:30','Y','RFV','LVCC West/Floor 1/Hall 3/HW3-05-03','\'AMA on Proxmark3 with Iceman\'','\'Iceman\'','RFV_b842e5aca56fef4ef7fe8b0b65439659','\'\'',NULL,617877),('3_Saturday','16','16:30','17:59','N','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Quantum Village Bloch Party!\'','\'\'','QTV_50c84977ce061ea67d3cb7115552ce0b','\'Title: Quantum Village Bloch Party!
\nWhen: Saturday, Aug 10, 16:30 - 17:59 PDT
\nWhere: LVCC West/Floor 1/Hall 3/HW3-06-01 - Map
\n
\nDescription:
\nJoin us for our first Bloch Party and find out anything you have wanted to know about Quantum Tech & Hacking and why it\'s a Bloch Party, not Block Party. At the same time join us for another round of our Oxford Union-style fun debates @ DEF CON!
\n\n\'',NULL,617878),('3_Saturday','17','16:30','17:59','Y','QTV','LVCC West/Floor 1/Hall 3/HW3-06-01','\'Quantum Village Bloch Party!\'','\'\'','QTV_50c84977ce061ea67d3cb7115552ce0b','\'\'',NULL,617879),('3_Saturday','14','14:00','14:30','N','HRV','LVCC West/Floor 3/W321','\'Low Power & Long Range Communications - QRP\'','\'Escobar\'','HRV_820185c465f3bdefe30aef732a5656a4','\'Title: Low Power & Long Range Communications - QRP
\nWhen: Saturday, Aug 10, 14:00 - 14:30 PDT
\nWhere: LVCC West/Floor 3/W321 - Map
\n
\nDescription:
\nIn this talk we\'ll cover just how far you can communicate on less power than your phone uses to charge. How to tx over the horizon and how to power it all.
\n\nSpeakerBio: Escobar
\nEric is a seasoned penetration tester by day an amateur extra by night (W6WD).
\n\n\n\'',NULL,617880);
/*!40000 ALTER TABLE `events` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `map_matrix`
--
DROP TABLE IF EXISTS `map_matrix`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `map_matrix` (
`id` int NOT NULL AUTO_INCREMENT,
`image` enum('none','DC32_LV_CloseupLocations','DC32_LV_Overview','LVCCW_Level1_Full','LVCCW_Level1_Hall1','LVCCW_Level1_Hall2','LVCCW_Level1_Hall3','LVCCW_Level1_Hall4','LVCCW_Level1_North','LVCCW_Level1_RegHDA','LVCCW_Level1_South','LVCCW_Level2_East','LVCCW_Level2_Full','LVCCW_Level2_North','LVCCW_Level2_West','LVCCW_Level3_Full','LVCCW_Level3_North','LVCCW_Level3_South','Sahara_Full','Springhill_Full') CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
`left_image` enum('none','DC32_LV_CloseupLocations','DC32_LV_Overview','LVCCW_Level1_Full','LVCCW_Level1_Hall1','LVCCW_Level1_Hall2','LVCCW_Level1_Hall3','LVCCW_Level1_Hall4','LVCCW_Level1_North','LVCCW_Level1_RegHDA','LVCCW_Level1_South','LVCCW_Level2_East','LVCCW_Level2_Full','LVCCW_Level2_North','LVCCW_Level2_West','LVCCW_Level3_Full','LVCCW_Level3_North','LVCCW_Level3_South','Sahara_Full','Springhill_Full') CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
`up_left_image` enum('none','DC32_LV_CloseupLocations','DC32_LV_Overview','LVCCW_Level1_Full','LVCCW_Level1_Hall1','LVCCW_Level1_Hall2','LVCCW_Level1_Hall3','LVCCW_Level1_Hall4','LVCCW_Level1_North','LVCCW_Level1_RegHDA','LVCCW_Level1_South','LVCCW_Level2_East','LVCCW_Level2_Full','LVCCW_Level2_North','LVCCW_Level2_West','LVCCW_Level3_Full','LVCCW_Level3_North','LVCCW_Level3_South','Sahara_Full','Springhill_Full') CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
`up_image` enum('none','DC32_LV_CloseupLocations','DC32_LV_Overview','LVCCW_Level1_Full','LVCCW_Level1_Hall1','LVCCW_Level1_Hall2','LVCCW_Level1_Hall3','LVCCW_Level1_Hall4','LVCCW_Level1_North','LVCCW_Level1_RegHDA','LVCCW_Level1_South','LVCCW_Level2_East','LVCCW_Level2_Full','LVCCW_Level2_North','LVCCW_Level2_West','LVCCW_Level3_Full','LVCCW_Level3_North','LVCCW_Level3_South','Sahara_Full','Springhill_Full') CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
`up_right_image` enum('none','DC32_LV_CloseupLocations','DC32_LV_Overview','LVCCW_Level1_Full','LVCCW_Level1_Hall1','LVCCW_Level1_Hall2','LVCCW_Level1_Hall3','LVCCW_Level1_Hall4','LVCCW_Level1_North','LVCCW_Level1_RegHDA','LVCCW_Level1_South','LVCCW_Level2_East','LVCCW_Level2_Full','LVCCW_Level2_North','LVCCW_Level2_West','LVCCW_Level3_Full','LVCCW_Level3_North','LVCCW_Level3_South','Sahara_Full','Springhill_Full') CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
`right_image` enum('none','DC32_LV_CloseupLocations','DC32_LV_Overview','LVCCW_Level1_Full','LVCCW_Level1_Hall1','LVCCW_Level1_Hall2','LVCCW_Level1_Hall3','LVCCW_Level1_Hall4','LVCCW_Level1_North','LVCCW_Level1_RegHDA','LVCCW_Level1_South','LVCCW_Level2_East','LVCCW_Level2_Full','LVCCW_Level2_North','LVCCW_Level2_West','LVCCW_Level3_Full','LVCCW_Level3_North','LVCCW_Level3_South','Sahara_Full','Springhill_Full') CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
`down_right_image` enum('none','DC32_LV_CloseupLocations','DC32_LV_Overview','LVCCW_Level1_Full','LVCCW_Level1_Hall1','LVCCW_Level1_Hall2','LVCCW_Level1_Hall3','LVCCW_Level1_Hall4','LVCCW_Level1_North','LVCCW_Level1_RegHDA','LVCCW_Level1_South','LVCCW_Level2_East','LVCCW_Level2_Full','LVCCW_Level2_North','LVCCW_Level2_West','LVCCW_Level3_Full','LVCCW_Level3_North','LVCCW_Level3_South','Sahara_Full','Springhill_Full') CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
`down_image` enum('none','DC32_LV_CloseupLocations','DC32_LV_Overview','LVCCW_Level1_Full','LVCCW_Level1_Hall1','LVCCW_Level1_Hall2','LVCCW_Level1_Hall3','LVCCW_Level1_Hall4','LVCCW_Level1_North','LVCCW_Level1_RegHDA','LVCCW_Level1_South','LVCCW_Level2_East','LVCCW_Level2_Full','LVCCW_Level2_North','LVCCW_Level2_West','LVCCW_Level3_Full','LVCCW_Level3_North','LVCCW_Level3_South','Sahara_Full','Springhill_Full') CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
`down_left_image` enum('none','DC32_LV_CloseupLocations','DC32_LV_Overview','LVCCW_Level1_Full','LVCCW_Level1_Hall1','LVCCW_Level1_Hall2','LVCCW_Level1_Hall3','LVCCW_Level1_Hall4','LVCCW_Level1_North','LVCCW_Level1_RegHDA','LVCCW_Level1_South','LVCCW_Level2_East','LVCCW_Level2_Full','LVCCW_Level2_North','LVCCW_Level2_West','LVCCW_Level3_Full','LVCCW_Level3_North','LVCCW_Level3_South','Sahara_Full','Springhill_Full') CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
`plus_image` enum('none','DC32_LV_CloseupLocations','DC32_LV_Overview','LVCCW_Level1_Full','LVCCW_Level1_Hall1','LVCCW_Level1_Hall2','LVCCW_Level1_Hall3','LVCCW_Level1_Hall4','LVCCW_Level1_North','LVCCW_Level1_RegHDA','LVCCW_Level1_South','LVCCW_Level2_East','LVCCW_Level2_Full','LVCCW_Level2_North','LVCCW_Level2_West','LVCCW_Level3_Full','LVCCW_Level3_North','LVCCW_Level3_South','Sahara_Full','Springhill_Full') CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
`minus_image` enum('none','DC32_LV_CloseupLocations','DC32_LV_Overview','LVCCW_Level1_Full','LVCCW_Level1_Hall1','LVCCW_Level1_Hall2','LVCCW_Level1_Hall3','LVCCW_Level1_Hall4','LVCCW_Level1_North','LVCCW_Level1_RegHDA','LVCCW_Level1_South','LVCCW_Level2_East','LVCCW_Level2_Full','LVCCW_Level2_North','LVCCW_Level2_West','LVCCW_Level3_Full','LVCCW_Level3_North','LVCCW_Level3_South','Sahara_Full','Springhill_Full') CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
`floor_up_image` enum('none','DC32_LV_CloseupLocations','DC32_LV_Overview','LVCCW_Level1_Full','LVCCW_Level1_Hall1','LVCCW_Level1_Hall2','LVCCW_Level1_Hall3','LVCCW_Level1_Hall4','LVCCW_Level1_North','LVCCW_Level1_RegHDA','LVCCW_Level1_South','LVCCW_Level2_East','LVCCW_Level2_Full','LVCCW_Level2_North','LVCCW_Level2_West','LVCCW_Level3_Full','LVCCW_Level3_North','LVCCW_Level3_South','Sahara_Full','Springhill_Full') NOT NULL,
`floor_down_image` enum('none','DC32_LV_CloseupLocations','DC32_LV_Overview','LVCCW_Level1_Full','LVCCW_Level1_Hall1','LVCCW_Level1_Hall2','LVCCW_Level1_Hall3','LVCCW_Level1_Hall4','LVCCW_Level1_North','LVCCW_Level1_RegHDA','LVCCW_Level1_South','LVCCW_Level2_East','LVCCW_Level2_Full','LVCCW_Level2_North','LVCCW_Level2_West','LVCCW_Level3_Full','LVCCW_Level3_North','LVCCW_Level3_South','Sahara_Full','Springhill_Full') NOT NULL,
`bar_side` enum('left','bottom') NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=20 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `map_matrix`
--
LOCK TABLES `map_matrix` WRITE;
/*!40000 ALTER TABLE `map_matrix` DISABLE KEYS */;
INSERT INTO `map_matrix` VALUES (1,'DC32_LV_Overview','none','none','none','none','none','none','none','none','DC32_LV_CloseupLocations','none','none','none','left'),(2,'DC32_LV_CloseupLocations','LVCCW_Level1_Full','none','Sahara_Full','none','Springhill_Full','none','none','none','LVCCW_Level1_Full','DC32_LV_Overview','none','none','left'),(3,'Springhill_Full','LVCCW_Level1_Full','Sahara_Full','none','none','none','none','none','none','none','DC32_LV_Overview','none','none','left'),(4,'Sahara_Full','none','none','none','none','none','Springhill_Full','LVCCW_Level1_Full','none','none','DC32_LV_Overview','none','none','bottom'),(5,'LVCCW_Level1_Full','none','none','Sahara_Full','none','Springhill_Full','none','none','none','LVCCW_Level1_South','DC32_LV_CloseupLocations','LVCCW_Level2_Full','none','left'),(6,'LVCCW_Level1_North','none','none','none','none','none','none','LVCCW_Level1_South','none','LVCCW_Level1_Hall4','LVCCW_Level1_Full','LVCCW_Level2_Full','none','bottom'),(7,'LVCCW_Level1_South','none','none','LVCCW_Level1_North','none','none','none','none','none','LVCCW_Level1_RegHDA','LVCCW_Level1_Full','LVCCW_Level2_Full','none','bottom'),(8,'LVCCW_Level1_RegHDA','none','none','LVCCW_Level1_Hall4','LVCCW_Level1_Hall3','LVCCW_Level1_Hall1','none','none','none','none','LVCCW_Level1_South','LVCCW_Level2_West','none','bottom'),(9,'LVCCW_Level1_Hall1','LVCCW_Level1_RegHDA','none','LVCCW_Level1_Hall2','none','none','none','none','none','none','LVCCW_Level1_South','LVCCW_Level2_Full','none','bottom'),(10,'LVCCW_Level1_Hall2','LVCCW_Level1_RegHDA','none','LVCCW_Level1_Hall3','none','none','none','LVCCW_Level1_Hall1','none','none','LVCCW_Level1_South','LVCCW_Level2_Full','none','bottom'),(11,'LVCCW_Level1_Hall3','none','none','LVCCW_Level1_Hall4','none','none','none','LVCCW_Level1_Hall2','LVCCW_Level1_RegHDA','none','LVCCW_Level1_North','LVCCW_Level2_Full','none','bottom'),(12,'LVCCW_Level1_Hall4','none','none','none','none','none','none','LVCCW_Level1_Hall3','LVCCW_Level1_RegHDA','none','LVCCW_Level1_North','LVCCW_Level2_Full','none','bottom'),(13,'LVCCW_Level3_Full','none','none','none','none','none','none','none','none','LVCCW_Level3_North','LVCCW_Level1_Full','none','LVCCW_Level2_Full','left'),(14,'LVCCW_Level2_Full','none','none','none','none','none','none','none','none','LVCCW_Level2_North','LVCCW_Level1_Full','LVCCW_Level3_Full','LVCCW_Level1_RegHDA','left'),(15,'LVCCW_Level3_North','none','none','none','none','none','none','LVCCW_Level3_South','none','none','LVCCW_Level3_Full','none','LVCCW_Level2_North','bottom'),(16,'LVCCW_Level3_South','none','none','LVCCW_Level3_North','none','none','none','none','none','none','LVCCW_Level3_Full','none','LVCCW_Level2_West','bottom'),(17,'LVCCW_Level2_North','none','none','none','none','none','LVCCW_Level2_East','none','LVCCW_Level2_West','none','LVCCW_Level2_Full','LVCCW_Level3_North','LVCCW_Level1_RegHDA','left'),(18,'LVCCW_Level2_East','LVCCW_Level2_West','LVCCW_Level2_North','none','none','none','none','none','none','none','LVCCW_Level2_Full','LVCCW_Level3_South','LVCCW_Level1_RegHDA','left'),(19,'LVCCW_Level2_West','none','none','none','LVCCW_Level2_North','LVCCW_Level2_East','none','none','none','none','LVCCW_Level2_Full','LVCCW_Level3_South','LVCCW_Level1_RegHDA','bottom');
/*!40000 ALTER TABLE `map_matrix` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `pages`
--
DROP TABLE IF EXISTS `pages`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `pages` (
`id` int NOT NULL AUTO_INCREMENT,
`name` varchar(200) NOT NULL,
`pagetype` enum('communities','contests','demolabs','exhibitors','pge','training','vendors','workshops') DEFAULT NULL,
`description` text NOT NULL,
`imageurl` varchar(300) NOT NULL,
`imagename` varchar(200) NOT NULL,
`forumpage` varchar(200) NOT NULL,
`forumarticle` varchar(200) NOT NULL,
`linkname` varchar(200) NOT NULL,
`linkurl` varchar(300) NOT NULL,
`orgas_id` int NOT NULL,
`location` varchar(300) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL,
PRIMARY KEY (`id`),
KEY `pagetype` (`pagetype`),
KEY `orgas_id` (`orgas_id`)
) ENGINE=InnoDB AUTO_INCREMENT=42941 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_0900_ai_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `pages`
--
LOCK TABLES `pages` WRITE;
/*!40000 ALTER TABLE `pages` DISABLE KEYS */;
INSERT INTO `pages` VALUES (42623,'\'SOK\'','vendors','\'\'','NULL','NULL','','','','',40633,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-04-04\''),(42624,'\'Hackers for Charity\'','vendors','\'\'','NULL','NULL','','','','',40634,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-04-04\''),(42625,'\'Scam Stuff\'','vendors','\'Brian Brushwood, host of National Geographic\'s Hacking the System, Discovery\'s Scam School, The Modern Rogue on YouTube, and most importantly: the podcast \"World\'s Greatest Con.\" We can\'t say why, but you should probably get caught up on that podcast before DEF CON.
Links: Website -
https://scamstuff.com\n
The Calyx Institute was founded to promote and defend the right to digital privacy and to offer thoughtfully designed educational and technological resources to those who would otherwise lack online access and security. We develop privacy-focused tools, educate the public about the importance of digital privacy, and foster the expansion of the free and open-source software ecosystem. At Calyx, we believe that everyone has an equal right to exist in online spaces without fear of surveillance, hacking, or other breaches of consent, and we strive to create a world where everyone is equipped with the tools and information they need to make informed choices about their online lives. From our inception, we have been (and remain) committed to a revenue model that allows us to prioritize people and privacy over profit.
Links: Website -
https://calyxinstitute.org\n
In-Person Contest\n
The AutoDriving CTF contest focuses on the emerging security challenges in autonomous driving systems. Various levels of self-driving functionalities, such as AI-powered perception, sensor fusion and route planning, are entering the product portfolio of automobile companies. From the security perspective, these AI-powered components not only contain common security problems such as memory safety bugs, but also introduce new threats such as physical adversarial attacks and sensor manipulations. Two popular examples of physical adversarial attacks are camouflage stickers that interfere with vehicle detection systems, and road graffitis that disturb lane keeping systems. The AI-powered navigation and control relies on the fusion of multiple sensor inputs, and many of the sensor inputs can be manipulated by malicious attackers. These manipulations combined with logical bugs in autonomous driving systems pose severe threats to road safety.\n
We design autonomous driving CTF (AutoDriving CTF) contests around the security challenges specific to these self-driving functions and components.\n
The goals of the AutoDriving CTF are the followings:\n
\n - Demonstrate security implications of autonomous driving system design decisions through hands-on challenges, increase the awareness of potential risks in security professionals, and encourage them to propose defense solutions and tools to detect such risks.\n
- Provide CTF challenges that allow players to learn attack and defense practices related to autonomous driving in a well-controlled, repeatable, and visible environment.\n
- Build a set of vulnerable autonomous driving components that can be used for security research and defense evaluation.
\n
The contest is based on a Jeopardy style of CTF game with a set of independent challenges. A typical contest challenge includes a backend that runs autonomous driving components in simulated or real environments, and a frontend that interacts with the players. This year\'s contest will follow the style of last year and includes the following types of challenges:\n
\n - “attack”: such as constructing adversarial patches and spoofing fake sensor inputs,\n
- “forensics”: such as investigating a security incident related to autonomous driving,\n
- “detection”: such as detecting spoofed sensor inputs and fake obstacles,\n
- “crashme on road!”: such as creating dangerous traffic scenarios to expose logical errors in autonomous driving systems.\n
- “smart planner”: such as creating intelligent path planners for dangerous tasks that are difficult for human drivers
\n
Most of these challenges will be developed using game-engine based autonomous driving simulators, such as CARLA and SVL. The following link contains some challenge videos, summaries from AutoDriving CTF at DEF CON 29 and DEF CON 30\nhttps://drive.google.com/drive/folders/1JSVarIaQBmseLC9XqkfrxnRQto4WM225?usp=sharing\nhttps://www.youtube.com/channel/UCPPsKbVpxwk-464KIzr8xKw\n
# What\'s new in 2024
\nThis year, we will unlock new traffic conflict scenarios that are observed from real-world driving logs such as Jaywalk and double parked vehicles. New difficulty levels will be added to challenges in such scenarios by integrating real downstream AI modules such as object tracking from open-source autonomous driving software like Apollo, Autoware and OpenPilot.\n
In order to enable the audience to experience the challenges more directly, we plan to set up a vehicle wheel controller on site and provide a driving game this year. Audiences can drive themselves to compete with the self-driving vehicle in some of the challenges. Driving game demo:\nhttps://drive.google.com/drive/folders/1LIzJJ1I3Eqj_e0_ntX5eFu82U9ObiEYB?usp=sharing\n
# For players
\n- What do players need to do to participate AutoDriving CTF?\nMost of the challenges do not require domain knowledge of autonomous driving software or adversarial machine learning, although knowledge of those helps. For example, the players can generate images the way they like (e.g., drawing, photoshopping) to fool the AI-components or write a short python script to control the vehicle. Some challenges, such as incident forensics likely would require players to learn domain knowledge such as sensor information format and how fusion works.\n
\n - What do we expect players to learn through the CTF event?\nPlayers can (1) gain a deep understanding of real-world autonomous driving systems\' design, implementation, and their corresponding security properties and characteristics; and (2) learn the attack and defense practices related to autonomous driving in a well-controlled, repeatable, visible, and engaging environment.
\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249420\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249419\n Twitter (@autodrivingctf) -
https://twitter.com/autodrivingctf\n
Hybrid Contest\n
The inception of this distinctive event occurred at DEF CON 31, initiated by a fortuitous encounter with CookieT while participating in LineCon for merch. Our shared passions fostered an immediate bond, and it was amidst this camaraderie that the idea for a future challenge germinated. Having previously engaged participants with puzzle-embedded challenge coins, I (Chasse) was inspired to expand the concept beyond a mere cipher. The aim was to design a contest that would appeal across a broad spectrum of skill levels by integrating a variety of puzzles, both modern and traditional, to attract a wider audience from a complete beginner new to the hackerspace to the more seasoned and advanced hacker. Observing the collective enthusiasm as participants unraveled the first simple coin puzzle was exhilarating, yet the quick resolution of the puzzle occasionally detracted from the overall experience for more advanced puzzle solvers. Throughout DEF CON 31, CookieT and I explored the feasibility of a web-based challenge CTF, laying the foundation for what would evolve into a pioneering contest and experience. Later Raven emerged from the shadows of cyberspace to help us chisel out the contest from Zeroes and Ones\n
With the announcement of DEF CON 32\'s theme, our concept was honed, ready to blend our creative talents into this year\'s challenge. We crafted an innovative combination of a narrative-driven journey game, scavenger hunt, and web-based Capture The Flag (CTF) challenges, all meticulously aligned with the DEC CON 32 \"Engage\" theme. This contest emerges as a holistic platform, introducing DEF CON newcomers to core security principles through an engaging narrative. Spanning a variety of fields including OSINT, cryptography, radio, telephony, password, and web security. It promises a rich, diverse experience! Participants, automatically divided into teams, are propelled on a quest to decode puzzles and unearth flags, with challenges designed to suit everyone from novices to veterans seeking sophisticated, intricate challenges. This contest transcends the conventional competition framework, evolving into an artful endeavor that illustrates the symbiosis of storytelling and technical puzzles to create a deeply immersive learning adventure. Imagined as an interactive storybook, it invites attendees to navigate their own routes, making their own choices that lead them through a story-rich exploration of security concepts and engagement even with each other.\n
The technical infrastructure of this experience is built on varied technologies. The main website, https://www.chassepartie.com, is developed with Ruby on Rails 7.1 and hosted on Heroku, with CloudFlare acting as our Web Application Firewall (WAF). This site functions as the scoreboard and narrative hub of the contest. Additionally, we have set up an XCP-NG hypervisor to host approximately 10 to 15 virtual machines as targets for participant engagement. Augmented reality markers are also in place, intended for deployment in communal areas like sticker boards, to enhance the experience. These elements are interwoven with the storyline, guiding attendees through what we believe is an unprecedented adventure-style CTF challenge named Chasse Partie Systems – Dystopian Apocalypse Resistance Terminal.\n
So come and join us on our deviant journey, what are you waiting for?\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249396\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249395\n
Friday and Saturday: 10:00 - 18:00; Sunday 10:00 - 13:00\n
DEF CON Groups VR (DCGVR) addresses barriers preventing some hackers from attending the conference in person. Since DEF CON 28, DCGVR has offered an immersive virtual experience, allowing participants to socialize, present, and engage in panels, imitating the atmosphere of the physical event. Through VR technology, DCGVR fosters inclusivity, enabling global collaboration and contribution to the DEF CON community.\n
Links: Website -
https://dcgvr.org\n Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/249797\n Twitter (@DCGVR) -
https://twitter.com/DCGVR\n
Friday and Saturday: 10:00 - 18:00; Sunday: 10:00 - 13:00\n
Co-founded in 2018 by Jim McMurry and William Kimble, the founders of ThreatHunter.ai and Cyber Defense Technologies, respectively, the VETCON conference is the official Veteran event of the DEF CON Hacker Conference. VETCON, through its Discord server and in person events, connects and supports veterans in the Information Security field. The event is open to all DEFCON attendees with a focus on military veterans. VETCON is a networking event where attendees will be able to relax, play fun military and cybersecurity related games, network, and connect with other Veterans in the Infosec field.\n \n
VETCON Is a Conference for Veterans, Run by Veterans, During the Largest Hacker Conference, DEF CON.\n
Links: Website -
https://vetconactual.com/\n Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/249738\n Twitter (@vetcon_command) -
https://twitter.com/vetcon_command\n
Friday and Saturday: 10:00 - 18:00; Sunday 10:00 - 13:00\n
DCNextGen’s mission is to empower the Next Generation of young hackers. By creating an environment where hands on discoveries can reveal new and unexpected ways of thinking about security and technology. Let’s explore and change the world together, one network at a time.\n
DCNextGen has a ton of awesome content planned for the youth hackers! If you\'d like a printed schedule of our events, stop by our community space! You can also find us in Hacker Tracker and online at dcnextgen.org.\n
Links: Website -
https://defcon.org\n Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/249811\n
Friday and Saturday: 10:00 - 18:00; Sunday 10:00 - 13:00\n
Lonely Hackers Club is a group to help people navigate their first DEF CON and other conferences as well as helping people break into the field. We have a lot of people who are from all sorts of fields who can help people based on what they want to do for a career. We welcome everyone into the community and support everyone who needs/wants help.\n
Links: Website -
http://lonelyhackers.club/\n Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/249761\n Mastodon (@L0nelyH4ckers@defcon.social) -
https://defcon.social/@L0nelyH4ckers\n Twitter (@L0nelyH4ckers) -
https://twitter.com/L0nelyH4ckers\n
Xcape Inc. is a cybersecurity firm known for its innovative solutions. They craft custom hardware and software for pen testing, giving them a unique level of control. They go beyond basic assessments, offering actionable insights to fortify client defenses. Xcape prioritizes staying ahead of threats through a collaborative approach, working with clients to build long-term partnerships.
Links: Website -
https://xcapeinc.com\n
Friday and Saturday: 10:00 - 18:00; Sunday 10:00 - 13:00\n
Welcome to the inaugural Game Hacking Community at DEF CON 32, where gaming and cybersecurity intersect in exciting and interactive ways. Our mission is to delve into various aspects of game security, fostering an environment of exploration, play, and learning.\n
At the Game Hacking Community, participants can engage in activities ranging from modding games to exploring the intricacies of memory hacking and multiplayer cheats and learning about game malware. Whether you\'re a beginner or an experienced hacker, we will have presentations and activities to challenge your skills. \n
Be part of the evolution of game security. Dive into our activities, engage with other game hackers, and explore opportunities to contribute to and support the Game Hacking Community. Let’s play, learn, exploit, and perhaps even profit. See you there!\n
Links: Website -
https://gamehacking.gg\n Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/249782\n
Women in Security and Privacy (WISP)’s mission is to advance women and underrepresented communities to lead the future of privacy and security. We accomplish this by providing women and underrepresented communities with opportunities for technical and professional development through events, trainings, conferences, scholarships, mentoring, and job search. WISP is a 501(c)(3) non-profit organization.
Links: Website -
https://www.wisporg.com/\n Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/249735\n Twitter (@wisporg) -
https://twitter.com/wisporg\n
Black Hills Information Security (BHIS) focuses on helping organizations understand their security risks and improve their defenses against cyber threats through a combination of testing, assessment, education, and consulting services. Creators of Backdoors & Breaches, Antisyphon Training, and numerous open-source security tools.
Links: Website -
https://blackhillsinfosec.com/\n Twitter (@BHinfoSecurity) -
https://twitter.com/BHinfoSecurity\n
With Intigriti, you have access up to 90,000 ethical hackers working continuously to find vulnerabilities in your software, networks and systems before cybercriminals do. Intigriti\'s triage team sits between the ethical hackers and you to ensure you are only receiving valid vulnerability submissions that need to be fixed on our pay-for-impact model.
Links: Website -
https://www.intigriti.com/\n Twitter (@intigriti) -
https://twitter.com/intigriti\n
In-Person Contest\n
The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEMs and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.\n
With the largest collection of hackers in one area, there\'s no better way to understand the security state of an industry without bringing it to security professionals to break. Over the past 10 years, the Car Hacking Village has been the focal point of interest for new hackers entering the automotive industry to learn, be a part of and actually test out automotive technologies. We plan to use this event to keep drawing attention to the automotive security industry through hands-on challenges.\n
Links: More Info -
https://www.carhackingvillage.com/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249399\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249398\n Twitter (@CarHackVillage) -
https://twitter.com/CarHackVillage\n
Hybrid Contest\n
If you ever wanted to break stuff on the cloud, or if you like rabbit holes that take you places you did not think you would go to, follow complicated story lines to only find you could have reached to the flag without scratching your head so much - then this CTF is for you!\n
Our CTF is a two days jeopardy style contest where we have a bunch of challenges hosted across multiple Cloud providers across multiple categories of difficulty.\n
You can register as teams or go solo, use hints or stay away from them, in the end it will be all for glory or nothing. Plus the prizes. Did we not mention the prizes? :D\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249393\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249392\n Twitter (@cloudvillage_dc) -
https://twitter.com/cloudvillage_dc\n
In-Person Contest\n
This event was born out of the fires of DEF CON. Through years of analyzing network traffic for the Wall of Sheep and teaching others how to do the same, we built this system as a way to help the growing numbers in our community learn (fast). Then it quickly turned into the first defensive based CTF at DEF CON and is one of the longer running competitions at con with a twist... Each year we practically re-invent ourselves, bringing the latest tools & techniques along with never seen before content across 17 categories to unleash hell on the mostly-unsuspecting attendees. For ’24 we have added tons of new content, and new types of challenges never seen before. (muehahaha)\n
Links: More Info -
https://www.capturethepacket.com\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249402\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249401\n Twitter (@capturetp) -
https://twitter.com/capturetp\n
In-Person Contest\n
This is a contest about bribery. Bribery is not only allowed, it is required as part of the contest, since it\'s the only way to move up the leaderboard. Judges will evaluate the value of any given bribe (for example, an unusual sticker, etc.), and award points accordingly. Boring bribes will be rejected (i.e. cash). Players can expect to learn how to make a persuasive argument, and the nature of value in an (often) pay-to-win world that we live in.\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249429\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249428\n
2600 Magazine is the definitive guide to the hacker culture, publishing on paper since 1984. Despite the demise of bookstores, distributors, and print, 2600 is still here!
Links: Website -
https://2600.com/\n Twitter (@2600) -
https://twitter.com/2600\n
Hybrid Contest\n
Darknet-NG is an Alternate Reality Game (ARG), where the players take on the Persona of an Agent who is sent on Quests to learn real skills and gain in-game points. If this is your first time at DEF CON, this is a great place to start, because we assume no prior knowledge. Building from basic concepts, we teach agents about a range of topics from Lock-picking, to using and decoding ciphers, to Electronics 101, just to name a few, all while also helping to connect them to the larger DEF CON Community. The \"Learning Quests\" help the agent gather knowledge from all across the other villages at the conference, while the \"Challenge Quests\" help hone their skills! Sunday Morning there is a BOSS FIGHT where the Agents must use their combined skills as a community and take on that year\'s final challenge! There is a whole skill tree of personal knowledge to obtain, community to connect with and memories to make! To get started, check out our site https://darknet-ng.network and join our growing Discord Community!\n
Links: More Info -
https://darknet-ng.network\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249382\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249381\n Twitter (@DarknetNg) -
https://twitter.com/DarknetNg\n
Online Contest
\nPre-con\n
Ancient warriors used tattoos as a means of indicating rank in battle; it was the sort of mark that told the tales of their various conquests - their struggles and triumphs. Similarly, traversing the halls of DEF CON, one can see more modern versions manifesting as stickers - especially on laptops and other electronic equipment.\n
We use stickers to break the ice with strangers, as a barter currency, to tell the tales of our struggles and triumphs. After all, is a hacker really a hacker without a laptop adorned with these markings?\n
Here\'s your chance to be part of hacker culture, by creating something that people around the world will treasure and proudly display. Submit original artwork in the theme of the con, that you believe best exemplifies hacker culture, that will be used as printed stickers.\n
On your marks... Make your mark.\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249375\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249374\n
In-Person Contest\n
CMD+CTRL Web App Hacking Challenge gives you the opportunity to showcase your red team skills by attacking real web applications. The CMD+CTRL platform is a hacking game designed to teach the fundamentals of web application security. Explore vulnerable web applications, discover security flaws, and exploit those flaws to earn points and climb up the scoreboard. After attacking an application for yourself, you\'ll have a better understanding of the vulnerabilities that put real world systems at risk.\n
At DEF CON 32: We will be replaying some of our Cyber Range Greatest Hits. We will be running 4 different Ranges with over a 150 challenges possible!\n
Links: More Info -
https://defcon32.cmdnctrl.net\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249390\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249389\n
Online contest
\nDates TBD, approx 2 weeks prior to DEFCON, Friday: 24 hours Saturday 24 hours Sunday: 24 hours\n
Excited about DEFCON? want to hack on a custom 26 year old code base? Like to play text based games? The DEFCON MUD has you covered. Completely rebuilt for 2024, explore dungeons, mine, complete quests, explore, hack the game. The winner gets a human badge to DEFCON 32. This year we are running the contest virtually 2 weeks prior to DEFCON. Play an ancient form of game and see if you have what it takes. We will be leaving the game up during DEFCON for more shenanigans.\n
Links: More Info -
https://mud.defcon.wtf\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249364\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249363\n
Hybrid Contest\n
Love puzzles? Need a place to exercise your classical and modern cryptography skills? This puzzle can keep you intrigued and busy throughout DEF CON - and questioning how deep the layers of cryptography go.\n
The Gold Bug is an annual puzzle hunt at DEF CON, focused on cryptography. You can learn about Caesar ciphers, brush up your understanding of how Enigma machines or key exchanges work, and try to crack harder modern crypto.\n
The Gold Bug is accessible to all, with some simpler puzzles for warmup or beginners (even kids!), and some that will require you to dig a little deeper. Whether you want to hack on puzzles solo or with a team, join us at https://goldbug.cryptovillage.org to get started!\n
Links: More Info -
https://goldbug.cryptovillage.org/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249358\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249357\n Twitter (@CryptoVillage) -
https://twitter.com/CryptoVillage\n
Hybrid Contest\n
Threat Modeling is arguably the single most important activity in an application security program and if performed early can identify a wide range of potential flaws before a single line of code has been written. While being so critically important there is no single correct way to perform Threat Modeling, many techniques, methodologies and/or tools exist.\n
As part of our challenge we will present contestants with the exact same design and compare the outputs they produce against a number of categories in order to identify a winner and crown DEF CON’s Next Top Threat Model(er).\n
Links: More Info -
https://threatmodel.us\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249372\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249371\n
Online Contest\n
The DEF CON Kubernetes Capture the Flag (CTF) contest features a Kubernetes-based CTF challenge, where teams and individuals can build and test their Kubernetes hacking skills. Each team/individual is given access to a single Kubernetes cluster that contains a set of serial challenges, winning flags and points as they progress. Later flags pose more difficulty, but count for more points.\n
A scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie.\n
Links: More Info -
https://containersecurityctf.com/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249379\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249378\n
In-Person Contest\n
This contest is simple, and is designed to teach you the basics of transmitter direction finding and “fox hunting”. We offer multiple levels of difficulty – whether you’ve never done a fox hunt before or are a seasoned pro, you can participate in the hunt! Learning how to locate the source of radio signals is an important tool you can add to your hacker arsenal. Whether you’re hunting for a source of interference, a rogue wireless AP, or tracking down the FCC’s monitoring vans, the real-world skills you will gain from this contest will be invaluable.\n
To participate in the beginner IR foxhunt you will need a device that can receive IR light in the 900nm range – such as many cell phones and digital cameras!\n
To participate in the RF foxhunt(s) you will need a radio or a scanner that can receive signals in the 2m and/or 70cm Amateur Radio Bands (144.000 MHz - 146.000 MHz, 420.000 MHZ - 450.000 MHz).\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249342\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249341\n
In-Person Contest
\nSee scheduled events for timing\n
HackFortress is a unique blend of Team Fortress 2 and a computer security contest. Teams are made up of 6 TF2 players and 4 hackers. TF2 players duke it out while hackers are busy with challenges like application security, network security, social engineering, or reverse engineering. As teams start scoring they can redeem points in the hack fortress store for bonuses. Bonuses range from crits for the TF2, lighting the opposing team on fire, or preventing the other teams hackers from accessing the store. HackFortress challenges range from beginner to advanced, from serious to absurd.\n
Links: More Info -
http://hackfortress.net\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249348\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249347\n
In-Person Contest\n
We are back for our 30th year at DEF CON! As always, it will be a mix of questions, answers and embarrassment. Contestants will try to outwit their other teams and prove that, yes, they are in fact smarter than a CISSP. Well, sometimes anyway. As usual, this will be a double-feature, with preliminary rounds occurring Friday night and the finals on Saturday.\n
This year, for our big anniversary, we will also be running a special Thursday night edition of Hacker Jeopardy - Celebrity Hacker Jeopardy! We will have some well-known faces competing in a single-evening event that should bring a fun twist to kick off what will be the biggest Hacker Jeopardy event in DEF CON history!\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249351\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249350\n Twitter (@HackerJeopardy) -
https://twitter.com/HackerJeopardy\n
In-Person Contest\n
Your friend called. They had their place raided. They swear it\'s a setup. But now they\'re in jail and you\'re the only hope they have. Can you collect the evidence that will let them walk free? Where should you look? The evidence is everywhere, and it could be anywhere. You might be sitting on it. You might be standing near it. It might be stuck to something. It might be lying in plain sight. Find the disks and bring them to us. All they said to you before they hung up was \"It\'s in that place where I put that thing that time.\" Good luck.\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249331\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249330\n Twitter (@iitpwiptttt) -
https://twitter.com/iitpwiptttt\n
In-Person Contest\n
This event was born out of the desire to teach an often-overlooked hardware and networking skill, and to provide the opportunity for experienced people to mentor others as they learn. DEF CON provides the perfect environment for people with no prior training to learn something useful and new. Hardwired networks are often overlooked in today’s world of cellular connection and Wi-Fi, but they still play an important part in the backbone of information sharing. We believe that while cutting-edge technologies are thrilling, traditional skills-building still has its place, and we want to provide that opportunity to the DEF CON community.\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249337\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249336\n
In-Person Contest\n
Grab some solder and update your JTAGulator! The Hardware Hacking Village (HHV) is back with another DEF CON hardware hacking-focused Capture the Flag (CTF) competition. This is a jeopardy style CTF, designed to challenge participants in various aspects of hardware hacking. Whether you\'re new to hardware hacking or experienced and just looking for something to do while you wait for your fault injection to trigger, all are welcome and challenges range from beginner to advanced.\n
Links: More Info -
https://dchhv.org/challenges/dc32\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249339\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249338\n
This contest has been canceled. The contest organizers have been deployed in hurricane and wildfire relief operations.
In-Person Contest\n
You have been randomly selected for additional security training. Be on the look out for one of our drives, USBs or surprise devices out here in Vegas, and follow along on @LonelyHardDrive for further clues to start hacking away at the puzzles. This is required for all LonelyCorp employees and Betty Pagefile is counting on you!\n
Links: Discord -
https://discord.gg/68pRuKdCpW\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249325\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249324\n
In-Person Contest\n
Want to protect your noggin from Taylor Swift\'s PsyOps plot for global domination? Have you angered our new AI Overlords, and now need to hide? Or do those alien mind control rays just have you feeling down lately? Fear not, for we here at the Tin Foil Hat Contest have your back for all of these! Come find us in the contest area, and we\'ll have you build a tin foil hat which is guaranteed to provide top quality protection for your cerebellum . How you ask? SCIENCE!\n
Show us your skills by building a tin foil hat to shield your subversive thoughts, then test it out for effectiveness.\n
There are 2 categories: stock and unlimited. The hat in each category that causes the most signal attenuation will receive the \"Substance\" award for that category. We all know that hacker culture is all about looking good though, so a single winner will be selected for \"Style\". We provide all contestants a meter of foil, but you\'re welcome to acquire and use as much as you want from other sources.\n
Links: More Info -
http://www.psychoholics.org/tfh\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249287\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249286\n Twitter (@DC_Tin_Foil_Hat) -
https://twitter.com/DC_Tin_Foil_Hat\n
In-Person Contest\n
Get ready to dive into the excitement of the third annual Octopus Game at DEF CON! Octopus Game is your chance to connect with fellow attendees while exploring all the fun and fascinating aspects of DEF CON. Whether you\'re new to DEF CON, a beginner at code-breaking, or simply seeking a stress-free contest, this is the perfect opportunity for you. Test your skills in clue reading and code-breaking as you join in on the fun!\n
You and your fellow pirates will embark on an exhilarating journey, armed with clues that unveil the path to the lost treasure of a legendary pirate, now guarded by the mighty Kraken. These quests will guide you through the vibrant landscape of the Con, offering a glimpse into the myriad opportunities and experiences awaiting exploration. Designed to welcome newcomers to the hacking world, this contest fosters connections among attendees and contributors alike. Whether you choose to collaborate with a small group or brave the challenge solo, the decision is yours. Yet, amidst the excitement, remember that only one can emerge victorious. With challenges tailored for entry-level participants and a kid-friendly environment, come join us for a thrilling adventure into the depths of the Kraken\'s Conundrum.\n
Links: More Info -
https://www.mirolabs.info/octopus-game-dc32\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249314\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249313\n Twitter (@OctopusGameDC) -
https://twitter.com/OctopusGameDC\n
Capitol Tech is Washington D.C.’s premier STEM University – supplying human capital to America’s most technologically advanced government agencies and their private sector supply chains. With an education laser-focused on STEM careers, Capitol Technology University uniquely positions students for top roles in the region’s booming tech hub.
Links: Website -
https://www.captechu.edu/\n Twitter (@captechu) -
https://twitter.com/captechu\n
Hack The Box is the Cyber Performance Center with the mission to provide a human-first platform to create and maintain high-performing cybersecurity individuals and organizations. Hack The Box is the only platform that unites upskilling, workforce development, and the human focus in the cybersecurity industry, and it’s trusted by organizations worldwide for driving their teams to peak performance.
Links: Website -
https://www.hackthebox.com/\n Twitter (@hackthebox_eu) -
https://twitter.com/hackthebox_eu\n
Elevate your security expertise with TryHackMe, the world’s leading technical cyber security training platform designed exclusively for security professionals. Offering over 800 hands-on labs, we cater to all skill levels, from novice to expert. Dive deep into red teaming, blue teaming, and DevSecOps as our platform delivers unparalleled training across various cyber security domains. Through a blend of realistic challenges and robust learning resources, TryHackMe empowers individuals and teams to translate knowledge into action, mastering their skills through real-world scenarios, hands-on challenges and immersive learning experiences.
Links: Website -
https://tryhackme.com/\n Twitter (@realtryhackme) -
https://twitter.com/realtryhackme\n
In-Person Contest\n
Whether you\'re a seasoned DEFCON veteran or a curious newcomer, the DEFCON Scavenger Hunt promises to challenge your skills, tickle your wits, and ignite your hacker spirit. Our list is a portal to mystery, mischief, and mayhem. Assemble your team of up to five members, interpret the items, and submit your findings at the booth to our esteemed judges. Go beyond the basics for bonus points. Legends are born here.\n
Casual players will enjoy doing a handful of items, but you will need to devote your entire weekend if you want to win. It\'s not just about fame, glory, or boxes of swag; the true allure is the camaraderie of fellow hackers, the knowledge that you\'ve etched your mark on DEFCON history, and the ultimate badge of honor: bragging rights. Nothing says \"I\'m a hacker\" quite like being triumphant at the DEFCON Scavenger Hunt contest.\n
See you at the booth!\n
Links: More Info -
https://www.defconscavhunt.com\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249366\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249365\n Twitter (@defconscavhunt) -
https://twitter.com/defconscavhunt\n
In-Person Contest\n
The IoT village pi eating contest is a challenge where participants put their hardwear hacking experience to the test by going head to head with other hackers. Participants will be provided all the tooling necessary to get a root shell on an IoT device. Whoever roots the device in the shortest time wins.\n
In this brand new challenge, participants put their hardware hacking experience to the test by going head to head with other hackers. Participants will be provided all the tooling necessary to get a root shell on an IoT device. Whoever roots the device in the shortest time wins!\n
Links: More Info -
https://scoreboard.iotvillage.org/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249449\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249448\n
Online Contest\n
Phish Stories is a contest that combines the art of creative writing with the strategic challenge of social engineering, inviting participants to craft phishing emails that are both convincing and hilariously entertaining. It gives people at any level the chance to show off their skills in writing, social engineering, and humor to create a unique contest that allows for multiple ways to win. Writers, comedians, and Red-Teamers can all find a path to victory!\n
Participants are tasked with creating phishing emails targeting fictional company leaders. The goal is to produce emails that are not only convincing enough to prompt a click but also funny enough to entertain. Contestants must also provide a one-page backstory that gives the details of the approach and what happens after our unsuspecting company leader clicks on that link. Contestants receive background information on their targets to help craft their entries.\n
There are three winners in the contest.\n
The Ruler: Best overall combination of clickability and humor.\nThe Wizard: Best technical and clickable email.\nThe Jester: Funniest entry.\n
Links: Reddit -
https://reddit.com/u/phishstories\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249237\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249107\n Twitter (@phishstories) -
https://twitter.com/phishstories\n
In-Person Contest\n
Travel the seven seas to the seven wonders across time to test your skills across both old and new worlds. Every journey\'s end yields its own reward, but there is only one who can claim to be the first to the summit. Bring your entire tech arsenal or just a phone. Start at the broken compass and push forward into the known to seek the unknown. Wonders, plunder, and glory to those who test the waters and themselves.\n
Links: More Info -
https://venatoraurum.org\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249283\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249282\n
In-Person Contest\n
The ICS Village CTF offers hands-on experiences with industrial control systems, which bridge technology with physics. Attendees engage with industry experts while solving challenges like a red vs blue manufacturing network process coupled with OT-specific jeopardy-stye challenges. This contest highlights vulnerabilities in industrial equipment and OT protocols. By simulating attacks on critical infrastructure, participants develop and practice DEFCON-level skills, enhancing their understanding with critical infrastructure and the world we rely on.\n
Links: Website -
https://www.icsvillage.com/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249319\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249318\n
Hybrid Contest\n
This is going to be an interactive live game that is driven by a near future storyline in which deepfakes and forgeries are so difficult to detect that bad actors and foreign governments are fully engaged in a war over people\'s minds. At the same time, the world is sitting on the brink of the so-called \"singularity,\" as AI advancements have completely blurred the line between artificial and natural cognition, and the Turing test has been rendered decisively moot.\n
Teams will join the game and follow the storyline to clues that will give them hints about who they can trust and who they can\'t. The clues will follow the pattern of deepfakes and forgeries, asking players to figure out what\'s real and what\'s not, focusing on hacker and defcon focus areas such as authentication, trust, social engineering, hardware and software manipulation and more. They will be given a rich story that will lead them to research the underlying issues in trust and anonymous trust systems. They will also encounter challenges and tutorials on video and image validation and cryptographically safe messaging.\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249299\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249298\n
Hybrid Contest\n
The contest will be hosted on the Publicly Switched Telephone Network and will be live for access 24/7, with real world PSTN phone numbers to dial into.\n
The Hacked Existence team will be hosting a telecom based CTF. The CTF will be hosted on live VoIP lines routed through a modified asterisk PBX. This will allow participants to dial in to the CTF from a real world telephone routable phone number allowing them to hunt the PBX for flags. The flags will be based around utilizing historically accurate tactics, techniques, and procedures to manipulate emulated old school switching systems.\n
The purpose of our contest is to bring awareness around the still existing weaknesses in our telecom infrastructure and Interactive Voice Response Systems. Ideally visitors to our contest area will participate in the CTF allowing them to get a better understanding of telecom hacking in the year 2024 as well as a respect for the art of phreaking from yesteryears.\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249311\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249310\n Twitter (@HackedExistence) -
https://twitter.com/HackedExistence\n Twitter (@mainframed767) -
https://twitter.com/mainframed767\n
Hybrid Contest\n
There’s a new emerging tech in town, and it’s name is Quantum! Following the past two years of Quantum CTF events held at the Quantum Village, we are pleased, proud, and excited to announce that our Q-CTF is indeed returning as Codename; QOLOSSUS! Pit your wits against the Atom, and come and see what devilish challenges from our Quantum Quizmasters await. Come and show your quantum prowess, and mastery of superposition and entanglement - design algorithms to break cryptography, hack our simulated quantum communications, and score points in our IRL activities. |Good Luck!〉\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249316\n Website -
https://quantumvillage.org/\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249303\n
In-Person Contest\n
Various cyber tools and techniques have been utilized based on information from past attacks. Game players will learn about different cyber security frameworks, cyber-attack processes, and how they can use utilised in a fun way. The game is built to teach key cyber terms, theory and apply techniques based on real-world scenarios.\n
As a player, you are part of a Global Cyber Protection Team (GCPT) assigned to the mission to prevent various attacks on critical infrastructure. Your task is to use the available information that your team has at your disposal to stop the adversary from achieving their objective.\n
Players will find themselves in a variety of future scenarios based on a specific industry/sector focus e.g. manufacturing, utilities, defense, finance. The task will be to defend each individual network/system to govern, identify, detect, respond and recover against abnormal/suspicious activities on the network. You will be working against a global hacker network who are threatening to disrupt the overall operations of global critical infrastructure sites for their own nefarious means.\n
Your team must protect various networks/systems as part of a global environment. If 5 or more systems are compromised and deactivated, the hacker network successfully disabled the global environment and can assume control of the entire environment. It is your mission to protect the environment and ensure the availability of the global system.\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249385\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249384\n
In-Person Contest\n
Embedded systems are everywhere in our daily lives, from the smart devices in our homes to the systems that control critical infrastructure. These systems exist at the intersection of hardware and software, built to accomplish a specific task. However, unlike general-purpose computers, embedded systems are typically designed for a particular case of use and have limited resources. This makes them both challenging and fascinating to work with, especially from a security perspective. Often these disciplines are dealt with individually, but understanding the custom relationships between hardware and software is vital to performing security research on these devices.\n
The embedded device CTF contest is an exciting opportunity to explore the intricacies of these systems and test your skills in a competitive environment. Contestants are challenged to find vulnerabilities in the firmware or hardware and exploit them to gain access or control over the device. The contest offers a unique opportunity to explore embedded devices\' inner workings and understand their design\'s security implications.\n
New devices will be dramatically introduced at set intervals throughout the competition, and point values will decrease over time. This keeps contestants guessing and on their toes, forcing them to adapt and use their skills to tackle new challenges. It also offers a chance to learn about different types of devices and how they function, broadening participants\' knowledge and experience.\n
By participating in the contest, contestants can develop a deep understanding of how these systems operate and how to secure them against potential attacks. Additionally, the contest encourages participants to think outside the box and approach problems creatively, honing their problem-solving skills. The competition provides a valuable opportunity to network with like-minded individuals and a chance to learn from others in the field hands-on.\n
Overall, the embedded device CTF contest is an exciting and educational experience that showcases the unique challenges and rewards of working with embedded devices. With the rise of the Internet of Things and the increasing integration of technology in our daily lives, embedded devices are becoming more ubiquitous, making this contest relevant and worth checking out. Whether you\'re a seasoned security professional or just starting in the field, the contest offers a chance to learn, test your skills, and have fun in a dynamic and competitive environment.\n
Links: More Info -
https://www.embeddedvillage.org\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249361\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249360\n Twitter (@EmbeddedVillage) -
https://twitter.com/EmbeddedVillage\n
In-Person Contest\n
We’re going all in on internet freedom. Take a break from hacking the Gibson to face off with your competition at the tables—and benefit EFF! Your buy-in is paired with a donation to support EFF’s mission to protect online privacy and free expression for all. Play for glory. Play for money. Play for the future of the web. Seating is limited, so reserve your spot today.\n
Links: More Info -
https://www.eff.org/poker\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249415\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249414\n
In-Person Contest\n
The Beverage Chilling Contraption Contest has been un-canceled! After a fantastic afternoon of day drinking celebrating the start of the 20th BCCC we\'ve run out of beer. It\'s a disaster, a catastrophe! Fortunately, we had the wherewithal to scramble a crack beverage acquisition team to the streets of Las Vegas and found more! Don\'t ask where. Unfortunately, like the streets of Las Vegas, it\'s HOT and kinda sticky. We need you to help us fix this and get that beer as cold as the barren wasteland that is our generation\'s dreams of home ownership!\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249413\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249412\n
In-Person Contest\n
In this MarSec event we will engage convention goers with a number of different tabletop games to help them understand the operational issues surrounding offensive and defensive cyber operations in a port complex. Players will become familiar with the various network components that support port and shipping operations from the underlying infrastructure to the system components at ports and commercial ships. A fictional terminal, Boundary Terminal part of the Port Elizabeth New Jersey complex, and a fictional shipping line, Worldwide Shipping Operations form the basis for all of three of our games. The games are: a short game designed to show the basic target set and linkages, a longer role-playing game where players can engage in detail with port systems, and a card driven game focused on detection, forensics, and counter-forensics. The role-playing game has been conducted as part of the MarSec portion of the ICS Village for the past two years, while the shorter version was added last year. This year we will add the counter-forensics game. All of the games are designed to be entertaining and engaging with prizes provided to the winners and best players (usually everyone gets a prize).\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249345\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249344\n
In-Person Contest\n
Get ready to strut your stuff, hackers! We\'re thrilled to announce the 6th annual Hack3r Runw@y returning to DEF CON 32, bigger and bolder than ever.\n
Calling all glamorous geeks, crafty coders, and fashionably functional folks: Dust off your soldering irons, grab your needles and threads, and unleash your creativity! Hack3r Runw@y challenges you to reimagine fashion through the lens of hacking.\n
Show us your wearable tech wonders in the following 4 categories for a chance to win in each category plus one coveted People’s Choice trophy where ANYONE can win, but there will be a twist. Did you see this year\'s theme (hint).\n
Smart wear that wows: Integrate LEDs, microcontrollers, and sensors into your designs for dazzling functionality.\n
Digital design that dazzles: light it up with LEDs, bling with lights, but keep it passive.\n
Functional Fashion: masks and shields, hazmat suit, lockpick earrings, and cufflink shims.\n
Extraordinary style: Elevate your daily wardrobe with unique fabrics, passive design, 3d textures, optical illusions, cosplay, and security-inspired patterns.\n
No matter your skill level, Hack3r Runw@y has a place for you! Whether you\'re a seasoned maker or a coding newbie, join us in celebrating the convergence of creativity, technology, and style.\n
Winners selected by judges selection based on:\n
Uniqueness
\nTrendy
\nPractical
\nCouture
\nCreativity
\nRelevance
\nOriginality
\nPresentation
\nMastery\n
Links: More Info -
https://hack3rrunway.github.io/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249353\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249352\n
Hybrid Contest\n
The BIC Village Capture The Flag is a jeopardy style event designed to practice solving challenges in multiple categories. This event seeks to not only be a series of puzzles and challenges to solve, but a gamified way to learn concepts of social justice and Black history. This event will highlight previous, current and up & coming Black individuals and their contributions to technology. This year we are excited to bring back our physical challenge room with a variety of interactive components for players to interface with.\n
This event also aims to bring to the forefront a range of technologies that we will expose to the community that operate in our day-to-day lives and examine their capabilities; contributing to the discussion of privacy, social justice and civil rights. Our event will allow the DEF CON community to fully engage in “Reading all the stories, learning all the technologies, and hacking all the things.”\n
Links: More Info -
https://www.blacksincyberconf.com/ctf\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249410\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249409\n
Dive into the swampy wonderland of the Cyber Swamplords booth! Straight out of the wilds of Central Florida, we\'re a motley crew from Jolly Media Group, Rot13Labs, and The Moth and Mantis, here to electrify DEF CON 32 with our unique blend of hacker culture and gear. From custom electronic badges and quirky SAOs to unique PCB jewelry and hacker-themed apparel, we\'ve got the perfect gear to spark your interest. Swing by for some laughs, free #quack, and a taste of that one-of-a-kind Florida charm. Join us for a gator-good time and let’s make some swamp magic together!
Links: Website -
https://cyberswamplords.com\n
Hotwan will be selling our Premier product, the “AI Red Team Assistant”.\n
The system’s focus is on the automation of several hundred security and hacker tools integrated with AI. No Internet is required. It is designed to assist in Penetration Test engagements and Red Team exercises.\n
Technologies include Scanners (Recon), Exploiters, OSINT, Bug Bounty, Web, API, Network, IoT, GCP, AWS, Azure, Kubernetes, Windows, Linux, Mac, Source Code Analysis, C2, Privilege Escalation, Exfiltration and more.\n
For more info, https://www.hotwan.com/product and check out our “Hacker Tool Talk” channel on YouTube: https://www.youtube.com/channel/UCDk_uCv4WB1uErp8p_xCt9Q\n
Links: Product Website -
https://www.hotwan.com/product\n YouTube -
https://www.youtube.com/channel/UCDk_uCv4WB1uErp8p_xCt9Q\n
Friday and Saturday: 10:00 - 18:00; Sunday: 10:00 - 13:00\n
The DEF CON Maker’s Community is the place where design, electronics, arts, crafts, software, and engineering all intersect. We serve as a home for ALL hackers and makers - providing tools, demos, talks and workshops (from makers like those in the Badgelife community), as well as exhibit space for highlighting current and past creations from some of your favorite DEF CON makers.\n
This year we’re starting the Bagelife Museum, a collection of current and former community-made badges, including SAO’s! Donate your own badges and SAOs to the museum to see them year after year, or bring out your SAO collection to trade with the community via our take-one leave-one SAO Trading Wall!\n
We’re still a new space, but we’re aiming to evolve into a “makerspace at con,” where attendees can experience cutting-edge tools like 3D Printers, Vinyl Cutters, Screen Printing, possibly even Laser Cutting and more, right on the con floor.\n
This is a space where creativity flourishes, collaborative projects can grow, and experimentation with equipment, pushing the boundaries of what\'s possible is encouraged. Join us to celebrate the ingenuity of the DEF CON community.\n
Be sure to check out our Discords, as well as the schedule on our website at www.dcmakerscommunity.com for the up-to-date talk and workshop schedule, as well as workshop registration details. We’ve got some cool talks on badges, making, and making badges lined up for you this year! See you at con!\n
Links: Website -
https://dcmakerscommunity.com\n Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/249754\n Twitter (@DC_Makers) -
https://twitter.com/DC_Makers\n Instagram -
https://www.instagram.com/dc_makerscommunity/\n
In-Person Contest\n
We are back with another Pub Quiz at DEF CON. Here at Pub Quiz, we felt the need to add additional prizes for 4th and 5th place. We had a very successful one last year and we have made some improvements to make it every better. So do you like Pub Quizzes?? If you do then get your butts to join us in participating in the 2nd Pub Quiz at DEF CON 32. \n
Quiz will consist of 7 rounds question will include 90’s/2000’s TV and Movies, DefCon trivia, music, anime, and a little sex. The theme for our Pub Quiz will be all things that make DEF CON attendees exceptional. There will be a little something for everyone. The quiz will consist of visual and audio rounds along with some Con questions; we need to make sure we stimulate you peeps. We encourage people to get into teams of 5 or 6. \n
This is a social event, so we try to get people into Teams. You never know you may meet the love of your life. Did I mention CASH! Yes we will have cold hard cash prizes for the 1st, 2nd, 3rd, 4th, and 5th high scoring groups. As always if we do have ties will be break those ties with a good old fashion dance off from a person of the tied teams. The hosts and a few goons will help in judging.\n
Links: Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/249844\n
In-Person Contest\n
In this competition (#SECVC), teams go toe to toe by placing live vishing (voice phishing) phone calls in front of the Social Engineering Community audience at DEF CON. These calls showcase the duality of ease and complexity of the craft against the various levels of preparedness and defenses by actual companies. Teams can consist of 1-3 individuals, which we hope allows for teams to utilize novel techniques to implement different Social Engineering tactics. Each team has limited time to place as many calls as possible from a soundproof booth. During that time, their goal is to elicit from the receiver as many objectives as possible. Whether you’re an attacker, defender, business executive, or brand new to this community, you can learn by witnessing firsthand how easy it is for some competitors to schmooze their way to their goals and how well prepared some companies are to shut down those competitors!\n \n
This competition takes place only on Friday in the Social Engineering Community village, be sure to get there early to get a seat; they fill up fast! Additionally, at the end of Friday, join Snow and JC as they cover the behind the scenes of creating the SECVC, this year\'s lessons learned, team highlights, and tips for future competitors!\n \n
Judges: Ibetika, John Hammond, Snow
\nCoaches: Jason, JC, Jennifer\n
Links: Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/249473\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249474\n
Mar Williams is DEFCON\'s resident artist, created this year\'s official DEFCON badge, and has had a hand in informing the aesthetic of the conference since DC17. You can find their art throughout the hallways, on defcon tshirts, stickers and other swag. Mar will have high quality, signed prints of their DEFCON art available, as well as a selection of other art, stickers, plushes, and vaguely cat shaped baubles.
Links: Patreon (@spux) -
https://patreon.com/spux\n Instagram (@spuxo) -
https://www.instagram.com/spuxo/\n
Hybrid Contest\n
We would like to see cancer become a thing of the past, and you can help. How? Join the Hacker Cooling Contraption Challenge, brought to you by the TeleChallenge. Here\'s how it works:\n
\n - Accept our Challenge. If you accept the Challenge, you\'re also committing to nominate three people to join you.\n
- Take a video of yourself dumping a bucket of ice water over your head in combination with a Contraption of your construction to lower your temperature and raise awareness of cancer. Trust us, it\'s way easier to do this during the summer in Vegas than at Halifax Analytica headquarters in the winter.\n
- Post the audio to the TeleChallenge voice BBS challenging up to three others using their phone number, or post a video to https://defcon.social or your social media of choice using the hashtag #HackerCoolingContraption and the following:\n
\n - Your handle\n
- Who challenged you\n
- A statement of acceptance (\"I agree that I am responsible for my own hacker cooling actions, I understand that water is wet, and I promise not to sue the TeleChallenge or DEF CON\" or something to that effect)\n
- The handles of 3 people you are nominating\n
- A link to a nonprofit cancer research project or charity of your choice that you have chosen to support\n
- A mention of your contribution (including cash, cryptocurrency, volunteer hours, or computing resources), if any
\n
\n
Suggested: Make a contribution of your choice to support cancer research. You may want to check nonprofit and charity quality here: https://www.charitynavigator.org/\n
RULES\n
\n - You can use up to 4 items obtained either from the TeleChallenge booth or at a dollar store costing no more than $5 plus tax, plus duct tape, along with a single one-gallon bucket or container full of conventional ice and water (solely H2O!) to build your Contraption.\n
- Only hand tools may be used.\n
- No hackers may be harmed in the execution of the Challenge. Contraption may cool to no colder than -3 degrees Celcius.\n
- You may wear no less than a bathing suit (due to dress code requirements at pools).\n
- Contraptions will be judged only for full participants of the Challenge, meaning you have made three nominations and at least two nominees have also participated.\n
- Judging criteria: Efficacy, creativity, flair, hax.
\n
Links: More Info -
https://www.telechallenge.org\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249290\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249289\n
In-Person Contest\n
The Social Engineering Community needs your help and it’s not exactly a big deal, but without your help, the entire universe is going to implode. Fortunately, some creative beings designed a failsafe just for this specific purpose, the Def Con Social Engineering Youth Challenge at DEF CON 32! Remember, DON’T PANIC!\n \n
The implosion failsafe requires anyone under the age of 18 to complete some very specific problem-solving challenges that have been carefully designed for humans only (we don’t know why these challenges were designed only for humans, but it’s reasonable to assume this is another instance of dolphins playing a prank). Some examples of challenges are decoding alien messages, hacking intergalactic systems, and understanding the meaning of life. As you complete these challenges, the universe will be one step further from complete and utter obliteration.\n \n
As part of this protocol, you can expect the opportunity to learn valuable skills in cryptography, social engineering, network security, defusing intergalactic implosion bombs, and more. You\'ll need to keep your eyes on the sky and adapt to overcome serious obstacles designed by what we believe to be the least serious beings in the universe.\n \n
Will you be able to stop the universe from imploding into what we’re assuming is probably another universe but much smaller? We hope so! Otherwise, even the dolphins will have to find a new home.\n
Links: More Info -
https://www.se.community/youth-challenge/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249296\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249295\n
Thursday, Friday, Saturday: 12:00 - 13:00, 17:00 - 18:00; Sunday: 12:00 - 13:00\n
We know DEF CON and Vegas can be a lot. If you\'re a friend of Bill W who\'s looking for a meeting or just a place to collect yourself, DEF CON 32 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in room W301.\n
Links: Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/249789\n
Salty Security offers uniquely themed and originally designed merchandise that caters to the hacker mindset and lifestyle. Come by our booth for all your sticker, apparel and tech gadget needs, or find us online at https://saltysecurity.com!
Links: Website -
https://saltysecurity.com\n
Purveyors of limited edition clothing, music, art, stickers and more. Unique 0-day swag just for DEF CON 32. Follow the music in the vending area to find our booth!
Links: Website -
https://shadowvexindustries.com\n
Online Contest\n
Zoogleta has been scheming to corporatize and enshittify the Internet through regulatory capture, squashing indy devs, and commodifying users.\n
You\'ve been contacted by journalists and whistleblowers who need help sifting through some big dumps of encrypted data and password hashes.\n
Help them so they can publish the smoking gun, crash Zoogleta\'s stock price, and get their leadership and the corrupt politicians they own arrested by exposing their internal dirt, for great justice.\n
Time is of the essence! You will have 48 hours to crack as many files and hashes as possible.\n
Open to all; preregistration is recommended. Compete in the Street class for individuals or small teams, or in Pro if you do not want to sleep all weekend. Check out past years\' contests at https://contest.korelogic.com/ , and the Password Village at https://passwordvillage.org/\n
Links: More Info -
https://www.crackmeifyoucan.com\n Mastodon (@CrackMeIfYouCan@infosec.exchange) -
https://infosec.exchange/@CrackMeIfYouCan\n Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/250053\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/250054\n
In-Person Contest\n
The inaugural Pinball High Score contest at DEF CON will run Friday and Saturday: 10:00-18:00, Sunday 10:00-13:00 with games available for daily High Score contests, daily challenges and open qualifying for a main tournament. The daily contests will allow any attendee to play pinball games and attempt to record a qualifying high score on each of the unique games. At 18:00 on Saturday main tournament qualifying will end and the top 8 players with the highest combined scores across all eligible machines will qualify for the Sunday finals event where they could become the first DEF CON Pinball Champion!\n \n
Achieving a high score may sound simple but pinball rulesets are very complex and the skill to complete a “Wizard Mode” or achieve a high score requires research, practice, knowledge and execution. Out of the box thinking, analytical skills and pattern recognition are traits that pinball players must exhibit to be successful and some games have rule sets that can be studied and exploited to achieve a high score. Hackers are at an advantage here and while this is just a pinball contest, I expect that the community is ready for this challenge.\n \n
Stern Pinball has prepared an exclusive DEF CON 32 digital badge that will be available for any attendee to earn for playing in this event. Additional DEF CON specific Insider Connect badges may be unlocked during game play.\n \n
Pinball developers have a long history of including Easter Eggs/COWS in games. Easter eggs “may” also be available for attendees to discover during the conference. Undocumented Easter eggs found by players during the event will be documented, verified and recognized.\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249308\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249307\n
In-Person Contest\n
Feet Feud (Hacker Family Feud) is a Cybersecurity-themed Family Feud style game arranged by members of the OnlyFeet CTF team and hosted by Toeb3rius (aka Tib3rius). Both survey questions and their answers are crowd-sourced from the Cybersecurity community. Two teams (Left Foot and Right Foot) captained by members of OnlyFeet and comprised of audience members go head to head, trying to figure out the top answers to the survey questions.\n
Attendees can either watch the game or volunteer to play on one of the two teams. Audience participation is also encouraged if either of the two teams fails to get every answer of a survey question.\n
Ultimately Feet Feud is about having a laugh, watching people in the industry attempt to figure out what randomly surveyed people from the Cybersecurity community put as answers to a number of security / tech related questions.\n
Links: Survey -
https://forms.gle/Thebx1vksze9fVsbA\n
Manufacturer of Lock Picks & COVERT ENTRY TOOLS\n
With the largest selection of lock picks, covert entry and SERE tools available at DEF CON it¹s guaranteed we will have gear you have not seen before. New tools and classics will be on display and available for sale in a hands on environment. Our Product range covers Custom toolsets, Dimple picks, Disc Picks, Entry Tools, Practice locks, Bypass tools, Urban Escape & Evasion hardware and items that until recently were sales restricted. SPARROWS LOCK PICKS will be displaying a full range of gear including the newly released All Access bump keys, Dimple picks and The Monkey Paw. The \"Folder\" prototype will also be available for its first public viewing. All products will be demonstrated at various times and can be personally tested for use and Efficacy.\n
Links: Website -
https://www.sparrowslockpicks.com\n
In-Person Contest\n
MARC I: Malware Analysis Report Competition I\n
In MARC I (Malware Analysis Report Competition I), participants collect and analyze real malware, then write an analysis report like a story, covering the entire scope of who, what, when, where, why, and how they found and analyzed the malware.\n
MARC I was created by Lena Yu (aka LambdaMamba) to provide malware enthusiasts with an opportunity to learn and showcase their passion and skills. Mastering malware analysis means mastering language. Essentially, we take a highly technical concept and simplify it into something that many can understand, similar to how a compiler translates high-level language into low-level language that a wide range of systems can understand.\n
When participants open-source and publish their work, it greatly contributes to improving the field of cyber defense. Let\'s make malware analysis knowledge go viral!\n
\n
BOMBE: Battle of Malware Bypass and EDR\n
Try to capture malware by writing your own EDR, or become the malware to bypass detection! BOMBE (Battle of Malware Bypass and EDR) is a unique match where malware and EDR systems compete against each other inside a single VM boxing ring.\n
Our participants can choose if they want to be malware creator or EDR developer. Malware creators aim to exfiltrate credentials and transmit them to our designated server. On the other side, EDR developers will focus on detecting the malware\'s activities and report its findings. Both the malware and EDR, created by our participants, will battle each other directly inside a single VM. As they face off, they’ll earn points for wins, moving up on the leaderboard. We also encourage them to keep improving their malware or EDR systems, system logs will be released after a few rounds.\n
BOMBE was created by Wei-Chieh Chao (aka oalieno) and Tien-Chih Lin (aka Dange). It is not just a competition, it\'s a learning platform. Participants engage with real-world scenarios, learning the circumstances between malware and EDR, a never-ending bypass and detect game. Showcase your skills! Whether you\'re a wizard at weaving undetectable malware or a mastermind in sophisticated defenses, this is your stage. Demonstrate your capabilities to a global audience, including potential employers and industry leaders.\n
Links: More Info -
https://digitalplaguedoctors.com/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249322\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249321\n Twitter (@DigitalPlagueDr) -
https://twitter.com/DigitalPlagueDr\n
The Tor Project is a nonprofit developing free and open source software to protect people from tracking, censorship, and surveillance online. Tor’s mission is to advance human rights and freedoms by creating and deploying free and open source anonymity and privacy technologies, supporting their unrestricted availability and use, and furthering their scientific and popular understanding. Stop by our table to learn more, pick up some gear, and find out how you can get involved.
Links: Website -
https://torproject.org\n
In-Person Contest\n
The Red Team Capture the Flag (CTF) competition is back at DEFCON! It is a challenging and exciting event that tests the skills of participants in offensive security.\n
The Red Team CTF is designed to simulate real-world challenges in which attackers are put to the test. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities.\n
Teams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities and solve challenges.\n
The Red Team CTF at DEFCON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants\' technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.\n
Links: Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/250035\n
In-Person Contest\n
Welcome to the “AI Art Battle\" Generative AI Art Contest! \n
This unique competition invites creative minds to dive into the world of artificial intelligence and art. The challenge is to craft the most imaginative prompts that will be used by generative AI models to create artwork.\n
Contestants will not be creating the art themselves; instead, they will focus on designing prompts for well-known topics that push the boundaries of creativity and innovation.\n
How It Works: \n
Select a Topic: Contestants will choose from a list of random topics. \n
These could range from historical events, famous literary works, mythical creatures, futuristic landscapes, to iconic pop culture references. \n
Craft a Prompt: \n
Using their creativity, contestants will write a detailed prompt designed to guide AI models in generating original artwork. The prompts should be clear, imaginative, and offer enough detail to spark the AI\'s artistic capabilities. \n
Submission: Each contestant will submit their prompt and the intended outcome. \n
AI Generation: The submitted prompts will be fed into a generative AI art model, which will create corresponding artworks based on the prompts.\n
A random panel will determine who the winners are.\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249453\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249452\n
SquareX helps organisations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks.
Links: Website -
https://sqrx.com\n Twitter (@getsquarex) -
https://twitter.com/getsquarex\n
Aaronia is a leading supplier of measurement equipment for RF and EMC applications and signal decoding. We offer innovative and high-precision spectrum analyzers, antennas, signal generators and test equipment. Visit us at the exhibition to learn more about our solutions for telecommunications, research and industry!
Links: Website -
https://aaronia.com\n
The Open Organisation Of Lockpickers is back as always, offering a wide selection of tasty lock goodies for both the novice and master lockpicker! A variety of commercial picks, handmade picks, custom designs, practice locks, handcuffs, cutaways, and other neat tools will be available for your perusing and enjoyment! Stop by our table for interactive demos of this fine lockpicking gear or just to pick up a T-shirt and show your support for locksport. All sales exclusively benefit Toool, a 501(c)3 non-profit organization. You can purchase picks from many fine vendors, but ours is the only table where you know that 100% of your money goes directly back to the hacker community.
Links: Website -
https://www.toool.us\n
As America’s Cyber Defense Agency and the National Coordinator for critical infrastructure resiliency and security, CISA leads the national effort to understand, manage, and reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day. We connect our stakeholders in industry and government to each other and to resources, analyses, and tools to help them build their own cyber, communications, and physical security and resilience, in turn helping to ensure a secure and resilient infrastructure for the American people.
Links: Website -
https://cisa.gov\n Twitter (@CISAgov) -
https://twitter.com/CISAgov\n
Boardsource offers custom mechanical keyboards and accessories for mechanical keyboard enthusiasts. With products ranging from DIY kits to premium aluminum boards, you\'re sure to find something that interests you whether you\'re new to the hobby or a seasoned veteran.
Links: Website -
https://boardsource.xyz\n
Women in Security and Privacy is a global non-profit committed to advancing women and underrepresented communities to lead the future of privacy and security. WISP\'s annual programming includes educational and skills workshops, mentoring and networking events, and career advancement and leadership training. WISP also provides stipends and scholarships for women and people from underrepresented communities to attend conferences and to receive training and certifications.
Links: Website -
https://www.wisporg.com\n
Thursday, Friday, Saturday: 10:00 - 18:00; Sunday: 10:00 - 14:00\n
DEF CON has made HDA a community, and we now have a community room! This room will be dedicated to the attendees with ADA needs, their friends, helpers, and anyone who wants to hang out and be social! So far we plan on providing charging stations, chill out sessions, an open call for a modular synth jam session, and more to come! Let\'s all work together to make DEFCON Awesomely Accessible!\n
Visit the DEF CON Forums for the DEF CON 32 HDA Packet, coming soon!\n
Links: Official HDA Policy -
https://defcon.org/html/links/dc-hda.html\n Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/249665\n
Cigent, leaders in data recovery and removal, have built a storage device (for laptops, desktops, external media) with built-in data security. The drive by default makes data \"invisible\" - unreadable at the sector level, requiring MFA and Cigent software to access the storage. Advanced key creation and storage methodology have been implemented making it virtually impossible(?) to access the key. Additionally there is a dedicated microprocessor that monitors for attempts to wipe or clone the drive, boot off of an alternate OS, or ransom the drive - the drive automatically protects the data if it is attacked. It also has full drive erasure with unique firmware verification that confirms every block was truly wiped. Oh and wait - there\'s more...!
Links: Website -
https://www.cigent.com\n
Online Contest
\nPre-con\n
The DEF CON Short Story contest is a pre-con contest that is run entirely online utilizing the DEF CON forums, Twitter, and reddit. This contest follows the theme of DEF CON for the year and encourages hackers to roll up their sleeves, don their proverbial thinking cap, and write the best creative story that they can. The Short Story Contest encourages skills that are invaluable in the hacker’s world, but are often overlooked. Creative writing in a contest setting helps celebrate creativity and originality in arenas other than hardware or software hacking and provides a creative outlet for individuals who may not have another place to tell their stories.\n
So many hacker skills depend on your ability to tell a story. Whether it\'s social engineering, intrusion, or even the dreaded customer pentest report, ALL of these require the ability to tell a story. Storytelling is one of mankind\'s oldest traditions. Presenters even engage in storytelling when they get up on stage. A contest that celebrates and focuses on the ability to wind a yarn that captures and engages an audience is highly appropriate.\n
So why not?\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249441\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249440\n Twitter (@dcshortstory) -
https://twitter.com/dcshortstory\n
Friday and Saturday: 10:00 - 18:00; Sunday: 10:00 - 13:00 \n
The Retro Tech Community is here to celebrate where we came from, how computers and technology shaped our lives, and how even the most simple of computers still have an impact today this many years later. Rather than have a carefully curated collection of museum exhibits you can\'t touch or breathe on/around our goal is to empower the community in general to bring in working examples of old (or new but inspired by old) tech to display, demonstrate, be passionate about, teach lessons on, and for all those who visit us to hack on and goof around with. Bring us your tired capacitors, your scratched cases, your huddled masses of wirewrapped panels yearning to see voltage again, the wretched refuse of your teeming e-waste pile, bring these the tempest-tost to us, we lift our 20A 120Volt circuits beside the golden door! (But yes if you bring it, you must bring it home with you. If it\'s broken we will have a repair area set up and do the best we can!)\n
Links: Website -
https://retrotech.club/\n Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/249748\n
Cryptocurrency Hackers (CRYPTOHACK) support your exploration of modern finance technology by distributing free of charge and commercially sold items at the Defcon Vendor area. Have you wondered how a POS, ATM, hardware wallet or secure element work? Stop by the Cryptocurrency Hackers vendor area to gain new perspectives of finance technology.\n
At CRYPTOHACK we do not exclusively serve blockchain based technology, and encourage idea exchange of any finance hacking for common good. We distribute items relating to a number of projects including Monero, Bitcoin, Ethereum, and others. Show your cryptohacker colours with high quality wearables and custom badges. Try new devices, devkits, and electronics, with on site presence of manufacturers. Inform yourself of new developments in finance by exploring our stand, your one stop shop for fintech hacker products and information.\n
Since Defcon 26 (2017) we have served a family and child friendly environment. We thank all the 6-12 year old hackers for your continued interest!\n
Links: Website -
https://www.cryptohack.cc\n
Friday and Saturday: 10:00 - 18:00; Sunday 10:00 - 13:00\n
La Villa Hacker is a vibrant initiative within the DEF CON community aimed at uniting and amplifying the voices of Latin American cybersecurity enthusiasts who speak Spanish or Portuguese. It offers a platform for these individuals to showcase their skills, share insights, and engage deeply with the global hacking and security community. The La Villa Hacker offers several core activities including talks, networking, and creative showcases, all conducted in Spanish or Portuguese to foster a strong sense of belonging and collaboration among Latino professionals at DEF CON.\n
Links: Website -
https://lavillahacker.com/\n Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/249768\n Twitter (@lavillahacker) -
https://twitter.com/lavillahacker\n
In-Person Contest\n
AND!XOR creates electronic badges filled with hacker challenges. We love doing this, especially coming up with unique ways for hackers to earn them. Introducing the newest member of our hacker-fam: 5N4CK3Y (Snackey). 5N4CK3Y is a vending machine hardware hacking project from AND!XOR. We retrofitted it into an IoT CTF based badge dispensing machine, bling and all. Find a flag on our web hosted CTF platform, you get a 5N4CK3Y dispense code, punch it in, and a badge is vended to you! There are a variety of challenges to earn a badge as well others to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, network security, and cryptography to name a few. There\'s a little bit of everything, so it\'s a perfect way to learn something at one of the many DEF CON villages and talking with people you meet, then attempt one of the CTF challenges to dispense a badge. Hardware hacking is our passion and we want people to learn on badges, but more importantly that there\'s a lot to learn at DEF CON so our CTF will hopefully serve a desire to learn something new and meet new friends while trying to earn a badge and hack it further.\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249432\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249431\n Twitter (@ANDnXOR) -
https://twitter.com/ANDnXOR\n
EFF is the leading defender of online civil liberties. We promote innovator rights, defend free expression, fight illegal surveillance, and protect rights and freedoms as our use of technology grows.
Links: Website -
https://www.eff.org\n
Friday and Saturday: 10:00 - 18:00; Sunday 10:00 - 13:00\n
Ever see someone walking around DEF CON and wonder “what is up with the hard hats?”\n
The Hard Hat Brigade brings hackers together in the spirit of endless curiosity and tinkering. We use a common platform (hats) to combine art (bling) and hacker functionality (warez) to inspire others to explore outside of their comfort zones in a safe and welcoming community.\n
We encourage everyone to explore their creativity using art, electronics, mechanical design, or any other medium that piques their interest. Hats are inexpensive, widely available, and easy to modify to suit your needs. We started with hard hats but are not limited to any type of hat, so you have the freedom to choose whatever hat suits your fancy.\n
Despite everyone using a common platform, every creation is unique and embodies the personality of the creator. Walking around DEF CON, you can display your creation for all to see, and many will stop to ask you about what you have created. This allows you to talk about your experience, as well as inspire others to explore new ideas of their own.\n
One of the challenges at hacker summer camp has been finding people to connect with. By leveraging hard hats as a canvas, HHB has solved this challenge with something that is incredibly accessible while also offering a ton of variety. Gazing upon these creations, they reflect back the uniqueness of all the awesome hackers that we’ve been able to meet. In years past, we’ve had the opportunity to see how so many talented and creative hackers tackle the challenge of using the venerable hard hat as their muse. Just as fun, charming and skilled as so many attendees are, the hard hat has been a great vessel to carry their awesome projects. \n
Stop by our community space and make your trip memorable by trying on a hat, learning and sharing building techniques, networking with other hat loving hackers, and expressing yourself in your own hacker way. Keep on hacking!\n
Links: Website -
https://www.hardhat.rocks\n Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/249775\n Twitter (@hardhatbrigade) -
https://twitter.com/hardhatbrigade\n
In-Person Contest\n
The Return of ? Cube \n
? Cube returns, weaving a tale that transcends the ordinary. This year, engagement is not just a theme—it\'s a journey through the multidimensional realms of hacking. Progressive Puzzles: Unlock the secrets of each compartment as you journey through progressively harder puzzles. From the Front\'s gentle introduction to the Top\'s formidable challenges, the Cube invites you to engage with the spectrum of cybersecurity domains. Physical Entry Unleashed: In a bold evolution, physical entry becomes a key component. Navigate the tangible aspects of physical entry, decoding not only in the digital realm but also as you immerse yourself physically in the enigmatic sides of ? Cube. Cryptic Narratives: As each compartment unfolds, the narrative of engagement takes shape. The puzzles, touching on encryption, penetration testing, and beyond. Silent Intricacies: Engage not only with the puzzles but also with the silent intricacies woven into the physical challenges. Decrypt messages, decipher patterns, and embrace the essence of Defcon as you navigate the unseen and the tangible. Embark on the Engage Journey: ? Cube calls upon the curious and the bold. Embark on a journey where the puzzles transcend the digital divide, demanding both mental acuity and physical prowess. H4QEG5LCMUQEAICEMVTGG33OEAZTEICSMVQWI6JAORXSAZLOM5QWOZJ7\n
Links: More Info -
http://0x3fcube.com/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249434\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249433\n
Electronic cats is a company based in Mexico where open source hardware is designed and assembled, with special focus on infosec with products widely used like the magspoof, catsniffer and hunter cat
Links: Website -
https://www.electroniccats.com\n
Friday and Saturday: 10:00 - 18:00; Sunday 10:00 - 13:00\n
DEF CON is a favorite island of misfit toys. Finding your people is something many people struggle to do in their lifetime. But when you do find DEF CON, you want to take it home with you. DEF CON Groups is the cure to the Con Blues and the conversations, resources, and support that the DEF CON Groups Community at DEF CON provides encourages the creation of new groups, connecting Humans with their local groups, and reinvigorates existing groups with a community space that allows for a chill room vibe and fun atmosphere. We invite POCs and Group Participants to join in conversation, collaboration, trading group related stories, and of course, stickers and laughs as well.\n
Links: Website -
http://defcongroups.org\n Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/249804\n Twitter (@defcongroups) -
https://twitter.com/defcongroups\n
In-Person Contest\n
Adversary Village will be hosting \"Adversary Wars CTF\", which is built around adversary attack simulation, offensive cyber security and purple team tactics.\n
Adversary War CTF centers around mimicking enterprise infrastructure and corresponding challenges. These challenges are meant to push the participants towards adopting various TTPs that adversaries and threat actors use within a definitive time frame. Adversary Wars would have real world simulation CTF scenarios and challenges, where the adversaries can simulate attacks and learn new attack vectors, cyber threat intelligence, threat actor profiles, TTPs, techniques, etc. There would be combined exercises which include different levels of adversary emulation.\n
As part of the Adversary Wars Capture-the-Flag competition a fictional city would be hosted virtually as a target for the participants. Like all cities, the Adversary city too would comprise of various infrastructure components including a hospital, bank, police station, fire station, army camp, city apartments, IT companies, university, government buildings, power plant, etc.\n
Each building will have a complex and realistic network infrastructure that includes a wide variety of components, including Windows/Linux systems, applications, industrial systems, Active directory, cloud environments, hybrid environments, and numerous other technology systems. A complex network of interconnected organizations, assumed to have been working properly, monitored by security operations center and cyber defense systems, supposed to be hackproof, until it wasn’t. One fine day, the adversary city was breached by a threat actor. A wide variety of attacks were carried out by the threat actor, in the end they decided to shut the city for good and infected the remaining systems with ransomware.\n
CTF participants will need to rely on cyber threat intelligence to gather more information on the threat actor, understand and collect various attack tactics, tools, and exploits used by the adversary group. The participants will have to devise possible attack paths used by the adversary group, then simulate these activities against the target city\'s various components to recreate and understand how deeply the threat actor group breached the city\'s infrastructure and computer systems.\n
To visualize the CTF environment, the contest area will feature a miniature model of the city made using interlocking-plastic-bricks. The breached components OR organization buildings will be physically marked in the city model as the CTF progresses. This will also assist visitors and observers in understanding the contest\'s progress and gaining insight into what is happening behind targeted cyber-attacks, cyberwar, etc.\n
Links: More Info -
https://adversaryvillage.org/adversary-wars-ctf/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249426\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249425\n Twitter (@AdversaryVillag) -
https://twitter.com/AdversaryVillag\n
In-Person Contest\n
Embark on a thrilling espionage adventure with spyVspy! This contest imagines a world of spy games where contestants employ basic hacking, cryptography, and rogue skills to solve puzzles and uncover hidden caches strategically scattered throughout DEF CON (and beyond).\n
Contestants will engage in a real-world treasure hunt, where the locations of hidden caches are revealed by solving the types of puzzles you\'d expect to see at DEF CON. Traditional ciphers, lockpicking, OSINT, and very basic hacking/pentesting skills may be required.\n
spyVspy is intended for players of all skill levels. Whether you\'re a seasoned double-agent or just learning to be a covert operative, you will be able to compete and have fun in this event. Whatever skills you think you\'re missing can probably be learned on-the-job anyway.\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249293\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249292\n More Info -
https://www.fottr.io\n
In-Person Contest\n
How well do you know your man pages? Find out by teaming up with up to 3 other people (or come solo and get matched up with some new friends) and play \"Aw, man...pages!\". Across several rounds, your knowledge of man pages will be tested to the limit. Can you remember what command line flag is being described by its help text? Can you identify a tool just from a man page snippet? Can you provide the long-form flag when only given the short? Will you prove yourself worthy to be crowned the man page champion?\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249418\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249417\n
HACKER WAREHOUSE is your one stop shop for hacking equipment. We understand the importance of tools and gear which is why we carry only the highest quality gear from the best brands in the industry. From RF Hacking to Hardware Hacking to Lock Picks, we carry equipment that all hackers need.\n
Please visit [Products at DEF CON 32](https://hackerwarehouse.com/defcon-32-virtual-vendor-floor/) to see which products we will have on-hand. All prices are in US dollars and include Nevada state taxes. We accept cash and credit/debit cards for payment. All sales are final.\n
Links: Website -
https://www.HackerWarehouse.com\n Products at DEF CON 32 -
https://hackerwarehouse.com/defcon\n
HackerBoxes is the monthly subscription box for hardware hacking, DIY electronics, cybersecurity, and hacker culture. Each monthly HackerBox includes a carefully curated collection of projects, components, modules, tools, supplies, and exclusive items. HackerBox hackers connect online as a community of experience, support, and ideas. Your HackerBox subscription is like having a tiny hacker convention in your mailbox every month.
Links: Website -
https://hackerboxes.com\n
In-Person Contest\n
Welcome, elite hackers and cyber sleuths, to a CTF experience like no other - the \"Code D.A.R.K. : Biohacking Village CTF Challenge\". Merge the worlds of biology and cybersecurity in an adrenaline-pumping contest that tests your skills in ways you\'ve never imagined. Thrilling and challenging cybersecurity adventure centered around a hospital setting as a scenario where participants engage in a race against time to secure or retrieve critical medical data, navigating through various cybersecurity puzzles and challenges, where participants act as guardians of critical biological data.\n
Unravel Biological Mysteries: Dive into a narrative where biotechnology meets cyber-warfare. Decode genetic puzzles, breach virtual lab networks, and outsmart bioinformatics security systems. Elevate Your Hacking Game: Challenge yourself with unique biocybersecurity scenarios. This isn\'t your typical CTF - it\'s a fusion of biotech intrigue and hardcore hacking. Compete and Collaborate: Team up with fellow biohackers and cyber warriors. Share knowledge, strategize, and show off your skills in a community where biology and bits intersect.\n
Gear Up for a Cyber-Biotech Showdown
\n- Immersive Scenarios: Each challenge is a step into a world where safeguarding biological data is as critical as securing digital assets.\n- Skill Diversity: Whether you\'re a veteran hacker or a biotech enthusiast, Genome Raiders offers a range of puzzles that cater to a wide array of skills and interests.\n
Links: More Info -
https://www.villageb.io/capture-the-flag\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249407\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249406\n
In-Person Contest
\nSee event detail for timing and location\n
The Blue Team Village (BTV) CTF is a cyber defense Capture the Flag inspired by a mix of trending nation-state actor kill chains and at least one custom insider threat story. You are an incident responder tasked to investigate several incidents involving different operating systems and OT devices. You will have access to SIEM and Packet captures; however, just like in real life, these tools have issues you must overcome to uncover what happened.\n
Expect indexes to telemetry issues, raw data not extracted properly, and missing fields. Regex may be helpful. In addition, Arkime, the network monitoring tool, will only work partially and correctly. You must find ways to make the best of the telemetry provided, and remember that you can always extract the resulting pcaps!\n
The CTF challenges contestants to leverage diverse cyber defense skills, including Incident Response, Forensics, and Threat Hunting. Both host and network telemetry are required to solve all the flags.\n
BTV’s Project Obsidian crew developed the CTF to allow anyone, regardless of skill or knowledge, to participate and sharpen their cyber defense skills. We recommend creating or joining a team if you are new to cyber defense. We highly recommend participating in the BTV’s Project Obsidian workshop sessions if you are new to cyber defense. Sessions cover many of the topics on the CTF and will help you along the way.\n
Links: More Info -
https://www.blueteamvillage.org/ctf\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249405\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249404\n
Discover the devices that have found their way into the hearts and tool-kits of the modern hacker. Notable for ease of use. Celebrated by geek culture. From comprehensive WiFi audits to covert network implants and physical access mayhem - Hak5 Gear gets the job done.
Links: Website -
https://hak5.org\n
In-Person Contest\n
What happens when you take an ACM style programming contest, smash it head long into a drinking game, throw in a mix of our most distracting helpers, then shove the resulting chaos incarnate onto a stage? You get the contest known as Crash and Compile.\n
Teams are given programming challenges and have to solve them with code. If your code fails to compile? Take a drink. Segfault? Take a drink. Did your code fail to produce the correct answer when you ran it? Take a drink. We set you against the clock and the other teams. And because our \"Team Distraction\" think watching people simply code is boring, they have taken it upon themselves to be creative in hindering you from programming, much to the enjoyment of the audience. At the end of the night, one team will have proven their ability, and walk away with the coveted Crash and Compile trophy.\n
Crash and Compile is looking for the top programmers to test their skills in our contest. Do you have the problem solving and programming ability to complete our challenges? More importantly can you do so with style that sets your team ahead of the others? We encourage you to try your hand at the Crash and Compile qualifiers. Gather your team and see if you have the coding chops to secure your place as one of the top teams to move on to the main contest event.\n
Qualifications for Crash and Compile will take place 10:00 to 15:00. Come see us in contest area West Hall 4, or if you are excited to get started, qualifying can be completed from anywhere, as it takes place online at https://crashandcompile.org. You need a two hour block of time to complete the qualifying round. Points are awarded based on time to complete and problem difficulty.\n
Links: More Info -
https://crashandcompile.org/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249388\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249387\n
Intrepid Control Systems offers OEMs and Tier 1 suppliers comprehensive solutions for maximizing data from connected vehicles, including ICE and new energy. With 30+ years of expertise, they specialize in vehicle diagnostics, cloud connectivity, visualization, and OTA solutions, aiding in product development and production quality. Their presence spans worldwide with offices in every major automotive center.
Links: Website -
https://www.intrepidcs.com\n
In-Person Contest\n
DARPA and ARPA-H’s Artificial Intelligence Cyber Challenge (AIxCC) will bring together the foremost experts in AI and cybersecurity to safeguard the software critical to all Americans. AIxCC is a two-year competition that asks competitors to design novel AI systems to secure this critical code and will award a cumulative $29.5 million in prizes to Teams with the best systems. In 2024, top teams will be awarded prizes of $2 million each, and will advance to the finals at DEF CON 33. The AIxCC Experience at DEF CON 32 is an immersive and interactive competition environment and educational space to inspire people and organizations to accelerate the development of AI-enabled cyber defenses. Attendees will explore a futuristic city where they can learn all about the competition, the technology, and the power of AI to help secure the software we all depend on.\n
Registration for AIxCC is no longer open to new contestants. AIxCC Preliminary Events were held March – July 2024.\n
Semifinalists will be announced here: https://aicyberchallenge.com/\n
Links: More Info -
https://aicyberchallenge.com/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249423\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249422\n
In-Person Contest\n
Held every year since DEF CON 19 in 2011 (R.I.P. Riviera), (Except during that COVID thing - but we are not going to talk about that COVID thing), the DEF CON (unofficial) Beard and Mustache Contest highlights the intersection of facial hair and hacker culture.\n
For 2024 there will be four categories for the competition you may only enter one:\n- Full beard: Self-explanatory, for the truly bearded.\n- Partial Beard: For those sporting Van Dykes, Goatees, Mutton Chops, and other partial beard styles.\n- Mustache only: Judging on the mustache only, even if bearded. Bring your Handlebars, Fu Manchus, or whatever adorns your upper lip.\n- Freestyle: Anything goes, including fake and creatively adorned beards. Creative women often do well in the Freestyle category.\n
Links: More Info -
http://dcbeard.net/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249369\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249368\n Twitter (@DCBeardContest) -
https://twitter.com/DCBeardContest\n
Keyport® combines keys, pocket tools, and tech into one secure everyday multi-tool. We are selling our latest modular product line (co-branded DEFCON 32 Limited Editions) including the key hiding Keyport Pivot, Modules, Inserts, and accessories.
Links: Website -
https://www.mykeyport.com\n
Hybrid Contest
\nSee scheduled events for timing \n
This Pac-Man themed set of challenges takes Players on a journey through learning and demonstrating hacker and information security skills to earn points. With multiple subject-matter specific challenge groups and tracks, this hacker challenge game has something for everyone. You, dear Player, are Hac-Man (or Ms. Hac-Man, or Hac-Person), making your way through various dark mazes eating pellets, fruit, and ghosts. Each ghost represents a hacker puzzle or skills challenge. Upon completing each challenge, you’ll be awarded points and can continue on to attempt further challenges. Many challenges have unlockable hints and location information, which you can unlock by spending your collected fruit.\n
There is a leaderboard! As you collect points, you’ll show up on this leaderboard. The top 10 Players at the end of the game will be awarded various prizes from a prize pool.\n
Links: More Info -
https://scramble.roguesignal.io/GM_HACM24\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249355\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249354\n
Miscreants is creating clothing for hackers heavily influenced by streetwear and security culture, looking to document the past, present, and future of cybersecurity history. As a brand, we strive to deliver original pieces that belong in your closet for decades.
Links: Website -
http://shop.miscreants.com/\n
In-Person Contest\n
A powerful corporation, notorious for its unethical practices, leveraged their extensive data resources gathered from users, and their psychological profiles, to subdue the population into compliance. The immune few, realizing the extent of the corporate conspiracy, band together to expose and dismantle the corporation\'s grip on society. These individuals must navigate a dangerous world of surveillance and betrayal. Their mission is to ignite a global awakening and reclaim freedom from corporate domination.\n
Players will have to join the mission and participate in a CTF that would be beneficial for beginners and experienced players alike. The challenge categories will be Web, Cryptography, Forensics, PWN(binary exploitation) and Reverse Engineering. Various difficulty challenges from each category will be featured.\n
Links: Website -
https://ctf.hackthebox.com/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249334\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249333\n Twitter (@hackthebox_eu) -
https://twitter.com/hackthebox_eu\n
The netool.io Pro2, network engineering in your pocket. Connects to your iOS or Android device to detect a list of protocol including Tagged VLANs, CDP, LLDP, DHCP and more. Configure switches by a press of a button.
Links: Website -
https://netool.io\n
In-Person\n
Do you fancy doing live recon on Real Organizations? Then activate Yourself. And compete in a unique HACKER challenge.\n
This year we are launching a new nail biting Contest, i.e Live Recon where participants will compete with each other to perform a deep osint and recon on the target organization. Here are the details:\n
About the contest: \n
Join us for an electrifying two-day Live Reconnaissance Event. Whether you\'re a seasoned security expert, a curious newcomer or a bugbounty pro, this is your chance to test your skills in a high-octane environment.\n
Your Mission\n
Get ready to perform live reconnaissance on a curated list of companies. Dig deep and unearth critical information that could be game-changing. Use your analytical prowess and sharp instincts to explore, probe, and uncover hidden data.\n
Why Join the Hunt?\n
Experience Real-World Challenges: Face off against real-world scenarios.\nCompete and Collaborate: Work with the best minds in the field.\nLearn from the Masters: Recon on a massive scale.\nScore Epic Prizes: Walk away with cool rewards.\n
Who\'s Invited?\n
If you’ve got a passion for cybersecurity and Recon, this event is for you. Whether you’re a university student, a pro pentester, or a hobbyist eager to sharpen your skills, we want you! Teams are encouraged to register and bring a mix of talents to tackle these challenges head-on.\n
Get Ready to Recon!\n
Unleash your inner hacker and join us for a reconnaissance adventure you won’t forget!\n
Please note that this is an in-person event, and winners need to be at DEFCON to collect their prizes. However, once we have announced the targets, participants can play it from anywhere online (as this is Recon on public and live targets).\n
Links: More Info -
https://reconvillage.org/live-recon-contest\n Sub-Forum (DEF CON Forums) -
https://forum.defcon.org/node/250008\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/250009\n
No Starch Press has been publishing the finest in geek entertainment since 1994. Come by to see our latest books, t-shirts and swag, and meet some of authors and our founder, Bill Pollock. Everything is discounted!
Links: Website -
https://nostarch.com\n
Hybrid Contest\n
In this game capture the flag you will be presented with real configurations of real wireless and radio technologies to attack. Practice your skill and learn new ones from Radio Frequency IDentification (RFID) through Software Defined Radio (SDR) and up to Bluetooth and WiFi. There may even be Infrared, if you have the eye for it.\n
RF Hackers Sanctuary is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 32. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.\n
We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester’s determination, and $0 to $$$$$ worth of special equipment. Our virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.\n
This game doesn’t let you sit still either, as there are numerous fox hunts, testing your skill in tracking various signals. If running around the conference looking for WiFi, Bluetooth, or even a Tire Pressure Monitoring System (TPMS) device sounds like fun, we are your source of a higher step count.\n
There will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what’s happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.\n
Links: More Info -
https://rfhackers.com\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249305\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249304\n Twitter (@rf_ctf) -
https://twitter.com/rf_ctf\n Twitter (@rfhackers) -
https://twitter.com/rfhackers\n
Nuand is proud to join DEFCON this year and present new bladeRF products! Our versatile and high-performance bladeRF platform empowers researchers, developers, and security professionals to explore the wireless spectrum like never before. With capabilities that extend from radio-frequency analysis to security, our open-source ecosystem fosters innovation in radio communication and cybersecurity. Visit our booth to experience firsthand the power of bladeRF and meet our team of experts, who are passionate about providing the tools necessary to unlock new frontiers in wireless technology.
Links: Website -
https://nuand.com\n
In-Person Contest\n
Red Alert ICS CTF is a competition for Hackers by Hackers, organized by the RedAlert Lab of NSHC Security. The event exclusively focuses on having the participants clear a series of challenges and break through several layers of security in our OT environment and eventually take over complete control of the ICS components.\n
Red Alert ICS CTF is back with a ton of fun challenges after successfully running the CTF since DEF CON 26. Red Alert ICS CTF is proud to be among the Black Badge contests at DEF CON 31 and DEF CON 26.\n
The contest would house real world ICS (Industrial Control System) equipment from various vendors on showcasing different sectors of critical infrastructure. The participants would be able to view and engage with the devices in real time and understand how each of them control each of the aspects of the testbed and leverage this to compromise the devices.\n
Red Alert ICS CTF at DEF CON 32 would also be offering players the unique opportunity to compromise the latest cyber ranges on Maritime Cyber Security.\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249301\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249300\n Twitter (@icsctf) -
https://twitter.com/icsctf\n
Octopwn is a fast and reliable pentesting suite for manual internal network pentesters that runs entirely in your browser. Scan, run clients, perform attacks and log everything on any device you want that can run Chrome, enabled by pyodide and Webassembly. During DEFCON, we will sell a special Plug&Pwn edition of Octopwn on a USB stick, that you can take with you anywhere and it just works. Feel free to come by and have a look!
Links: Website -
https://www.octopwn.com\n
In-Person Contest\n
If someone had told us this silly contest would be in its 8th year there\'s no way we would have believed it. Even when we thought \"hey, the gag is getting old, maybe it\'s time to hang it up\" that turned out to be the year we\'d gotten the most accolades from con goers during and after the contest. That was enough to recharge us and decide we\'ll do this until DC no longer exists. Proud isn\'t a grand enough word to describe how we feel to still be here and still making people laugh/feel better about themselves not being as stupid as us.\n
But to answer Why Us? WSIIA has always been about community. Whether you killed your deck or went down in a spectacular blaze of flames, this game is nothing without the people who play it and the audience who watches it. And if we\'re not doing it for the community, why the fuck are we even here? We\'ll remain here as long as you\'ll have us, riding on a wing, a prayer, and airplane bottles of Malort all the way to Year 10. Now on to the boilerplate pitch:\n
We\'re an unholy union of improv comedy, hacking and slide deck sado-masochism.\n
Our team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.\n
Whether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, it’s a night of schadenfreude for the whole family.\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/249280\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/249279\n Twitter (@WhoseSlide) -
https://twitter.com/WhoseSlide\n
The Physical Security Village (formerly Lock Bypass Village) will be present in the vendor area too this year, loaded with physical hacking gear! We will have bypass tools, common keyed-alike keys, handcuffs, village swag, and more. We’ll have hands-on exhibits in the Village area where you can go and try out your new toys right away, without ever leaving DEF CON! Whether you’re new to hacking the physical world, or a seasoned pro, we’re sure we’ll have something for your needs (or at least… something you really want but totally don’t need). All proceeds go towards the cost of putting on the village each year.
Links: Website -
https://www.physsec.org\n
Science & Design, Inc. is a 501(c)(3) non-profit product development organization. Their flagship product is Hush Line, a lightweight tip line-as-a-service platform. No PII is required to sign up, and whistleblowers can send a message without creating an account. This year, Science & Design is proud to launch the Hush Line Personal Server, a consumer hardware Tor-only encrypted tip line inspired by our initial launch at DEFCON31! It comes in a custom-designed milled aluminum case with an e-paper display that guides you through a command-line-free setup. As a thank you for the inspiration, we’re giving away a FREE Personal Server to an attendee, valued at $500! Come by the booth to learn more!
Links: Website -
https://scidsg.org\n
SLNT is the leader in the mobile Faraday bag market with multiple patents, 6 Government contracts and customers that range from Google, Palantir to SOCOM and the Air Force. SLNT Faraday bags block full spectrum EMFs including Cell, Wifi, Sat/Nav, Bluetooth, H/EMP, GPS, Solar Flare and Key Fobs. Our bags are made to fit into the modern individuals lifestyle so they can effortlessly and stylishly protect their digital lives against unseen threats. All SLNT products are third party tested and exceed Military Standards. Go well, Go SLNT.
Links: Website -
https://slnt.com\n
Our human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.
\n\nBasics
\n\nWho needs a badge?
\n\nA badge is required for each human age 8 and older.
\n\nHuman?
\n\nYou are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don\'t know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.
\n\nLines? Linecon?
\n\nLinecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
\n\nOnline badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
\n\nPlease help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
\n\nWays to buy a badge
\n\n\n- $480 online purchase until August 1, 2024. Tickets are transferable. Please read the details on the linked page.
\n- $460 cash purchase on-site.
\n- As part of a BlackHat registration.
\n
\n\nOnline Purchase
\n\nYou will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash -- it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site -- they will not be mailed or shipped.
\n\nWe can scan the QR code either from your phone\'s display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.
\n\nIf you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 until July 15, and $84 on and after July 15.
\n\nOnline purchases are provided a receipt via email when the purchase is made.
\n\nOnline purchase -- often referred to as pre-registration -- does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.
\n\nCash Purchase
\n\nBadges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.
\n\nThere are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.
\n\nWe are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt on plain paper.
\n\nVia BlackHat
\n\nIf you attend BlackHat, it is possible to purchase a DEF CON badge with your BlackHat registration. If you did so, please get your DEF CON badge from BlackHat before they close.
\n\nBlackHat should send you an email with instructions for how to obtain your DEF CON badge. In case you missed it, you can go to the second floor, at the concierge desk, halfway down Black Hat Blvd.
\n\nMisc
\n\nWant to buy multiple badges? No problem! We\'re happy to sell you however many badges you want to pay for.
\n\nIf you lose your badge, there is unfortunately no way for us to replace it. You\'ll have to buy a replacement at full price. Please don\'t lose your badge. :(
\n\nIf you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
\n\nStill need help?
\n\nIf you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.
\n\'','\'https://info.defcon.org/blobs/defcon32preregistrationartc.webp\'','\'defcon32preregistrationartc.webp\'','','','','',54126,'\'Map Page - LVCC West\''),(42746,'\'Linecon\'','pge','\'Linecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
\n\nOnline badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
\n\nPlease help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
\n\nPlease also review the \"Human Registration Open\" event, and familiarize yourself with the important notes therein.
\n\'','NULL','NULL','','','','',54127,'\'Map Page - LVCC West\''),(42747,'\'Ham Radio Exams\'','pge','\'Ham radio is the original group of electronic hackers, starting long before computers, circuit chips, or even transistors. Continuing this pioneer spirit, The Ham Radio Village is offering free ham radio exams again at DEF CON! All are welcome to come and take the exam and get their amateur radio license upon passing. All three levels (technician, general, and amateur extra) of exams will be offered during DEF CON at the Ham Radio Village. Examinees are encouraged to study the question pool and take practice exams on ham.study.
\n\nEverything we do today involves wireless communications of some sort, and a basic knowledge of how radio works is crucial. Getting your amateur radio license and entering the world of amateur radio will better equip you with knowledge about what goes on in the radio frequency domain, and this can be applied to other RF topics (like RFID credentials, WiFi, or anything else that communicated wirelessly)
\nLinks:
Website - https://hamvillage.org/
\n Sub-forum (DEF CON Forums) - https://forum.defcon.org/node/249512
\n Registration (Free) - https://ham.study/sessions/669069be6af12f90943be578/1
\n Twitter (@HamRadioVillage) - https://twitter.com/HamRadioVillage
\n\'','\'https://info.defcon.org/blobs/pme_hamexams.png\'','\'pme_hamexams.png\'','https://forum.defcon.org/node/249512','','','',54130,'\'Map Page - LVCC West/Floor 3/W320\''),(42748,'\'Capitol Technology University (CTU)\'','pge','\'Join Capitol Technology University for a night of fun, drinks, and networking amongst like-minded peers! Capitol Tech\'s industry-expert leadership will be discussing exciting career paths in cybersecurity, as well as the future of cyber higher education.
\nLinks:
Website - https://www.captechu.edu/
\n Sub-forum (DEF CON Forums) - https://forum.defcon.org/node/249566
\n Twitter (@captechu) - https://twitter.com/captechu
\n\'','NULL','NULL','https://forum.defcon.org/node/249566','','','',54140,'\'Map Page - LVCC West/Floor 2/W208\''),(42749,'\'DC Book Club Discussion\'','pge','\'A quieter space for those who want to discuss what they are reading, recommend books, and trade books too. We will have a logo themed sticker.
\nLinks:
Sub-forum (DEF CON Forums) - https://forum.defcon.org/node/249549
\n\'','\'https://info.defcon.org/blobs/pme_BookClub.png\'','\'pme_BookClub.png\'','https://forum.defcon.org/node/249549','','','',54144,'\'Map Page - LVCC West/Floor 2/HallwayCon Lounge past W234\''),(42750,'\'EFF Tech Trivia\'','pge','\'EFF\'s team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Trophy and EFF swag pack. The second and third place teams will also win great EFF gear.
\nLinks:
Sub-forum (DEF CON Forums) - https://forum.defcon.org/node/249571
\n Twitter (@eff) - https://twitter.com/eff
\n More Info - http://eff.org/techtrivia
\n\'','\'https://info.defcon.org/blobs/pme_EFFTechTrivia.png\'','\'pme_EFFTechTrivia.png\'','https://forum.defcon.org/node/249571','','','',54149,'\'Map Page - LVCC West/Floor 3/W307-W308\''),(42751,'\'Defcon.run\'','pge','\'Thursday, Friday, Saturday and Sunday: 05:00 to 08:00, with random pop up meetings throughout the day in the con space.
\n\nDefcon.run is an evolution of the now long running DEF CON 4x5K running event. Due to stupendous growth, we’ve been forced to change up the format. This year\'s activity will look to match up folks for fun runs, and rucks (!), in small distributed groups around Las Vegas. It’s the same old event but at a distributed scale!
\n\nShow up in the morning, go for a run with folks, have a good time!
\n\nWe’ll have a full set of routes for people to choose from from simple 5Ks to more ambitious distances. Full Information at https://defcon.run
\nLinks:
More Info - https://defcon.run
\n Sub-forum (DEF CON Forums) - https://forum.defcon.org/node/249585
\n\'','NULL','NULL','https://forum.defcon.org/node/249585','','','',54152,'\' Page - Other / See Description\''),(42752,'\'Toxic BBQ\'','pge','\'The humans of Vegas invite you to our unofficial welcome party. Whether it\'s your 1st or 18th time, we\'re still in the EXACT SAME PLACE. Join us off-Strip in the shade for a volunteer-run grill and chill.
\n\nWe stock the larder with the basics: burgers, dogs, meatless delights, and all the fixin\'s. You procure your favorite food, drinks, and sides to keep the party going. Volunteer for setup, grill-up, or clean-up. Most of all, show up and become a part of what makes Toxic BBQ the best place to start your con.
\n\nCheck out https://www.toxicbbq.org for more news, and watch #ToxicBBQ for the latest info.
\n\nOff-site at Sunset Park, Foxtail Pavilion
\nLinks:
More Info - https://www.toxicbbq.org/
\n Sub-forum (DEF CON Forums) - https://forum.defcon.org/node/249587
\n\'','\'https://info.defcon.org/blobs/pme_toxicbbq.png\'','\'pme_toxicbbq.png\'','https://forum.defcon.org/node/249587','','','',54153,'\' Page - Other / See Description\''),(42753,'\'The Unofficial DEF CON Shoot\'','pge','\'Wednesday August 7th Registration usually opens at 11am
\n\nOFFSITE: Pro Gun Vegas Address: 12801 US 95 South Boulder City, NV 89005
\nLinks:
Website - https://deviating.net/firearms/defcon_shoot/
\n Sub-forum (DEF CON Forums) - https://forum.defcon.org/node/249552
\n\'','\'https://info.defcon.org/blobs/pme_defconshoot.png\'','\'pme_defconshoot.png\'','https://forum.defcon.org/node/249552','','','',54154,'\' Page - Other / See Description\''),(42754,'\'DEF CON Movie Night\'','pge','\'\n\'','NULL','NULL','','','','',54155,'\'Map Page - LVCC West/Floor 3/W320\''),(42755,'\'Intigriti Hack Shack\'','pge','\'Join us at the Hack Shack Saturday night from 21: 00-02:00 in room 208 for an evening full of exploits and fun! Enjoy some byte-sized bites, groove to our cyber beats, and mingle with the best in the bug bounty biz. Stop by Intigriti\'s booth in Exhibitors area before the party and grab a scratch card for your chance to win a free drink! Don\'t miss out on this bug bounty bonanza!
\n\n\nLinks:
Sub-forum (DEF CON Forums) - https://forum.defcon.org/node/249574
\n\'','\'https://info.defcon.org/blobs/pme_intigriti.png\'','\'pme_intigriti.png\'','https://forum.defcon.org/node/249574','','','',54156,'\'Map Page - LVCC West/Floor 2/W208\''),(42756,'\'Ask the EFF\'','pge','\'Electronic Frontier Foundation (EFF) is excited to be back at DEF CON. Our expert panelists will offer brief updates on EFF\'s work defending your digital rights, before opening the floor for attendees to ask their questions. This dynamic conversation centers challenges DEF CON attendees actually face, and is an opportunity to connect on common causes.
\nLinks:
Sub-forum (DEF CON Forums) - https://forum.defcon.org/node/249535
\n\'','\'https://info.defcon.org/blobs/pme_ask_eff.png\'','\'pme_ask_eff.png\'','https://forum.defcon.org/node/249535','','','',54162,'\'Map Page - LVCC West/Floor 3/W307-W308\''),(42757,'\'Docker Exploitation Framework\'','demolabs','\'Docker Exploitation Framework is a cross-platform framework that is focused on attacking container environments (think Kubernetes, docker, etc). It can identify vulnerabilities, misconfigurations, and potential attack vectors. It also helps to automate different stages of a successful kill-chain through features such as:
\n\n\n- Vulnerability scanning
\n- Container breakouts
\n- Pod2pod lateral movement
\n- File layers deep inspection and extraction
\n- Attack surface discovery and mapping
\n- Privilege escalation, etc
\n
\nLinks:
Project - https://dockerexploitationframework.github.io/
\n DEF CON Forums - https://forum.defcon.org/node/249603
\n
People:
SpeakerBio: Emmanuel Law, Senior Staff Security Engineer
\nEmmanuel Law (@libnex) has over a decade of security research experience. He has presented at various international conferences such as Black Hat USA Arsenal, Troopers, Kiwicon, Ruxcon etc. He has also released tools such as Shadow Workers for browser exploitation. He is currently working as a Senior Staff Security Engineer in San Francisco Bay Area.
\n\nSpeakerBio: Rohit Pitke
\nRohit Pitke has been working in the security industry over a decade in various fields like application and infrastructure security, offensive security and security software development. He has presented in various conferences like AppSec USA, AppSec Rome, NullCon.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249603','','',54164,'\'Map Page - LVCC West/Floor 3/W303\''),(42758,'\'distribRuted - Distributed Attack Framework\'','demolabs','\'Penetration testing tools often face limitations such as IP blocking, insufficient computing power, and time constraints. However, by executing these tests across a distributed network of hundreds of devices, these challenges can be overcome. Organizing such a large-scale attack efficiently is complex, as the number of nodes increases, so does the difficulty in orchestration and management. distribRuted provides the necessary infrastructure and orchestration for distributed attacks. This framework allows developers to easily create and execute specific distributed attacks using standard application modules. Users can develop their attack modules or utilize pre-existing ones from the community. With distribRuted, automating, managing, and tracking a distributed attack across hundreds of nodes becomes straightforward, thereby enhancing efficiency, reducing time and costs, and eliminating Single Point of Failure (SPoF) in penetration testing.
\nLinks:
Project - https://distribruted.com
\n DEF CON Forums - https://forum.defcon.org/node/249609
\n
People:
SpeakerBio: Ismail Melih Tas, Founder and CEO at Siber Ninja
\nMelih Tas is a VP in Application Security at a multi-national financial company in London, UK, and the founder and CEO of VulnHero and Siber Ninja, two cybersecurity startups. He has previously worked as a Senior Security Consultant at Synopsys, a Tech Lead at Garanti BBVA Bank, and a Security Researcher at Nortel-Networks Netas. Melih holds a Ph.D. in Cyber Security, has presented at renowned hacker conferences including DEF CON and Black Hat, and is a published academic author with a focus on VoIP security and Application Security.
\n\nSpeakerBio: Numan Ozdemir, Cybersecurity Researcher and Computer Programmer
\nNuman Ozdemir is a cybersecurity researcher and computer programmer currently pursuing a degree in Mathematics and Computer Science. His research interests include blockchain and application security.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249609','','',54165,'\'Map Page - LVCC West/Floor 3/W303\''),(42759,'\'Automated Control Validation with Tommyknocker\'','demolabs','\'Tommyknocker is an open source project designed to facilitate automation of continuous security control validation, bringing some of the processes developers have been using for years for regressing testing, to the security world. It allows users to easily create test scenarios using docker images and standard scripts to perform one or more test actions, followed by the ability to easily check common tooling (SIEM, IDS, Log aggregators) for any expected alerts or log entries. Using Tommyknocker, security organizations can add test cases each time a new security control is created, so that any time a change is made in the environment, the continued functioning of existing controls can be validated. Many times, security organizations will only test controls when they are first implemented, and potentially a few times a year for audit purposes. With Tommyknocker, controls can be tested multiple times per day, ensuring that alerts are raised as soon as possible when a control ceases to function correctly, or is compromised by a threat actor.
\nLinks:
Project - https://github.com/loredous/tommyknocker
\n DEF CON Forums - https://forum.defcon.org/node/249615
\n
People:
SpeakerBio: Jeremy Banker
\nJeremy is an accomplished software developer and lifelong hacker with a combined 10 years of experience in software development and cybersecurity. After working his way up from customer support, and earning a Master\'s degree in Information Security, Jeremy helped found the Security Product Engineering, Automation and Research group at VMware. Having spoken at both Blackhat Arsenal and Def Con Demolabs on his open source projects, he continues to be passionate about sharing new tools and technologies with the community. In his spare time, Jeremy enjoys gardening, camping, and tinkering with all manner of technology.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249615','','',54166,'\'Map Page - LVCC West/Floor 3/W303\''),(42760,'\'Zip It Up, Sneak It In - Introduction of apkInspector\'','demolabs','\'apkInspector is a tool designed to tackle Android APKs, helping to uncover and decode the evasive tactics used by malware. It can decompress APK entries and extract detailed information such as entry names and sizes, making it easy to analyze the contents of an app. The tool also processes and decodes Android XML (AXML) files into a human-readable format, all while considering the sneaky evasion tactics that malware might employ. apkInspector is able to also identify specific evasion techniques used by malware to bypass static analysis, providing crucial insights for security analysis. It is built to function both as a standalone command-line interface (CLI) for direct operations and as a library that can be integrated into other security tools, enhancing its utility and adaptability in various cybersecurity environments.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249604
\n Project - https://github.com/erev0s/apkInspector
\n
People:
SpeakerBio: Kaloyan Velikov
\nKaloyan Velikov is a security professional that has also been in the cybersecurity field for more than five years. While he is proficient in web application and network security pentesting, as well as various device assessments, in the recent years he has been busy learning the testing of mobile applications and device configurations. This led to a more focused specialization in pentesting on both the Android and iOS platforms. He is always eager to try new tools and see how they can be implemented into the penetration testing playbook. Kaloyan is always up for a challenge even if there is a skill gap and extra research will be required to proceed. He also loves to share the knowledge he has obtained, because it is great to help each other to succeed in our assignments.
\n\nSpeakerBio: Leonidas Vasileiadis
\nMeet Leonidas, an enthusiast in Android’s security landscape, a physicist with a double master\'s in cybersecurity and over five years of dedicated cybersecurity experience. He’s not just about flashy titles; he’s got the certifications to prove he can push buttons and hack the world. Passionate about web and mobile security, he loves building solutions with code. He’s a firm believer that sharing is caring and enjoys unraveling the complexities of cyber threats as much as he loves tackling riddles. Dive into his session to explore sneaky Android malware tricks, leaving equipped to spot and stop them like a pro.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249604','','',54167,'\'Map Page - LVCC West/Floor 3/W304\''),(42761,'\'BypassIT - Using AutoIT & Similar Tools for Covert Payload Delivery\'','demolabs','\'BypassIT is a framework for covert delivery of malware, using AutoIT, AutoHotKey, and other Live off the Land (LotL) tools to deliver payloads and avoid detection. These techniques were derived from reversing attacks observed in the wild by DarkGate and other MaaS actors, revealing universal principles and methods useful for red teaming or internal testing. The framework will consist of a series of tools, techniques, and methods along with testing and reporting on effectiveness, as it relates to evading multiple specific antivirus products.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249610
\n
People:
SpeakerBio: Ezra Woods, Information Security Analyst, Department of Economic Security at Arizona
\nEzra Woods is a recent cybersecurity graduate from Grand Canyon University, working as an Information Security Analyst for Arizona\'s Department of Economic Security. Captain of Grand Canyon University\'s collegiate cyber defense team, and Team Lead for the Arizona Cyber Threat Response Alliance\'s Threat Intelligence Support Unit (TISU).
\n\nSpeakerBio: Mike Manrod, Chief Information Security Officer at Grand Canyon Education
\nMike serves as the Chief Information Security Officer for Grand Canyon Education, responsible for leading the security team and formulating the vision and strategy for protecting students, staff, and information assets across the enterprise. He also serves as Adjunct Faculty for Grand Canyon University, teaching Malware Analysis and Threat Intelligence. Previous experiences include serving as a threat prevention engineer for Check Point and working as a consultant and analyst for other organizations.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249610','','',54168,'\'Map Page - LVCC West/Floor 3/W304\''),(42762,'\'HIDe & SEEK\'','demolabs','\'The Injectyll-HIDe project (released at DEF CON 30) is back and better than ever! The hardware implant utilizes the same standard features that you have come to know and love (keystroke recording, keystroke injection, mouse jiggler, etc.) but it has evolved into so much more. The functionality has been steadily growing over its initial release to offer users even more tools! But wait, there’s more! We’re proud to show off the new SEEK shields this year at the CON! Tired of running a covert mesh network? Want to try out new RF technologies? We’ve added LoRa and LoRaWAN to the mix as well! These shields are field swappable and work with the existing C2 and implant code to give you the versatility that you need to continue evading detection. Attendees should be prepared to flip 0ut over these features, as well as some new additions to the project that we will be announcing at DEF CON. Who’s ready for a high stakes game of hacker’s HIDe and SEEK?
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249616
\n Project - https://github.com/Injectyll-HIDe/Injectyll-HIDe
\n
People:
SpeakerBio: Jonathan Fischer, Red Team Consultant and Researcher
\nJonathan Fischer (a.k.a. c4m0ufl4g3) is a hardware and IoT security enthusiast that started off designing, programming, and implementing electronic controls for industrial control systems and off-highway machinery. After a decade in that industry, Jonathan obtained his BS in Computer Science and transitioned over to the cyber security industry where he has been working as a Red Team consultant and researcher for more than seven years at a Fortune 500 company. Since joining the cyber security industry, Jonathan has earned various industry certifications (OSCP, GXPN, etc.) and continues to leverage his unique experience in his research into hardware hacking. Jonathan has presented his research at conferences such as DEF CON Demo Labs, ShmooCon, THOTCON, BSides LV, and Hardware Hacking Village. He is also the co-creator of Injectyll-HIDe, an open-source hardware implant designed for use by red teams.
\n\nSpeakerBio: Matthew Richard
\nMatthew Richard is a software developer that enjoys coding in low level languages. His favorite text editor is Neovim. As an average Neovim enjoyer he is obligated to stand on the side of Vi in the text editor war, but chooses to be on the side of Ed to make everyone equally unhappy. His operating system of choice is NixOS... by the way. :)
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249616','','',54169,'\'Map Page - LVCC West/Floor 3/W304\''),(42763,'\'Volatile Vault - Data Exfiltration in 2024\'','demolabs','\'In red team operations, selecting the right tools for data exfiltration is critical, yet comes with obstacles such as triggering Data Exfiltration Prevention (DEP) systems. We present \"Volatile Vault\" as a solution, a custom-built platform tailored to evade DEP detection. Our tool encrypts the data on the client-side and then provides a modular approach for uploading said data. Some of the currently implemented upload strategies are chunked HTTP uploads to multiple domain fronted endpoints (AWS) or QUIC as an alternative protocol.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249605
\n Project - https://github.com/molatho/VolatileVault
\n
People:
SpeakerBio: Moritz Laurin Thomas, Senior Red Team Security Consultant at NVISO ARES
\nMoritz is a senior red team security consultant at NVISO ARES (Adversarial Risk Emulation & Simulation). He focuses on research & development in red teaming to support, enhance and extend the team’s capabilities in red team engagements of all sorts. Before joining the offensive security community, Moritz worked on a voluntary basis as a technical malware analyst for a well-known internet forum with focus on evading detections and building custom exploits. When he isn’t infiltrating networks or exfiltrating data, he is usually knees deep in research and development, dissecting binaries and developing new tools.
\n\nSpeakerBio: Patrick Eisenschmidt, Red Team Lead at NVISO ARES
\nPatrick has gained extensive experience in the offensive security domain. Currently, he serves as the Red Team Lead at NVISO ARES (Adversarial Risk Emulation & Simulation). In this role, he supervises a team of operators and directs both high-profile Red Team operations and Tiber/TLPT Assessments. Beyond leadership, Patrick actively participates in crafting intricate spear phishing campaigns and boosts the Red Team\'s effectiveness by developing and maintaining open-source methodologies and tools.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249605','','',54170,'\'Map Page - LVCC West/Floor 3/W305\''),(42764,'\'Tengu Marauder\'','demolabs','\'The Tengu Marauder, derived from a previous security drone project, is a portable wheeled robot equipped with an ESP32 Marauder, currently in its testing phase. Designed for simplicity and efficiency, the Tengu Marauder serves as an alternative and interactive tool for WiFi network security testing. Its capabilities include WiFi scanning, deauthentication attacks, packet sniffing, and other wireless security tests. The compact design ensures ease of construction and maintenance using readily available parts and straightforward code integration. Essentially an advanced RC robot, the Tengu Marauder operates headless via XBee, providing a fun and engaging platform for testing the security of network-controlled devices over WiFi, such as IoT smart home devices and smaller WiFi-controlled drones like the Ryze Tello. This project would not have been possible without the development help, test runs, and support from the Philadelphia RAICES organization, the Philadelphia DEFCON group, and DeciSym.AI.
\nLinks:
Project - https://github.com/Lexicon121/Tengu-Marauder
\n DEF CON Forums - https://forum.defcon.org/node/249611
\n
People:
SpeakerBio: Leonardo Serrano
\nLeonardo Serrano is a dedicated community organizer who spends his time learning more about the cyberz, connecting people, and supporting cool projects. His focus is primarily on threat modeling and the intersection of security architecture, process, and decision-making. Leo runs a hackerspace in Philadelphia called “The Tooolbox” with his partners where he hopes to showcase the amazing hackers who call Philadelphia home.
\n\nSpeakerBio: Lexie Thach
\nLexie Thach has worked in cybersecurity for ten years in various positions. During this time, I developed a strong affinity for electrical engineering, programming, and robotics engineering. Despite not having a traditional academic background, I have extensive hands-on experience from my eight years in the US Air Force, specializing in cybersecurity and tactical networks for aircraft missions and operations. My focus on securing and testing the security of autonomous systems stems from these experiences, and I am passionate about sharing the techniques I have learned. Currently I run a local hackerspace in Philadelphia in support of DC215 called The Tooolbox where anyone can come to learn new hacking tools, try to build offensive or defensive security robots and we have 3D printers on standby for any prototyping people want.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249611','','',54171,'\'Map Page - LVCC West/Floor 3/W305\''),(42765,'\'SCAGoat - Exploiting Damn Vulnerable SCA Application\'','demolabs','\'SCAGoat is a deliberately insecure web application designed for learning and testing Software Composition Analysis (SCA) tools. It offers a hands-on environment to explore vulnerabilities in Node.js and Java Springboot applications, including actively exploitable CVEs like CVE-2023-42282 and CVE-2021-44228 (log4j). This application can be utilized to evaluate various SCA and container security tools, assessing their capability to identify vulnerable packages and code reachability. As part of our independent research, the README includes reports from SCA tools like semgrep, snyk, and endor labs. Future research plans include incorporating compromised or malicious packages to test SCA tool detection and exploring supply chain attack scenarios.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249617
\n Project - https://github.com/harekrishnarai/Damn-vulnerable-sca
\n
People:
SpeakerBio: Hare Krishna Rai, Product Security Engineer
\nAs a Product Security Engineer, Hare Krishna Rai\'s passion for cybersecurity drives him to excel in various areas. He specializes in conducting penetration testing, actively participates in security Capture The Flag (CTF) competitions, and performs code reviews to ensure secure code development. His expertise extends to leveraging Static Application Security Testing (SAST) techniques in languages like Java, Python, JavaScript, JSP, among others.
\n\nSpeakerBio: Prashant Venkatesh, Manager, Product Security
\nPrashant Venkatesh is an information security expert with over 20 years of experience. He presently works as Manager, Product Security at an ecommerce company. Prashant is an enthusiastic participant in the field who consistently coordinates, reviews papers, and presents his work at numerous InfoSec conferences, including Blackhat Nullcon and c0c0n. He is also active through the OWASP Bay Area chapter Leadership and is co-founder of the annual Seasides Conference in India.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249617','','',54172,'\'Map Page - LVCC West/Floor 3/W305\''),(42766,'\'Bluetooth Landscape Exploration & Enumeration Platform (BLEEP)\'','demolabs','\'The purpose of the tool platform is to provide both novice and experienced Bluetooth researchers a “swiss-army knife” for device exploration and enumeration. The Bluetooth Landscape Exploration & Enumeration Platform (BLEEP) is capable of discovering Bluetooth Low Energy (BLE) devices, connecting to them, and enumerating the device as well. BLEEP leverages Python3, BlueZ, and the Linux D-Bus to provide a terminal user interface for identifying and interacting with BLE implements. The I/O capabilities of the toolset include read I/O, performing writes, and capturing of notification signals. The purpose of using these low-level libraries is to maintain small granularity control over the interactivity between BLEEP and the BLE environment.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249606
\n Project - https://github.com/Mauddib28/bleep-tool
\n
People:
SpeakerBio: Paul Wortman
\nDr. Wortman has a PhD in Electrical and Computer Engineering from the University of Connecticut with research that ranged from network analysis to cyber security risk evaluation. He now focuses on Bluetooth protocol and devices research.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249606','','',54173,'\'Map Page - LVCC West/Floor 3/W306\''),(42767,'\'Skynet\'','demolabs','\'Skynet is an AI project (just kidding.) It is meant to be a sort of unified theory of detection, enabling us to plot any detection artifact types on screen around an entity and decision them faster and more accurately. While plotting alert sets, attack trees, and kill chains has been done, for the presentation of alert sets and cases, we are planning to use graphing as the primary presentation, triage and decisioning mechanism, at scale, using a novel combination of heuristics and machine learning. It is an alert manager made by users, for users.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249612
\n
People:
SpeakerBio: Craig Chamberlain
\nCraig Chamberlain has been working on threat hunting and detection for most of his life and has contributed to several SIEM-like products you may have used. Most of them had unnecessarily simple alert pages and workflow, which makes him sad, and this is his attempt to put things right. He has presented at numerous conferences including the SANS Threat Hunting Summit; RSA 2024; CactusCon; the ISC2 Congress; SOURCE Boston; and several B-Sides conferences in Washington DC, San Francisco, NoVA, Boston, and Rochester.
\n\nSpeakerBio: Rewanth Tammana
\nRewanth Tammana is a security ninja, open-source contributor, and an independent consultant. Previously, Senior Security Architect at Emirates NBD National Bank of Dubai). He is passionate about DevSecOps, Cloud, and Container Security. He added 17,000+ lines of code to Nmap. Rewanth speaks and delivers training at numerous security conferences worldwide. He was recognized as one of the MVP researchers on Bugcrowd (2018), published an IEEE research paper on ML and security, and more.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249612','','',54174,'\'Map Page - LVCC West/Floor 3/W306\''),(42768,'\'Garak\'','demolabs','\'Garak, Generative AI Red-teaming and Assessment Kit, is a vulnerability scanner for large language models (LLMs) and dialogue systems. It has a host of different probes, each working on different vulnerabilities and payloads. It connects to a broad range of different LLMs. The attacks range between static tests of fixed prompts, to dynamically assembled prompts, to probes that respond to existing model behavior when working out their next move. Community contribution plays a big part of Garak already, with an active repo & over 300 members in the Discord. Garak can assess and attack anything that takes text and returns text, and is already used by many industry players in assessment of internal and external models, including NVIDIA and Microsoft as well as a range of emerging AI Security startups; it’s the #1 ranked tool for LLM security on Hackernews. But we think it’s mostly a lot of fun.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249618
\n Project - https://github.com/leondz/garak/
\n
People:
SpeakerBio: Erick Galinkin, Research Scientist at NVIDIA
\nErick Galinkin is a Research Scientist at NVIDIA working on the security assessment and protection of large language models. Previously, he led the AI research team at Rapid7 and has extensive experience working in the cybersecurity space. He is an alumnus of Johns Hopkins University and holds degrees in applied mathematics and computer science. Outside of his work, Erick is a lifelong student, currently at Drexel University and is renowned for his ability to be around equestrians.
\n\nSpeakerBio: Leon Derczynski, Principal Research Scientist, LLM Security at NVIDIA
\nLeon Derczynski is principal research scientist in LLM Security at NVIDIA and prof in natural language processing at ITU Copenhagen. He’s on the OWASP LLM Top 10 core team, and consults with governments and supranational bodies. He co-wrote a paper on how LLM red teaming is like demon summoning, that you should definitely read. He’s been doing NLP since 2005, deep learning since it was more than one layer, and LLM security for about two years, which is almost a lifetime in this field. Finally, Prof. Derczynski also contributes to ML Commons, and regularly appears in national and international media.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249618','','',54175,'\'Map Page - LVCC West/Floor 3/W306\''),(42769,'\'Nebula - 3 Years of Kicking *aaS and Taking Usernames\'','demolabs','\'Cloud Penetration Testing has become a hot topic in the offensive community, as the cloud based infrastructures have been slowly taking the place on-prem ones used to have. This requires a tool to help with it. Nebula is a cloud Pentest Framework, which offers reconnaissance, enumeration, exploitation, post exploitation on AWS, Azure, DigitalOcean and above all opportunity to extend even more. It is built modulary for each provider and each attack, allowing for a diversity in attack surface. This coupled with the client-server architecture, allows for a collaborated team assessment of a hybrid cloud environment.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249607
\n Project - https://github.com/gl4ssesbo1/Nebula
\n
People:
SpeakerBio: Bleon Proko
\nBleon Proko is an info-sec passionate about Infrastructure Penetration Testing and Security, including Active Directory, Cloud (AWS, Azure, GCP, Digital Ocean), Hybrid Infrastructures, as well as Defense, Detection and Thread Hunting. He has presented in conferences like BlackHat and BSides on topics related to Cloud Penetration Testing and Security. His research include Nebula, a Cloud Penetration Testing Framework (https://github.com/gl4ssesbo1/Nebula) and other blogs, which you can also find on his blog (blog.pepperclipp.com). He is also the author of the upcoming book \"Deep Dive into Clouded Waters: An overview in Digital Ocean\'s Pentest and Security\" (https://leanpub.com/deep-dive-into-clouded-waters-an-overview-in-digitaloceans-pentest-and-security)
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249607','','',54176,'\'Map Page - LVCC West/Floor 3/W307\''),(42770,'\'The World Wide Paraweb\'','demolabs','\'Paraweb empowers people to publish and surf invisibly on a World Wide Web without the telltale traffic patterns that can betray our use of Tor and VPNs to network monitors. Paraweb is a wide-area hypermedia information retrieval initiative that combines steganography and open Web 1.0-inspired protocols to hijack and embed itself as a parasitic communications network inside existing social network websites like Tumblr, Instagram, and Reddit. Paraweb publishers can steganographically encode HTML-based, para-hyperlinked sites within innocuous media, then post those media on social network sites indistinguishably from benign content creators. Paraweb surfers can traverse these media as benign social network users, decoding the contents of para-sites as they appear normally in their searches, traversals, and feeds. Paraweb traffic is designed to blend indistinguishably with normal Web 2.0 and social network traffic, enabling Paraweb netizens to “hide in plain sight.” Paraweb’s loose and open-source combination of steganography and web-based protocols extends the hard-shell defenses of the encrypted web to the realms of deniability and stealth.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249613
\n Project - https://www.paraweb.io/
\n
People:
SpeakerBio: Nathan Sidles
\nNathan Sidles is a person.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249613','','',54177,'\'Map Page - LVCC West/Floor 3/W307\''),(42771,'\'XenoboxX - Hardware Sandbox Toolkit\'','demolabs','\'Malware frequently employs anti-VM techniques, which can vary in their difficulty to detect and counteract. While integrating anti-detection measures in our labs is a frequently used option, we should also consider using a real hardware sandbox, even if this sounds weird. By leveraging the awesome PCILeech project and DMA hardware access, XenoboxX provides a suite of tools for analysis tasks, such as dumping dynamically allocated memory and searching for IoC. These tools allow us to inject code at kernel level through DMA, making detection significantly more challenging and giving a new perspective to the analysis.
\nLinks:
Project - https://github.com/cecio
\n DEF CON Forums - https://forum.defcon.org/node/249619
\n
People:
SpeakerBio: Cesare Pizzi, Security Researcher, Analyst, and Technology Enthusiast
\nCesare Pizzi is a Security Researcher, Analyst, and Technology Enthusiast. Mainly focused on low level programming, he developed a lot of OpenSource software, sometimes hardware related (USBvalve) and sometimes not.
\n\nDoing a lot of reverse engineering too. He likes to share his job when possible (at Defcon, Insomni\'hack, Nullcon. etc). Contributor of several OS Security project (Volatility, OpenCanary, PersistenceSniper, Speakeasy, CETUS, TinyTracer, etc) and CTF player.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249619','','',54178,'\'Map Page - LVCC West/Floor 3/W307\''),(42772,'\'Cloud Offensive Breach and Risk Assessment (COBRA)\'','demolabs','\'Cloud Offensive Breach and Risk Assessment (COBRA) is an open-source tool designed to empower users to simulate attacks within multi-cloud environments, offering a comprehensive evaluation of security controls. By automating the testing of various threat vectors including external and insider threats, lateral movement, and data exfiltration, CNBAS enables organizations to gain insights into their security posture vulnerabilities. CNBAS is designed to conduct simulated attacks to assess an organization\'s ability to detect and respond to security threats effectively.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249608
\n Project - https://github.com/PaloAltoNetworks/cnbas-tool
\n
People:
SpeakerBio: Anand Tiwari
\nAnand Tiwari is an information security professional with a strong technical background working as a Product Manager (PM), focusing on the more technical aspects of a cloud security product. He tries to fill it in by doing in-depth technical research and competitive analysis, given business issues, strategy, and a deep understanding of what the product should do and how the products actually work. He has authored ArcherySec—an open source-tool and has presented at BlackHat, DEF CON USA, and HITB conferences. He has successfully given workshops at many conferences such as DevOpsDays Istanbul, Boston.
\n\nSpeakerBio: Harsha Koushik
\nHarsha Koushik is a security engineer and researcher, passionate about securing digital systems. Specializing in Cloud-Native Application Platform Protection (CNAPP), tackling emerging cyber threats while working at large scales. Additionally, Harsha hosts the security podcast \'Kernel-Space,\' exploring insightful discussions on the latest trends and issues in cybersecurity.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249608','','',54179,'\'Map Page - LVCC West/Floor 3/W308\''),(42773,'\'Serberus\'','demolabs','\'The Serberus is a serial Man-in-the-Middle hardware hacking tool designed to connect to embedded devices . It has 4 channels and has headers to interface with up to 3 UARTs simultaneously and also has the ability to connect to JTAG, SPI, I2C and SWD interfaces. During this talk I will introduce the Serberus and what makes it different than other, similar tools. It has a level shifter and switch to allow you to connect to logic voltages of 1.8, 2.5 and 3.3v or any arbitrary voltage between 1.65v and 5.5v, matching that of your target. The Serberus is unique in that it was designed to use open source tools like the Akheron proxy in order to MitM serial communications. I will demonstrate the Serberus connecting to a wifi router, to a JTAG, I2C or SPI target and I will also show the MitM capabilities on the serial connection between an aircraft transponder and its avionics system. The Serberus project is free and open source with all board layouts, gerbers and schematics published.
\nLinks:
Project - https://github.com/pk-mdt/Serberus
\n DEF CON Forums - https://forum.defcon.org/node/249614
\n
People:
SpeakerBio: Patrick Kiley, Principal Consultant at Mandiant
\nPrincipal Consultant at Mandiant (a division of Google Cloud) has over 20 years of information security experience working with both private sector employers and the Department of Energy/National Nuclear Security Administration (NNSA). Patrick has spoken at DEF CON, BlackHat, Bsides and RSA. Patrick can usually be found in the Car Hacking or Aerospace village where he volunteered for several years. His passion is embedded systems security and has released research in Avionics, embedded systems and even bricked his own Tesla while trying to make it faster.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249614','','',54180,'\'Map Page - LVCC West/Floor 3/W308\''),(42774,'\'Hopper - Distributed Fuzzer\'','demolabs','\'Hopper is a Coverage-Guided Greybox Distributed Fuzzer, inspired by AFL++, and written in Golang. Like other fuzzers, Hopper operates as a standard command-line interface tool, allowing you to run fuzz campaigns to find vulnerabilities and exploits in software. Hopper\'s mutation algorithm, energy assigning strategy, and out-of-process coverage gathering, are all inspired by AFL++, the current state of the art fuzzer. However, Hopper\'s distributed strategy differs substantially than AFL++ in an attempt to define a new distributed fuzzing paradigm. AFL++ and LibFuzzer have clear scaling limitations in larger environments, notably the AFL++’s rudimentary multi-machine mode. As an early prototype, Hopper addresses these limitations by implementing a deduplicating communication schema that establishes a consistency invariant, minimizing repeated work done by fuzzing nodes. Hopper is a standalone, new piece of software developed from scratch in the spirit of exploration, this is not yet another python plugin/extension for AFL++. Hopper is currently available on GitHub, including containerized runnable campaign demos. Tooling and observability are first class features, in the form of a TUI to monitor fuzzing campaigns, usage docs, and quick-start scripts for orchestrating fuzz campaigns.
\nLinks:
Project - https://github.com/Cybergenik/hopper
\n DEF CON Forums - https://forum.defcon.org/node/249620
\n
People:
SpeakerBio: Luciano Remes, Software Engineer at Palantir Technologies
\nLuciano Remes received a B.S. in Computer Science from the University of Utah, where he did 2 years of grant-funded Systems research under the FLUX Research Group, finally working on his Thesis Hopper: Distributed Fuzzer. During this time, he also interned at AWS EC2 and Goldman Sachs SPARC infrastructure teams, as well as a few startups including Blerp and Basecamp. Currently, he\'s a Software Engineer at Palantir Technologies building distributed network infrastructure.
\n\nSpeakerBio: Wade Cappa, Software Engineer at Palantir Technologies
\nWade Cappa recently graduated from Washington State University with a B.S in Computer Science and is now working at Palantir Technologies as a Software Engineer on distributed data systems. He previously worked at Microsoft in the Semantic Machines department, creating a dynamically linked debugging utility for an internal use tooling language. In his freetime he is working with a high-performance-computing research group on a cutting edge distributed strategy for approximating submodular monotonic optimizations.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249620','','',54181,'\'Map Page - LVCC West/Floor 3/W308\''),(42775,'\'Maestro\'','demolabs','\'Maestro is a post-exploitation tool designed to interact with Intune/EntraID from a C2 agent on a user\'s workstation without requiring knowledge of the user\'s password or Azure authentication flows, token manipulation, and web-based administration console. Maestro makes interacting with Intune and EntraID from C2 much easier, as the operator does not need to obtain the user\'s cleartext password, extract primary refresh token (PRT) cookies from the system, run additional tools or a browser session over a SOCKS proxy, or deal with Azure authentication flows, tokens, or conditional access policies in order to execute actions in Azure on behalf of the logged-in user. Maestro enables attack paths between on-prem and Azure. For example, by running Maestro on an Intune admin\'s machine, you can execute PowerShell scripts on any enrolled device without ever knowing the admin\'s credentials!
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249621
\n Project - https://github.com/Mayyhem/Maestro
\n
People:
SpeakerBio: Chris Thompson, Principal Consultant at SpecterOps
\nChris Thompson (@_Mayyhem) is a Principal Consultant at SpecterOps, where he conducts red team operations, research, tool development, and training. Chris has instructed at Black Hat USA/EU and spoken at Arsenal, DEF CON Demo Labs, SO-CON, and Troopers. He is the primary author of Maestro and SharpSCCM and co-author of Misconfiguration Manager, an open-source tool and knowledge base that can be used to help demonstrate, mitigate, and detect attacks that abuse Microsoft Configuration Manager (formerly SCCM).
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249621','','',54182,'\'Map Page - LVCC West/Floor 3/W303\''),(42776,'\'Open Hardware Design for BusKill Cord\'','demolabs','\'An open hardware design for BusKill cables that uses 3D printing and easily sourceable components. BusKill cables are hardware Dead Man’s Switches that use USB events to trigger a laptop to lock, shutdown, or self-destruct when the laptop is physically separated from the operator.
\nLinks:
Project - https://github.com/BusKill/usb-a-magnetic-breakaway
\n DEF CON Forums - https://forum.defcon.org/node/249627
\n
People:
SpeakerBio: Melanie Allen
\nMelanie Allen is a 3D-printing enthusiast and volunteer hardware developer with the BusKill project.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249627','','',54183,'\'Map Page - LVCC West/Floor 3/W303\''),(42777,'\'MITRE Caldera for OT\'','demolabs','\'Caldera for Operational Technology (C4OT) is an extension to the open-source Caldera adversary emulation platform. Adversary emulation has long helped defenders of information systems exercise and improve their cyber defenses by using real adversary techniques. While Caldera has been out since 2021, C4OT was released September 2023. Specifically, C4OT exposes native OT protocol functions to Caldera. The initial release of C4OT supported three popular OT protocols (Modbus, BACnet, and DNP3). Since then, we have added support for two more protocols (IEC61850 and Profinet). Today, we are actively working on support for the space protocol GEMS. By utilizing Caldera and the C4OT plugins, end-users can emulate threat activity across both Enterprise and Operational networks with ease.
\nLinks:
Project - https://github.com/mitre/caldera-ot
\n DEF CON Forums - https://forum.defcon.org/node/249633
\n
People:
SpeakerBio: Blaine Jeffries, Operational Technology Security Engineer at MITRE Corp
\nBlaine Jeffries is an Operational Technology Security Engineer at MITRE with a focus on defensive cybersecurity research, threat intelligence and adversary emulation. At MITRE, Blaine currently serves as a co-lead of Caldera for OT and supports a variety of DoD and government sponsors. Prior to joining MITRE, Blaine served in the US Air Force as a Cyberspace Operations Officer. Currently he holds degrees in Electrical Engineering and Cyberspace Operations.
\n\nSpeakerBio: Devon Colmer, Cybersecurity Engineer, Critical Infrastructure Protection Innovation Center at MITRE Corp
\nDevon Colmer is a Cybersecurity Engineer in MITRE’s Critical Infrastructure Protection Innovation Center, working principally in OT adversary emulation and detection engineering. Prior to joining MITRE, Devon served as a Submarine Officer in the US Navy. He has led the development of OT plugins for MITRE’s adversary emulation platform, Caldera, and is currently researching a common data model for OT protocols.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249633','','',54184,'\'Map Page - LVCC West/Floor 3/W303\''),(42778,'\'Tempest\'','demolabs','\'Tempest is a command and control framework written in 100% Rust. It began as a research project and personal challenge, but has grown into a very effective c2 framework. The original concept was to write a simple yet effective c2 framework, and design continues to focus on this simple goal. Because it started out as a research project with a learning goal, the framework is not directly based on any existing c2 frameworks and the vast majority of code will not be found anywhere else.
\nLinks:
Project - https://github.com/Teach2Breach/tempest
\n DEF CON Forums - https://forum.defcon.org/node/249622
\n
People:
SpeakerBio: Kirk Trychel, Senior Red Team Engineer at Box.com
\nKirk Trychel is a Senior Red Team Engineer with Box.com and a lifelong hacker. He has lead Red Teams with the Department of Defense, Secureworks Adversary Group, and CrowdStrike Adversary Emulations. Always eager to hack the newest technology, Kirk has produced original research across many areas of offensive security. His diverse experience combines with a passion to understand and expand attack surfaces, and do what defenders have not considered. Besides breaching systems, Kirk loves sharing his knowledge with the community and helping enhance organizations’ security posture.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249622','','',54185,'\'Map Page - LVCC West/Floor 3/W304\''),(42779,'\'The Metasploit Framework v6.4\'','demolabs','\'The Metasploit Framework released version 6.4 earlier this year, including multiple improvements to Kerberos-related attack workflows. The latest changes added support for forging diamond and sapphire tickets, as well as dumping tickets from compromised hosts. Metasploit users can now exploit unconstrained delegation in Active Directory environments for privilege escalation as well as use pass-the-ticket authentication for the Windows secrets dump module. These new Kerberos improvements increase the ways in which tickets can be forged, gathered, as well as used. Additionally, Metasploit has added support for new protocol based sessions, allowing users to interact with targets without uploading payloads, thus increasing their evasive capabilities. These new sessions can be established to database, SMB and LDAP servers. Once opened, they enable users to interact and run post modules with them, all without running a payload on the remote host. Finally, version 6.4 includes a complete overhaul of how Metasploit handles its own DNS queries. These improvements ensure that users pivoting their traffic over compromised hosts are not leaking their queries and offer a high degree of control over how queries should be resolved. This demonstration will cover these latest improvements and show how the changes can be combined for new, streamlined attack workflows using the latest Metasploit release.
\nLinks:
Project - https://github.com/rapid7/metasploit-framework
\n DEF CON Forums - https://forum.defcon.org/node/249628
\n
People:
SpeakerBio: Jack Heysel, Senior Security Researcher at Rapid7
\nJack Heysel is a Senior Security Researcher at Rapid7, where he contributes to and helps maintain the Metasploit Framework. Jack started at Rapid7 in 2016 working on their vulnerability management solution. He transitioned to the Metasploit team in 2021 and has been happily writing and reviewing exploits ever since. While AFK, Jack enjoys exploring the mountains and outdoors that surround his home.
\n\nSpeakerBio: Spencer McIntyre, Security Research Manager at Rapid7
\nSpencer McIntyre is a Security Research Manager at Rapid7, where he works on the Metasploit Framework. He has been contributing to Metasploit since 2010, a committer since 2014, and a core team member at Rapid7 since 2019. Previously, Spencer worked at a consulting firm working with clients from various industries, including healthcare, energy, and manufacturing. He is an avid open-source contributor and comic book reader.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249628','','',54186,'\'Map Page - LVCC West/Floor 3/W304\''),(42780,'\'Vovk - Advanced YARA Rule Generator v2.0\'','demolabs','\'Vovk is a toolset that can be used to create YARA rules. The Vovk DEF CON 2024 version will be released at DEF CON.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249634
\n Project - https://github.com/malienist/vovk
\n
People:
SpeakerBio: Benjamyn Whiteman, Lead Analyst, Global CSOC at TikTok USDS
\nBenjamyn Whiteman has worked in the InfoSec industry for the past 7 years in roles that include Security Engineering, Forensics Analysis and Global CSIRTs. Ben regularly presents his research at internal company summits and security conferences. Ben has been training and mentoring new cyber security professionals for a few years now and also presented his research at HackSydney 2022 and 2023. Currently, Ben is a part of the Global CSOC for TikTok USDS as the Lead Analyst at Sydney, Australia.
\n\nSpeakerBio: Vishal Thakur, Senior Director, Cyber Fusion Center at TikTok USDS
\nVishal Thakur has worked in the information security industry for many years in hands-on technical roles, specializing in Incident Response with a heavy focus on Emerging Threats, Malware Analysis and Research. He has presented his research at international conferences (BlackHat, DEFCON, FIRST, SANS DFIR Summit) and has also run training/workshops at some of these conferences. Vishal is currently working as Senior Director, Cyber Fusion Center at TikTok USDS. In past roles, Vishal worked as a Senior Researcher at Salesforce, helping their Incident Response Centre with advanced threat analysis and developing DFIR tools and has been a part of the Incident Response team at the Commonwealth Bank of Australia. For the past few years, Vishal has been involved in ML and AI security and has been researching this subject.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249634','','',54187,'\'Map Page - LVCC West/Floor 3/W304\''),(42781,'\'5Ghoul Framework - 5G NR Attacks & 5G OTA Fuzzing\'','demolabs','\'5Ghoul Fuzzer is an over-the-air security testing tool and fuzzing framework that leverages a rogue 5G NR base station to systematically create test cases targeting 5G-capable smartphones or Qualcomm USB-based modems. Moreover, such framework contains test case scripts to launch attacks exploiting 10 implementation-level vulnerabilities ranging from DoS to Downgrades that affect commercial 5G modems from major chipset vendors such as Qualcomm and MediaTek. The tool is released open sourced, but it is also continuously experimented with newer devices. For example, there are two more 5G implementation vulnerabilities that are under embargo and will be released by the end of this month in the open source repository and website maintained for the project.
\nLinks:
Project - https://github.com/asset-group/5ghoul-5g-nr-attacks
\n DEF CON Forums - https://forum.defcon.org/node/249623
\n
People:
SpeakerBio: Matheus Eduardo Garbelini, Research Fellow at Singapore University of Technology and Design (SUTD)
\nMatheus Eduardo Garbelini is a Research fellow at Singapore University of Technology and Design (SUTD) and a White Hat Wireless Hacker by hobby. Through his research in wireless fuzzing, he discovered implementation vulnerabilities in the chipset of countless Bluetooth, Wi-Fi, and 5G commercial IoT devices.
\n\nSpeakerBio: Sudipta Chattopadhyay, Associate Professor at Singapore University of Technology and Design (SUTD)
\nSudipta Chattopadhyay is an Associate Professor at Singapore University of Technology and Design (SUTD) and hacks code during his spare time. His general research interests lie in the broad area of cyber security including but not limited to security for AI, Wireless Technologies, and Internet of Things (IoTs). Together with Matheus, he discovered SweynTooth, BrakTooth and 5Ghoul, families of Bluetooth and 5G NR vulnerabilities that affected billions of devices worldwide.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249623','','',54188,'\'Map Page - LVCC West/Floor 3/W305\''),(42782,'\'CODASM - Hiding Payloads in Plain .text\'','demolabs','\'CODASM aims to decrease a stageless payload\'s Shannon entropy, which was found to be a simple but annoying detection vector used by EDRs. It\'s a Python program that processes arbitrary binary inputs and produces a C program consisting of two parts: a buffer holding generated x86-64 ASM instructions with the original payload encoded into it, and a set of functions that can decode the ASM at runtime. The buffer is designed to be compiled into the final payload\'s .text section, thus it looks like regular (if not functional) code to AVs, EDRs and analysts. This encoding effectively decreases the payload\'s Shannon entropy but comes with a significant increase in output size. The demo will cover usage of the tool and dissection/reverse engineering of the resulting payload.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249629
\n
People:
SpeakerBio: Moritz Laurin Thomas, Senior Red Team Security Consultant at NVISO ARES
\nMoritz is a senior red team security consultant at NVISO ARES (Adversarial Risk Emulation & Simulation). He focuses on research & development in red teaming to support, enhance and extend the team’s capabilities in red team engagements of all sorts. Before joining the offensive security community, Moritz worked on a voluntary basis as a technical malware analyst for a well-known internet forum with focus on evading detections and building custom exploits. When he isn’t infiltrating networks or exfiltrating data, he is usually knees deep in research and development, dissecting binaries and developing new tools.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249629','','',54189,'\'Map Page - LVCC West/Floor 3/W305\''),(42783,'\'TheAllCommander 2.0\'','demolabs','\'TheAllCommander is an open-source tool which offers red teams and blue teams a framework to rapidly prototype and model malware communications, as well as associated client-side indicators of compromise. The framework provides a structured, documented, and object-oriented API for both the client and server, allowing anyone to quickly implement a novel communications protocol between a simulated malware daemon and its command and control server. For Blue Teamers, this allows rapid modeling of emerging threats and comprehensive testing in a controlled manner to develop reliable detection models. For Red Teamers, this framework allows rapid iteration and development of new protocols and communications schemes with an easy to use Python interface. The framework has many tools or techniques used by red teams built in to allow out-of-the-box modeling, including emulated client browser HTTPS traffic Remote Desktop tunneling, and UAC bypass.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249635
\n Project - https://github.com/matt-handy/TheAllCommander
\n
People:
SpeakerBio: Matthew Handy, NASA
\nMatt Handy completed his BS in Computer Science at the University of Maryland, College Park (UMD) in 2010, and MS in CyberSecurity at Johns Hopkins in 2014. He has worked for NASA\'s Goddard Space Flight Center doing satellite ground systems development since 2009. He has specialized in secure software systems development and has helped to develop several missions over the course of his career. In his off time, he enjoys doing independent security research and creating tools like TheAllCommander to help make a more secure cyber world.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249635','','',54190,'\'Map Page - LVCC West/Floor 3/W305\''),(42784,'\'Testbed Virtual Factory\'','demolabs','\'As the landscape of industrial control systems (ICS) evolves, the security vulnerabilities inherent in these systems have become increasingly important. In response to this escalating situation, in this paper, we present the development of a virtualized cybersecurity research testbed tailored for these environments. Addressing the challenge of limited access to proprietary OT network data for research purposes, our this talk proposes a comprehensive framework for simulating industrial environments, aiming to facilitate the development and testing of cybersecurity solutions by providing functionalities for network traffic logging, attack impact simulation, generation of labeled multivariate time series sensor datasets, among others, bridging the gap between theoretical research and practical application needs, especially in situations of low data availability and data-driven cybersecurity research.
\nLinks:
Project - https://github.com/Gradiant/virtual-factory
\n DEF CON Forums - https://forum.defcon.org/node/249624
\n
People:
SpeakerBio: Borja Pintos Castro, Researcher, Security and Privacy Area at Gradiant
\nBorja Pintos-Castro is passionate about cybersecurity, he spends the day reading and tinkering. He obtained a degree in Computer Engineering from the University of A Coruña. He also has a Master of Computer Security by the International University of La Rioja. Now, he is a researcher at Gradiant in the Security and Privacy Area and specifically in Cybersecurity industry 4.0 projects. Currently, he manages some industrial security projects, specifically analyzing network traffic and using honeypots to detect threats and attacks. He has the certification OSCP (PEN-200) from Offensive Security.
\n\nSpeakerBio: Camilo Piñón Blanco
\nCamilo Piñón-Blanco graduated in Telecommunication Technologies Engineering (2021) and Master in Telecommunication Engineering (2023) from the University of Vigo, both specializing in Telematics Engineering. He did his Bachelor’s Thesis with GRADIANT, focused on detection of cyber-attacks in industrial networks with Machine Learning techniques. He has worked at the atlanTTic research center as a researcher, dealing with natural language processing and text data analysis. In 2022 he re-joined the GRADIANT as an Engineer-Researcher in Security and Privacy, within the Privacy & Security Analytics line, where he has done his Master\'s Thesis on anomaly detection in time series through UEBA and LSTM neural networks. His main lines of work are applied machine learning, data analysis and software development.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249624','','',54191,'\'Map Page - LVCC West/Floor 3/W306\''),(42785,'\'GC2 - The First Serverless Command & Control\'','demolabs','\'GC2 is the first serverless command and control. This project aims to demonstrate how attackers could take advantage of third-party tools (Google Sheets and Google Drive) to execute commands and exfiltrate information from a compromised system. First released in 2021, became well known in April 2023 after being mentioned in Google\'s Threat Horizons Report.
\nLinks:
Project - https://github.com/looCiprian/GC2-sheet
\n DEF CON Forums - https://forum.defcon.org/node/249630
\n
People:
SpeakerBio: Lorenzo Grazian
\nLorenzo Grazian has more than 6 years of experience in red teaming, penetration testing and source code review mainly in the financial and transport industries. He worked and led local and global cybersecurity projects. Besides his offensive security background, he developed several tools to support offensive security activities.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249630','','',54192,'\'Map Page - LVCC West/Floor 3/W306\''),(42786,'\'Drop-Pi\'','demolabs','\'The Drop-Pi is a suite of software developed on a Raspberry Pi to facilitate the automatic bypassing of 802.1x/NAC implementations (pre 802.1x-2010 standards) and establish discrete remote access into target networks. Designed with physical penetration testing in mind, the Drop-Pi can establish remote access inside a target network within a matter of seconds after being plugged in, affording assessors with a quick in and out on an objective. Its built with common and easily sourced hardware which allows for easy and quick provisioning of multiple Drop-Pi devices. When it\'s not feasible to utilize a target network for egress traffic, the Drop-Pi can easily be configured to employ a wireless connection or mobile hotspot to facilitate access in and out of the network.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249636
\n Project - https://github.com/ditmer/Drop-Pi
\n
People:
SpeakerBio: Doug Kent, Pentesting Team at State Farm
\nDoug has worked at State Farm for about 20 years. Working on mostly security technologies ranging from Active Directory, PKI, Endpoint protection and finally landing recently on the Pentesting team. Doug has a passion for identifying vulnerabilities and partnering with control solution teams to protect State Farm data and fulfill our promise to customers. He strives to help others with offensive security skills by providing training, guidance, and kill chain demonstrations.
\n\nSpeakerBio: Robert Ditmer, Red Team at State Farm
\nRob has been on the State Farm Pentesting Team for 3 years and has recently moved the Red Team. Prior to his time at State Farm, he has worked with various other companies as a penetration testing consultant - enabling him to experience a wide range of technologies and their differing implementations. Rob enjoys the challenge of developing tools and infrastructure to better the skills and abilities of the State Farms Red Team.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249636','','',54193,'\'Map Page - LVCC West/Floor 3/W306\''),(42787,'\'Cyber Security Transformation Chef (CSTC)\'','demolabs','\'Imagine GCHQ\'s CyberChef integrated in BurpSuite with live modification of requests at your fingertips. That\'s exactly what we had in mind when we built the Cyber Security Transformation Chef (CSTC) a few years ago. The CSTC is an extension to the popular BurpSuite Proxy built for experts working with web applications. It enables users to define recipes that are applied to outgoing or incoming HTTP requests/responses automatically. Whatever quirks and specialties an application might challenge you with during an assessment, the CSTC has you covered. Furthermore, it allows to quickly apply custom formatting to a chosen message, if a more detailed analysis is needed. After the initial release the CSTC is finally back! It contains new features and improvements such as many new operations to be used in recipes, inclusion of community requested features and a refactoring of the codebase. Alongside the CTSC we will launch a new public repository with recipes we found useful in our experience as penetration testers and of course open for contribution by the community. This helps the community to solve common challenges and getting started working with the CSTC.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249625
\n Project - https://github.com/usdAG/cstc
\n
People:
SpeakerBio: Florian Haag, Managing Security Consultant at usd AG
\nFlorian Haag is a managing security consultant at usd AG with experience in penetration testing, software security assessments as well as code reviews. He is specialized in penetration tests of thick client applications, leveraging his background in software development to reverse engineer proprietary client applications and network protocols. In addition, he maintains several open source tools for web application pentesting presented at international conferences like BlackHat and DEF CON.
\n\nSpeakerBio: Matthias Göhring, Security Consultant and Penetration Tester at usd AG
\nMatthias Göhring is security consultant and penetration tester at usd AG, an information security company based in Germany with the mission #moresecurity. He is Head of usd HeroLab, the division of usd specialized in technical security assessments. In addition, he holds lectures at Technical University Darmstadt and University of Applied Sciences Darmstadt on ethical hacking and penetration testing. In previous scientific work, he focused on network and communication security as well as software security.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249625','','',54194,'\'Map Page - LVCC West/Floor 3/W307\''),(42788,'\'MPT - Pentest in Action\'','demolabs','\'In ever evolving software development world, security is also becoming fast paced. Hence, each product going through the pentest cycle has to be managed effectively and efficiently. Managing multiple pentests and testers is important. A single pane of glass view for managing pentests and testers is what the goal of this tool is.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249631
\n Project - https://github.com/jenyraval/MPT
\n
People:
SpeakerBio: Jyoti Raval, Senior Staff Product Security Leader at Baker Hughes
\nJyoti Raval works as Senior Staff Product Security Leader at Baker Hughes. She is responsible for securing product end-to-end and involved in various phases of security life cycle. She is author of the Phishing Simulation Assessment and MPT tools, and has presented at Defcon, BlackHat, Nullcon, HITB, OWASP NZ and Infosec Girls. She also heads OWASP Pune chapter.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249631','','',54195,'\'Map Page - LVCC West/Floor 3/W307\''),(42789,'\'Moriarty\'','demolabs','\'Moriarty is a.NET tool designed to identify vulnerabilities for privilege escalation in Windows environments. Building upon Watson and Sherlock, Moriarty extends their capabilities by incorporating advanced scanning techniques for newer vulnerabilities and integrating additional checks. This tool supports a wide range of Windows versions, from Windows 10 to Windows 11 and Server versions 2016, 2019, and 2022. Moriarty differentiates itself by its ability to enumerate missing KBs and detect a variety of vulnerabilities linked to privilege escalation, offering suggestions for potential exploits. The tool\'s extensive database includes well-known vulnerabilities such as PrintNightmare (CVE-2021-1675), Log4Shell (CVE-2021-44228), and SMBGhost (CVE-2020-0796), among others.
\nLinks:
Project - https://github.com/BC-SECURITY/Moriarty
\n DEF CON Forums - https://forum.defcon.org/node/249637
\n
People:
SpeakerBio: Anthony “Coin” Rose, Lead Security Researcher and Chief Operating Officer at BC Security
\nAnthony \"Coin\" Rose, CISSP, is a Lead Security Researcher and Chief Operating Officer at BC Security, where he specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. He has presented at numerous security conferences, including Black Hat, DEF CON, HackMiami, and RSA conferences. Anthony is the author of various offensive security tools, including Empire and Starkiller, which he actively develops and maintains. He is recognized for his work, revealing wide-spread vulnerabilities in Bluetooth devices and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
\n\nSpeakerBio: Jake “Hubble” Krasnov, Red Team Operations Lead and Chief Executive Officer at BC Security
\nJake \"Hubble\" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security. He has spent the first half of his career as an Astronautical Engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. Jake has presented at DEF CON, where he taught courses on offensive PowerShell and has been recognized by Microsoft for his discovery of a vulnerability in AMSI. Jake has authored numerous tools, including Invoke-PrintDemon and Invoke-ZeroLogon, and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249637','','',54196,'\'Map Page - LVCC West/Floor 3/W307\''),(42790,'\'MITRE Caldera\'','demolabs','\'MITRE Caldera is a scalable, automated adversary emulation, open-source cybersecurity platform developed by MITRE. It empowers cyber practitioners to save time, money, and energy through automated security assessments. Caldera not only tests and evaluates detection/analytic and response platforms, but it also provides the capability for your red team to perform manual assessments with computer assistance. This is achieved by augmenting existing offensive toolsets. The framework can be extended to integrate with any custom tools you may have. The development team behind the platform is a group of red teamers, software developers, exploit writers, cyber threat analysts, AI researchers, cybersecurity engineers, and computer scientists. They all pursue the common goal of building a premier adversary emulation platform for our security defenders around the world.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249626
\n Project - https://github.com/mitre/caldera
\n
People:
SpeakerBio: Mark Perry, Lead Applied Cyber Security Engineer at MITRE Corp
\nMark Perry is a Lead Applied Cyber Security Engineer at MITRE Corp, where he specializes in adversary emulation and work development. With a robust background in infrastructure and cyber security frameworks, Mark brings extensive expertise to his role, focusing on fortifying systems against sophisticated cyber threats. He has worked on projects involving adversary emulation, red teaming, cyber threat intelligence, and software development. Mark also leads development and delivery of Caldera workshops, providing participants with practical, hands-on training utilizing cybersecurity techniques. Additionally, he actively promotes Caldera’s benefactor program, fostering community support and engagement to further the development of cybersecurity tools and resources. Outside of his professional endeavors, Mark enjoys traveling and is a supercar enthusiast.
\n\nSpeakerBio: Rachel Murphy, Cyber Security Engineer at MITRE Corp
\nRachel Murphy is a Cyber Security Engineer at MITRE Corp. She has a B.S. in Mechanical Engineering and prior to joining MITRE, she worked as a mechanical engineer at NASA performing thermal analysis for the International Space Station at Johnson Space Center in Houston, TX. Rachel has worked on projects in adversary emulation, red teaming, cyber threat intelligence, and software development. Part of this work includes supporting Caldera’s research in artificial intelligence, developing Caldera workshops like this one, and promoting Caldera’s benefactor program. She has also served as a red team operator for MITRE Engenuity’s ATT&CK Evaluations.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249626','','',54197,'\'Map Page - LVCC West/Floor 3/W308\''),(42791,'\'FACTION\'','demolabs','\'FACTION is an all-encompassing solution for streamlined security assessment workflows and enhancing collaboration within your teams. In addition, It\'s fully open source and extendable so it can integrate within diverse environments. FACTION\'s key benefits are that it cuts reporting time down to more than half for manual pen-tests, keeps tabs on all outstanding vulnerabilities with custom alerts based on your SLAs, becomes the hub of shared information for your assessments enabling other teammates to replay attacks you share, facilitates large scale assessment scheduling that typically becomes hard to manage when your teams are doing more than 100 assessments a year, and is fully extendable with REST APIs and FACTION Extensions.
\nLinks:
DEF CON Forums - https://forum.defcon.org/node/249632
\n Project - https://github.com/factionsecurity/faction
\n
People:
SpeakerBio: Josh Summitt, Founder at Faction Security
\nWith over 18 years of experience in application security, Josh has played diverse roles—from being a penetration tester and reverse engineer to serving as a full-stack developer and CTO of a cybersecurity startup. He founded Faction Security, an organization committed to hosting open-source tools with the goal of supporting security teams by providing resources that enhance collaboration and efficiency. In addition to making open-source security tools, Josh builds custom modular synths and generally enjoys making strange and unusual noise-making devices.
\n\n\'','NULL','NULL','','https://forum.defcon.org/node/249632','','',54198,'\'Map Page - LVCC West/Floor 3/W308\''),(42792,'\'CycleOverride DEF CON Bike Ride\'','pge','\'At 6am on Friday, the @cycle_override crew will be hosting the 13th DEF CON Bikeride. We\'ll meet at a local bikeshop, get some rental bicycles, and about 7am will make the ride out to Red Rocks. It\'s about a 15 mile ride, all downhill on the return journey. So, if you are crazy enough to join us, get some water, and head over to cycleoverride.org for more info. See you at 6am Friday! @jp_bourget @gdead @heidishmoo.
\nLinks:
Twitter (@cycle_override) - https://twitter.com/cycle_override
\n Discuss (DEF CON Forums) - https://forum.defcon.org/node/249645
\n Sub-forum (DEF CON Forums) - https://forum.defcon.org/node/249644
\n More Info - https://cycleoverride.org
\n\'','\'https://info.defcon.org/blobs/pme_CycleOverride.png\'','\'pme_CycleOverride.png\'','https://forum.defcon.org/node/249644','https://forum.defcon.org/node/249645','','',54199,'\' Page - Other / See Description\''),(42793,'\'HDA Community - Open for Accessibility Questions/Help\'','pge','\'DEF CON has made HDA a community, and we now have a community room! This room will be dedicated to the attendees with ADA needs, their friends, helpers, and anyone who wants to hang out and be social! So far we plan on providing charging stations, chill out sessions, an open call for a modular synth jam session, and more to come! Let\'s all work together to make DEFCON Awesomely Accessible!
\n\n(Please note that on Thursday, we will be open only to provide assistance to those in need. Regular community programming will begin on Friday.)
\n\nHang out, chill out deck out your mobility device and more!
\nLinks:
Sub-forum (DEF CON Forums) - https://forum.defcon.org/node/242670
\n Official HDA Policy - https://defcon.org/html/links/dc-hda.html
\n\'','NULL','NULL','https://forum.defcon.org/node/242670','','','',54201,'\'Map Page - LVCC West/Floor 1/W110\''),(42794,'\'HDA Chillout w/ Dj Delchi\'','pge','\'Chillout to etherial / downtempo tunes and hang with your community
\n\'','NULL','NULL','','','','',54202,'\'Map Page - LVCC West/Floor 1/W110\''),(42795,'\'Sold Out - Dissecting Malware for Defense - Crafting Custom Yara Rules\'','workshops','\'Threat actors skillfully deploy malware to evade detection, outmaneuvering traditional security tools. In this workshop, \"Dissecting Malware for Defense - Crafting Custom Yara Rules\", you\'ll harness the power of malware analysis and crowdsourced intelligence to build tailored Yara rules. These rules will supercharge your security systems, enabling you to detect emerging threats, enhance threat hunting, and accurately pinpoint malicious activity. This fast-paced course will guide you in mastering static and behavioral detections, empowering you to safeguard your organization. By the end, you\'ll expertly translate malware analysis insights into high-quality Yara rules, bolstering your defensive arsenal.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Stroschein_DC32.eventbrite.com
\n
People:
SpeakerBio: Francisco Perdomo, Security Engineer, VirusTotal Research Team at Google
\nFrancisco is a skilled security professional with a strong background in detection engineering and a keen interest in reverse engineering. With extensive blue team experience, he currently works as a Security Engineer at Google\'s VirusTotal Research team where he leverages his operational expertise to investigate malware trends and create insightful technical content. Francisco\'s background includes roles as a SecOps Engineer and Professor of Computer Security.
\n\nSpeakerBio: Josh Stroschein, Reverse Engineer, FLARE team at Google
\nJosh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, RE, and other security topics.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54207','','',54207,'\'Map Page - Springhill Suites/Frontier\''),(42796,'\'Sold Out - Med Team vs Red Team: Intro into Medical Device Hacking\'','workshops','\'Connected medical device and medical device security assessments utilize a varying and wide range of practices, from reverse engineering to hardware exploitation. If you have ever been curious about how to get started, this is the class for you. We will be covering how to get started in Adversarial Medical Device testing, tooling, tactics, exploits and certain bypasses to restrictions you may encounter during testing these devices. Use the tactics learned to exploit devices within\nthe Device Lab!
\nLinks:
More Info - https://www.villageb.io/catalyst-lab
\n Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Aguilar_DC32.eventbrite.com
\n
People:
SpeakerBio: Alex Delifer
\nAlex is medical device testing sledgehammer. He is a DevSecOps guru for a large medical device company and cut his teeth building, maintaining and hacking medical devices.
\n\nSpeakerBio: Michael \"v3ga\" Aguilar, Principle Consultant at Secureworks Adversary Group
\nMichael Aguilar (v3ga) is a Principle Consultant for Secureworks Adversary Group. He runs Adversary Simulation operations, Physical Security and Network/Web based assessments as well as Adversarial Medical Device Tests. When not doing computer things, he reads a lot and likes to run to de-stress. He is also an avid fan of playing guitar really fast and screaming at people.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54208','','',54208,'\'Map Page - Springhill Suites/Desert Inn\''),(42797,'\'Sold Out - Offensive SCCM: Abusing Microsoft\'s C2 Framework\'','workshops','\'Microsoft Configuration Manager, formerly SCCM (System Center Configuration Manager), is a powerful technology that has been used to deploy software to Windows systems in the majority of enterprise environments since it was released by Microsoft in 1994. Although SCCM has a high potential for abuse due to its privileged access to entire fleets of servers and workstations, it has not been heavily researched or leveraged by security professionals until recently, presumably due to the time-consuming installation process and learning curve. In this workshop, students will be provided access to a live environment that reflects an enterprise SCCM deployment, gain an understanding of how the different components of SCCM interact, and learn how to execute recently discovered attack primitives that can be used compromise SCCM clients, servers, and entire hierarchies. By completing both guided exercises and optional CTF challenges in this lab environment, students will learn how to demonstrate the impact of attack paths involving SCCM.
\n\nBy the end of this workshop, participants will be able to:\n - understand the foundational concepts needed to attack and defend SCCM\n - understand SCCM defaults and configurations that can be abused\n - use SCCM to complete a realistic attack chain, including recon, privilege escalation, credential gathering, site takeover, and lateral movement\n - understand how to use offensive security tools to interact with SCCM, such as SCCMHunter, SharpSCCM, sccmwtf, PXEThief, and ntlmrelayx
\n\nTo get the most out of this training, participants will benefit from reviewing the following resources, although they are not required:\n - Misconfiguration Manager (misconfigurationmanager.com)\n - System Center Configuration Manager Current Branch Unleashed, by Kerrie Meyler\n - Configuration Manager Terminology\n - Looking Inside Configuration Manager\n - Network Design\n - Client Management
\n\nThis workshop is the second version of Flipping the Coin and features upgraded attack paths, and lab environments.
\n\nBy the end of the workshop, attendees will:
\n\n\nUnderstand and perform common offensive attacks (supported by the Metasploit Framework) against Windows Domains, including:
\n\n\n- Pass the Hash attacks;
\n- gMSA Golden Attack;
\n- ADCS abuse;
\n- Common tunnelling techniques;
\n- PrintSpoofer exploits;
\n- LSASS exploitation (using Mimikatz);
\n- AD enumeration (using BloodHound);
\n- DACL abuse;
\n- Kerberos golden tickets; and
\n- DLL hijacking.
\n
Understand the process of detecting attacks against Windows infrastructure, including how to design and implement their own detection rules based on attendees’ previous attacks, using:
\n\n\n- Sigma/Yara rules.
\n- Log ingestion/normalisation platforms, and query engines (e.g. ELK).
\n
Understand and appreciate how the actions and processes of red and blue teams are interlinked, for the greater collective good.
\n\nRecommended (but not required) prior reading:
\n\n\n- https://nooblinux.com/metasploit-tutorial/
\n- https://posts.specterops.io/introducing-bloodhound-enterprise-attack-path-management-for-everyone-39cfd8d6eb7c
\n- https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview
\n- https://socprime.com/blog/sigma-rules-the-beginners-guide/
\n- https://github.com/socprime/SigmaUI
\n- https://blog.netwrix.com/2021/11/30/how-to-detect-pass-the-hash-attacks/
\n- https://posts.specterops.io/certified-pre-owned-d95910965cd2
\n- https://www.elastic.co/guide/en/security/current/suspicious-print-spooler-point-and-print-dll.html
\n
\n\nMuch of the material and core concepts of the workshop remain the same from the DEF CON 31 workshop with some updated topics for DEF CON 32, including an updated environment, and gMSA attacks within the lab.
\n\nSince 2022, Chris, Duane, and Garrett have released a combined 8 blog posts and authored 3 tools (SharpSCCM, SCCMHunter, and Misconfiguration Manager) that demonstrate novel offensive techniques to abuse SCCM functionality.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Michael_DC32.eventbrite.com
\n
People:
SpeakerBio: Chris Thompson, Principal Consultant at SpecterOps
\nChris Thompson (@_Mayyhem) is a Principal Consultant at SpecterOps, where he conducts red team operations, research, tool development, and training. Chris has instructed at Black Hat USA/EU and spoken at Arsenal, DEF CON Demo Labs, SO-CON, and Troopers. He is the primary author of Maestro and SharpSCCM and co-author of Misconfiguration Manager, an open-source tool and knowledge base that can be used to help demonstrate, mitigate, and detect attacks that abuse Microsoft Configuration Manager (formerly SCCM).
\n\nSpeakerBio: Duane Michael, Managing Consultant at SpecterOps
\nDuane Michael (@subat0mik) is a Managing Consultant at SpecterOps, where he conducts red team operations, penetration tests, research, course development, and training. Duane has instructed courses on red teaming and vulnerability research at BH USA/EU, NorthSec, and SO-CON. He has presented at Arsenal and DEF CON Demo Labs, contributes to various open source projects, and is a co-author of Misconfiguration Manager.
\n\nSpeakerBio: Garrett Foster, Senior Consultant at SpecterOps
\nGarrett Foster (@garrfoster) is a Senior Consultant at SpecterOps, where he conducts red team operations, penetration testing, research, training, and course development. Garrett has presented at WWHF and BsidesPDX. Garrett is a the primary author of SCCMHunter and a co-author of Misconfiguration Manager.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54209','','',54209,'\'Map Page - Springhill Suites/Dean Martin\''),(42798,'\'Sold Out - Supercharge SAST: Semgrep Strategies for Secure Software\'','workshops','\'Before the Training: Attendees are expected to have a basic understanding of programming concepts and syntax in a programming language such as JavaScript, Python, Go, or C#/Java. While familiarity with common security vulnerabilities (e.g., OWASP Top 10) is beneficial, it is not a prerequisite.To ensure a smooth and productive experience, participants should come equipped with a laptop that has administrative access for software installation. A pre-training checklist, including software installation guides (Semgrep and a preferred text editor/IDE), will be provided to all registered attendees to prepare them for the workshop.
\nParticipants will: - Gain an understanding of SAST and its importance in the AppSec ecosystem. - Learn to navigate Semgrep’s rule syntax and create custom rules tailored to their specific security needs. - Engage in hands-on exercises to apply Semgrep on real-world code snippets and projects, enhancing their learning through practical application. - Explore the Semgrep Playground for testing and refining rules in an interactive environment. - Delve into advanced Semgrep features and techniques for a comprehensive security strategy. - Understand how Semgrep findings can be leveraged for LLM-based code analysis, taking code security to the next level.
\nSupercharge SAST: Semgrep Strategies for Secure Software\" is a meticulously designed workshop aimed at introducing participants to the world of Static Application Security Testing (SAST) through the lens of Semgrep, a cutting-edge tool that combines the simplicity of syntax with the power of complex analysis.
\nTechnical Level and Tools Used: This workshop is tailored for beginner to intermediate skill levels, focusing on practical, actionable insights that participants can immediately apply to their projects. The primary tool used will be Semgrep, supplemented by the Semgrep Playground for online rule testing. Instructions for installing necessary software and accessing online resources will be provided ahead of the workshop.
\nWhat You Will Learn: This workshop is structured to guide attendees from the foundational concepts of SAST and application security to the practical application of Semgrep for identifying and mitigating security risks in codebases.
\n\n\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Gopalakrishna_DC32.eventbrite.com
\n
People:
SpeakerBio: Arjun Gopalakrishna, Senior Software Security Engineering Manager, Azure Security at Microsoft
\nArjun Gopalakrishna is a Senior Software Security Engineering Manager in Azure Security with more than a decade of experience at Microsoft. His work has been instrumental in fortifying Microsoft\'s Azure platform against a myriad of cyberthreats. His expertise lies in developing and implementing robust security measures to protect cloud-based systems and data. Arjun has presented at DEFCON in 2021, in addition to numerous security talks internally at Microsoft. Arjun\'s commitment to continuous learning and development, coupled with his passion for cybersecurity, continues to drive his contributions to the field.
\n\nSpeakerBio: Gautam Peri, Senior Security Engineer, EPSF SERPENT Team at Microsoft
\nGautam Peri is a Senior Security Engineer in EPSF SERPENT (Service Pentest) team at Microsoft. He has over 8 years of experience as a security professional in multiple organizations including Microsoft and Citibank N.A. He started his career as a software developer and became a security professional. Currently, Gautam focuses on securing in Azure Edge & Platform & Devices services at Microsoft. He is passionate about identifying vulnerabilities at scale. Gautam presented at multiple internal events and got accepted to OWASP BASC (Boston Application Security Conference) 2024. Gautam holds CISSP & GCPN certifications, he is committed to continuous learning and development and drives internal knowledge share events.
\n\nSpeakerBio: Marcelo Ribeiro, Senior Offensive Security Engineer in Azure Security at Microsoft
\nMarcelo Ribeiro is a Senior Offensive Security Engineer in Azure Security with over 20 years of experience in various organizations, including Microsoft, IBM, and the Brazilian Navy. As a former Navy Officer, Marcelo was instrumental in establishing the Brazilian Navy\'s Cyber Security capacity. He also played a pivotal role in building IBM\'s DFIR (Digital Forensics and Incident Response) practice in Latin America. Currently, Marcelo focuses on enhancing the security of Microsoft\'s Azure platform against the constantly evolving cyber threats landscape. Always seeking new challenges, Marcelo\'s commitment to learning keeps his passion for cybersecurity alive. Marcelo holds several certifications, including CISSP, CISM, OSCP, CEH, GXPN, GPEN, GWAPT, GAWN, GPYC, GREM, GISP, GICSP, GRID, GNFA, GCIH, GCIA, GSEC, and MCSE, among others. In 2023, Marcelo was inducted into the EC-Council\'s CEH Hall of Fame in recognition of his outstanding career achievements.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54210','','',54210,'\'Map Page - Springhill Suites/Dunes\''),(42799,'\'Sold Out - Tracing The Pain Away - Practical Binary Tracing Techniques For Defeating Modern Malware Protections\'','workshops','\'Code obfuscation is fast becoming a normal part of modern Windows malware. Pioneered by Emotet and popularized by the Conti ransomware leaks, we now see even simple credential stealers using commercial grade code virtualization! The solution… if you can’t reverse it, just run it!\nIn this workshop we will cover different tracing techniques that can be used to bypass and extract information from protected code. The workshop is divided into modules covering tracing with x64dbg, dynamic binary instrumentation with PIN, and API tracing with DTrace. A challenge binary is provided with each module for students to practice and the final challenge is a real world malware sample that has been virtualized.\nThis workshop is aimed at reverse engineers and malware analysts who have experience analyzing malware and are comfortable with debugging in userland. If you don’t have experience with malware but you do have a few hours behind the debugger you should have no problem completing the workshop. \nStudents must bring a laptop/workstation capable of running a Windows Virtual Machine (VM) and a preinstalled Windows 10 (64bit) 20H1(or later) VM with at least 50G of free space. You will be provided with detailed tools installation and setup instructions prior to the workshop
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Frankoff_DC32.eventbrite.com
\n
People:
SpeakerBio: Sean , Co-founder at OpenAnalysis
\nSean, a co-founder of OpenAnalysis Inc., splits his time between reverse engineering, tracking malware and building automated malware analysis systems. Sean brings over a decade of experience working in a number of incident response, malware analysis and reverse engineering roles.
\n\nSpeakerBio: Serrgei Frankoff, Co-founder at OpenAnalysis
\nSergei is a co-founder of OpenAnalysis Inc. When he is not reverse engineering malware Sergei is focused on building automation tools for malware analysis, and producing tutorials for the OALABS YouTube channel. With over a decade in the security industry Sergei has extensive experience working at the intersection of incident response and threat intelligence.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54211','','',54211,'\'Map Page - Springhill Suites/Sands\''),(42800,'\'Sold Out - 64-bit Intel Assembly Language Programming for Hackers\'','workshops','\'Assembly language has a reputation for being intimidating, but once\nyou learn the basics--and know how to read the documentation for the\nrest--there\'s nothing you can\'t follow. There are many interesting\nfields of study in computer security that depend on the \"\"closer to the\nmetal\"\" knowledge you\'ll gain from learning to code in assembly:\n- Software reverse engineering\n- Vulnerability and exploit research\n- Malware/implant development\n- Digital forensics\n...among others. There is no substitute for the confidence that you\ngain from being able to research and understand computer systems at\nlower levels of abstraction.\nThe purpose of this workshop is to introduce Intel x64 assembly language to the attendees. We will be using the Microsoft Macro Assembler, and we will be examining our code step-by-step in the x64dbg debugger. No prior programming experience is required--we will be working on things from first principles. There will be few slides.\nConcepts will be presented primarily within the x64dbg environment, with a focus on experimentation and using primary documentation. Attendees can follow along with their own laptops and programming environments.\nWe will cover the following topics:\n- Assembling and linking code\n- The execution environment of x64 programs\n- Memory\n- Registers\n- A wide variety of instructions\n- Addressing modes\n- How to read instruction documentation in the Intel manuals\n- Moving data around\n- Stack operations\n- x64 ABI and calling conventions\n- Representing data\n- Integer math\n- Program flow: conditional execution, loops\n- Leveraging the Windows API\n- How to read MSDN articles on Windows API functions\n- Resources for reference and future learning
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://McGrew_DC32.eventbrite.com
\n
People:
SpeakerBio: Wesley McGrew, Senior Cybersecurity Fellow at MartinFederal
\nDr. Wesley McGrew directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and malware analysis at DEF CON and Black Hat USA and taught a self-designed course on reverse engineering to students at Mississippi State University, using real-world, high-profile malware samples. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54212','','',54212,'\'Map Page - Springhill Suites/Dunes\''),(42801,'\'Sold Out - Dodging the EDR Bullet: A Workshop on Malware Stealth Tactics\'','workshops','\'The workshop will walk through a number of state of the art techniques used for detection and will show the process of thinking used to research and develop cutting-edge evasion techniques. We will dive deep into interesting aspects of Windows and AV internals with respect to malware development.\nThe focus will be on the mindset used to defeat security products starting with the analysis of a variety of detection mechanisms and ending with the final development of countermeasures. Moreover, the training will contain a number of live demonstrations to practically show how to apply those concepts and how to integrate them, showing how to develop evasive implants and post-exploitation tools.\nBy altering the fundamental rules of engagement, we can confound EDR systems and reshape their perception of the digital environment.\nThe workshop will dig deep into the internals of certain aspects of AV/EDRs and the Windows operating system to identify the area to exploit to lower the detection rate, it will involve the usage of Visual Studio and debuggers.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Cristofaro_DC32.eventbrite.com
\n
People:
SpeakerBio: Dimitri Di Cristofaro, Senior Security Consultant and Researcher at SECFORCE LTD
\nDimitri \"GlenX\" Di Cristofaro is a senior security consultant and researcher at the London office of SECFORCE LTD where he performs Red Teams on a daily basis. The main focus of his research activities is about Red Teaming and in particular on identifying new ways of attacking operating systems and looking for cutting edge techniques to increase stealthiness in strictly monitored environments. He enjoys malware writing and offensive tools development as well as producing electronic music in his free time.
\n\nSpeakerBio: Giorgio \"gbyolo\" Bernardinetti, Lead Researcher, System Securitiy Division at CNIT
\nGiorgio \"gbyolo\" Bernardinetti is lead researcher at the System Securitiy division of CNIT. His research activities are geared towards Red Teaming support activities, in particular design and development of advanced evasion techniques in strictly monitored environments, with emphasis on (but not limited to) the Windows OS, both in user-space and kernel-space. He is certified OSCP and OSCE, and enjoys playing electric guitar in his free time.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54213','','',54213,'\'Map Page - Springhill Suites/Frontier\''),(42802,'\'Sold Out - Flipping the Coin: Red and Blue Teaming in Windows Environments (++)\'','workshops','\'Red and blue are two sides of the same coin. Offensive and defensive teams deliver the best results when working together; sharing knowledge, ideas, and understanding with each other. And a core part of this information exchange is understanding each respective perspective. This is the overarching theme of the workshop; attackers thinking like defenders, and defenders thinking like attackers.
\n\nThis workshop is the second version of Flipping the Coin and features upgraded attack paths, and lab environments.
\n\nBy the end of the workshop, attendees will:
\n\n\nUnderstand and perform common offensive attacks (supported by the Metasploit Framework) against Windows Domains, including:
\n\n\n- Pass the Hash attacks;
\n- gMSA Golden Attack;
\n- ADCS abuse;
\n- Common tunnelling techniques;
\n- PrintSpoofer exploits;
\n- LSASS exploitation (using Mimikatz);
\n- AD enumeration (using BloodHound);
\n- DACL abuse;
\n- Kerberos golden tickets; and
\n- DLL hijacking.
\n
Understand the process of detecting attacks against Windows infrastructure, including how to design and implement their own detection rules based on attendees’ previous attacks, using:
\n\n\n- Sigma/Yara rules.
\n- Log ingestion/normalisation platforms, and query engines (e.g. ELK).
\n
Understand and appreciate how the actions and processes of red and blue teams are interlinked, for the greater collective good.
\n\nRecommended (but not required) prior reading:\n- https://nooblinux.com/metasploit-tutorial/\n- https://posts.specterops.io/introducing-bloodhound-enterprise-attack-path-management-for-everyone-39cfd8d6eb7c\n- https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview\n- https://socprime.com/blog/sigma-rules-the-beginners-guide/\n- https://github.com/socprime/SigmaUI\n- https://blog.netwrix.com/2021/11/30/how-to-detect-pass-the-hash-attacks/\n- https://posts.specterops.io/certified-pre-owned-d95910965cd2\n- https://www.elastic.co/guide/en/security/current/suspicious-print-spooler-point-and-print-dll.html
\n\nMuch of the material and core concepts of the workshop remain the same from the DEF CON 31 workshop with some updated topics for DEF CON 32, including an updated environment, and gMSA attacks within the lab.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Strom_DC32.eventbrite.com
\n
People:
SpeakerBio: Angus Strom, Senior Security Engineer
\nAngus (0x10f2c_) is currently a Senior Security Engineer working at a tech company. He obtained a love for all things computers by scavenging computer parts from local garbage pickups as a kid, and then trying to make them work together without blowing up. Angus eventually realised that a career could be made out of his skills hacking together poorly written LUA code in Garry’s mod, and finished a Bachelors in Network Security. In his professional career Angus has 5+ years working in Security Consulting, working across many industries and gaining many shells. More recently Angus has made the move to a security engineer focused role. When not hacking he loves to ski on the little snow that Australia has, and loves to paint small miniatures while listening to Drone Metal.
\n\nSpeakerBio: Troy Defty, Security Engineering Manager
\nFollowing over a decade in the UK and Australian InfoSec industries, including an 8-and-a-half year stint in red teaming, Troy jumped the proverbial fence from red to blue, and is currently a Security Engineering Manager at a tech company. His interest and experience is in detection engineering, red teaming, threat modelling, hardware, and assessing ICS environments. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and making piano-related noise.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54214','','',54214,'\'Map Page - Springhill Suites/Dean Martin\''),(42803,'\'Sold Out - Hide your kids, turn off your Wi-Fi, they Rogue APing up in here; 201\'','workshops','\'In the 201 version of Hide your kids, turn off your Wi-Fi, they Rogue APing up in here, we will launch the next level of attacks using Rogue APs and other wireless tools. We will look into different ways to attack wireless networks and leverage credentials harvested to gain a foothold, PITM, deliver payloads, and demonstrate impact to the client. During the workshop we will walk through different attacks against OPEN, WPA2, and 802.1X networks. During the CTF participants will have the chance to attack a simulated client network to leverage the attacks learned during the workshop. We will be using EAPHAMMER, BERATE_AP, WIFIPUMPKIN3, BETTERCAP, and RESPONDER. This workshop will be at the Intermediate level(all skill levels welcome), participants should have a solid knowledge of Linux, 802.11, networking, and using virtual machines. It is recommended that all students use the provided VM.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Hawk_DC32.eventbrite.com
\n
People:
SpeakerBio: James Hawk, Senior Consultant, Proactive Services at Google Public Sector
\nJames Hawk (He/Him) is a Senior Consultant with Google Public Sector, within Proactive Services. He is the wireless subject matter expert for his team. James has led and contributed to multiple assessments (Red Teams and Pen Tests). He has developed internal training and tool updates for 802.11 for his company and team. James is a 20-year veteran of the U.S. Army and has over 10 years of hands-on experience in wireless technologies. James is always researching/testing 802.11 attacks against his home lab. He is a fan of hockey, Letter Kenny, and almost anything Sci-Fi.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54215','','',54215,'\'Map Page - Springhill Suites/Sands\''),(42804,'\'Sold Out - Long Live Empire: A C2 Workshop for Modern Red Teaming\'','workshops','\'Command and Control (C2) play a crucial role for Red Teams and Advanced Persistent Threats (APTs), establishing persistent access and control over targeted networks. This workshop offers an in-depth exploration of the C2 frameworks, with a specific focus on the open-source Empire framework. Participants will gain valuable insights into the deployment, features, and real-world application of C2 in offensive security. Attendees will learn how to leverage Empire to create, customize, and execute advanced attack scenarios, honing their skills as red team operators. \nThrough practical exercises, attendees will learn to navigate the Empire framework, from basic setup to deploying sophisticated C2 infrastructures. The workshop covers key aspects such as listener configurations, agent management, and the utilization of Empire\'s diverse modules for effective post-exploitation. A unique feature of this training is the inclusion of a mini Capture-The-Flag (CTF) challenge, offering participants a hands-on opportunity to apply their skills in a controlled, competitive environment. \nBy the conclusion of this workshop, participants will be equipped with the knowledge and skills to leverage the Empire framework effectively in their red team operations, enhancing their capabilities in conducting advanced cyber attacks and navigating the complexities of modern cybersecurity landscapes. \nKey Workshop Highlights: \nComprehensive Introduction to Empire: Gain a solid understanding of Empire\'s capabilities, setup procedures, and its role in modern offensive operations. \nHands-On Deployment and Configuration: Learn through doing, with exercises designed to build proficiency in configuring Empire, managing agents, and customizing listeners. \nAdvanced Attack Scenarios: Delve into sophisticated techniques for post-exploitation, credential harvesting, and evasion, enhancing your arsenal as a red team operator. \nReal-World Application: Translate workshop learnings into actionable skills through a mini CTF challenge, simulating real-world offensive scenarios in a cloud-hosted environment.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Krasnov_DC32.eventbrite.com
\n
People:
SpeakerBio: Jake “Hubble” Krasnov, Red Team Operations Lead and Chief Executive Officer at BC Security
\nJake \"Hubble\" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security. He has spent the first half of his career as an Astronautical Engineer overseeing rocket modifications for the Air Force. He then moved into offensive security, running operational cyber testing for fighter aircraft and operating on a red team. Jake has presented at DEF CON, where he taught courses on offensive PowerShell and has been recognized by Microsoft for his discovery of a vulnerability in AMSI. Jake has authored numerous tools, including Invoke-PrintDemon and Invoke-ZeroLogon, and is the co-author of a cybersecurity blog at https://www.bc-security.org/blog/.
\n\nSpeakerBio: Kevin \"Kent\" Clark, Security Consultant at TrustedSec
\nKevin \"Kent\" Clark is a Security Consultant with TrustedSec and a Red Team Instructor with BC Security. His previous work includes Penetration Testing and Red Team Operator, focusing on initial access and active directory exploitation. Kevin contributes to open-source tools such as PowerShell Empire and publishes custom security toolkits such as Badrats and WindowsBinaryReplacements. Kevin authors a cybersecurity blog at https://henpeebin.com/kevin/blog.
\n\nSpeakerBio: Rey \"Privesc\" Bango, Principal Cloud Advocate at Microsoft
\nRey \"Privesc\" Bango is a Principal Cloud Advocate at Microsoft focused on empowering companies and information technologists to take full advantage of transformative technologies. He works to build patterns and practices that streamline the development of solutions that take advantage of Artificial Intelligence and Machine Learning while ensuring that trust and confidence are a top priority, whether through security or responsible use of technology. Since 1989, Rey has explored the world of information technology through the lens of software developer, open-source contributor, cybersecurity practitioner, and an advocate for the secure and responsible use of artificial intelligence for social good.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54216','','',54216,'\'Map Page - Springhill Suites/Desert Inn\''),(42805,'\'Sold Out - Finding the Needle: An Introduction to Detection Engineering\'','workshops','\'As defenders, we are always outnumbered, but we are by no means outmaneuvered. Attackers may hide in the haystack of haystacks, but with scalable detection logic, efficient coding practices, a thorough investigation methodology, and a reasonable corpus of computing, we can still determine which haystack to look within, and subsequently find the needle.
\n\nThis is often made possible by a detection pipeline. And knowing how detection pipelines work, and the role each component plays, can help us write more efficient, more accurate detections to make life hard for the attacker. By reducing the attacker\'s window of opportunity, whilst making the subsequent investigation easier for the would-be analyst, we can maintain a strong defensive position, forcing the attacker to burn significantly more resources in an attempt to make progress.
\n\nThis workshop will run attendees through implementing a simple detection pipeline in code, and some basic detection rules, to understand how to:\n- Ingest and normalize arbitrary log data, and make such data available for downstream detection rules;\n- Implement detection logic, to isolate potentially malicious behaviour;\n- Enrich log data with more context, aiding investigation; and\n- Draw relationships from individual log entries, to reduce investigative noise.
\n\nAttendees should be comfortable with either Python 3 or Golang, including core language syntax and the execution environment of their preferred language.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Defty_DC32.eventbrite.com
\n
People:
SpeakerBio: Kathy Zhu, Security Engineering Tech Lead at Google
\nHaving worked in the security industry for 8+ years, Kathy is currently a Security Engineering Tech Lead in the detection space at Google. Her interest and experience is in detection engineering and software development. Outside of work, she also enjoys running, the outdoors, and reading.
\n\nSpeakerBio: Troy Defty, Security Engineering Manager
\nFollowing over a decade in the UK and Australian InfoSec industries, including an 8-and-a-half year stint in red teaming, Troy jumped the proverbial fence from red to blue, and is currently a Security Engineering Manager at a tech company. His interest and experience is in detection engineering, red teaming, threat modelling, hardware, and assessing ICS environments. Other interests include music, electronics, the outdoors, travel, rugby, CTF, and making piano-related noise.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54217','','',54217,'\'Map Page - Springhill Suites/Desert Inn\''),(42806,'\'Sold Out - Machine Learning for N00bs\'','workshops','\'Every technical product is now incorporating machine learning at an explosive rate. But most people, even those with strong technical skills, don\'t understand how it works, what its capabilities are, and what security risks come with it. In this workshop, we\'ll make machine learning models using simple Python scripts, train them, and evaluate their worth. Projects include computer vision, breaking a CAPTCHA, deblurring images, regression, and classification tasks. We will perform poisoning and evasion attacks on machine learning systems, and implement deep neural rejection to block such attacks.\nNo experience with programming or machine learning is required, and the only software required is a Web browser. We will use TensorFlow on free Google Colab cloud systems. \nAll materials and challenges are freely available at samsclass.info, and will remain available after the workshop ends.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Bowne_DC32.eventbrite.com
\n
People:
SpeakerBio: Elizabeth Biddlecome
\nElizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to scripting languages in cybersecurity competitions, hackathons, and CTFs.
\n\nSpeakerBio: Irvin Lemus, Cyber Range Engineer at By Light IT Professional Services
\nIrvin Lemus, CISSP is a Cyber Range Engineer at By Light IT Professional Services, training military personnel through international cyber security exercises. Irvin has been in the field since 2006, involved with cybersecurity competitions since 2015 as a trainer, coach, and mentor. He also has taught IT and Cybersecurity courses at Coastline and Cabrillo Colleges. He is the BACCC Cyber Competitions Regional Coordinator, Board member at Pacific Hackers and is a speaker at DEFCON. He describes himself as, \"A professional troublemaker who loves hacking all the things.\"
\n\nSpeakerBio: Kaitlyn Handelman, Offensive Security Engineer at Amazon
\nKaitlyn Handelman is an offensive security engineer at Amazon. Her focus is cybersecurity in space. In addition to traditional penetration testing, Kaitlyn works on physical devices and RF signals. In her free time, she enjoys ham radio, astronomy, and her cat, Astrocat.
\n\nSpeakerBio: Sam Bowne, Instructor at City College San Francisco
\nSam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000, and is the founder of Infosec Decoded, Inc. He has given talks and hands-on trainings at Black Hat USA, RSA, DEF CON, DEF CON China, HOPE, and many other conferences.\nCredentials: PhD, CISSP, DEF CON Black Badge Co-Winner
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54218','','',54218,'\'Map Page - Springhill Suites/Sands\''),(42807,'\'Sold Out - Small Choices, Global Repercussions: A Tabletop Exercise about Decision-Making in Healthcare Cybersecurity\'','workshops','\'In the unpredictable world of healthcare, the ability to respond effectively to emergencies and technology failures is paramount to ensuring patient safety and continuity of care. As hospitals and emergency rooms increasingly rely on technology to deliver critical services, it\'s essential for all personnel to understand the complex interplay between technology, emergency response, and the potential cascading effects of failures. This immersive workshop is designed to equip participants with the knowledge and skills needed to navigate emergencies and technology failures in healthcare environments. Through a series of simulated scenarios encompassing various emergency situations and technology breakdowns, participants will explore the intricate challenges of maintaining operational resilience in the face of adversity.\nFrom power outages to cyberattacks, participants will learn how to identify, assess, and respond to emergencies with a focus on mitigating second and third-order consequences. Leveraging real-time data and insights from tools and techniques, participants will gain practical experience in detecting anomalies, coordinating response efforts, and minimizing disruption to patient care.\nKey Learning Objectives:\nUnderstand the complex interplay between technology, emergency response, and the potential cascading effects of failures in healthcare environments.\nExplore various emergency scenarios and technology failures, including power outages, cyberattacks, and system malfunctions.\nGain practical experience in assessing the impact of emergencies and technology failures on patient care and operational continuity.\nLearn how to use the available tools for real-time monitoring, detection, and response to security incidents and technology failures.\nDiscuss strategies for mitigating second and third-order consequences of emergencies and technology failures, including communication, collaboration, and contingency planning.
\nLinks:
More Info - https://www.villageb.io/table-top-exercises
\n Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Case_DC32.eventbrite.com
\n
People:
SpeakerBio: Isabel Straw, MD
\nUK Emergency Doctor, Artificial intelligence in Health PHD & Cybersecurity Researcher, Fulbright & Thouron Alum (Global Health Scholar)
\n\nSpeakerBio: Jorge Acevedo Canabal, Adjunct Professor at University of Puerto RicoMD
\nPhysician, Adjunct Professor at University of Puerto Rico with Research in Natural Disaster Recovery, Emerging Healthcare Crises, Cyber Resiliency, and Vulnerable Populations (rare genetic disease, extremes of human life-span)
\n\nSpeakerBio: Nathan Case
\nCISO, CTO, Incident Responder, Tinkerer, and Dumpster fire guru
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54219','','',54219,'\'Map Page - Springhill Suites/Frontier\''),(42808,'\'Sold Out - Traumatic Library Loading : If you want to use it, you have to implement it...\'','workshops','\'DLL Loading is one of the most important parts of the Windows system. When you install, run, use, or hack a system, you will always use DLL. This DLL mechanism has been exploited for several years for malware development through several techniques : DLL injection, DLL sideloading, Reflective DLL but do you really know how Windows is loading a DLL ? Do you know how it links all sections ? Which structures are used to store internally ? How does it resolve dependencies ? And are you able to design your own Perfect DLL Loader that fully integrate with the WIN32API? \nIn this workshop, you will lose you sanity and dive into the Windows DLL mechanism. Armed with your decompiler and your brain, step by step, you will build your own (almost) Perfect DLL loader.\nYou will try to load from the simple AMSI.DLL to the most complexe WINHTTP.DLL. At each step, you will dive deeper into the Windows DLL Loader and the Windows Internals.\nMalware developers, you will be able to use this code as a PE loader that never failed me for the last years and a DLL loader that does not raise the LoadImage kernel callback you can use on your own C2 beacon.\nWARNING: while this is a windows internal DISCOVERY discovery course, it is still a HIGHLY TECHNICAL workshop. You should have some entry-level knowledge on Windows systems, C programing and reverse engineering to fully enjoy the workshop.\nIt is expected from the student to bring a laptop with either a Windows 10 or Windows 10 VM, a C compiler (Mingw or MSVC), a decompiler (IDA Free or Ghidra), the WinDBG debugger and the Sysinternals suite. I will personally use the following toolchain : WIN10, MSVC, IDA, WinDBG Preview.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Dequeker_DC32.eventbrite.com
\n
People:
SpeakerBio: Yoann Dequeker, Red Team Operator at Wavestone
\nYoann Dequeker (@OtterHacker) is a red team operator at Wavestone entitle with OSCP and CRTO certification. Aside from his RedTeam engagements and his contributions to public projects such as Impacket, he spends time working on Malware Development to ease beacon deployment and EDR bypass during engagements and is currently developing a fully custom C2. His research leads him to present his results on several conferences such as LeHack (Paris), Insomni\'hack (Swiss) or even through a 4-hour malware workshop at Defcon31 (Las Vegas). All along the year, he publishes several white papers on the techniques he discovered or upgraded and the vulnerabilities he found on public products.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54220','','',54220,'\'Map Page - Springhill Suites/Dean Martin\''),(42809,'\'Sold Out - Whitebox Web Exploit Development\'','workshops','\'Gain experience popping root shells on real world web applications and taking your hacking skills to the next level. Students will learn accessible and powerful vulnerability discovery techniques to identify, exploit and chain vulnerabilities for root shells. Getting hands-on experience using free and widely available Linux utilities to debug and dynamically monitor applications, to more effectively discover and exploit vulnerabilities. Using a whitebox approach students will rapidly discover and exploit non-trivial bugs. A progressive hint system will be used during the labs to incrementally reveal step-by-step progressions of each exploit exercise in case students are stuck or fall behind.\nCourse Objectives:\n--Students will gain hands-on experience analyzing and developing exploits for real world application vulnerabilities.\n--Students will learn how to discover vulnerabilities and subsequently weaponize them in an exploit chain to spawn remote shells on application servers.\n--Students will gain experience using open source linux tools like strace and tcpdump to analyze application behavior and isolate vulnerabilities.\n--Students will gain experience weaponizing web application vulnerabilities and writing exploits\nUpon Completion of this training, attendees will know:\n--How to identify situations where openbox application vulnerability assessments are appropriate and how to leverage this powerful context.\n--How to utilize openbox penetration testing methodologies to achieve more thorough and effective assessments.\n--How to leverage vulnerability chaining to assemble multiple medium criticality findings into a single remote root exploit.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Joshi_DC32.eventbrite.com
\n
People:
SpeakerBio: Cale Smith, Amazon
\nCale Smith is a nerd who loves both building but also breaking, so he can get better at building. He is passionate about understanding how anything and everything works, improving security along the way is just a bonus. Also, he is passionate about sharing his passion and created this course to pass along some of the more accessible techniques he has picked. His professional career originated exclusively as a builder, but has been focusing on the security and breaking side for the last 15 years. During that time he has dabbled in the web weenie life, cloud, binary, IoT and mobile most recently. Currently he manages a device oriented AppSec team at Amazon. While AFK he is probably riding a bike or climbing rocks.
\n\nSpeakerBio: Priyanka Joshi, Security Engineer, Ring AppSec at Amazon
\nPriyanka Joshi started her career through the academic path of computer engineering followed by a masters degree in information security. Her learning journey truly began doing security engineering in the industry. She discovered her passion in the identity space during her first software security engineer job at an ancient mid sized company. There she focused on research, development, maintenance and security testing of OAuth2.0/OpenID implementations for over two years. In her current appsec engineer role at Amazon, she enjoys working on secure design assessments, bug bounty triage and fix validation, consults and security testing of web services. Outside of work, she enjoys hiking, sketching, music, watching anime and reading manga.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54221','','',54221,'\'Map Page - Springhill Suites/Dunes\''),(42810,'\'Sold Out - Dissecting and Defeating Ransomware\'s Evasion Tactics\'','workshops','\'Gain a deeper understanding of how ransomware evades analysis and learn how to identify and counter these techniques. This workshop will explore common evasion methods, how they work, and how you can develop the skills to write code that re-enacts these methods. This workshop will begin by showing you how ransomware builders work. How do the builders generate reliable, viable ransomware code? You’ll learn! Once built, how do these malicious binaries implement analysis evasion techniques? Which techniques are used often? How do they function? We\'ll dive into the most prevalent techniques to show you how they work and why. Finally, you will learn how to re-enact some of these techniques along with more advanced methods within your own code. Are you ready to take your reverse engineering and coding skills to the next levels? – Let’s do this! And remember: #RansomwareSucks!
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Chapman_DC32.eventbrite.com
\n
People:
SpeakerBio: Aaron Rosenmund, Senior Director of Content Strategy & Curriculum at Pluralsight
\nAaron Rosenmund is the Senior Director of Content Strategy & Curriculum for Pluralsight, where he has also authored over 115 courses and technical labs across offensive and defensive security operations topics. Part time work includes service as an Cyber Warfare Operations office in the Delaware Air National guard, where he has also led a 100+ member red team for the largest cyber exercise in the Nation, Cybershield.
\n\nSpeakerBio: Josh Stroschein, Reverse Engineer, FLARE team at Google
\nJosh is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. Josh is an accomplished trainer, providing training at places such as Ring Zero, BlackHat, Defcon, Toorcon, Hack-In-The-Box, Suricon, and other public and private venues. Josh is also an author on Pluralsight, where he publishes content around malware analysis, RE, and other security topics.
\n\nSpeakerBio: Ryan Chapman
\nRyan Chapman is the author of SANS’ “FOR528: Ransomware and Cyber Extortion” course, teaches SANS’ “FOR610: Reverse Engineering Malware” course, works as a threat hunter @ $dayJob, and is an author for Pluralsight. Ryan has a passion for life-long learning, loves to teach people about ransomware-related attacks, and enjoys pulling apart malware.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54222','','',54222,'\'Map Page - Springhill Suites/Sands\''),(42811,'\'Sold Out - From an attacker\'s lair to your home: A practical journey through the world of Malware\'','workshops','\'Are you ready to dive deep into the world of malware analysis? Join me for an immersive workshop that will demystify the process of dissecting and analyzing malicious software. Throughout this hands-on session, participants will explore essential techniques and methodologies for uncovering the inner workings of malware and identifying potential threats.\nDuring the workshop we will analyze different kinds of malware, from malicious documents, .NET malware and more . Through practical demonstrations attendees will learn how to conduct static and dynamic analysis effectively, gaining valuable insights into malware behaviors and characteristics. Moreover, attendees will gain firsthand experience in executing and analyzing techniques used by attackers, deepening their understanding of how threat actors operate and how to detect and mitigate their malware effectively.\nBy the end of the workshop, attendees will have developed practical skills and techniques for analyzing real-world malware samples, empowering them to defend against evolving cyberthreats effectively.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://torre_DC32.eventbrite.com
\n
People:
SpeakerBio: Sebastian Tapia De la torre, Offensive Security Architect
\nSebastian\'s journey into cybersecurity began with a childhood fascination for taking things apart and figuring out how they worked. As he grew older, this curiosity evolved into a passion for hacking and uncovering vulnerabilities in websites and applications, landing him a role in vulnerability management. Eventually, he pivoted into a Security Architect role, where he applied offensive thinking with defensive strategies to advance the security posture of the company he works for. Now an Offensive Security Architect, Sebastian specializes in designing and leading purple team exercises, leveraging real attacker TTPs to test and enhance their security posture effectively.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54223','','',54223,'\'Map Page - Springhill Suites/Frontier\''),(42812,'\'Sold Out - Ghidra Analysis & Automation Masterclass\'','workshops','\'Reverse engineering is done for a variety of reasons, most commonly to analyze malware, when searching for (and when looking to understand) vulnerabilities, or simply because of one’s curiosity. The NSA understood this early on and developed a framework to aid them in their reversing endeavors, which they open-sourced in early 2019: Ghidra. Since then, Ghidra has been one of the industry standard tools to analyze files, mainly due to its active development, as well as due to its accessible and versatile nature.
\n\nThis four-hour workshop primarily focuses on the analyst mindset and fundamental knowledge with regards to reverse engineering, including but not limited to understanding Ghidra’s core capabilities such as the disassembly and decompiler views, creating and retyping data structures, writing scripts to extend and automate tasks, and the creation and use of function recognition databases for FunctionID and BSim.
\n\nThe concepts behind the capabilities of Ghidra are the focus of the theory and during the hands-on exercises, allowing one to transfer the gained knowledge to another tool if so desired. As such, this class is perfect for aspiring and beginning analysts, while also providing background information and additional techniques for intermediate analysts.
\n\nThe workshop’s materials will partially consist of multiple malware samples, the precautions for which will be explained in-detail during the workshop, ensuring the safety and integrity of the systems of the attendees. A laptop with a preinstalled Intel based 64-bit Ubuntu 22.04 VM, along with Ghidra, Eclipse, and OpenJDK 21 is required.
\n\nAdditionally, knowing how to read C/C++ is required when dealing with decompiled code. Being able to read and write Java is required for the automation scripting, even though Python 2 can be used as well. If you cannot write Java and would still like to participate, you are welcome, but do note that this will impede some parts of the workshop’s exercises.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Kersten_DC32.eventbrite.com
\n
People:
SpeakerBio: Max \"Libra\" Kersten
\nMax Kersten is a malware analyst, blogger, and speaker who aims to make malware analysis more approachable for those who are starting. In 2019, Max graduated cum laude with a bachelor\'s in IT & Cyber Security, during which Max also worked as an Android malware analyst. Currently, Max works as a malware analyst at Trellix, where he analyses APT malware and creates open-source tooling to aid such research. Over the past few years, Max spoke at international conferences, such as DEFCON, Black Hat (USA, EU, MEA, Asia), Botconf, Confidence-Conference, HackYeahPL, and HackFestCA. Additionally, he gave guest lectures and workshops for DEFCON, Botconf, several universities, and private entities.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54224','','',54224,'\'Map Page - Springhill Suites/Dean Martin\''),(42813,'\'Sold Out - Hack the connected plant!\'','workshops','\'Tired of legacy ICS systems? Attend this workshop to hack the next generation of Industrial Control Systems! No more Modbus, no more standard PLC, no more Purdue model!\nThis workshop is designed to show what the future might look like for Industrial Control Systems, and how it will impact cybersecurity.\nWe’ll bring a realistic ICS setup that features all the fancy current and future trends: SD-WAN and Zero Trust, OPC-UA, MQTT, Digital Twin, Edge devices and soft-PLCs to control a small-scale industrial process simulation.\nAfter a short introduction, we’ll get into hacking! We will walk you through a CTF-style exercise to go from 0 to full industrial process hacking! The CTF will be guided so that everyone learns something and gets a chance to get most flags!
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://SOULLIE_DC32.eventbrite.com
\n
People:
SpeakerBio: Alexandrine Torrents, Cybersecurity Expert at Wavestone
\nAlexandrine Torrents is a cybersecurity expert at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.
\n\nSpeakerBio: Arnaud Soullié, Senior Manager at Wavestone
\nArnaud Soullié (@arnaudsoullie) is a Senior Manager at Wavestone, a global consulting company. For 14 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He spoke and taught workshops at numerous security conferences on ICS topics : BlackHat Europe, BruCon, CS3STHLM, BSides Las Vegas, DEFCON... He is also the creator of the DYODE project, an opensource data diode aimed at ICS. He has been teaching ICS cybersecurity training since 2015
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54225','','',54225,'\'Map Page - Springhill Suites/Dunes\''),(42814,'\'Sold Out - Learning to Hack Bluetooth Low Energy with BLE CTF\'','workshops','\'BLE CTF is a series of Bluetooth Low Energy challenges in a capture-the-flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. \nOver the past few years, BLE CTF has expanded to support multiple platforms and skill levels. Various books, workshops, training, and conferences have utilized it as an educational platform and CTF. As an open source, low-cost of entry, and expandable education solution, BLE CTF has helped progress Bluetooth security research.\nThis workshop will teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. For this workshop, we will undergo a series of exercises to teach beginner students new concepts and allow more seasoned users to try new tools and techniques. After completing this workshop, you should have a good solid understanding of how to interact with and hack on BLE devices in the wild.\nIf you have done BLE CTF in the past, this class is still valuable. For advanced users, we offer BLE CTF Infinity, a sequel to BLE CTF. The workshop will also showcase new hardware platforms and client tools for interacting with and completing the exercises.\nTo prepare for the workshop, please follow the setup documentation located at https://github.com/hackgnar/ble_ctf/blob/master/docs/workshop_setup.md
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Holeman_DC32.eventbrite.com
\n
People:
SpeakerBio: Alek Amrani
\nAlek Amrani is bad at expense reports.
\n\nSpeakerBio: Ryan Holeman, CISO at Stability AI
\nRyan Holeman resides in Austin, Texas, where he works as the CISO for Stability AI. He is currently pursuing a Ph.D. in cyber defense from Dakota State University. He has spoken at respected venues such as Black Hat, DEF CON, Lockdown, BSides, Ruxcon, Notacon, and Shmoocon. You can keep up with his current activity, open source contributions, and general news on his blog. His spare time is mostly spent digging into various network protocols, random hacking, creating art, and shredding local skateparks.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54226','','',54226,'\'Map Page - Springhill Suites/Desert Inn\''),(42815,'\'Sold Out - Capture the Flag 101\'','workshops','\'Capture the Flag (CTF) is a competition where teams and individuals compete to solve security challenges. The one that collects most flags the fastest wins the competition (and typically, prizes).\nCTF-101 is an interactive workshop where we attendees learn about CTF competitions and common security vulnerabilities in a game-like environment. A couple of challenges are presented throughout the session and our hosts walk through how to solve them and provide support as attendees try to solve the challenges during the live hacking part of the workshop. Plus, there’s a leaderboard for attendees to track their progress.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Silverman_DC32.eventbrite.com
\n
People:
SpeakerBio: Micah Silverman, Director of Security Relations at Snyk
\nMicah is Snyk\'s Director of Security Relations. With 29 years of Java Experience (yup, that\'s from the beginning) and 23 years as a security professional Micah\'s authored numerous articles, co-authored a Java EE book, and spoken at many conferences. He\'s a maker, who\'s built full-size MAME arcade cabinets and repaired old electronic games (http://afitnerd.com/2011/10/16/weekend-project-fix-dark-tower/). He brings his love of all things security and Java to a conference near you!
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54227','','',54227,'\'Map Page - Springhill Suites/Dunes\''),(42816,'\'Sold Out - Hacking Apps on Salesforce\'','workshops','\'This training will cover how to discover vulnerabilities in custom Salesforce applications hosted on the Salesforce PaaS platform. This is not hacking Salesforce itself, but instead custom applications deployed by customers of Salesforce. You should already know OWASP Top 10 fundamentals such as how XSS or injection attacks work. You will learn how to find vulnerabilities specific to Salesforce apps such as SOQL injection, SOSL, cross-site scripting filter bypasses, and bypassing access controls of hidden functions to exfiltrate data.\nA new open-source tool “PaaS Cloud Goat” will be used to provide a simulated vulnerable Salesforce application for testing. Students will be expected to use a MitM proxy tool (Burp Suite) to craft malicious attacks to exploit the application. This training will provide a lab manual and live walk-through of the attack process and methods. We will also cover source code review and practice how to find vulnerabilities in code and translate them to working exploits of the simulator app.
\n\nTakeaways:\n1. Hands-on learning opportunity of pen testing custom Salesforce applications\n2. Detailed training documentation material about the underlying flaws\n3. Consolidated list of common Salesforce application vulnerabilities
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Beede_DC32.eventbrite.com
\n
People:
SpeakerBio: Rodney David Beede, Principal Consultant
\nRodney is a principal consultant and has specialized in web and cloud security for over 10 years. He has spoken at multiple conferences on topics from cloud security engineering to IoT device hacking. He has multiple CVEs for discovered web application security vulnerabilities. He started his career in enterprise web application software development but shifted to the security industry with his master\'s thesis research project \"A Framework for Benevolent Computer Worms\" 2012.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54228','','',54228,'\'Map Page - Springhill Suites/Frontier\''),(42817,'\'Sold Out - Hacking The Metal: A Spark of Intelligence\'','workshops','\'We live in a time of unexpected transformation. Machines can hold conversations, compose prose and poetry, and generate very convincing deepfakes. The field of AI where this all happens – deep learning – has a long history, starting with one simple building block: the neural network.\nIn this workshop, we will tour through the evolution of neural networks and discover that much of their evolution occurred in the world of low-level programming. Using C, C++ and a bit of assembly language, we will learn the fundamentals behind neural networks in their various forms, and build a foundation of knowledge that will allow us to understand how we arrived at large language models, the current state of the art. Most importantly, we will discover how far we can stretch everyday hardware to run deep learning models that solve interesting problems.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://eigentourist_DC32.eventbrite.com
\n
People:
SpeakerBio: eigentourist
\nEigentourist is a programmer who learned the craft in the early 1980s. He began formal education in computer science when the height of software engineering discipline meant avoiding the use of GOTO statements. Over the course of his career, he has created code of beautiful simplicity and elegance, and of horrific complexity and unpredictability. Sometimes, it\'s hard to tell which was which. Today, he works on systems integration and engineering in the healthcare industry.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54229','','',54229,'\'Map Page - Springhill Suites/Desert Inn\''),(42818,'\'Sold Out - Industrial Control Systems: how to secure them in practice!\'','workshops','\'\"Pentesting ICS is too easy and you are looking for a new challenge? Attend this workshop to discover and practice how to secure Industrial Control Systems! This workshop is designed to show some key cybersecurity measures to implement on Industrial Control Systems.\nWe’ll bring a realistic but simple ICS setup and let you secure it step by step. After a short introduction, we’ll deep dive in several hands-on exercises: ICS inventory, backups, network security, system hardening and detection.\n\"
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Torrents_DC32.eventbrite.com
\n
People:
SpeakerBio: Alexandrine Torrents, Cybersecurity Expert at Wavestone
\nAlexandrine Torrents is a cybersecurity expert at Wavestone. She started as a penetration tester, and performed several cybersecurity assessments on ICS. She worked on a few ICS models to demonstrate attacks on PLCs and developed a particular tool to request Siemens PLCs. Then, she started working at securing ICS, especially in the scope of the French military law, helping companies offering a vital service to the nation to comply with security rules. Now, Alexandrine works with different industrial CISOs on their cybersecurity projects: defining secure architectures, hardening systems, implementing detection mechanisms. She is also IEC 62443 certified and still performs assessments on multiple environments.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54230','','',54230,'\'Map Page - Springhill Suites/Sands\''),(42819,'\'Sold Out - Sharp Security from All Angles: Mastering Security in .NET Core 8 and Angular 17 Applications\'','workshops','\'We’ve developed an interactive workshop for all those who want to learn secure coding practices and/or experience attacking with up-to-date technologies.\nWe prefer simplicity:\nAttacks are performed with swagger and C# scripts, and exploit XSS, CSRF, SSRF, and SQLI. We’ll also steal secrets and cookies.\nSecure coding practices are summarized in an easy-to-remember acronym (PREVENT).\nParticipants will transform RecipeRealm, a naive webapi+angular recipes repository, into a secure solution.\nThrough the hands-on real-world coding exercises, we will cover dealing with a vulnerable third party, using the built-in defense mechanism of Angular, implementing antiCSRF mechanisms, coding a secure data layer, and how to protect a web API from being exploited to get information about our internal assets.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Sahar_DC32.eventbrite.com
\n
People:
SpeakerBio: Or Sahar, Co-founder at Secure From Scratch
\nOr Sahar is a security researcher and the co-founder of Secure From Scratch. With two decades of experience in software development and security, she specializes in penetration testing, application security, and instructing on secure coding practices. Currently pursuing a second Master\'s degree in computer science, Or Sahar holds a BSc in software engineering and is certified as an OSCE.
\n\nSpeakerBio: Yariv Tal
\nYariv Tal is a senior developer turned security researcher. He graduated Summa Cum Laude with a BSc in Software Engineering and is currently pursuing a Master\'s degree in Computer Science. Yariv leverages his four decades of programming experience, university lecturing, and BootCamp mentoring to promote a \"secure from scratch\" coding philosophy.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54231','','',54231,'\'Map Page - Springhill Suites/Dean Martin\''),(42820,'\'Sold Out - Crash Course in Physical Access Control Systems\'','workshops','\'This Physical Access Control Learning Lab will teach attendees about physical access control and the systems involved. Many of the subjects being taught will be related to their cybersecurity counterparts and lots of focus placed on the why of each concept, not only the fun parts.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Pedroncelli_DC32.eventbrite.com
\n
People:
SpeakerBio: Lorenzo Pedroncelli, RSA
\nLorenzo has been working with technology since childhood, directly out of high school he went to work for the National Laboratories. Lorenzo helped drive a new security initiative for High Performance Computing, eventually moving to another National Laboratory to do the same. After leaving government contracting Lorenzo joined RSA and started his first \"official\" job in cybersecurity as a consultant for NetWitness helping customers improve their knowledge and use of the SIEM. Most recently Lorenzo switched into supporting RSA\'s internal security operations, leading the Converged Security team including the Incident Response, Data Security, Cloud Security, and Endpoint Security programs, among others.
\n\nSpeakerBio: Randy Belbin, RSA
\nRandy began his Information Technology and cybersecurity career in the MSP space over a decade ago, before joining RSA as a Sales Engineer in 2016. In the years since, Randy has become an industry expert for Identity and Access Management. In 2022, Randy moved to RSA’s Security and Risk office to lead the identity program at the newly independent RSA. As part of the security team, Randy has been able to broaden his experience and currently assists with physical security, cloud security, and incident response, in addition to his role as the identity guy.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54232','','',54232,'\'Map Page - Springhill Suites/Dunes\''),(42821,'\'Sold Out - Email Detection Engineering and Threat Hunting\'','workshops','\'Email remains the #1 initial access vector for commodity malware and nation state actors. Historically, tackling email-based threats has been considered the purview of black-box vendor solutions, with defenders having limited scope (or tooling!) to swiftly and effectively respond to emerging attacker activity and novel offensive tradecraft.\nIn this workshop, attendees will be given detailed insight into the latest techniques used to deliver prevalent malware strains, including Pikabot and DarkGate, and will hunt through email data to identify this malicious activity, developing rules to detect and block these attacks.\nInitially attendees will be introduced to the foundational technologies that enable threat hunting, detection engineering, and response in the email domain, before being given access to the email data of a fictitious company seeded with benign and real-world attack data. Throughout the day, participants will learn to hunt common phishing techniques including:\n- QR codes\n- Image-as-content\n- Drive-by delivery via links and HTML smuggling\n- Excel attachments with embedded links to SMB shares\n- ISO attachments\n- PDF attachments with embedded links to malware (PDF -> URL -> ZIP -> WSF)\n- VIP impersonations\n- BEC\nAttendees will be guided through the rule creation process, utilizing free and open detection engines including Sublime and Yara, and will be introduced to the signals and email attributes that can be used to craft high-fidelity rules, including targeted user groups, sentiment analysis, sender domain age, and attachment analysis. Having completed the workshop, attendees will have a strong understanding of the tools and techniques at their disposal to defend their organizations from all manor of email threats.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Kamdjou_DC32.eventbrite.com
\n
People:
SpeakerBio: Alfie Champion, Co-founder at DelivrTo
\nAlfie specialises in the delivery of attack detection and adversary emulation services, actively contributing education content, tooling and blogs to further the industry. He has previously worked with organisations across multiple industry verticals to uplift and validate their detective capability through red or purple team engagements, and now leads the global adversary emulation function at a FTSE 250 company. He has previously spoken at BlackHat USA, RSA and Blue Team Con 2022, among others, and is the co-founder of DelivrTo.
\n\nSpeakerBio: Josh Kamdjou, Founder and CEO at Sublime Security
\nJosh has been doing offensive security-related things for the past 12 years. He\'s spent most of his professional career breaking into networks via spear-phishing and other methods, and building software for both the public (Department of Defense) and private sectors. Josh is the Founder and CEO of Sublime Security, and in his private life enjoys weight lifting, Martial Arts, soccer, and spending time with his niece and nephew.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54233','','',54233,'\'Map Page - Springhill Suites/Desert Inn\''),(42822,'\'Sold Out - Master Class: Hands-On Machine Learning to Enhance Malware Analysis, Classification, and Detection\'','workshops','\'Malware continues to increase in prevalence and sophistication. VirusTotal reported a daily submission of 2M+ malware samples. Of those 2 million malware daily submissions, over 1 million were unique malware samples. Successfully exploiting networks and systems has become a highly profitable operation for malicious threat actors. Traditional detection mechanisms including antivirus software fail to adequately detect new and varied malware. Artificial Intelligence provides advanced capabilities that can enhance cybersecurity. The purpose of this workshop is to provide an immersive, hands on projects that teach security analysts how to train Machine Learning models to detect thousands and thousands of unique malware samples. This workshop delivers a new framework that uses Machine Learning models to analyze malware, produce uniform datasets for additional analysis, and classify malicious samples into malware families. Additionally, this research presents a new Ensemble Classification Facility we developed that leverages several Machine Learning models to enhance malware classification. To our knowledge, this is the first research that utilizes Machine Learning to provide enhanced classification of an entire 200+ gigabyte-malware family corpus consisting of 80K+ unique malware samples and 70+ unique malware families. New, labeled datasets are released to aid in future classification of malware. It is time we leverage the capabilities of Artificial Intelligence and Machine Learning to enhance detection and classification of malware. Topics taught through hands-on projects include Machine Learning, Natural Language Processing, and Deep Learning models. This workshop provides a pathway to incorporate Artificial Intelligence into the automated malware analysis domain.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://Sonya_DC32.eventbrite.com
\n
People:
SpeakerBio: Solomon Sonya, Computer Science Graduate Student at Purdue University
\nSolomon Sonya (@0xSolomonSonya) is a Computer Science Graduate Student at Purdue University. He earned his undergraduate degree in Computer Science and Master’s Degrees in Computer Science, Information Systems Engineering, and Operational Strategy. Solomon routinely develops new cybersecurity tools and presents research, leads workshops, and delivers keynote addresses at cyber security conferences around the world. Prior to attending Purdue, Solomon was the Director of Cyber Operations Training. Prior to that position, Solomon was a Distinguished Computer Science Instructor at the United States Air Force Academy, Research Scholar at the University of Southern California, Los Angeles, and an Adjunct Faculty Instructor with the Advanced Course in Engineering Cyberspace Security (ACE) at the Air Force Research Lab in Rome, NY.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54234','','',54234,'\'Map Page - Springhill Suites/Sands\''),(42823,'\'Sold Out - Playing with RFID\'','workshops','\'Get ready for everything you always wanted to know about RFID, but were afraid to ask! The workshop will start with a basic introduction to Radio-frequency Identification (RFID) and build to a set of practical hands-on challenges. The workshop delves into the theory behind RFID, including different types and protocols (insecure vs. secure types), and how to perform an assessment. Several hands-on assignments will punctuate the theory portion, preparing participants for challenges (of increasing difficulty) on an RFID simulation device, all while participants obtain points for the CTF contest. The objective is to make this workshop fun and accessible to a wide audience. The RFID protocols discussed and in the challenges will be limited to HID and Mifare Classic Instructions and walkthroughs for three devices will be available in the workshop materials, including:\n * Proxmark3\n * Flipper Zero\n * ACR122U\nACR122U devices will be available from the instructor during the workshop.
\nLinks:
Eventbrite Registration - 2024-07-07 12:00 US/Pacific - https://kernelpaniek_DC32.eventbrite.com
\n
People:
SpeakerBio: Vinnie \"kernelpaniek\" Vanhoecke, Senior Security Consultant at Bishop Fox
\nVinnie Vanhoecke (OSCE, OSCP) is a Senior Security Consultant at Bishop Fox, where he focuses on web application assessments (static and dynamic), external and internal network penetration testing, and cloud security assessments. He also has extensive experience in red teaming and mobile application assessments for Android. As hobby he likes anything from space to nature, HAM radio, 3D printing and any other IT related topic. Vinnie holds a Bachelor of Computer Science with a Computer and Cybercrime Professional specialisation from Howest in Bruges, Belgium.
\n\n\'','NULL','NULL','','https://defcon.org/html/defcon-32/dc-32-workshops.html#54235','','',54235,'\'Map Page - Springhill Suites/Frontier\''),(42824,'\'DDV starts accepting drives for duplication\'','pge','\'We start taking drives at 4: 00pm local time on Thursday - possibly a little earlier. We\'ll keep accepting drives until we reach capacity (usually late Friday or early Saturday). Then we copy and copy all the things until we just can\'t copy any more - first come, first served. Don\'t forget - some require 8TB drives now. We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.
\n\nAbout Us
\n\nThe Data Duplication Village has all the updated bits and bytes available from infocon.org packed up into nice, neat packages. If you\'re looking for a copy of all the things, we\'ve got what you need to fill up all your storage including a few nice hash tables and all of the DefCon talks. Add to that just about every other security con talk known to hacker-kind! Our village provides a \"free-to-you\" service of direct access to terabytes of useful data to help build those hacking skills and talk with other storage enthusiasts.
\n\nCheck the schedule and/or dcddv.org for the most up-to-date information.
\n\nHow It Works
\n\nThe DDV provides a core set of drive duplicators and data content options. We accept 8TB and larger drives on a first come, first served basis and duplicate \'till we can no longer see straight. Bring in your blank SATA3 drives - check them in early - to get the data you want. Come back in about 24 hours to pick up your data-packed drive. Space allowing, we\'ll accept drives all the way through until Saturday morning - but remember, it\'s FIFO - get those drives in early!
\n\nWhat You Get
\n\nWe\'re working on more content right up until the last minute so keep checking on dcddv.org for the latest. This year, we\'re adding new data to duplicate! Humans will be able to choose from the following data sources for duplication:
\n\n\n- A) Infocon.org Archive - 6TB archive of all the past hacking convention videos that DT could find, built on last years collection and always adding more for your data consuming appetite.
\n- B) Rainbow tables 1 of 3 - 6TB from freerainbowtables.com, the Lanman, MSQLSHA1, and NTLM hash tables plus freerainbowtables.com tools
\n- C) Rainbow tables 2 of 3 - 6TB from freerainbowtables.com, the A5/1 GSM, and MD5 tables plus freerainbowtables.com tools
\n- D) Vx Underground Archive - 8TB archive of the latest papers, samples, and code from Vx Underground
\n- E) Rainbow tables 3 of 3 - 8TB of New NTLM-9 hash tables and a copy of the Infocon.org mirrors
\n
\nLinks:
More Info - https://dcddv.org/
\n\'','NULL','NULL','','','','',54812,'\'Map Page - LVCC West/Floor 2/W225\''),(42825,'\'DDV open and accepting drives for duplication\'','pge','\'We reopen at 10: 00am and accept drives until we reach capacity (usually late Friday or early Saturday). Then we copy and copy all the things until we just can\'t copy any more - first come, first served. Don\'t forget - some require 8TB drives now. We run around the clock until we run out of time on Sunday morning with the last possible pickup being before 11:00am on Sunday.
\n\nAbout Us
\n\nThe Data Duplication Village has all the updated bits and bytes available from infocon.org packed up into nice, neat packages. If you\'re looking for a copy of all the things, we\'ve got what you need to fill up all your storage including a few nice hash tables and all of the DefCon talks. Add to that just about every other security con talk known to hacker-kind! Our village provides a \"free-to-you\" service of direct access to terabytes of useful data to help build those hacking skills and talk with other storage enthusiasts.
\n\nCheck the schedule and/or dcddv.org for the most up-to-date information.
\n\nHow It Works
\n\nThe DDV provides a core set of drive duplicators and data content options. We accept 8TB and larger drives on a first come, first served basis and duplicate \'till we can no longer see straight. Bring in your blank SATA3 drives - check them in early - to get the data you want. Come back in about 24 hours to pick up your data-packed drive. Space allowing, we\'ll accept drives all the way through until Saturday morning - but remember, it\'s FIFO - get those drives in early!
\n\nWhat You Get
\n\nWe\'re working on more content right up until the last minute so keep checking on dcddv.org for the latest. This year, we\'re adding new data to duplicate! Humans will be able to choose from the following data sources for duplication:
\n\n\n- A) Infocon.org Archive - 6TB archive of all the past hacking convention videos that DT could find, built on last years collection and always adding more for your data consuming appetite.
\n- B) Rainbow tables 1 of 3 - 6TB from freerainbowtables.com, the Lanman, MSQLSHA1, and NTLM hash tables plus freerainbowtables.com tools
\n- C) Rainbow tables 2 of 3 - 6TB from freerainbowtables.com, the A5/1 GSM, and MD5 tables plus freerainbowtables.com tools
\n- D) Vx Underground Archive - 8TB archive of the latest papers, samples, and code from Vx Underground
\n- E) Rainbow tables 3 of 3 - 8TB of New NTLM-9 hash tables and a copy of the Infocon.org mirrors
\n
\nLinks:
More Info - https://dcddv.org
\n\'','NULL','NULL','','','','',54813,'\'Map Page - LVCC West/Floor 2/W225\''),(42826,'\'Last chance to pick up drives at the DDV\'','pge','\'This is your last chance to pickup your drives whether they\'re finished or not. Get here between 10:00am and 11:00am on Sunday as any drives left behind are considered donations.
\nLinks:
More Info - https://dcddv.org
\n\'','NULL','NULL','','','','',54814,'\'Map Page - LVCC West/Floor 2/W225\''),(42827,'\'Egor\'s Keyboard Corner\'','pge','\'Keyboard Corner hosts typing challenges that test the speed and accuracy of attendees\' typing skills on various keyboards. Participants can compete for high scores and bragging rights in a friendly and competitive setting. This activity adds an element of fun and excitement to the conference while highlighting the importance of efficient typing in cybersecurity.
\n\'','NULL','NULL','','','','',55024,'\'Map Page - LVCC West/Floor 2/W208\''),(42828,'\'LHC\'s Unofficial Sticker Swap Table\'','pge','\'The Unofficial Sticker Swap is a casual and engaging activity where attendees can trade and collect unique stickers. This event fosters a sense of community and allows participants to showcase their creativity and personal style.
\n\'','NULL','NULL','','','','',55025,'\'Map Page - LVCC West/Floor 2/W208\''),(42829,'\'Lonely Hackers Club Community Room Open\'','pge','\'\n\'','NULL','NULL','','','','',55026,'\'Map Page - LVCC West/Floor 2/W208\''),(42830,'\'Resume Reviews\'','pge','\'Resume Reviews offer attendees the opportunity to have their resumes critiqued by industry professionals. This activity provides personalized feedback and tips on how to improve resumes to stand out in the cybersecurity job market. It\'s a great way for participants to enhance their professional profiles and increase their chances of landing their desired roles.
\n\'','NULL','NULL','','','','',55027,'\'Map Page - LVCC West/Floor 2/W208\''),(42831,'\'Name the Noob\'','pge','\'Name the Noob is a fun and interactive session where seasoned hackers create unique handles for new attendees. This activity helps newbies integrate into the hacking community and gives them a memorable start to their cybersecurity journey.
\n\'','NULL','NULL','','','','',55028,'\'Map Page - LVCC West/Floor 2/W208\''),(42832,'\'Welcome / Badge & Swag Pick Up\'','pge','\'Pick up your DCNextGen badge and other swag. We will also have an overview of DCNextGen activities and adventures!
\n\'','NULL','NULL','','','','',55362,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-06-03\''),(42833,'\'Intro to Circuit Python (Badge class level 1)\'','pge','\'Learn how to program the DCNextGen Badge
\n\'','NULL','NULL','','','','',55363,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-06-03\''),(42834,'\'Hack the Badge (Badge class level 2)\'','pge','\'Learn how to hack the DCNextGen Badge and take it to another level!
\n\'','NULL','NULL','','','','',55364,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-06-03\''),(42835,'\'C2Society / DC702 Intro to CTFs\'','pge','\'Breaking into the capture the flag (CTF) world can be daunting and many people are overwhelmed when faced with participation in these events and challenges. With how beneficial the various challenges can be to both beginners and seasoned professionals, we want to demystify this world and help people get the most out of them. This is a full hands-on course on how to do CTFs, tools and more. Bring your laptops!
\n\'','NULL','NULL','','','','',55365,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-06-03\''),(42836,'\'Intro to Circuit Python (Badge class level 1) (Overflow if Friday is too full)\'','pge','\'(NOTE: This is an overflow class only if the first session is full)
\n\nLearn how to program the DCNextGen Badge
\n\'','NULL','NULL','','','','',55366,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-06-03\''),(42837,'\'Hack the Badge (Badge class level 2) (Overflow if Friday is too full)\'','pge','\'(NOTE: This is an overflow class only if the first session is full)
\n\nLearn how to hack the DCNextGen Badge and take it to another level!
\n\'','NULL','NULL','','','','',55367,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-06-03\''),(42838,'\'Austin School For The Driven\'','pge','\'\n\'','NULL','NULL','','','','',55368,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-06-03\''),(42839,'\'Secure From Scatch\'','pge','\'Want to learn how to stop hackers in their tracks? Come to the Secure From Scratch coding workshop. Learn what you need to know to write secure code from the very first line of code. It\'s surprisingly easy! Plus, you\'ll get to try your hand at hacking, discovering how attackers think so you can build defences against them. (Some coding knowledge in Python is recommended. You should know loops, if statements, arrays, and functions.)
\n\'','NULL','NULL','','','','',55369,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-06-03\''),(42840,'\'Hard Hat Brigade - Group Photo and People\'s Choice Award\'','pge','\'Join us for our annual group photo and voting session for the \"People\'s Choice Award\". Even though we don\'t have a contest, as a community we can still choose a favorite hat. We have to take the picture at 12:05 sharp so be there!
\n\'','NULL','NULL','','','','',55400,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-08-02\''),(42841,'\'Hard Hat Brigade - Community Space Open\'','pge','\'Ever see someone walking around DEF CON and wonder “what is up with the hard hats?”
\n\nThe Hard Hat Brigade brings hackers together in the spirit of endless curiosity and tinkering. We use a common platform (hats) to combine art (bling) and hacker functionality (warez) to inspire others to explore outside of their comfort zones in a safe and welcoming community.
\n\nWe encourage everyone to explore their creativity using art, electronics, mechanical design, or any other medium that piques their interest. Hats are inexpensive, widely available, and easy to modify to suit your needs. We started with hard hats but are not limited to any type of hat, so you have the freedom to choose whatever hat suits your fancy.
\n\nDespite everyone using a common platform, every creation is unique and embodies the personality of the creator. Walking around DEF CON, you can display your creation for all to see, and many will stop to ask you about what you have created. This allows you to talk about your experience, as well as inspire others to explore new ideas of their own.
\n\nOne of the challenges at hacker summer camp has been finding people to connect with. By leveraging hard hats as a canvas, HHB has solved this challenge with something that is incredibly accessible while also offering a ton of variety. Gazing upon these creations, they reflect back the uniqueness of all the awesome hackers that we’ve been able to meet. In years past, we’ve had the opportunity to see how so many talented and creative hackers tackle the challenge of using the venerable hard hat as their muse. Just as fun, charming and skilled as so many attendees are, the hard hat has been a great vessel to carry their awesome projects.
\n\nStop by our community space and make your trip memorable by trying on a hat, learning and sharing building techniques, networking with other hat loving hackers, and expressing yourself in your own hacker way. Keep on hacking!
\n\'','NULL','NULL','','','','',55402,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-08-02\''),(42842,'\'Lockpicking Activities\'','pge','\'Want to tinker with locks and tools the likes of which you\'ve only seen in movies featuring secret agents, daring heists, or covert entry teams?
\n\nThen come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.
\n\nThe Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.
\n\nExperts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.
\n\nA popular spot for new lock pickers! Highly recommended you stop by. The Lockpick Village is always kid friendly and welcomes folks of all ages. We do require that the parents stay with the kids.
\nLinks:
Website - https://www.toool.us/
\n Twitter (@toool) - https://twitter.com/toool
\n\'','NULL','NULL','','','','',55410,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-03-A\''),(42843,'\'HDA Presents the open Synth Jam Session\'','pge','\'Bring your instruments, synths, and self for an open jam session
\n\'','NULL','NULL','','','','',55417,'\'Map Page - LVCC West/Floor 1/W110\''),(42844,'\'Social Engineering Community Village Hours\'','pge','\'Come check out the Social Engineering Community Village!
\nLinks:
More Info - https://www.se.community/schedule/
\n\'','NULL','NULL','','','','',55418,'\'Map Page - LVCC West/Floor 3/W317-W319\''),(42845,'\'SECV - Break / Networking\'','pge','\'Time to mingle! Discover who can tell the best dad jokes. We\'re taking a quick break - be back soon!
\n\'','NULL','NULL','','','','',55419,'\'Map Page - LVCC West/Floor 3/W317-W319\''),(42846,'\'Cold Calls\'','pge','\'Come make a call in front of our soundproof booth. We provide everything, the target company, their phone number, and three objectives to gather (easy, medium, and hard). First come, first serve.
\nLinks:
More Info - https://www.se.community/cold-calls/
\n\'','NULL','NULL','','','','',55423,'\'Map Page - LVCC West/Floor 3/W317-W319\''),(42847,'\'Farming Ndays with GreyNoise\'','demolabs','\'Gnarly vulnerabilities in devices and services that typically face the internet are being disclosed every week. You can use GreyNoise\'s new free community analysis platform to deploy honeypot sensors, collect PCAPs of in-the-wild exploitation of software vulnerabilities, discover the source IPs of mass scanners, botnets, and compromised devices, and compare attacks across networks. In this presentation we\'re demonstrating GreyNoise\' new sensor deployment, SQL explorer, and rules engine.
\n
People:
SpeakerBio: Andrew Morris
\nNo BIO available
\n\'','NULL','NULL','','','','',55428,'\'Map Page - LVCC West/Floor 3/W308\''),(42848,'\'Merch (formerly swag) Area Open -- README\'','pge','\'All merch sales are USD CASH ONLY. No cards will be accepted.
\n\nThe published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)
\n\nNote that the closing hours here are when sales must have ended. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can\'t predict the length of the line or when doors will be closed.
\n\'','NULL','NULL','','','','',55429,'\'Map Page - LVCC West/Floor 2/W212\''),(42849,'\'All content areas generally open\'','pge','\'\n\'','NULL','NULL','','','','',55430,'\'Map Page - LVCC West\''),(42850,'\'Lost & Found\'','pge','\'If you find something that seems to have been lost, please take that item to the nearest NFO Node. The item will enter the DEF CON Lost & Found system.
\n\nIf you\'ve lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in room LVCC - L2 - W238. You may also call Lost & Found at +1 (725) 377-5045.
\n\nThe Lost & Found department plans to be open Thursday - Saturday, during all hours that the conference operates. On Sunday, the Lost & Found department will open with the venue at 08:00, but will close at the beginning of DEF CON 32 Closing Ceremonies (15:00). Shortly thereafter, all remaining lost items will be transferred to the LVCC West Lobby Security Office. If you need to reach LVCC\'s West Lobby Security Office, you may call +1 (702) 943-3532.
\n\'','NULL','NULL','','','','',55431,'\'Map Page - LVCC West/Floor 2/W238\''),(42851,'\'WISP Community & Inclusion Room\'','pge','\'Chill out space to relax with us in a safe place. Grab a non-alcoholic drink, unleash your creativity and unwind with our art therapy, and connect with women and underrepresented communities working in security and privacy.
\nLinks:
Website - https://www.wisporg.com/
\n\'','NULL','NULL','','','','',55470,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-05-04\''),(42852,'\'Friendship Bracelet Making\'','pge','\'Make a friendship bracelet with an exclusive WISP charm.
\nLinks:
Website - https://www.wisporg.com/
\n\'','NULL','NULL','','','','',55471,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-05-04\''),(42853,'\'WISP Group Photo\'','pge','\'Gather with members of the Women in Security and Privacy community for a group picture.
\n\'','NULL','NULL','','','','',55472,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-05-04\''),(42854,'\'Peer-to-Peer Mentoring and Networking with optional Swag, Pin & Sticker Exchange\'','pge','\'Join us Women in Security and Privacy to mingle and network with privacy and security professionals. You can also bring some swag, pins, or stickers to exchange as part of the networking activities.
\n\'','NULL','NULL','','','','',55473,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-05-04\''),(42855,'\'Safecracking Practical Demonstration\'','pge','\'Join us at the lock pick village tables after Jared\'s talk on safe manipulation for some hands on practice!
\n
People:
SpeakerBio: Jared Dygert
\nJared is a long time lock sport enthusiast and an instructor at a locksmithing school on safe manipulation and lockpicking. He has been opening locks and breaking security for roughly 15 years. His other hobbies include rock climbing and 3D printing.
\n\n\'','NULL','NULL','','','','',55503,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-03-A\''),(42856,'\'Dozier Drill Tournament\'','pge','\'Have you ever wanted to break out of handcuffs, pick open a closed bag and shoot your buddy in the chest with a nerf gun? So have we, that\'s why TOOOL presents the Dozer Drill. A fast paced skill based game where you have to free yourself from handcuffs, open a closed bag, and retrieve the nerf gun to be the first to hit the target. Join us on Friday for qualifiers, through the con for unofficial games, and on Saturday for an official bracket tournament.
\n\'','NULL','NULL','','','','',55504,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-03-A\''),(42857,'\'Biohacking Village: Device Lab\'','pge','\'The Device Lab is highly-collaborative environment where security researchers test medical instruments, applications, and devices in real-time from participating Medical Device Manufacturers. Any potential issues are reported directly to the manufacturer, and coordinated vulnerability disclosures are produced.
\n\nAs part of their product security programs, their proactive initiatives to test their products, and to enhance the cybersecurity of their medical technologies, select medical device makers are teaming up with the Biohacking Village.
\n\nThese manufacturers are inviting security researchers to learn and to test their products in dedicated spaces set aside for them. Their staff will answer questions, educate researchers, and triage any potential security issues. Researchers who perform testing should expect to follow the manufacturers’ published coordinated vulnerability disclosure policy and report any potential issues found so they can be addressed. Security researchers must sign the Hippocratic Oath for Hackers and agree to the framework of boundaries and rules of engagement during and post conference engagement.
\n\nWe have 10 manufacturers with 21 devices. You can find more information about the devices and each manufacturer\'s Vulnerability Disclosure Policy here.
\nLinks:
More Info - https://www.villageb.io/device-lab
\n Hippocractic Oath for Hackers - https://www.villageb.io/hippocractic-oath
\n\'','\'https://info.defcon.org/blobs/v_biohacking_village.png\'','\'v_biohacking_village.png\'','','','','',55505,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-05-07\''),(42858,'\'Car Hacking Village Activities\'','pge','\'CHV 101
\n\nThis booth will have several reverse engineer demonstrations and an automotive threat intelligence review.
\n\n\n- Reverse Engineering Demonstration(s)
\n- Live vehicle communications via remote controls
\n- EV-based Hardware-in-the-Loop (HIL) demonstrations
\n- Automotive Threat Intelligence
\n- How to gather threat intelligence related to the automotive industry
\n- What the current threat landscape looks like today
\n
\n\nCHV CTF
\n\nThere will be 10-15 automotive security CTF challenges this year ranging from reverse engineering, telemetry, grand theft auto, crypto, vehicle networks, and exploitation.
\n\n1st place prize is a car!
\n\nCHV Kids
\n\nA fun scavenger hunt designed for DCNextGen kids to participate in and learn about the Car Hacking Village.
\n\nThere will be swag items handed out to the kids as they move through the scavenger hunt.
\n\nCHV Mechanics
\n\nThere will be 1 Semi-Truck and 2 Electric Vehicles on site for people to plug into.
\n\nDEFCON attendees must follow the rules for each of the vehicles. There will be large ORANGE signs with the rules detailed on them.
\n\'','\'https://info.defcon.org/blobs/v_CarHacking.png\'','\'v_CarHacking.png\'','','','','',55507,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-01-01\''),(42859,'\'Telecom Tinkerer CTF\'','pge','\'Telecom Village is excited to announce \"Telecom Tinkerer,\" Capture The Flag (CTF) event. Participants, known as Tinkerers, will simulate actions against various elements of a dummy target organization. Telecom Tinkerer will feature real-world simulation scenarios and challenges, allowing Tinkerers to simulate attacks and explore new attack vectors, tactics, techniques, and procedures (TTPs). The event will include combined exercises with different levels of threat/emulation and purple teaming, promoting a collaborative learning environment for both offensive and defensive strategies.
\nLinks:
More Info - https://telecomvillage.com/index.html#ctf
\n\'','NULL','NULL','','','','',55558,'\'Map Page - LVCC West/Floor 2/W201\''),(42860,'\'Payment Village CTF\'','pge','\'This year we have more challenges and more prizes!
\nLinks:
More Info - https://www.paymentvillage.org/challenges
\n\'','NULL','NULL','','','','',55570,'\'Map Page - LVCC West/Floor 2/W202\''),(42861,'\'Open Events for DCNextGen\'','pge','\'Open Events - All Days
\n\nAIxCC - Artificial Intelligence Cyber Challenge
\n\nExperience a dynamic model city with illuminated buildings and projections that bring to life the Semifinals of the AI Cyber Challenge (AIxCC) - a two-year competition to safeguard the software critical to modern life. You\'ll experience the thrill of the game events and the critical stakes of cybersecurity in an immersive setting that also offers an inspiring educational journey.
\n\nSocial Engineering Village - SE Youth Challenge
\n\nThe Social Engineering Community needs your help and it’s not exactly a big deal, but without your help, the entire universe is going to implode. Fortunately, some creative beings designed a failsafe just for this specific purpose, the Def Con Social Engineering Youth Challenge at DEF CON 32!
\n\nAdversary Village - Table top adventure
\n\nTabletop adversary adventure!
\n\nBiohacking Village - Learn about bio-technology and biohacking!
\n\nHands on medical device hacking and village tour
\n\nHam Radio Vilage - Find the Fox, Decode a SSTV broadcast, get your Ham Radio License!
\n\nFox Hunt!: Try to find the fox radio transmitter. SSTV: Send an SSTV broadcast and see it decoded by someone else Ham Radio Exam: Get your ham radio license at DEF CON!
\n\nCrypto Privacy Village - Gold Bug Puzzle
\n\nAn invitation to a house party at the home of the Mysterious Marquise. What does it mean that it’s for those with “an adventurous spirit and enjoyment of puzzles”? And how can the doorknocker reveal anything? Find out in the Junior Cryptographer’s Corner of the CPV Gold Bug Puzzle.
\n\nData Duplication Village - Multiple: HDD Teardown, Decryption Challenge, Error detection and correction
\n\n\n- HDD Teardown: Take apart and see how hard drives work.
\n- Decryption Challenge: Learn how file encryption / decryption works and solve a challenge.
\n- Error Detection and Correction: Use a simple binary code system, errors are introduced in the data string. Teaching basic parity checking or checksum algorithms to identify and correct the errors, demonstrating a fundamental data integrity concept.
\n
\n\nHardware Hacking Village - Open Soldering lessons
\n\nThe folks at the Hardware Hacking Village can teach you soldering! Bring your soldering kits and learn this valuable hacker and life skill.
\n\nFriday, Saturday 13:00 - 16:00
\n\nCar Hacking Village Scavenger Hunt
\n\nThe Car Hacking Village (CHV) put together a wonderland of fun for kids of all ages to explore. Stop by at our CHV Kids Booth during our hours of operation and dive into the rabbit hole of car hacking with our team. As you explore the CHV Village, you will not only learn about car hacking, but will also get to collect fun swag at every stop. Join us on this adventure through the car hacking wonderland and let your scavenger hunt begin.
\n\'','NULL','NULL','','','','',55577,'\' Page - Other / See Description\''),(42862,'\'ICS Village + XR Village Turn the lights on!\'','pge','\'Idaho National Laboratory in collaboration with the Cybersecurity & Infrastructure Security Agency (CISA) will showcase the critical importance of safeguarding Industrial Control Systems (ICS) against cyber threats. Through a mixed reality game, the interactive VR experience illustrates the impacts of a cybersecurity attack on infrastructure, and highlights the intricate engineering processes that power our communities. By emphasizing the interdependencies within our Nation’s infrastructure, the VR challenges underscore the necessity of robust cybersecurity measures to ensure the reliability and security of essential services. Come restore power back to our city, virtually! (NOTE: this gamified interactive VR experience not technical in nature, and does not require cybersecurity or infrastructure knowledge to participate
\n\'','NULL','NULL','','','','',55582,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-01-06\''),(42863,'\'Signals Are Everywhere\'','pge','\'BadVR Data Exploration through VR visualization. See RF signals, cellular signals and step into the data with a hands-on VR experience
\n\'','NULL','NULL','','','','',55583,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-01-06\''),(42864,'\'Play All the Things\'','pge','\'Play VR the gear comes out for a casual, hands on demo area to explore the metaverse in VR with games & expoloration in Meta Quest VR and Meta Raybans MR
\n\'','NULL','NULL','','','','',55584,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-01-06\''),(42865,'\'Activity: Threat modelling fun session with OWASP Cornucopia\'','pge','\'Join us into this collaborative game of OWASP Cornucopia! Over the course of two hours we will create a Threat Model of an example target infrastructure using the OWASP Cornucopia game! Winner keeps the deck!
\n
People:
SpeakerBio: Andra
\nAndra is a Principal Application Security Specialist at Sage, with over seven years of experience in the field of application security. She is responsible for implementing DevSecOps practices, conducting security assessments, and developing secure coding guidelines for software engineering and AI/ML teams. She holds multiple certifications, including AWS Certified Cloud Practitioner and Attacking and Securing APIs. She has a strong background in software development and project management, as well as a master\'s degree in information and computer sciences. She has been co-leading the OWASP London Chapter since 2019, where she organises and delivers events and workshops on various security topics. She is passionate about educating and empowering developers and stakeholders to build and deliver secure software and best practices in a fast-paced, results-driven environment.
\n\n\'','NULL','NULL','','','','',55722,'\'Map Page - LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2\''),(42866,'\'Activity: Threat modelling fun session with OWASP Cornucopia\'','pge','\'Join us into this collaborative game of OWASP Cornucopia! Over the course of two hours we will create a Threat Model of an example target infrastructure using the OWASP Cornucopia game! Winner keeps the deck!
\n
People:
SpeakerBio: Konstantinos Papapanagiotou
\nKonstantinos is the Advisory Services Director at Census Labs S.A. Prior to that, he worked for OTE S.A. (member of Deutsche Telekom Group) where he was responsible for the cyber security solutions offered to corporate customers. In the past he has led cyber security consulting teams in other private sector organizations. He has more than 20 years of experience in the field of cyber security both as a corporate consultant and as a researcher. During that time, he participated in numerous cyber security projects in public and private sector organizations, in Greece, Europe, and the Middle East. He has been an OWASP volunteer since 2004, leading the Greek chapter and contributing to several projects. He holds a PhD and BSc from the Department of Informatics and Telecommunications at the University of Athens, Greece, as well as a MSc in Information Security with distinction from Royal Holloway, University of London. For more than 10 years he served as an Adjunct Lecturer at the Hellenic American University, as well as the University of Athens and University of Piraeus, teaching Information Security to postgraduate and undergraduate students.
\n\n\'','NULL','NULL','','','','',55723,'\'Map Page - LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3\''),(42867,'\'Fix the Flag Wargame\'','pge','\'AppSec Village is proud to present our DEF CON Contest in partnership with SecDim.
\n\nUnlike a typical CTF, this contest rewards the players who fix security vulnerabilities. You can choose between secure coding challenges or competing against other players in an Attack & Defence AppSec challenge, where you need to secure your app before being given a chance to hack other players’ apps 😈.
\n\nYou can also develop your own AppSec challenge by following challenge contribution guidelines. All approved challenges will be hosted during AppSec Village @ DEF CON.
\n\nThere are two categories of winners:\n- The player with the highest total points by the end of the event (August 11 at 12:00 PM PDT)\n- The best-contributed challenge submission
\n\nThe Award Ceremony will be held at 12:45 PM PDT in the AppSec Village on August 11.
\n
People:
SpeakerBio: Harley Wilson
\nHarley Wilson is a software engineer (intern) at SecDim, a secure coding wargame platform. With a background as a Police Officer for nine years, Harley is now channelling his expertise into the field of software development. He is pursuing a Bachelor of Computing (Software Engineering) at Curtin University, with an anticipated graduation in 2024.
\n\n\'','NULL','NULL','','','','',55726,'\'Map Page - LVCC West/Floor 2/W228-W230/W228-W230-ASV CTF\''),(42868,'\'Blue Team Village Closing Ceremonies\'','pge','\'This is a placeholder for BTV’s closing ceremonies!
\n\nThis is a placeholder for BTV’s closing ceremonies!\nThis is a placeholder for BTV’s closing ceremonies!\nThis is a placeholder for BTV’s closing ceremonies!\nThis is a placeholder for BTV’s closing ceremonies!\nThis is a placeholder for BTV’s closing ceremonies!\nThis is a placeholder for BTV’s closing ceremonies!
\n\'','NULL','NULL','','','','',55751,'\'Map Page - LVCC West/Floor 3/W310\''),(42869,'\'Packet Inspector\'','pge','\'The perfect introduction to network analysis, sniffing, and forensics. Do you want to understand the techniques people use to tap into a network, steal passwords and listen to conversations? Packet Inspector is the place to develop these skills! For well over a decade, the Wall of Sheep has shown people how important it is to use end-to-end encryption to keep sensitive information like passwords private. Using a license of the world famous Capture The Packet engine from Aries Security, we have created a unique way to teach hands-on skills in a controlled real-time environment.
\n\'','NULL','NULL','','','','',55766,'\'Map Page - LVCC West/Floor 2/W216-W221\''),(42870,'\'Packet Detective\'','pge','\'Looking to upgrade your skills or see how you would fare in Capture The Packet? Come check out what Packet Detective has to offer! A step up in difficulty from Packet Inspector, Packet Detective will put your network hunting abilities to the test with real-world scenarios at the intermediate level. Take the next step in your journey towards network mastery in a friendly environment still focused on learning and take another step closer to preparing yourself for the competitive environment of Capture The Packet
\n\'','NULL','NULL','','','','',55767,'\'Map Page - LVCC West/Floor 2/W216-W221\''),(42871,'\'️ISSCON\'','pge','\'Let’s Boop the ISS! Join the Lonely Hackers Club for an extraordinary experience where we’ll use our ham radios to attempt communication with astronauts aboard the International Space Station! We have tracked the orbital passes of the space station and calculated our best chance.
\n\'','NULL','NULL','','','','',55776,'\'Map Page - LVCC West/Floor 3/LVCC-L3-Terrace\''),(42872,'\'Small scale LAN party\'','pge','\'Small scale LAN party - Use one of our Windows 98 laptops or BYOB and hook it up! Seating will likely be limited depending on interest.
\n\'','NULL','NULL','','','','',55790,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-04-01\''),(42873,'\'Show & Tell\'','pge','\'Bring a retro artifact of your own for people to have fun with and demonstrate! (Note: Any artifact brought in for Show & Tell must also be taken back home with you, and although we will try our best to keep your artifact safe and operational, we suggest that you don\'t bring anything irreplaceable or that has sentimental value, as things could get destroyed or go missing.)
\n\'','NULL','NULL','','','','',55791,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-04-01\''),(42874,'\'Dumb Terminal fun\'','pge','\'We will have several dumb terminals available for all sorts of things courtesy of SCAVHUNT!
\n\'','NULL','NULL','','','','',55792,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-04-01\''),(42875,'\'Retro Repair\'','pge','\'Although not scheduled we intend to have people in and out who can do repairs/soldering on older equipment should anything need it. If you have trouble with your vintage tech during con, we will do our best to help!
\n\'','NULL','NULL','','','','',55793,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-04-01\''),(42876,'\'A-ISAC Aviation Cybersecurity Challenge\'','pge','\'A variety of aviation infrastructure has been compromised by hackers. Immerse yourself into challenges where you are tasked as an aviation cyber defense participant to identify attacks/attackers, stop attacks, and restore normal operations. As a participant your first step is to register ahead and read the rules at: https://aisac.cyberskyline.com/events/aisac-defcon and bring your own laptop to the venue. You can participate in the virtual challenges from Friday, but the more critical in-person challenges are only available at certain times during Village open hours!
\n
People:
SpeakerBio: A-ISAC and Embry-Riddle Aeronautical University - Prescott
\nNo BIO available
\n\'','NULL','NULL','','','','',55813,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42877,'\'ARINC 664 CTF\'','pge','\'ARINC 664 is an extension to IP networking that adds deterministic QoS for Aircraft Systems over Ethernet. Sit down and learn about how the extensions to 802.3 is used on aircraft, how that flight critical data is transferred in a timely matter, and how to manipulate the data on these networks. This progressive difficulty CTF provides a fun and informative way of approaching ARINC 664 networking.
\n
People:
SpeakerBio: Boeing
\nNo BIO available
\n\'','NULL','NULL','','','','',55814,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42878,'\'Bricks in the Air\'','pge','\'Bricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation.
\n\'','NULL','NULL','','','','',55815,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42879,'\'CubeSat Simulator\'','pge','\'The AMSAT Ground Control and CubeSat simulator emulates how satellite communications are used. Ground control communicates via UHF to the cubesat.
\n
People:
SpeakerBio: AMSAT
\nNo BIO available
\n\'','NULL','NULL','','','','',55816,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42880,'\'Darkstar Badge Challenge\'','pge','\'Collect the clues, solve the puzzles, show off your aerospace knowledge and technical skills to win a limited edition PCB badge.
\n
People:
SpeakerBio: Lockheed Martin
\nNo BIO available
\n\'','NULL','NULL','','','','',55817,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42881,'\'Defend the Airport CTF\'','pge','\'You are a new to the Airport IT staff at the IG International Airport Network Operations Center, working your first holiday travel weekend. It has been a busy day managing the network with the control tower reporting several small glitches.
\n\nNo alerts have been raised in the network, and the glitches appeared to have been easily handled. While taking your last break of the day, you decide to take a short walk around the concourse to watch the sun set. Suddenly, your cell phone rings and the voice on the other end is a panicked Control Tower Operator. A short time earlier, the tower had observed the runway lights turn off, come back on, and are now randomly blinking. They also mentioned the Operator HMI (Human Machine Interface) controlling the Runway Lighting system is non-responsive and they are locked out of the Maintenance HMI to reboot the system. Time is critical – without the lights, the planes circling the airport cannot land. With limited fuel stores, the planes are unable to divert to another airport. You sit down at your terminal to pull up the maintenance manual and troubleshoot the problem only to discover you are locked out of your account. You are suddenly relieved that management would not let you deploy security updates to the network because they feared service interruptions may occur. Once you regain access to the system and have all the reference material available, you bring up the control logic for the runway lighting system on one screen and the HMIs on another and quickly realize this is not a normal system failure. An unknown hacker or hacker group has ceased and taken control of the system. They have manipulated the PLC’s (Programmable Logic Controller) and impacted the HMIs. Time is of the essence to restore operation to the Runway Lighting control system before the planes run out of fuel.
\n
People:
SpeakerBio: IntelliGenesis and IG Labs
\nNo BIO available
\n\'','NULL','NULL','','','','',55818,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42882,'\'Detect a Threat\'','pge','\'Can you spot suspicious items in packages? Try out your skills.
\n
People:
SpeakerBio: TSA
\nNo BIO available
\n\'','NULL','NULL','','','','',55819,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42883,'\'Drone Capture the Flag (CTF)\'','pge','\'Put your drone hacking skills to the test in our Drone CTF. This advanced challenge requires participants to take over a drone mid-flight and develop a payload to hack a DJI drone. This CTF is perfect for those who have some experience in drone hacking or have participated in our Drone Hacking Workshop. It\'s a great opportunity to showcase your technical prowess and win some cool prizes.
\n
People:
SpeakerBio: Dark Wolf
\nNo BIO available
\n\'','NULL','NULL','','','','',55820,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42884,'\'Drone Flying Experience\'','pge','\'Experience the thrill of flying a drone in our custom-built cage right on the showroom floor. This activity is designed for everyone to enjoy, from kids to adults. Fly mini drones around the cage and see how well you can control these agile little machines. It\'s a fun, interactive way to learn the basics of drone piloting in a safe environment.
\n
People:
SpeakerBio: Dark Wolf
\nNo BIO available
\n\'','NULL','NULL','','','','',55821,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42885,'\'Drone Hacking Activity\'','pge','\'Join our Drone Hacking Activity and get hands-on experience with hacking into drone microcontrollers. This three-step in-depth activity is designed to teach you about the vulnerabilities and security of autonomous systems. Using sample drones, participants will learn techniques used in government pen tests. This workshop is suitable for all skill levels, from beginners to advanced hackers. Come and test your skills in a real-world scenario and understand the intricacies of drone security.
\n
People:
SpeakerBio: Dark Wolf
\nNo BIO available
\n\'','NULL','NULL','','','','',55822,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42886,'\'Drone Hacking Choose Your Own Adventure\'','pge','\'Dive into our interactive choose-your-own-adventure web interface and learn how to hack a drone in a fun, storyboard-based game. This graphical user interface simulates the process we use when hacking drones for the Air Force, allowing participants to make decisions and see the outcomes. It\'s a beginner-friendly activity that anyone can enjoy, offering insight into the steps involved in drone penetration testing.
\n
People:
SpeakerBio: Dark Wolf
\nNo BIO available
\n\'','NULL','NULL','','','','',55823,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42887,'\'Hack-A-Sat Digital Twin\'','pge','\'Want to know what happened to the Hack-A-Sat digital twins? We\'re bringing back our satellites and ground stations so you can see what it was like to be a team operating during finals!
\n\nEstablish uplink using a ground station. Send commands to the satellite, observe effects and telemetry. 3D Cesium visualization of satellite in orbit and ground station locations. Grafana dashboards for sim data, etc. OpenC3 satellite operator interface for C2
\n
People:
SpeakerBio: Hack-A-Sat
\nNo BIO available
\nSpeakerBio: Cromulence
\nNo BIO available
\n\'','NULL','NULL','','','','',55824,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42888,'\'Hack-A-Sat Quals Challenges\'','pge','\'Enjoy some space math nostalgia with challenges from the past four years of Hack-A-Sat quals! Challenges require skills in astrodynamics, satellite operations, digital signal processing, reverse engineering, exploitation, and more! If you missed the last Hack-A-Sat qualifiers or just want to try again, now is your chance!
\n\n10 challenges are available with a mix of difficulty. These will be available throughout all of DEF CON so work on them anywhere (even your hotel room). No team required and no scoreboard...so no pressure!
\n\nChallenge developers will be available for hints/clues on the conference floor but may not be able to help with every challenge.
\n
People:
SpeakerBio: Hack-A-Sat
\nNo BIO available
\nSpeakerBio: Cromulence
\nNo BIO available
\n\'','NULL','NULL','','','','',55825,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42889,'\'PTP Flight Challenge\'','pge','\'Role play what would happen (or not happen) should a plane be maliciously targeted, or (like most) try and land a A320.
\n
People:
SpeakerBio: Pen Test Partners
\nNo BIO available
\n\'','NULL','NULL','','','','',55826,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42890,'\'Selfie with a CubeSat\'','pge','\'Come take a picture with a CubeSat. And while you\'re there, learn a few things about it.
\n
People:
SpeakerBio: CalPoly
\nNo BIO available
\n\'','NULL','NULL','','','','',55827,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42891,'\'Space Grand Challenge Luna\'','pge','\'The Space Grand Challenge (SGC) Program is a free virtual game-based cybersecurity/space competition CTF for middle and high school students built by Cal Poly students—Learn by Doing in action. The game is built on the UNITY gaming engine.
\n
People:
SpeakerBio: CalPoly
\nNo BIO available
\n\'','NULL','NULL','','','','',55828,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42892,'\'Space Systems Security CTF – Platform Security\'','pge','\'Launch into the thrilling world of cybersecurity, specifically designed for space systems! Learn the fundamentals to safeguard ground stations, communication links, and spacecrafts.
\n\nEngage in an immersive and fun CTF scenario. Apply your cybersecurity skills in real-time and see the direct impact of your decisions on our Space Systems Demonstrator. In this high-stakes scenario, you\'ll align with the Aurora Alliance in their critical mission to thwart Count Viktor Thunderclaw and the notorious Nebula Syndicate. The Syndicate threatens to destroy historic monuments around the world with their Space Laser unless their demands are met. Do you have what it takes to dismantle their malevolent plans?
\n\nOur beginner-level CTF kicks off as soon as the village opens—no pre-registration necessary. Just bring your laptop to access the CTF platform and your favorite packet decoding software (i.e. Wireshark). Expect the CTF to take you less than 1 hour to complete. Team collaboration is encouraged, and if you encounter obstacles, numerous hints are available to guide you. Excel in the challenge, and you could walk away with a CT Cubed SAO, an exclusive prize while supplies last.
\n
People:
SpeakerBio: CT Cubed
\nNo BIO available
\n\'','NULL','NULL','','','','',55829,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42893,'\'spacestudio and spacetower challenges\'','pge','\'Use spacestudio software to work through multiple challenges and scenarios. For instance:
\n\nChallenge 1: Analysis of the performance of the next GEN of satellites to size the ground segment.
\n\nChallenge 2: Assessment of propulsion system capabilities for initial orbit raising
\n\nChallenges for spacetower flight dynamic software will also be available.
\n
People:
SpeakerBio: Exotrail
\nNo BIO available
\nSpeakerBio: Hack-A-Sat
\nNo BIO available
\n\'','NULL','NULL','','','','',55830,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-02\''),(42894,'\'QOLOSSUS: QUANTUM CTF CONTEST: How to get Started on The Quantum Capture The Flag\'','pge','\'\n\'','NULL','NULL','','','','',55840,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-06-01\''),(42895,'\'QOLOSSUS CONTEST Q-CTF Finals\'','pge','\'\n\'','NULL','NULL','','','','',55860,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-06-01\''),(42896,'\'AI Village Demos\'','pge','\'Join us at the AI Village for interactive demonstrations at the intersection of AI and security. Attempt to hijack and manipulate autonomous robots using large language models and generative AI. Fool your friends by creating deep fakes with a state-of-the-art setup from Bishop Fox, complete with DSLR camera, green screen, and props. Finally, put your social engineering awareness to the test with DARPA’s deep fake analysis system, designed to identify and attribute manipulated and synthetic media. Don’t miss this opportunity to engage with adversarial AI technologies and learn about their implications on the future, at DEF CON 32!
\n\'','NULL','NULL','','','','',55889,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-03\''),(42897,'\'Recon Village GE(O)SINT Challenge\'','pge','\'Join the Recon Village GEOSINT Challenge, where your geospatial intelligence skills will be put to the ultimate test. Navigate through complex scenarios, uncover hidden clues, and outsmart your competition. Sharpen your analytical prowess and prove your mastery in this thrilling contest of wits and strategy.
\n\'','NULL','NULL','','','','',55894,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-03-04\''),(42898,'\'Ask Me Anything - Daniel Cutberth, Moderated by Sudhanshu\'','pge','\'This is an AMA/Podcast that will be recorded on-site.
\n
People:
SpeakerBio: Sudhanshu
\nNo BIO available
\nSpeakerBio: Daniel Cuthbert
\nNo BIO available
\n\'','NULL','NULL','','','','',55897,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-03-04\''),(42899,'\'Interview - Mika Devonshire, Hosted by Himanshu Das\'','pge','\'This is an AMA/Podcast that will be recorded on-site.
\n
People:
SpeakerBio: Mika Devonshire
\nNo BIO available
\nSpeakerBio: Himanshu Das
\nNo BIO available
\n\'','NULL','NULL','','','','',55900,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-03-04\''),(42900,'\'Interview - Scott Helme, Hosted by Shubham\'','pge','\'This is an AMA/Podcast that will be recorded on-site.
\n
People:
SpeakerBio: Scott Helme
\nNo BIO available
\nSpeakerBio: Shubham
\nNo BIO available
\n\'','NULL','NULL','','','','',55903,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-03-04\''),(42901,'\'Interview - the gumshoo, Hosted by Ram\'','pge','\'This is an AMA/Podcast that will be recorded on-site.
\n
People:
SpeakerBio: the gumshoo
\nNo BIO available
\nSpeakerBio: Ram
\nNo BIO available
\n\'','NULL','NULL','','','','',55905,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-03-04\''),(42902,'\'Interview - CATO Networks, Hosted by Dhruv Shah\'','pge','\'This is an AMA/Podcast that will be recorded on-site.
\n
People:
SpeakerBio: CATO Networks
\nNo BIO available
\nSpeakerBio: Dhruv Shah
\nNo BIO available
\n\'','NULL','NULL','','','','',55909,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-03-04\''),(42903,'\'Interview - RedHunt Labs (Kunal), Hosted by Anant Shrivastava\'','pge','\'This is an AMA/Podcast that will be recorded on-site.
\n
People:
SpeakerBio: RedHunt Labs (Kunal)
\nNo BIO available
\nSpeakerBio: Anant Shrivastava
\nNo BIO available
\n\'','NULL','NULL','','','','',55911,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-03-04\''),(42904,'\'Interview - Daniel Miessler, Hosted by Ankur\'','pge','\'This is an AMA/Podcast that will be recorded on-site.
\n
People:
SpeakerBio: Daniel Miessler
\nNo BIO available
\nSpeakerBio: Ankur
\nNo BIO available
\n\'','NULL','NULL','','','','',55912,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-03-04\''),(42905,'\'ToolMakers Hackathon\'','pge','\'Unleash your creativity at the Tool Makers Hackathon, where innovation meets functionality. Collaborate with fellow hackers to design and build groundbreaking tools that push the boundaries of cybersecurity. Whether you\'re a seasoned pro or a budding developer, this is your chance to showcase your skills, learn from the best, and create something truly unique.
\n\'','NULL','NULL','','','','',55915,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-03-04\''),(42906,'\'DEF CON Groups - Open for questions and hanging out\'','pge','\'Do you have questions about what DEF CON Groups are? Do you need help finding a group near you? Feel free to come ask. Or, just come up and hang out.
\n\'','NULL','NULL','','','','',55916,'\'Map Page - LVCC West/Floor 2/W236\''),(42907,'\'Firmware Extraction and Analysis\'','pge','\'In this interactive exercise, you\'ll learn how to talk to chips on a board via SPI, extract a firmware image, and analyze it to find vulnerabilities. Take your hardware hacking skills to the next level
\n\'','NULL','NULL','','','','',55919,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-08-04\''),(42908,'\'Hack My TV\'','pge','\'With Google Cast Miracast or AirPlay smart TVs now have plenty of ways to get your favorite content on screen. But while the latest show is playing there is a complex system running underneath that is ripe for hacking. Bitdefender invites you to solve a few challenges that will get you diving into the inner workings of a smart TV.
\n\'','NULL','NULL','','','','',55920,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-08-04\''),(42909,'\'Hands-On Hardware Hacking – From Console to Root, Manipulating and Controlling a Protected System\'','pge','\'Rapid7 is back with more hands-on hardware hacking exercises. This year we will be guiding attendees through several exercises gaining root access for control and extraction of firmware and file system data. From TFTP kernel images over the network to single user mode access via modification of U-Boot. These exercises will guide you through the process of importing a kernel image over the network and executing it in memory for root access, along with understanding embedded device flash memory layout and how to transfer firmware images over the network for offline testing. Also, we will walk through placing the IoT device in single user mode for root access and then rebuild the structure and needed drivers to bring the IoT embedded system out of single user mode for full access.
\n\'','NULL','NULL','','','','',55921,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-08-04\''),(42910,'\'Hardware Hacking GE Appliances\'','pge','\'How to get started, two steps
\n\nDownload the GE Appliances SmartHQ App “SmartHQ” available on the Google Play and iOS Stores to your mobile phone\nCreate your GE Appliances Account to commission the appliance, connecting the appliance to your account. The app will walk you through this step.\n
\n\nRouter Name SSID: HackAway\nRouter Name Password: With GEA
\n\nIn-Scope: Only communications between the appliance, GE Appliances SmartHQ App, and the cloud connection for the appliance
\n\nPlease leave your contact information and we will be in touch! Or you may visit our security webpage by typing “GEAppliances.com/security” into your Internet browser. We have a call center and PSIRT team ready to hear your questions!
\n\'','NULL','NULL','','','','',55922,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-08-04\''),(42911,'\'Inside the Toolkit of Elite Embedded Security Experts - Hands-On Workshop: QEMU & GDB for Embedded Systems Analysis\'','pge','\'Learn the trade secrets of elite embedded security researchers and exploit developers. This hands-on workshop equips you with the QEMU and GDB skills needed to emulate and debug embedded system processes.
\n\nFriday, August 9th / Saturday, August 10th
\n\n10:00 am - QEMU Primer\n11:00 am - QEMU Emulation\n2:00 pm - Debugging with QEMU and GDB\n3:00 pm - Q&A for Workshops\n
\n\'','NULL','NULL','','','','',55923,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-08-04\''),(42912,'\'IoT Security at DEF CON 32\'','pge','\'Join Finite State live on the Tech Done Different Podcast live at 2: 30 on the 9th with host Ted Harrington. Finite State and ISE will be discussing all things DEF CON 32 and the state of IoT security. This will be a live recording!
\n\n\n\'','NULL','NULL','','','','',55924,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-08-04\''),(42913,'\'IoT Village Hacking Playground\'','pge','\'The IoT Village Hacking Playground is a set of hands-on labs developed to teach the tools and techniques for discovering and exploiting some of the common weaknesses found in IoT devices in just a few minutes. Work at your own pace following our IoT Hacking guides and if you get stuck, our instructors are on hand to provide assistance and answer any questions.
\n\'','NULL','NULL','','','','',55925,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-08-04\''),(42914,'\'Keysight CTF Challenge\'','pge','\'Defeat the Keysight CTF challenge for a chance to win a Riscuberry IoT hacking training kit with Riscure Academy online training. See one of the Keysight staff for details. LIGHT THE BEACONS and show us the flag!
\n\'','NULL','NULL','','','','',55926,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-08-04\''),(42915,'\'Living off the Land inside your WiFi : Exploring and Exploiting Access Points and Routers\'','pge','\'Join Drew Green, John Rodriguez, and Ken Pyle for a deep dive into identifying vulnerabilities in network devices. Explore and exploit weaknesses in a wireless mesh network and learn how advanced threats view your infrastructure.
\n
People:
SpeakerBio: Drew Green
\nNo BIO available
\nSpeakerBio: John Rodriguez
\nNo BIO available
\nSpeakerBio: Ken Pyle
\nNo BIO available
\n\'','NULL','NULL','','','','',55927,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-08-04\''),(42916,'\'Phisherman\'s Wharf - Phishing for Beginners\'','pge','\'Intuit R3DC0N\'s Phisherman\'s Wharf will lead beginners looking to learn how phishing campaigns are managed. This short introductory lab will give you hands on experience creating a phish test campaign from a cached email and web site using GoPhish, leverage email lists, and observe the responses when the victims interact with the phish emails in MailHog.
\n\nAccompanied by our expert guide, witness live hacking demonstrations showcasing the alarming simplicity behind breaching and controlling banned xIoT devices. Embrace the excitement. Join us at the Lab and let the hacking games begin!
\n\'','NULL','NULL','','','','',55928,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-08-04\''),(42917,'\'Safe Hacking\'','pge','\'Hack a (not-so) smart safe and win prizes from TCM Security! Attendees will be guided through a hands-on lab that demonstrates common tools and techniques to unpack and analyze firmware, hunt for files of interest, and reverse engineer binaries and libraries. In addition, you will learn how to trace functionality in IoT devices to their underlying binaries and libraries and further reverse engineer these to hunt for common vulnerabilities. By using these techniques, you will be able to find the vulnerable section of code in the smart safe and craft an exploit that will allow you to access the safe and win the loot inside.
\n\'','NULL','NULL','','','','',55929,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-08-04\''),(42918,'\'Important Message\'','pge','\'There are a few things that we would like everyone to be aware of, leading up to DEF CON 32.
\n\nSticker Policy
\n\nWe have a beautiful culture of #stickerlife at DEF CON, and we hope that it can continue well into the future. Refer to the conference schedule for \"sticker swaps\". We\'re also putting up multiple sticker walls this year -- it was a hit last year, and we hope that having a couple of them will be even more awesome this year.
\n\nThe LVCVA (Las Vegas Convention and Visitors Authority, owners of the LVCC) has a zero-tolerance policy with regard to adhering anything at all to their property, including stickers. Please DFIU. If you are caught adhering anything to LVCC property, you will likely be trespassed from the property by Las Vegas Police. Beyond stickers, you may also not use tape, sticky putty, tacks, or even non-stick clings.
\n\nAdmission inspections and searches
\n\nThe LVCC will not be searching or scanning people or bags entering the facility.
\n\nMoney
\n\nAs always, human badges (that were not pre-purchased) are exclusively sold using cash (US currency). Merch is the same. No credit cards, debit cards, mobile payments, cryptocurrency, or any means other than USD cash will be accepted at either human registration or DEF CON Merch. We recommend bringing cash with you: there are only two ATMs inside the LVCC.
\n\nFood and beverage operations inside the LVCC, including the food court and bars, only accept cards and mobile payments. You cannot use cash to purchase food or beverage inside the LVCC.
\n\nVendors are permitted to conduct transactions via whatever means they choose. We do not have a list of which vendors are accepting cash vs card.
\n\nWater
\n\nThe LVCC has many modern water-bottle filling stations, so free water will be readily available for those who bring their own reusable water bottles.
\n\nDCTV
\n\nDCTV will exclusively be streaming online this year, and will not be available on any hotel TV channels.
\n\nOutside food and beverage
\n\nLVCC prohibits attendees from bringing outside food and beverage into the convention center, except in cases of medical or dietary necessity.
\n\nPhotography policy
\n\nPublic photography is allowed*. It’s okay to take photos of your friends if they’re cool with it. We’ve setup several “selfie spots” that are amazing art pieces created specifically for the yearly theme where you can take cool photos.
\n\nWe want you to take consenting photos of each other and we want others to see the wide range of attendees we have at DEF CON having a good time. What we don’t want to see are group shots taken without consent/warning, images taken by the press, video of people standing in lines, etc.
\n\nOfficial Press & DEF CON Policy Village rules may differ, please refer to them. At DEF CON you may see our official photography goons capturing the uniqueness that is to be expected at DEF CON; they adhere to our photo policy.
\n\nGroups & individuals participating in public on stage (events, contests, or activities) are allowed* to be photographed.
\n\nPhotography in the CTF room is NOT permitted without consent of the individuals to be photographed.
\n\nCrowd shots are VERY discouraged, if so desired you must alert the crowd to give them time to opt out. For example: \" Hey, I\'m taking a photo, if you don\'t want to be in it hide your face\" .
\n\nTaking photos of people in hallways, lines, hanging out, at random, is not allowed without consent. Respect the rights of the individual not to be photographed. Deletion of photos can be requested by staff.
\n\nWhen taking pictures of your friends please use “portrait mode” because this will blur the picture background, respecting the privacy of those inadvertently captured.
\n\nNOTE: It is permissible to record violations of the DEF CON CoC to share with our safety team (link) to help us investigate and take action.
\n\n\n- We reserve the right to revoke an individual\'s permission to photograph, at any time, on a case by case basis. Failure to comply can result in revocation of admission without refund.
\n
\n\'','NULL','NULL','','','','',55955,'\' Page - Other / See Description\''),(42919,'\'Vendors and Exhibitors Open\'','pge','\'This is when you can go visit our awesome vendors.
\n\nWe don\'t know which they will be accepting cash vs cards. That\'s up to each organization, and we do not have a list.
\n\nWe also don\'t know if/when vendors will sell out of anything they may be selling.
\n\'','NULL','NULL','','','','',55956,'\'Map Page - LVCC West\''),(42920,'\'Shell On Demand Appliance Machine (S.O.D.A. Machine) (pronounced SODA)\'','pge','\'The S.O.D.A. Machine Experience:
\n\nImagine being at DEF CON, eager to dive into some serious hacking without being tethered to your laptop. The Shell On Demand Appliance is here to enhance your experience by providing access to anonymous virtual machine using cold hard cash.
\n\nWhat is the Shell On Demand Appliance?
\n\nThe S.O.D.A. machine is now located in the contest area at the DEF CON Scavenger Hunt booth, offering virtual machines accessible via the DEF CON network. A blend of hardware, software, art, and hacking, using recycled materials to create a sustainable tech experience. The built-in datacenter connects directly to the DEF CON network. Insert cash or coins into the machine to get started, the system deploys the VM to the network, and a receipt with your login credentials is printed. Users receive login credentials to access their virtual machine via remote shell. You can change the password, install tools and applications, and customize the VM to suit your needs. The updated system now provides secure access from anywhere in the world through a web browser or standard SSH client. Be sure to check out the BBS too!
\n\nSupporting the Cause:
\n\nAll proceeds from the S.O.D.A. Machine benefit the National Upcycled Computing Collective, Inc., a 501(c)(3) nonprofit organization dedicated to advancing research and education in computer science, technology, and engineering. Contributions are welcome at https://www.paypal.com/paypalme/NUCC.
\nLinks:
Mastodon (@soda@defcon.social) - https://defcon.social/@soda
\n Twitter (@ShellsOnDemand) - https://twitter.com/ShellsOnDemand
\n\'','NULL','NULL','','','','',55980,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-03-02\''),(42921,'\'DCNextGen Awards and Closing Ceremony\'','pge','\'We will be handing out the CTF Prizes and awards. Must be present to win!
\n\'','NULL','NULL','','','','',55995,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-06-03\''),(42922,'\'Tamper Evident Village Activities\'','pge','\'\"Tamper-evident\" refers to a physical security technology that provides evidence of tampering (access, damage, repair, or replacement) to determine authenticity or integrity of a container or object(s). In practical terms, this can be a piece of tape that closes an envelope, a plastic detainer that secures a hasp, or an ink used to identify a legitimate document. Tamper-evident technologies are often confused with \"tamper resistant\" or \"tamper proof\" technologies which attempt to prevent tampering in the first place. Referred to individually as \"seals,\" many tamper technologies are easy to destroy, but a destroyed (or missing) seal would provide evidence of tampering! The goal of the TEV is to teach attendees how these technologies work and how many can be tampered with without leaving evidence.
\n\nThe Tamper-Evident Village includes the following contests and events:
\n\n\n- The Box; an electronic tamper challenge. An extremely realistic explosive with traps, alarms, and a timer ticking down. One mistake and BOOM, you\'re dead. Make every second count! Sign ups on-site when the TEV begins.
\n- Tamper-Evident King of the Hill; a full-featured tamper challenge. Tamper single items at your leisure and attempt to beat the current best. There can be only ONE! No sign ups required, play on-site when the TEV begins.
\n- Badge Counterfeiting Contest; submit your best forgery of a DEF CON human badge. Other target badges are also available for those looking for more counterfeit fun!
\n- For your viewing pleasure, collections of high-security tamper-evident seals from around the world.
\n- Presentations & demonstrations on various aspects of tamper-evident seals and methods to defeat them.
\n- Hands-on fun with adhesive seals, mechanical seals, envelopes, and evidence bags.
\n
\n\'','NULL','NULL','','','','',56117,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-07-03\''),(42923,'\'LHC Meshtastic Activities and CTF\'','pge','\'Lonely Hackers Club is conducting some meshtastic activities during DEF CON 32.
\n\nThe Lonely Hackers Club is hosting a CTF over Meshtastic. To participate you will need a Meshtastic node. There will be additional flags located in or near the LHC room. For more information check out our Meshtastic page.
\n\nGetting Started
\n\nLearn more here.
\n\nDefault LongFast Mesh + LHC Channel, Use before DEF CON
\n\nTap here to reconfigure your device
\n\nDEFCONnect ShortFast Mesh + LHC Channel, Use during DEF CON
\n\nTap here to reconfigure your device
\n\'','NULL','NULL','','','','',56118,'\'Map Page - LVCC West/Floor 2/W208\''),(42924,'\'Game Hacking Community Activities & CTF\'','pge','\'Welcome to the inaugural GameHacking.GG @ DEF CON 32, where gaming and cybersecurity intersect in exciting and interactive ways. Our mission is to delve into various aspects of game security, fostering an environment of exploration, play, and learning. The DEFCON32 event is constructed to make game security accessible and playable at all skill levels.
\n\nAt the Game Hacking DEF CON 32 event, participants can engage in activities ranging from modding games to exploring the intricacies of memory hacking and multiplayer cheats. In future iterations of the event we hope to expand to learning about game malware and maybe even some hardware hacks. Whether you\'re a beginner or an experienced hacker, we will have presentations and activities to challenge your skills.
\n\nBe part of the evolution of game security. Dive into our activities, engage with other game hackers, and explore opportunities to contribute to and support the Game Hacking Community. Let’s play, learn, exploit, and perhaps even profit.
\n\'','NULL','NULL','','','','',56119,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-01-03\''),(42925,'\'Robo Sumo\'','pge','\'If you have never participated in a Robo Sumo event before, welcome to the crowd! There are a number of resources online on this topic. We are lucky enough to have Pololu as a local resource. Their office is a short distance from the strip. They have have robots and parts to make robots. They can ship to your hotel if desired. Put something together and bring it down to show off and shove other bots around.
\n\nPlease follow the \"more info\" link if you would like to know more.
\nLinks:
More Info - https://dchhv.org/events/robosumo.html
\n\'','NULL','NULL','','','','',56121,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-10-01\''),(42926,'\'HHV Rube Goldberg Machine\'','pge','\'To celebrate DEF CON 32, the Hardware Hacking Village (HHV) is hosting a Rube Goldberg Machine (RGM) Event! This idea has been kicking around the HHV volunteer circle in one shape or another since at least DEF CON 20, so it’s about time that it happened! The goal is to create a series of devices that combine to form an end-to-end Rube Goldberg machine for transmitting messages. The hope is that all sorts of creative devices will be connected up to each other to move bits through various complicated and fun analog/digital methods. Ideas have ranged from simply wiring RX to TX — to using radios to bounce the message off the moon!
\nLinks:
More Info - https://dchhv.org/events/hhv_rgb.html
\n\'','NULL','NULL','','','','',56122,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-10-01\''),(42927,'\'Hardware Hacking and Soldering Skills Village Open (HHV-SSV)\'','pge','\'\nLinks:
Website - https://dchhv.org
\n\'','NULL','NULL','','','','',56123,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-10-01\''),(42928,'\'Radio Frequency Village Events\'','pge','\'In addition to the CTF and talks which are elsewhere on the schedule, the RF Village is also a place to hang out and chat with like minded folks who share your interests.
\n\'','NULL','NULL','','','','',56125,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-05-03\''),(42929,'\'Activity: API Security 101: Testing and Trivia by Akto.io\'','pge','\'In this activity, participants will see an API Security presentation with examples and engage in a trivia game centered around the topic.
\n\nLearn about the wide range of API vulnerabilities with real-world examples of data breaches and what it means to secure APIs through tests. And then it’s trivia time!
\n\nParticipants will have to answer 10-15 questions on API Security based on their learnings. You will get swags for each answer you get right!
\n
People:
SpeakerBio: Ankush Jain, Co-founder & CTO at Akto
\nAnkush is the co-founder & CTO at Akto (https://www.akto.io). Prior to starting Akto he worked at CleverTap as VP of Engineering. He has also worked for 5 years as a Quant at Morgan Stanley. He has acquired US patents at Microsoft at CleverTap.
\n\nSpeakerBio: Ankita Gupta
\nNo BIO available
\n\'','NULL','NULL','','','','',56161,'\'Map Page - LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2\''),(42930,'\'Activity: Capture the Container by Chainguard\'','pge','\'Join us for an exhilarating container security CTF where you can go head-to-head with your peers. In this session, we will explore the world of container security, including image analysis, enumeration, and the most up-to-date container escape techniques. Put your skills to the test and compete for the top spot! Participants will gain valuable knowledge in container security and have the chance to win some exciting prizes. Don\'t miss out on this thrilling opportunity to showcase your expertise!
\n
People:
SpeakerBio: Jonathan Leitschuh
\nNo BIO available
\n\'','NULL','NULL','','','','',56162,'\'Map Page - LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3\''),(42931,'\'Activity: Hacking Developers’ Trust – Faking GitHub Contribution by Checkmarx\'','pge','\'Join us for a revealing exploration of open-source trust and its vulnerabilities. In this captivating activity, we will delve into the fascinating world of developer credibility and the unsettling phenomenon of faking GitHub contributions. With open source becoming an integral part of software development, we find ourselves relying on strangers to provide us with code. Trust is often based on factors like the number of stars on a package or the credibility of the package’s maintainer on GitHub. However, what if I told you that all of this could be convincingly spoofed?
\n
People:
SpeakerBio: Tal Folkman
\nTal brings over 7 years of experience to her role as a supply chain security research team lead within Checkmarx Supply Chain Security group. She is in charge of detecting tracking and stopping Opensource attacks.
\n\nSpeakerBio: Ori Ron
\nOri Ron, an experienced Application Security Researcher at Checkmarx, joined the company in 2016. With over eight years of expertise in the field, Ori specializes in identifying and mitigating security vulnerabilities in software systems. His research spans the application security aspects of many programming languages, technologies, and environments.
\n\nSpeakerBio: Mário Leitão-Teixeira
\n\"Vulnerability\" is part of my daily vocabulary at Checkmarx, and I never get sick of it. I dub myself a \'self-certified idiot\' because I love learning and hatching ideas. So much, that I\'ve made brainstorming a hobby and kickstarted a team initiative to keep us on the pulse of InfoSec. As a result, we have learned about CVSSv4 before it was cool.
\n\nWell, CVSSv4 isn\'t cool yet since it\'s yet to be fully adopted, but in the meantime, I\'ve researched and come up with this talk.\nI wasn\'t given the opportunity to win a \'Best Speaker\' award yet. However, I published a few blog posts for Checkmarx and am brewing many other initiatives. I\'m also currently studying to pass the CEH certification. Contributing to the AppSec Village at RSAC in San Francisco last year. Check.
\n\nBeyond the keyboard, you catch me reading, writing, or practicing martial arts. As in cybersecurity, I seek constant learning.
\n\n\'','NULL','NULL','','','','',56163,'\'Map Page - LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3\''),(42932,'\'Activity: Spot the Reachable by Backslash\'','pge','\'Find the reachable one! You’ve got 18x18 inch game board, 5 cards, 5 code weaknesses, and a 5-minute sand timer, ready, set, go! You\'ll have 5 minutes to place the cards in the correct order and find the true positive(s). The winner? Whoever finds the solution in the shortest amount of time!
\n
People:
SpeakerBio: Czesia Glik
\nNo BIO available
\nSpeakerBio: Yossi Pik, CTO & Co-Founder at Backslash Security
\nNo BIO available
\n\'','NULL','NULL','','','','',56164,'\'Map Page - LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1\''),(42933,'\'Activity: Spot the Secrets: Finding Secrets Throughout Your Environments by GitGuardian\'','pge','\'Before you can deal with secrets sprawl, you first need to understand how deep the issue of plaintext secrets can be. Improperly stored and shared secrets are a problem beyond just the top layer of code you put in production. It affects feature branches, old commits, logs, and communication and collaboration tools.
\n\nIn this exercise, you will be challenged to find all the secrets and then use a special tool to quickly validate the secrets and your work. Walk away from this exercise ready to apply the lessons learned to make your organization safer in no time.
\n
People:
SpeakerBio: mcdwayne
\nDwayne has been working as a Developer Relations professional since 2015 and has been involved in tech communities since 2005. He loves sharing his knowledge, and he has done so by giving talks at over a hundred events worldwide. Dwayne currently lives in Chicago. Outside of tech, he loves karaoke, live music, and performing improv.
\n\n\'','NULL','NULL','','','','',56165,'\'Map Page - LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 2\''),(42934,'\'Activity: Test Your AppSec Knowledge by Deepfactor\'','pge','\'It\'s in the Cards! Pick 5 cards with random levels of difficulty. Answer questions ranging from true/false to multiple choice to spot the vulnerable code. Test your knowledge on risky deployment scenarios, rack up the points, and get to the top of the leaderboard to win!
\n
People:
SpeakerBio: Mike Larkin
\nNo BIO available
\n\'','NULL','NULL','','','','',56166,'\'Map Page - LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 3\''),(42935,'\'Activity: Vulnerability Hunt - The Snippets Edition\'','pge','\'Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
\n
People:
SpeakerBio: Mário Leitão-Teixeira
\n\"Vulnerability\" is part of my daily vocabulary at Checkmarx, and I never get sick of it. I dub myself a \'self-certified idiot\' because I love learning and hatching ideas. So much, that I\'ve made brainstorming a hobby and kickstarted a team initiative to keep us on the pulse of InfoSec. As a result, we have learned about CVSSv4 before it was cool.
\n\nWell, CVSSv4 isn\'t cool yet since it\'s yet to be fully adopted, but in the meantime, I\'ve researched and come up with this talk.\nI wasn\'t given the opportunity to win a \'Best Speaker\' award yet. However, I published a few blog posts for Checkmarx and am brewing many other initiatives. I\'m also currently studying to pass the CEH certification. Contributing to the AppSec Village at RSAC in San Francisco last year. Check.
\n\nBeyond the keyboard, you catch me reading, writing, or practicing martial arts. As in cybersecurity, I seek constant learning.
\n\n\'','NULL','NULL','','','','',56167,'\'Map Page - LVCC West/Floor 2/W228-W230/W228-W230-ASV Pod 1\''),(42936,'\'Physical Security Village Activities\'','pge','\'The Physical Security Village explores the world of hardware bypasses and techniques generally outside of the realm of cyber-security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself.
\n\nWe’ll be covering the basics, like the under-the-door-tool and latch slipping attacks, as well as an in depth look at more complicated bypasses. Learn about elevator hacking, attacking alarm systems at the sensor and communication line, and cut-away and display models of common hardware to show how it works on the inside.
\n\nLooking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!
\n\'','NULL','NULL','','','','',56168,'\'Map Page - LVCC West/Floor 1/Hall 2/HW2-08-03\''),(42937,'\'SIV Internet Voting Hacking Challenge\'','pge','\'Experts have long agreed that secure internet voting in public elections is not feasible with today\'s technology, nor with any technologies of the foreseeable future. The challenges are numerous, including many fundamental threats such as vulnerability to malicious clients, authentication attacks, privacy attacks, network and Internet infrastructure attacks, server penetration attacks, and various kinds of denial of service attacks. Internet voting systems also suffer from a lack of any meaningful end-to-end auditability. In this hacking challenge, we will set aside these broader concerns to focus on a specific proposed internet voting system called SIV (Secure Internet Voting) intended for real public elections in the United States. They are conducting a mock online election this week with the specific goal of challenging anyone to break their system.
\nLinks:
Website - http://hack.siv.org/
\n
People:
SpeakerBio: SIV
\nNo BIO available
\n\'','NULL','NULL','','','','',56181,'\' Page - Virtual\''),(42938,'\'Book Signings\'','pge','\'Book Signing Schedule
\n\nFriday, August 9\n11:30 a.m. Tim Arnold, Black Hat Python, 2nd Edition\n12:00 p.m. Jack Rhysider from Darknet Diaries\n12:30 p.m. James Forshaw, Windows Security Internals \n1:30 p.m. Nick Aleks, Black Hat Bash [DEF CON edition] and Black Hat GraphQL\n2:30 p.m. Jim O\'Gorman and Daniel Graham, Metasploit, 2nd Edition [DEF CON edition]\n3:30 p.m. Corey Ball, Hacking APIs\n4:30 p.m. Elonka Dunin and Klaus Schmeh, Codebreaking
\n\nSaturday, August 10\n10:30 a.m. Travis Goodspeed, Microcontroller Exploitsand PoC||GTFO, Volumes 1, 2, and 3\n12:30 p.m. Micah Lee, Hacks, Leaks, and Revelations\n1:30 p.m. Jon DiMaggio, The Art of Cyberwarfare \n2:30 p.m. Matt Burrough and Jos Weyers, Locksport\n3:30 p.m. Chris Eagle and Kara Nance, The Ghidra Book\n4:30 p.m. Alex Matrosov, Rootkits and Bootkits
\n\nSunday, August 11\n11:30 a.m. Beau Woods, Fotios Chantzis, and Paulino Calderon, Practical IoT Hacking
\n\'','NULL','NULL','','','','',56217,'\'Map Page - LVCC West/Floor 1/Hall 4/HW4-04-04\''),(42939,'\'AMA on Proxmark3 with Iceman\'','pge','\'\n
People:
SpeakerBio: Iceman
\nNo BIO available
\n\'','NULL','NULL','','','','',56220,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-05-03\''),(42940,'\'Quantum Village Bloch Party!\'','pge','\'Join us for our first Bloch Party and find out anything you have wanted to know about Quantum Tech & Hacking and why it\'s a Bloch Party, not Block Party. At the same time join us for another round of our Oxford Union-style fun debates @ DEF CON!
\n\'','NULL','NULL','','','','',56221,'\'Map Page - LVCC West/Floor 1/Hall 3/HW3-06-01\'');
/*!40000 ALTER TABLE `pages` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `speakers`
--
DROP TABLE IF EXISTS `speakers`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `speakers` (
`speaker_sort` varchar(128) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`speaker` varchar(128) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`hash` varchar(64) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`autoincre` int NOT NULL AUTO_INCREMENT,
PRIMARY KEY (`autoincre`),
KEY `speaker_sort` (`speaker_sort`) USING BTREE
) ENGINE=InnoDB AUTO_INCREMENT=302897 DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_unicode_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `speakers`
--
LOCK TABLES `speakers` WRITE;
/*!40000 ALTER TABLE `speakers` DISABLE KEYS */;
INSERT INTO `speakers` VALUES ('\'BIC Village Staff\'','\'BIC Village Staff\'','SOC_f0347dc127cc7d9e18e1d8fd2f8f28d8',301608),('\'DJ Roma\'','\'DJ Roma\'','SOC_f0347dc127cc7d9e18e1d8fd2f8f28d8',301609),('\'Jack Rhysider\'','\'Jack Rhysider\'','SOC_7eafb4ccc01d53dc4ce63af35323036e',301610),('\'Emmanuel Law\'','\'Emmanuel Law\'','DL_bc8645298fd42b03085afba46105505a',301611),('\'Rohit Pitke\'','\'Rohit Pitke\'','DL_bc8645298fd42b03085afba46105505a',301612),('\'Ismail Melih Tas\'','\'Ismail Melih Tas\'','DL_cbfa76c8730e852ec7ca5e765f4fdc3e',301613),('\'Numan Ozdemir\'','\'Numan Ozdemir\'','DL_cbfa76c8730e852ec7ca5e765f4fdc3e',301614),('\'Jeremy Banker\'','\'Jeremy Banker\'','DL_b99c31b85dd7561492555543c473f98f',301615),('\'Kaloyan Velikov\'','\'Kaloyan Velikov\'','DL_d82c3fd9763d664b6a80fa9bdba4f9ae',301616),('\'Leonidas Vasileiadis\'','\'Leonidas Vasileiadis\'','DL_d82c3fd9763d664b6a80fa9bdba4f9ae',301617),('\'Ezra Woods\'','\'Ezra Woods\'','DL_13ce746138f9bd82c6b7cf9d36c3674e',301618),('\'Mike Manrod\'','\'Mike Manrod\'','DL_13ce746138f9bd82c6b7cf9d36c3674e',301619),('\'Jonathan Fischer\'','\'Jonathan Fischer\'','DL_0d4e905a7c8011c179317609d0d5b082',301620),('\'Matthew Richard\'','\'Matthew Richard\'','DL_0d4e905a7c8011c179317609d0d5b082',301621),('\'Moritz Laurin Thomas\'','\'Moritz Laurin Thomas\'','DL_119e743d254bc28d35dc4ceab24dbc9c',301622),('\'Patrick Eisenschmidt\'','\'Patrick Eisenschmidt\'','DL_119e743d254bc28d35dc4ceab24dbc9c',301623),('\'Leonardo Serrano\'','\'Leonardo Serrano\'','DL_d1895d4d92747a8f2fd078de134189c7',301624),('\'Lexie Thach\'','\'Lexie Thach\'','DL_d1895d4d92747a8f2fd078de134189c7',301625),('\'Hare Krishna Rai\'','\'Hare Krishna Rai\'','DL_7b96db2c10042d1826a9203bb6a02ce3',301626),('\'Prashant Venkatesh\'','\'Prashant Venkatesh\'','DL_7b96db2c10042d1826a9203bb6a02ce3',301627),('\'Paul Wortman\'','\'Paul Wortman\'','DL_a9eec34216b1694807070a674a600290',301628),('\'Craig Chamberlain\'','\'Craig Chamberlain\'','DL_f4e54b9f1961a0a7d47eee8815449018',301629),('\'Rewanth Tammana\'','\'Rewanth Tammana\'','DL_f4e54b9f1961a0a7d47eee8815449018',301630),('\'Erick Galinkin\'','\'Erick Galinkin\'','DL_22418485c4e7451b8bf4611b5fdc4b80',301631),('\'Leon Derczynski\'','\'Leon Derczynski\'','DL_22418485c4e7451b8bf4611b5fdc4b80',301632),('\'Bleon Proko\'','\'Bleon Proko\'','DL_0c19920ceb8bbc1222acd85178f4926c',301633),('\'Nathan Sidles\'','\'Nathan Sidles\'','DL_65e4b901098d95b71da050e0a66bb596',301634),('\'Cesare Pizzi\'','\'Cesare Pizzi\'','DL_6f5036a428c7dd5360ed977b041a1b13',301635),('\'Anand Tiwari\'','\'Anand Tiwari\'','DL_1a3578bb0b0fa1dca25bf4508e1ccf57',301636),('\'Harsha Koushik\'','\'Harsha Koushik\'','DL_1a3578bb0b0fa1dca25bf4508e1ccf57',301637),('\'Patrick Kiley\'','\'Patrick Kiley\'','DL_03079d13ee1708fbf309e3fe17d9e1c0',301638),('\'Luciano Remes\'','\'Luciano Remes\'','DL_ed156ab2077bc2663b7d78d5b086cf3d',301639),('\'Wade Cappa\'','\'Wade Cappa\'','DL_ed156ab2077bc2663b7d78d5b086cf3d',301640),('\'Chris Thompson\'','\'Chris Thompson\'','DL_084e6518193fd70288867a239a56b0a5',301641),('\'Melanie Allen\'','\'Melanie Allen\'','DL_068f761f4c2e9eaf3ef6d4ad9755f69b',301642),('\'Blaine Jeffries\'','\'Blaine Jeffries\'','DL_2cfb66d8b4680182aaa1ef32c2f56da4',301643),('\'Devon Colmer\'','\'Devon Colmer\'','DL_2cfb66d8b4680182aaa1ef32c2f56da4',301644),('\'Kirk Trychel\'','\'Kirk Trychel\'','DL_ded1c0264b7dd87e3fe9732889715d5e',301645),('\'Jack Heysel\'','\'Jack Heysel\'','DL_7eb8537941c559e934cf4ba6e19eba4c',301646),('\'Spencer McIntyre\'','\'Spencer McIntyre\'','DL_7eb8537941c559e934cf4ba6e19eba4c',301647),('\'Benjamyn Whiteman\'','\'Benjamyn Whiteman\'','DL_43f6329b7b39c29be932b64ab5117a1f',301648),('\'Vishal Thakur\'','\'Vishal Thakur\'','DL_43f6329b7b39c29be932b64ab5117a1f',301649),('\'Matheus Eduardo Garbelini\'','\'Matheus Eduardo Garbelini\'','DL_68dcc1e397c9fe0ee2cdeeb2a98ef693',301650),('\'Sudipta Chattopadhyay\'','\'Sudipta Chattopadhyay\'','DL_68dcc1e397c9fe0ee2cdeeb2a98ef693',301651),('\'Moritz Laurin Thomas\'','\'Moritz Laurin Thomas\'','DL_733e32e87d7339d50163b9a392cc234d',301652),('\'Matthew Handy\'','\'Matthew Handy\'','DL_c5b919b6edd0c44eebb428c4bdcdacd8',301653),('\'Borja Pintos Castro\'','\'Borja Pintos Castro\'','DL_0694832aa2f73fbe8f9ec233b74e20d0',301654),('\'Camilo Piñón Blanco\'','\'Camilo Piñón Blanco\'','DL_0694832aa2f73fbe8f9ec233b74e20d0',301655),('\'Lorenzo Grazian\'','\'Lorenzo Grazian\'','DL_84d14491ed20c4cd1b0bd7191acbed1b',301656),('\'Doug Kent\'','\'Doug Kent\'','DL_644728957a127f8ac18846df2a8b30f0',301657),('\'Robert Ditmer\'','\'Robert Ditmer\'','DL_644728957a127f8ac18846df2a8b30f0',301658),('\'Florian Haag\'','\'Florian Haag\'','DL_e3bfc01574b28595a5a371d6c52ef28f',301659),('\'Matthias Göhring\'','\'Matthias Göhring\'','DL_e3bfc01574b28595a5a371d6c52ef28f',301660),('\'Jyoti Raval\'','\'Jyoti Raval\'','DL_dca69f4877e28b773ef1fd8e70b3d97c',301661),('\'Anthony “Coin” Rose\'','\'Anthony “Coin” Rose\'','DL_60e6808b8690a98f9f2850557c499134',301662),('\'Jake “Hubble” Krasnov\'','\'Jake “Hubble” Krasnov\'','DL_60e6808b8690a98f9f2850557c499134',301663),('\'Mark Perry\'','\'Mark Perry\'','DL_0faa48b47ab79bcb5746d2c721ba3f9c',301664),('\'Rachel Murphy\'','\'Rachel Murphy\'','DL_0faa48b47ab79bcb5746d2c721ba3f9c',301665),('\'Josh Summitt\'','\'Josh Summitt\'','DL_800349f1de6b150f90abe9dc7c5c91d1',301666),('\'Naomi Brockwell\'','\'Naomi Brockwell\'','HDA_29f5a98215e95cc4ff3fa783697f4007',301667),('\'Francisco Perdomo\'','\'Francisco Perdomo\'','WS_916b7fc14c69c0c10ac7aa10ee2aa185',301668),('\'Josh Stroschein\'','\'Josh Stroschein\'','WS_916b7fc14c69c0c10ac7aa10ee2aa185',301669),('\'Alex Delifer\'','\'Alex Delifer\'','WS_e4d9b90115bb0a497db663ef5f4957a0',301670),('\'Michael \"v3ga\" Aguilar\'','\'Michael \"v3ga\" Aguilar\'','WS_e4d9b90115bb0a497db663ef5f4957a0',301671),('\'Chris Thompson\'','\'Chris Thompson\'','WS_665320585f620bdcb0b32818922e4a11',301672),('\'Duane Michael\'','\'Duane Michael\'','WS_665320585f620bdcb0b32818922e4a11',301673),('\'Garrett Foster\'','\'Garrett Foster\'','WS_665320585f620bdcb0b32818922e4a11',301674),('\'Arjun Gopalakrishna\'','\'Arjun Gopalakrishna\'','WS_f94f8c9e29269370b68167fc1ca0427e',301675),('\'Gautam Peri\'','\'Gautam Peri\'','WS_f94f8c9e29269370b68167fc1ca0427e',301676),('\'Marcelo Ribeiro\'','\'Marcelo Ribeiro\'','WS_f94f8c9e29269370b68167fc1ca0427e',301677),('\'Sean \'','\'Sean \'','WS_a7bae4a943c6eba0eadbf8e8f16a6589',301678),('\'Serrgei Frankoff\'','\'Serrgei Frankoff\'','WS_a7bae4a943c6eba0eadbf8e8f16a6589',301679),('\'Wesley McGrew\'','\'Wesley McGrew\'','WS_744b69e867aa50670c8296c1192fc140',301680),('\'Dimitri Di Cristofaro\'','\'Dimitri Di Cristofaro\'','WS_49ebb7fd9b9b276744e25b2b127f3f98',301681),('\'Giorgio \"gbyolo\" Bernardinetti\'','\'Giorgio \"gbyolo\" Bernardinetti\'','WS_49ebb7fd9b9b276744e25b2b127f3f98',301682),('\'Angus Strom\'','\'Angus Strom\'','WS_2a26a18632f1bdecc6eb435ccfd4b29f',301683),('\'Troy Defty\'','\'Troy Defty\'','WS_2a26a18632f1bdecc6eb435ccfd4b29f',301684),('\'James Hawk\'','\'James Hawk\'','WS_f46116a98663d08bba52c97372d4fa0f',301685),('\'Jake “Hubble” Krasnov\'','\'Jake “Hubble” Krasnov\'','WS_1518e70f7837e049f31b467bf40f31d7',301686),('\'Kevin \"Kent\" Clark\'','\'Kevin \"Kent\" Clark\'','WS_1518e70f7837e049f31b467bf40f31d7',301687),('\'Rey \"Privesc\" Bango\'','\'Rey \"Privesc\" Bango\'','WS_1518e70f7837e049f31b467bf40f31d7',301688),('\'Kathy Zhu\'','\'Kathy Zhu\'','WS_55ce12c74a5675c413494ecb02dac3e2',301689),('\'Troy Defty\'','\'Troy Defty\'','WS_55ce12c74a5675c413494ecb02dac3e2',301690),('\'Elizabeth Biddlecome\'','\'Elizabeth Biddlecome\'','WS_257a900048db1900c3d30216c297af7d',301691),('\'Irvin Lemus\'','\'Irvin Lemus\'','WS_257a900048db1900c3d30216c297af7d',301692),('\'Kaitlyn Handelman\'','\'Kaitlyn Handelman\'','WS_257a900048db1900c3d30216c297af7d',301693),('\'Sam Bowne\'','\'Sam Bowne\'','WS_257a900048db1900c3d30216c297af7d',301694),('\'Isabel Straw\'','\'Isabel Straw\'','WS_8b75a366a43f2c8c5026d5191a1f5cb2',301695),('\'Jorge Acevedo Canabal\'','\'Jorge Acevedo Canabal\'','WS_8b75a366a43f2c8c5026d5191a1f5cb2',301696),('\'Nathan Case\'','\'Nathan Case\'','WS_8b75a366a43f2c8c5026d5191a1f5cb2',301697),('\'Yoann Dequeker\'','\'Yoann Dequeker\'','WS_2cac49c1189f264df54e8c86d40c0bcd',301698),('\'Cale Smith\'','\'Cale Smith\'','WS_492617df489b8b3c0ed3b01f453e9d57',301699),('\'Priyanka Joshi\'','\'Priyanka Joshi\'','WS_492617df489b8b3c0ed3b01f453e9d57',301700),('\'Aaron Rosenmund\'','\'Aaron Rosenmund\'','WS_4216a8a5ca52106b718a41589d07eab1',301701),('\'Josh Stroschein\'','\'Josh Stroschein\'','WS_4216a8a5ca52106b718a41589d07eab1',301702),('\'Ryan Chapman\'','\'Ryan Chapman\'','WS_4216a8a5ca52106b718a41589d07eab1',301703),('\'Sebastian Tapia De la torre\'','\'Sebastian Tapia De la torre\'','WS_d7371a45a7409c6ca2285aefea14b217',301704),('\'Max \"Libra\" Kersten\'','\'Max \"Libra\" Kersten\'','WS_b7238e38113340dcd559f0a93fca3cd3',301705),('\'Alexandrine Torrents\'','\'Alexandrine Torrents\'','WS_b7abb1fa014fea6a6b4fdef4f9937437',301706),('\'Arnaud Soullié\'','\'Arnaud Soullié\'','WS_b7abb1fa014fea6a6b4fdef4f9937437',301707),('\'Alek Amrani\'','\'Alek Amrani\'','WS_d75f8653a17b9ee668ccbb8764aa96ff',301708),('\'Ryan Holeman\'','\'Ryan Holeman\'','WS_d75f8653a17b9ee668ccbb8764aa96ff',301709),('\'Micah Silverman\'','\'Micah Silverman\'','WS_98d0f882a8354a4f1fd8cff47a9eac29',301710),('\'Rodney David Beede\'','\'Rodney David Beede\'','WS_d794fe6f7f4ae5ed68bbd3388cb8a22c',301711),('\'eigentourist\'','\'eigentourist\'','WS_87823cbf53064a0eadf88b156ca3ecec',301712),('\'Alexandrine Torrents\'','\'Alexandrine Torrents\'','WS_51d86da1c90492e4eec30bdb276d4e05',301713),('\'Or Sahar\'','\'Or Sahar\'','WS_9e587a9de4a64349640f01571f588f5e',301714),('\'Yariv Tal\'','\'Yariv Tal\'','WS_9e587a9de4a64349640f01571f588f5e',301715),('\'Lorenzo Pedroncelli\'','\'Lorenzo Pedroncelli\'','WS_47729bad318e90808072e8ca8f9eeaaf',301716),('\'Randy Belbin\'','\'Randy Belbin\'','WS_47729bad318e90808072e8ca8f9eeaaf',301717),('\'Alfie Champion\'','\'Alfie Champion\'','WS_34131ec52fd35ae3b2d887985097f54b',301718),('\'Josh Kamdjou\'','\'Josh Kamdjou\'','WS_34131ec52fd35ae3b2d887985097f54b',301719),('\'Solomon Sonya\'','\'Solomon Sonya\'','WS_941a719327044372247fc3bd7f76c78e',301720),('\'Vinnie \"kernelpaniek\" Vanhoecke\'','\'Vinnie \"kernelpaniek\" Vanhoecke\'','WS_c854c4fe8bc9c8933f09aee6f251d438',301721),('\'Jon DiMaggio\'','\'Jon DiMaggio\'','DC_19d657d9996a79658aabf8ce1de14c54',301722),('\'Erwin Karincic\'','\'Erwin Karincic\'','DC_b874ceb930aacaad622e97a6aca9d6c1',301723),('\'Woody\'','\'Woody\'','DC_b874ceb930aacaad622e97a6aca9d6c1',301724),('\'Jacob Shams\'','\'Jacob Shams\'','DC_6f0862dfacdd0c1435f7a740134921f9',301725),('\'Jeff \"The Dark Tangent\" Moss\'','\'Jeff \"The Dark Tangent\" Moss\'','DC_4c24e326fbac9b1ae0b87feb3b3b03b8',301726),('\'Matt Burch\'','\'Matt Burch\'','DC_bfe5a6bc59afff5fc508409ce64194d9',301727),('\'WangJunJie Zhang\'','\'WangJunJie Zhang\'','DC_bccf51c0761724b27733f5522754dfcd',301728),('\'YiSheng He\'','\'YiSheng He\'','DC_bccf51c0761724b27733f5522754dfcd',301729),('\'General Paul M. Nakasone\'','\'General Paul M. Nakasone\'','DC_4bc652369191619a62b9ebeddcfc0b91',301730),('\'Max \"Libra\" Kersten\'','\'Max \"Libra\" Kersten\'','DC_2d4ac9e3c9846a156d6028a9cff40e45',301731),('\'Dennis Giese\'','\'Dennis Giese\'','DC_5b28b63e4cc44caf996ec9a758ee6748',301732),('\'Braelynn\'','\'Braelynn\'','DC_5b28b63e4cc44caf996ec9a758ee6748',301733),('\'Thomas Roccia\'','\'Thomas Roccia\'','DC_1705ef50da6fa270bf24e84caafc7b95',301734),('\'Babak Javadi\'','\'Babak Javadi\'','DC_f5ea130b64716fafd53371b9e062b953',301735),('\'Aaron Levy\'','\'Aaron Levy\'','DC_f5ea130b64716fafd53371b9e062b953',301736),('\'Nick Draffen\'','\'Nick Draffen\'','DC_f5ea130b64716fafd53371b9e062b953',301737),('\'James \"albinowax\" Kettle\'','\'James \"albinowax\" Kettle\'','DC_c0a54f893744b2ed46107978f68b2cc1',301738),('\'Mar Williams\'','\'Mar Williams\'','DC_5af26b9d170031262b2b80551eea87c1',301739),('\'Anne Neuberger\'','\'Anne Neuberger\'','DC_ab125b8f3dfd2c235937213a12750382',301740),('\'Jeff \"The Dark Tangent\" Moss\'','\'Jeff \"The Dark Tangent\" Moss\'','DC_ab125b8f3dfd2c235937213a12750382',301741),('\'Harriet Farlow\'','\'Harriet Farlow\'','DC_dd8ceff380d3ef5a86dedf0891fca439',301742),('\'The_Gibson\'','\'The_Gibson\'','DC_186a95fad380579578ab6d98db0229bb',301743),('\'Nick Frichette\'','\'Nick Frichette\'','DC_3636822d82a49c08bfae1cbc44e87c2c',301744),('\'Andrew Case\'','\'Andrew Case\'','DC_c1c26f2da67a095689ceeaf14e369d66',301745),('\'Austin Sellers\'','\'Austin Sellers\'','DC_c1c26f2da67a095689ceeaf14e369d66',301746),('\'Golden Richard\'','\'Golden Richard\'','DC_c1c26f2da67a095689ceeaf14e369d66',301747),('\'David McDonald\'','\'David McDonald\'','DC_c1c26f2da67a095689ceeaf14e369d66',301748),('\'Gustavo Moreira\'','\'Gustavo Moreira\'','DC_c1c26f2da67a095689ceeaf14e369d66',301749),('\'Dr. Stefanie Tompkins\'','\'Dr. Stefanie Tompkins\'','DC_ed9dcb6248e0a086ed7e715fde3f209e',301750),('\'Dr. Renee Wegrzyn\'','\'Dr. Renee Wegrzyn\'','DC_ed9dcb6248e0a086ed7e715fde3f209e',301751),('\'Peiter “Mudge” Zatko\'','\'Peiter “Mudge” Zatko\'','DC_ed9dcb6248e0a086ed7e715fde3f209e',301752),('\'HD Moore\'','\'HD Moore\'','DC_9707ef21088bf1cd32abf713d54ee927',301753),('\'Rob King\'','\'Rob King\'','DC_9707ef21088bf1cd32abf713d54ee927',301754),('\'Bill Woodcock\'','\'Bill Woodcock\'','DC_21bc6a9f97944d72c92e0797a61937a3',301755),('\'Ken Gannon\'','\'Ken Gannon\'','DC_7c7b15575eacf6eab6fa4a2620c05e96',301756),('\'Ilyes Beghdadi\'','\'Ilyes Beghdadi\'','DC_7c7b15575eacf6eab6fa4a2620c05e96',301757),('\'Jen Easterly\'','\'Jen Easterly\'','DC_b235a87a57f514959ff4072098f459b3',301758),('\'samy kamkar\'','\'samy kamkar\'','DC_30321d0470644b5a07335f58464eb5ea',301759),('\'Xiling Gong\'','\'Xiling Gong\'','DC_907162ad5a3b938f755bb1207bd78657',301760),('\'Eugene Rodionov\'','\'Eugene Rodionov\'','DC_907162ad5a3b938f755bb1207bd78657',301761),('\'Xuan Xing\'','\'Xuan Xing\'','DC_907162ad5a3b938f755bb1207bd78657',301762),('\'Yakir Kadkoda\'','\'Yakir Kadkoda\'','DC_cce038fb8dff01b7fa4ade0c1e33b70f',301763),('\'Michael Katchinskiy\'','\'Michael Katchinskiy\'','DC_cce038fb8dff01b7fa4ade0c1e33b70f',301764),('\'Ofek Itach\'','\'Ofek Itach\'','DC_cce038fb8dff01b7fa4ade0c1e33b70f',301765),('\'Joe \"Kingpin\" Grand\'','\'Joe \"Kingpin\" Grand\'','DC_cbbacfc77fb86075121ef1b56ffa3d25',301766),('\'Bruno Krauss\'','\'Bruno Krauss\'','DC_cbbacfc77fb86075121ef1b56ffa3d25',301767),('\'Ceri Coburn\'','\'Ceri Coburn\'','DC_269b106fe2c11825f1ea93a2f1f73955',301768),('\'Dirk-jan Mollema\'','\'Dirk-jan Mollema\'','DC_269b106fe2c11825f1ea93a2f1f73955',301769),('\'Ryan Johnson\'','\'Ryan Johnson\'','DC_90ae3a446106860b3d195e27d4bf69ae',301770),('\'Nikita Kronenberg\'','\'Nikita Kronenberg\'','DC_aa35b1767cf97c352765dea22d80f74b',301771),('\'Drew \"aNullValue\" Stemen\'','\'Drew \"aNullValue\" Stemen\'','DC_aa35b1767cf97c352765dea22d80f74b',301772),('\'Grifter\'','\'Grifter\'','DC_aa35b1767cf97c352765dea22d80f74b',301773),('\'AdaZebra\'','\'AdaZebra\'','DC_aa35b1767cf97c352765dea22d80f74b',301774),('\'Jayson E. Street\'','\'Jayson E. Street\'','DC_796f96d7d123efa1e6f92e18ceff5cb8',301775),('\'Aaron \"dyn\" Grattafiori\'','\'Aaron \"dyn\" Grattafiori\'','DC_9c09dce51f21695b3cd701a8636d5e2f',301776),('\'Ivan Evtimov\'','\'Ivan Evtimov\'','DC_9c09dce51f21695b3cd701a8636d5e2f',301777),('\'Joanna Bitton\'','\'Joanna Bitton\'','DC_9c09dce51f21695b3cd701a8636d5e2f',301778),('\'Maya Pavlova\'','\'Maya Pavlova\'','DC_9c09dce51f21695b3cd701a8636d5e2f',301779),('\'Michael Gorelik \'','\'Michael Gorelik \'','DC_0f95ca74b7e43c2c9f62226894ecc611',301780),('\'Arnold Osipov\'','\'Arnold Osipov\'','DC_0f95ca74b7e43c2c9f62226894ecc611',301781),('\'Paul Gerste\'','\'Paul Gerste\'','DC_5d538b952643182f6efd4b42f5b85e5d',301782),('\'Alexander Rubin\'','\'Alexander Rubin\'','DC_087cfefb8dfa26b5895c20b709c753f8',301783),('\'Martin Rakhmanov\'','\'Martin Rakhmanov\'','DC_087cfefb8dfa26b5895c20b709c753f8',301784),('\'Aapo Oksman\'','\'Aapo Oksman\'','DC_b8433127572b2369b9230a3bdeb2cc40',301785),('\'Thomas Boejstrup Johansen\'','\'Thomas Boejstrup Johansen\'','DC_1fab03faf299e3a4bb2016578549d6a1',301786),('\'Vivek Ramachandran\'','\'Vivek Ramachandran\'','DC_e01ff20e028eec9da52df9c21e986fc6',301787),('\'Jeswin Mathai\'','\'Jeswin Mathai\'','DC_e01ff20e028eec9da52df9c21e986fc6',301788),('\'Paul Roberts\'','\'Paul Roberts\'','DC_5a95cf9ea6b8b74c94f7be327e653c78',301789),('\'Chris Wysopal\'','\'Chris Wysopal\'','DC_5a95cf9ea6b8b74c94f7be327e653c78',301790),('\'Cory Doctorow\'','\'Cory Doctorow\'','DC_5a95cf9ea6b8b74c94f7be327e653c78',301791),('\'Tarah Wheeler\'','\'Tarah Wheeler\'','DC_5a95cf9ea6b8b74c94f7be327e653c78',301792),('\'Dennis Giese\'','\'Dennis Giese\'','DC_5a95cf9ea6b8b74c94f7be327e653c78',301793),('\'Damien Cauquil\'','\'Damien Cauquil\'','DC_5509c98b4c2ddc51da2db01fffed5844',301794),('\'Romain Cayre\'','\'Romain Cayre\'','DC_5509c98b4c2ddc51da2db01fffed5844',301795),('\'Vladyslav Zubkov\'','\'Vladyslav Zubkov\'','DC_0ef5510d21e93dbd1a8f6930b5c0533d',301796),('\'Martin Strohmeier\'','\'Martin Strohmeier\'','DC_0ef5510d21e93dbd1a8f6930b5c0533d',301797),('\'Tony Sager\'','\'Tony Sager\'','DC_48c7049cd0502c1e40c713e3995d920b',301798),('\'Deth Veggie\'','\'Deth Veggie\'','DC_4bd005c0ca2591f70351601a08ab6437',301799),('\'Walter J. Scheirer\'','\'Walter J. Scheirer\'','DC_4bd005c0ca2591f70351601a08ab6437',301800),('\'Patrick “Lord Digital” Kroupa\'','\'Patrick “Lord Digital” Kroupa\'','DC_4bd005c0ca2591f70351601a08ab6437',301801),('\'John Threat\'','\'John Threat\'','DC_4bd005c0ca2591f70351601a08ab6437',301802),('\'Emmanuel Goldstein\'','\'Emmanuel Goldstein\'','DC_4bd005c0ca2591f70351601a08ab6437',301803),('\'X\'','\'X\'','DC_4bd005c0ca2591f70351601a08ab6437',301804),('\'TommydCat\'','\'TommydCat\'','DC_4bd005c0ca2591f70351601a08ab6437',301805),('\'Michael Orlitzky\'','\'Michael Orlitzky\'','DC_d725c80a6d0aa01f8aeba5518af095c6',301806),('\'Xavier Zhang\'','\'Xavier Zhang\'','DC_7d7c566167827cbd22cbec52e70d8c54',301807),('\'Wesley McGrew\'','\'Wesley McGrew\'','DC_32d1a177d248fcc17da8d66facecbb2f',301808),('\'Martin Doyhenard\'','\'Martin Doyhenard\'','DC_7ed89f6c55612d3cdc34a2fe88dcdc0e',301809),('\'S1nn3r\'','\'S1nn3r\'','DC_244b9c91f7125251601e4f40cd04745d',301810),('\'Ron Ben-Yizhak\'','\'Ron Ben-Yizhak\'','DC_21906409011b2e7c7b87c931b99ad4fb',301811),('\'David Shandalov\'','\'David Shandalov\'','DC_21906409011b2e7c7b87c931b99ad4fb',301812),('\'Stephen Sims\'','\'Stephen Sims\'','DC_1329e4c1881c8c23d4e4c449ac112c90',301813),('\'Or Yair\'','\'Or Yair\'','DC_a74826f34bf9727bfc2aeafa7d589184',301814),('\'Shmuel Cohen\'','\'Shmuel Cohen\'','DC_a74826f34bf9727bfc2aeafa7d589184',301815),('\'Michael \"mtu\" Torres\'','\'Michael \"mtu\" Torres\'','DC_b498e51c046b15de98f9b3c2e6953749',301816),('\'Tom \"Decius\" Cross\'','\'Tom \"Decius\" Cross\'','DC_f7843c4d83aaa7f1a44b1bdc77d1fbe3',301817),('\'Greg Conti\'','\'Greg Conti\'','DC_f7843c4d83aaa7f1a44b1bdc77d1fbe3',301818),('\'Cory Doctorow\'','\'Cory Doctorow\'','DC_76263bdd5b1edfa52a9d9a7b704a6f18',301819),('\'Adnan Khan\'','\'Adnan Khan\'','DC_dc75470554598040b690857e6e71d44c',301820),('\'John Stawinski\'','\'John Stawinski\'','DC_dc75470554598040b690857e6e71d44c',301821),('\'Enrique Nissim\'','\'Enrique Nissim\'','DC_34679954dfd1116f61631f7292f3406b',301822),('\'Krzysztof Okupski\'','\'Krzysztof Okupski\'','DC_34679954dfd1116f61631f7292f3406b',301823),('\'Matthew \"mandatory\" Bryant\'','\'Matthew \"mandatory\" Bryant\'','DC_894bc17bc472a8229052dd12f78194fb',301824),('\'Harry Coker Jr.\'','\'Harry Coker Jr.\'','DC_cef259a7d2d3a2280b768f9c05c10318',301825),('\'Jay Healey\'','\'Jay Healey\'','DC_cef259a7d2d3a2280b768f9c05c10318',301826),('\'Joseph Cox\'','\'Joseph Cox\'','DC_d6fdf658b3a1db62341760b33e6f29ed',301827),('\'Aviad Hahami\'','\'Aviad Hahami\'','DC_1c3933da1c6e1214e2ba9a46dd172dd0',301828),('\'Vangelis Stykas\'','\'Vangelis Stykas\'','DC_3afd6453b6c90ac9ac7665d453f8019a',301829),('\'Jim Rush\'','\'Jim Rush\'','DC_bb889a2d33a9ae1f70c2816f1341d362',301830),('\'Tomais Williamson\'','\'Tomais Williamson\'','DC_bb889a2d33a9ae1f70c2816f1341d362',301831),('\'Jeffrey Hofmann\'','\'Jeffrey Hofmann\'','DC_037c1a8e30f8f19790a753879e2ef8fc',301832),('\'Colby Morgan\'','\'Colby Morgan\'','DC_037c1a8e30f8f19790a753879e2ef8fc',301833),('\'Mixæl Swan Laufer\'','\'Mixæl Swan Laufer\'','DC_a72dc63cd909f96cfb7967bb65b9ddd0',301834),('\'Sam Curry\'','\'Sam Curry\'','DC_7d87419500443120cc41986cd1df8584',301835),('\'Thomas \"stacksmashing\" Roth\'','\'Thomas \"stacksmashing\" Roth\'','DC_76b8d1f937998f4e0091af63e0b59412',301836),('\'Allan \"dwangoAC\" Cecil\'','\'Allan \"dwangoAC\" Cecil\'','DC_5bc82e4fb885f4bd7e2a737bf2e07d53',301837),('\'Daniel Messer\'','\'Daniel Messer\'','DC_c46b131bf3c7247bc9635a367a154d7e',301838),('\'Mikhail Shcherbakov\'','\'Mikhail Shcherbakov\'','DC_f52c77323d7268fe8d9a70716f150f14',301839),('\'Silvia Puglisi\'','\'Silvia Puglisi\'','DC_c71eb7ba684f8cd868dc3f4ed05d80d3',301840),('\'Roger Dingledine\'','\'Roger Dingledine\'','DC_c71eb7ba684f8cd868dc3f4ed05d80d3',301841),('\'Helvio Carvalho Junior\'','\'Helvio Carvalho Junior\'','DC_fe0d71799111c7780ee8869f1bb0b854',301842),('\'Lennert Wouters\'','\'Lennert Wouters\'','DC_9c1837b5d92c176bcc16d5db9b3ed0d2',301843),('\'Ian Carroll\'','\'Ian Carroll\'','DC_9c1837b5d92c176bcc16d5db9b3ed0d2',301844),('\'Jake Jepson\'','\'Jake Jepson\'','DC_88939364b8c8014b362cebf2717f79f6',301845),('\'Rik Chatterjee\'','\'Rik Chatterjee\'','DC_88939364b8c8014b362cebf2717f79f6',301846),('\'Elonka Dunin\'','\'Elonka Dunin\'','DC_2494f6b5f8bbe27052940781bddc3e9f',301847),('\'Klaus Schmeh\'','\'Klaus Schmeh\'','DC_2494f6b5f8bbe27052940781bddc3e9f',301848),('\'Bill Demirkapi\'','\'Bill Demirkapi\'','DC_e67a6719b9aa15b12d8002835bd97ec1',301849),('\'Vincent Lenders\'','\'Vincent Lenders\'','DC_e2476e5951cdc5a3f477e62d0efcd2c2',301850),('\'Johannes Willbold\'','\'Johannes Willbold\'','DC_e2476e5951cdc5a3f477e62d0efcd2c2',301851),('\'Robin Bisping\'','\'Robin Bisping\'','DC_e2476e5951cdc5a3f477e62d0efcd2c2',301852),('\'Yan \"Zardus\" Shoshitaishvili\'','\'Yan \"Zardus\" Shoshitaishvili\'','DC_eb45234d3e4c78db7412254b9eea6fa8',301853),('\'Perri Adams\'','\'Perri Adams\'','DC_eb45234d3e4c78db7412254b9eea6fa8',301854),('\'Chanin Kim\'','\'Chanin Kim\'','DC_e45178f86758e50a0e06a294095b9fdd',301855),('\'Myeonghun Pak\'','\'Myeonghun Pak\'','DC_e45178f86758e50a0e06a294095b9fdd',301856),('\'Myeongjin Shin\'','\'Myeongjin Shin\'','DC_e45178f86758e50a0e06a294095b9fdd',301857),('\'Pete Stegemeyer\'','\'Pete Stegemeyer\'','DC_350d465156c77a3714aeaf0817caf7c9',301858),('\'Bramwell Brizendine\'','\'Bramwell Brizendine\'','DC_5499ee625513b48fae0e1d3744ff2d05',301859),('\'Shiva Shashank Kusuma\'','\'Shiva Shashank Kusuma\'','DC_5499ee625513b48fae0e1d3744ff2d05',301860),('\'Charles \"cfreal\" Fol\'','\'Charles \"cfreal\" Fol\'','DC_9658da9a122f30827c5f5d3c05c6f250',301861),('\'Michal Grygarek\'','\'Michal Grygarek\'','DC_2d3647e71613cca228e93db7b6580018',301862),('\'Martin Petran\'','\'Martin Petran\'','DC_2d3647e71613cca228e93db7b6580018',301863),('\'Hayyan Ali\'','\'Hayyan Ali\'','DC_2d3647e71613cca228e93db7b6580018',301864),('\'Eduard Agavriloae\'','\'Eduard Agavriloae\'','DC_6105d979a3d4b93ea226903ef4a5153d',301865),('\'Matei Josephs\'','\'Matei Josephs\'','DC_6105d979a3d4b93ea226903ef4a5153d',301866),('\'Gareth Heyes\'','\'Gareth Heyes\'','DC_998ba3e98fa20ce6054e5aef6d6cda17',301867),('\'Jeffrey Knockel\'','\'Jeffrey Knockel\'','DC_2116869cee3938780e58032d6d8b524b',301868),('\'Mona Wang\'','\'Mona Wang\'','DC_2116869cee3938780e58032d6d8b524b',301869),('\'Moritz Abrell\'','\'Moritz Abrell\'','DC_239cd9d7942eae3010f7d1e92a084c37',301870),('\'Alon Leviev\'','\'Alon Leviev\'','DC_08349de125e6df2e700bd4c313d9554c',301871),('\'Rob Joyce\'','\'Rob Joyce\'','DC_554d72680e6d79887541bdf4a8b8877e',301872),('\'Jeff \"The Dark Tangent\" Moss\'','\'Jeff \"The Dark Tangent\" Moss\'','DC_554d72680e6d79887541bdf4a8b8877e',301873),('\'Daniel Bohannon\'','\'Daniel Bohannon\'','DC_cf9349e1a19b49bc21499feee24ff8db',301874),('\'Sabajete Elezaj\'','\'Sabajete Elezaj\'','DC_cf9349e1a19b49bc21499feee24ff8db',301875),('\'JiaQing Huang\'','\'JiaQing Huang\'','DC_c07d364f064ed2bddda7e67846b0e70c',301876),('\'Hao Zheng\'','\'Hao Zheng\'','DC_c07d364f064ed2bddda7e67846b0e70c',301877),('\'Yue Liu\'','\'Yue Liu\'','DC_c07d364f064ed2bddda7e67846b0e70c',301878),('\'Thomas \"Cr0wTom\" Sermpinis\'','\'Thomas \"Cr0wTom\" Sermpinis\'','DC_a8376b7c67abfe5d03288f4924f556ab',301879),('\'atlas\'','\'atlas\'','DC_4cd89110a7fc92361cc14127a902b65a',301880),('\'Alessandro Magnosi\'','\'Alessandro Magnosi\'','DC_992e07929d988780e11ce7c3d65946fb',301881),('\'Anthony Kava\'','\'Anthony Kava\'','DC_f78beafe6e557c3fa2a09a532b155ac0',301882),('\'Andrew Carney\'','\'Andrew Carney\'','DC_34da79fb828273c261cec2eb45b98442',301883),('\'Perri Adams\'','\'Perri Adams\'','DC_34da79fb828273c261cec2eb45b98442',301884),('\'Kuan-Ting \"HexRabbit\" Chen\'','\'Kuan-Ting \"HexRabbit\" Chen\'','DC_15cda7bc3b88895074ffdf2873f8d28c',301885),('\'Timm Lauser\'','\'Timm Lauser\'','DC_ce82ccd704d4b48ed6812aaf3ab5e775',301886),('\'Jannis Hamborg\'','\'Jannis Hamborg\'','DC_ce82ccd704d4b48ed6812aaf3ab5e775',301887),('\'Yisroel Mirsky\'','\'Yisroel Mirsky\'','DC_16ee5e8ade12b55c27aa742347b70808',301888),('\'Roy Weiss\'','\'Roy Weiss\'','DC_16ee5e8ade12b55c27aa742347b70808',301889),('\'Daniel Ayzenshteyn\'','\'Daniel Ayzenshteyn\'','DC_16ee5e8ade12b55c27aa742347b70808',301890),('\'Guy Amit\'','\'Guy Amit\'','DC_16ee5e8ade12b55c27aa742347b70808',301891),('\'Alejandro Caceres\'','\'Alejandro Caceres\'','DC_1c34ec115e6dedcd7774e96be7e1af70',301892),('\'Suha Sabi Hussain\'','\'Suha Sabi Hussain\'','DC_10103d74d4668b2d03b3bf83dbb379aa',301893),('\'David Meléndez\'','\'David Meléndez\'','DC_2658f8982f4de1104b1f4022e386a0a2',301894),('\'Gabriela (Gabs) Garcia\'','\'Gabriela (Gabs) Garcia\'','DC_2658f8982f4de1104b1f4022e386a0a2',301895),('\'Jeff \"The Dark Tangent\" Moss\'','\'Jeff \"The Dark Tangent\" Moss\'','DC_06175f75642c563d56c1236c3306af13',301896),('\'Rachel Cummings\'','\'Rachel Cummings\'','CPV_db28f200de5daaebd1e1bcf1659abbb3',301897),('\'Niyo Little Thunder Pearson\'','\'Niyo Little Thunder Pearson\'','ICSV_2f49c993a3c8f757be128ed4ab441acc',301898),('\'Jack Cyprus\'','\'Jack Cyprus\'','ICSV_2f49c993a3c8f757be128ed4ab441acc',301899),('\'Wyatt Ford\'','\'Wyatt Ford\'','ICSV_2f49c993a3c8f757be128ed4ab441acc',301900),('\'Roni \"Lupin\" Carta\'','\'Roni \"Lupin\" Carta\'','BBV_382ab3e824b2c8f39fdf2ed1321bce51',301901),('\'Luke McLaren\'','\'Luke McLaren\'','XRV_1514e5d0dc44dcb41084cb81a0982af2',301902),('\'Julia Dewitz-Würzelberger\'','\'Julia Dewitz-Würzelberger\'','ICSV_817d010d61bdcaf4e8916e87557e1963',301903),('\'Bernhard Sedlmayer\'','\'Bernhard Sedlmayer\'','ICSV_817d010d61bdcaf4e8916e87557e1963',301904),('\'Sarah Mader\'','\'Sarah Mader\'','ICSV_817d010d61bdcaf4e8916e87557e1963',301905),('\'Martin Pratt\'','\'Martin Pratt\'','XRV_aa220d696e9e5591b40594ed7fbaae27',301906),('\'Daniel \"Blaklis\" Le Gall\'','\'Daniel \"Blaklis\" Le Gall\'','BBV_92e15c04932ed6a7b6ae20b2920071f2',301907),('\'Grey Fox\'','\'Grey Fox\'','CPV_18a7496d4a7e29e0dacb43f15213ad28',301908),('\'Joe \"securelyfitz\" FitzPatrick\'','\'Joe \"securelyfitz\" FitzPatrick\'','DC_552a67ef0cada7746b16d496fd2419a3',301909),('\'Vivek Ramachandran\'','\'Vivek Ramachandran\'','ADV_bf09128f2f11e1c8c907077525d72c54',301910),('\'Shourya Pratap Singh\'','\'Shourya Pratap Singh\'','ADV_bf09128f2f11e1c8c907077525d72c54',301911),('\'Jared Dygert\'','\'Jared Dygert\'','LPV_dce03f977e8c93aef31d4294e81d49f3',301912),('\'Gregory Carpenter\'','\'Gregory Carpenter\'','ADV_cd9444ff332d3e4cf7f4cf28c3ac3103',301913),('\'Brandon Colley\'','\'Brandon Colley\'','PHV_79073ce56a51c486105eb46a60a57328',301914),('\'Cybelle Oliveira \'','\'Cybelle Oliveira \'','ADV_2696eb541e57fe97dea738e95ced4580',301915),('\'Mauro Eldritch\'','\'Mauro Eldritch\'','ADV_2696eb541e57fe97dea738e95ced4580',301916),('\'Andrew M\'','\'Andrew M\'','PSV_ffd7983f3fa1d3cc0a854194d5d3d2fb',301917),('\'Ege Feyzioglu\'','\'Ege Feyzioglu\'','PSV_ffd7983f3fa1d3cc0a854194d5d3d2fb',301918),('\'Karen Ng\'','\'Karen Ng\'','PSV_e4b85b0fe1b04365104bb51687b728af',301919),('\'Sam Mayers\'','\'Sam Mayers\'','PSV_e4b85b0fe1b04365104bb51687b728af',301920),('\'Geoff Horvath\'','\'Geoff Horvath\'','PHV_00b2ab12dcfa441294668549425dd9eb',301921),('\'Winson Tam\'','\'Winson Tam\'','PHV_00b2ab12dcfa441294668549425dd9eb',301922),('\'Jamie Hardy\'','\'Jamie Hardy\'','IOTV_62717aff283342c524b65e66e76e1cda',301923),('\'Rachael Tubbs\'','\'Rachael Tubbs\'','IOTV_62717aff283342c524b65e66e76e1cda',301924),('\'Steve McGregory \'','\'Steve McGregory \'','IOTV_62717aff283342c524b65e66e76e1cda',301925),('\'Ted Harrington\'','\'Ted Harrington\'','IOTV_62717aff283342c524b65e66e76e1cda',301926),('\'Pavel Khunt\'','\'Pavel Khunt\'','CHV_b921a6ca45728fb31d2e7013358ac0f6',301927),('\'Thomas \"Cr0wTom\" Sermpinis\'','\'Thomas \"Cr0wTom\" Sermpinis\'','CHV_b921a6ca45728fb31d2e7013358ac0f6',301928),('\'Harry Krejsa\'','\'Harry Krejsa\'','CHV_a91d6a0c348a69b0044a1c8f4bb4bdfb',301929),('\'Sarah Hipel\'','\'Sarah Hipel\'','CHV_a91d6a0c348a69b0044a1c8f4bb4bdfb',301930),('\'Dylan \"The Magician\" Baklor\'','\'Dylan \"The Magician\" Baklor\'','LPV_eef434de245b5da75d7f8fae965eebe9',301931),('\'Josh Pyorre\'','\'Josh Pyorre\'','PHV_b7d2da46769c3ff2923611472d963b1b',301932),('\'Billy Graydon\'','\'Billy Graydon\'','PSV_29c9da63e72f273dfd0e212fe7d06d74',301933),('\'Joe Slowik\'','\'Joe Slowik\'','ICSV_21cd4b6b7eef14d2359b38daccfda4f2',301934),('\'Jonghyuk Song\'','\'Jonghyuk Song\'','CHV_1586d9087a88ea7a6aa016d348a52fcc',301935),('\'Seunghee Han\'','\'Seunghee Han\'','CHV_1586d9087a88ea7a6aa016d348a52fcc',301936),('\'Soohwan Oh\'','\'Soohwan Oh\'','CHV_1586d9087a88ea7a6aa016d348a52fcc',301937),('\'Carlota Bindner\'','\'Carlota Bindner\'','IOTV_9113b38a82e6397306d407b5463b360c',301938),('\'Deral Heiland\'','\'Deral Heiland\'','IOTV_9113b38a82e6397306d407b5463b360c',301939),('\'Jan Trzaskowski\'','\'Jan Trzaskowski\'','PLV_b13559477d173ed4fcbf5dfe96b3d123',301940),('\'Mars Cheng\'','\'Mars Cheng\'','ICSV_a563ef5178bcd75c7bf225f3d72b830b',301941),('\'Justin\'','\'Justin\'','RTV_c51a0bfb2fabe41619040918c9eb2740',301942),('\'Matt Mayes\'','\'Matt Mayes\'','RTV_c51a0bfb2fabe41619040918c9eb2740',301943),('\'muteki\'','\'muteki\'','RTV_c51a0bfb2fabe41619040918c9eb2740',301944),('\'Nina Alli\'','\'Nina Alli\'','RTV_c51a0bfb2fabe41619040918c9eb2740',301945),('\'Savannah \"lazzslayer\" Lazzara\'','\'Savannah \"lazzslayer\" Lazzara\'','RTV_c51a0bfb2fabe41619040918c9eb2740',301946),('\'Tom VanNorman\'','\'Tom VanNorman\'','RTV_c51a0bfb2fabe41619040918c9eb2740',301947),('\'Jeff \"The Dark Tangent\" Moss\'','\'Jeff \"The Dark Tangent\" Moss\'','RTV_c51a0bfb2fabe41619040918c9eb2740',301948),('\'Daniel Beard\'','\'Daniel Beard\'','BHV_c901727c7813497da9827ba63ce2e7dd',301949),('\'Eddie Zaneski\'','\'Eddie Zaneski\'','PLV_c1d5c0d104c1108174c9f5a915f62dde',301950),('\'Rebecca Lively\'','\'Rebecca Lively\'','PLV_c1d5c0d104c1108174c9f5a915f62dde',301951),('\'Michael \"v3ga\" Aguilar\'','\'Michael \"v3ga\" Aguilar\'','BHV_2541277a78a0bb5be025ec64285c3004',301952),('\'Andrzej Olchawa\'','\'Andrzej Olchawa\'','ASV_dc70b9fe81c407783d8224ee40d250d5',301953),('\'Matt Burch\'','\'Matt Burch\'','IOTV_49897db11d7b1eb6350c2d05e2f7275f',301954),('\'Martin Strohmeier\'','\'Martin Strohmeier\'','ASV_767cbf152daeec6c14308e499fa3971c',301955),('\'Avi McGrady\'','\'Avi McGrady\'','PLV_b69bc80938db0b15907bd49d2d5af963',301956),('\'Matt Domko\'','\'Matt Domko\'','CPV_b6b4078b1aac9bc0d247c084cdb0c69c',301957),('\'Bryson Bort \'','\'Bryson Bort \'','ICSV_12624d6c0ac65aa29f091fac8c2652dd',301958),('\'Tom VanNorman\'','\'Tom VanNorman\'','ICSV_12624d6c0ac65aa29f091fac8c2652dd',301959),('\'Daniel Isler\'','\'Daniel Isler\'','ADV_2677cd3c1b391a92c79bde6ecc0062a8',301960),('\'c0ldbru\'','\'c0ldbru\'','MISC_d4f6f15c41db7524c6206e368e263d44',301961),('\'David \"Icer\" Maynor\'','\'David \"Icer\" Maynor\'','XRV_6a6fa5227e78fa8610391306cd918921',301962),('\'Alexandru Lazar\'','\'Alexandru Lazar\'','IOTV_4ad364f14cf46a2bb6bc96d775773db3',301963),('\'Dan Berte\'','\'Dan Berte\'','IOTV_4ad364f14cf46a2bb6bc96d775773db3',301964),('\'Charles Waterhouse\'','\'Charles Waterhouse\'','BBV_04cb942f640f97d76b752b524307cb81',301965),('\'Nikhil \"niks\" Shrivastava\'','\'Nikhil \"niks\" Shrivastava\'','BBV_04cb942f640f97d76b752b524307cb81',301966),('\'Cecilie Wian\'','\'Cecilie Wian\'','CPV_f2e91d90b5867674128f9e7fc9a25093',301967),('\'Per Thorsheim\'','\'Per Thorsheim\'','CPV_f2e91d90b5867674128f9e7fc9a25093',301968),('\'Hyo Jin Lee\'','\'Hyo Jin Lee\'','IOTV_8af9cf2d6d102634c1dec91e08468ad9',301969),('\'Hanryeol Park\'','\'Hanryeol Park\'','IOTV_8af9cf2d6d102634c1dec91e08468ad9',301970),('\'Fernando De La Peña Llaca\'','\'Fernando De La Peña Llaca\'','BHV_d6df7d5a9d305b57a9f47af0b8a36844',301971),('\'Abhijith “Abx” B R\'','\'Abhijith “Abx” B R\'','ADV_c7225c747f5e7a86488b21f84d4bc0d2',301972),('\'Adam \"_whatshisface\" Pennington\'','\'Adam \"_whatshisface\" Pennington\'','ADV_c7225c747f5e7a86488b21f84d4bc0d2',301973),('\'Ken Kato\'','\'Ken Kato\'','ADV_c7225c747f5e7a86488b21f84d4bc0d2',301974),('\'Nikhil Mittal\'','\'Nikhil Mittal\'','ADV_c7225c747f5e7a86488b21f84d4bc0d2',301975),('\'Stryker\'','\'Stryker\'','ADV_c7225c747f5e7a86488b21f84d4bc0d2',301976),('\'Larry Pesce\'','\'Larry Pesce\'','IOTV_6818391c8fa4fd9186b69dcb06f8ef78',301977),('\'Mike Raggo\'','\'Mike Raggo\'','PHV_feaac96f62ab8ce7be7d364f6a10d591',301978),('\'Joshua Herman\'','\'Joshua Herman\'','IOTV_74cbfca63f1dd233b87178aae7082ec0',301979),('\'Mixæl Swan Laufer\'','\'Mixæl Swan Laufer\'','BHV_ab561664a2382b92717f7904c2dd4848',301980),('\'Melvin Langvik\'','\'Melvin Langvik\'','ADV_85212c23e21175c8d4c943ccc8abce20',301981),('\'Denis Smajlović\'','\'Denis Smajlović\'','PHV_eb14ff685ffc70b4eb9de4be9f896f16',301982),('\'Eric Forte\'','\'Eric Forte\'','IOTV_323cd1b2660554706854b69cc144ce32',301983),('\'Mark Mager\'','\'Mark Mager\'','IOTV_323cd1b2660554706854b69cc144ce32',301984),('\'Johnathan Kuskos\'','\'Johnathan Kuskos\'','BBV_dea491da620f47241f009063cf16f5d6',301985),('\'Katie Trimble-Noble\'','\'Katie Trimble-Noble\'','BBV_dea491da620f47241f009063cf16f5d6',301986),('\'Sam (erbbysam) Erb\'','\'Sam (erbbysam) Erb\'','BBV_dea491da620f47241f009063cf16f5d6',301987),('\'Jeff Guerra\'','\'Jeff Guerra\'','BBV_dea491da620f47241f009063cf16f5d6',301988),('\'Logan MacLaren\'','\'Logan MacLaren\'','BBV_dea491da620f47241f009063cf16f5d6',301989),('\'Dr. Muhsinah Morris\'','\'Dr. Muhsinah Morris\'','XRV_b08b69600426a2a9e28ebf17bb8ca663',301990),('\'Paul Brownridge\'','\'Paul Brownridge\'','ICSV_716ccb8d66dc47a30887cd912cf707cd',301991),('\'Michael Brown\'','\'Michael Brown\'','DC_2e1ff77db553f16ab290b77b6445ae36',301992),('\'Dylan Fox\'','\'Dylan Fox\'','XRV_7c495ce4b0c970148f1502a7db8c74b9',301993),('\'Ken Munro\'','\'Ken Munro\'','ASV_da0b444d3dff75d27eeb1f0967e394a1',301994),('\'Tim Chase\'','\'Tim Chase\'','ICSV_92d225615e36bf45a9704beee5bc63a9',301995),('\'Emma Stewart\'','\'Emma Stewart\'','PLV_cc974c418dd7ff35b8ec5ebc4c49dac1',301996),('\'Federico Lucifredi\'','\'Federico Lucifredi\'','DC_4b2c155065bd83f0ae1abbe320781960',301997),('\'Angelina Tsuboi\'','\'Angelina Tsuboi\'','ASV_d5b3d0da7acedef3a13155b39148902f',301998),('\'Matt Burrough\'','\'Matt Burrough\'','LPV_782fd0b855860c36294908367f446eef',301999),('\'Harriet Farlow\'','\'Harriet Farlow\'','PLV_ec29f8ca1803501f7aef8d531bdea9bf',302000),('\'AND!XOR \'','\'AND!XOR \'','MISC_cb1c448bd9405f53c7d68d1e539b2bcb',302001),('\'Kyle Murbach\'','\'Kyle Murbach\'','ASV_57b339313a250bb826bb384d10724f13',302002),('\'Abhinav Panda\'','\'Abhinav Panda\'','MISC_7a471b952ba5382a683976276f2140d8',302003),('\'Bradán Lane\'','\'Bradán Lane\'','MISC_7a471b952ba5382a683976276f2140d8',302004),('\'Hamster\'','\'Hamster\'','MISC_7a471b952ba5382a683976276f2140d8',302005),('\'Gunnar Andrews\'','\'Gunnar Andrews\'','BBV_2825d9808c9403b71da79306fcfe5a2f',302006),('\'James Utley\'','\'James Utley\'','BHV_5f46b0b51bc01f6a87c77d04e56a0874',302007),('\'Joshua HIll\'','\'Joshua HIll\'','BHV_5f46b0b51bc01f6a87c77d04e56a0874',302008),('\'Phil Rhodes\'','\'Phil Rhodes\'','BHV_5f46b0b51bc01f6a87c77d04e56a0874',302009),('\'Giacomo Longo\'','\'Giacomo Longo\'','ASV_c8492f3dc4a90db5fc2d5c873969ef72',302010),('\'Vincent Lenders\'','\'Vincent Lenders\'','ASV_c8492f3dc4a90db5fc2d5c873969ef72',302011),('\'Diego Jurado\'','\'Diego Jurado\'','BBV_329bea5cdb6c89174c77c1975011bdc3',302012),('\'Joel \"Niemand_Sec\" Noguera\'','\'Joel \"Niemand_Sec\" Noguera\'','BBV_329bea5cdb6c89174c77c1975011bdc3',302013),('\'Lucas Potter\'','\'Lucas Potter\'','BHV_1a61d7e31f0a1db65ecc2bd2094bc34f',302014),('\'Meow-Ludo Disco Gamma Meow-Meow \'','\'Meow-Ludo Disco Gamma Meow-Meow \'','BHV_1a61d7e31f0a1db65ecc2bd2094bc34f',302015),('\'Xavier Palmer\'','\'Xavier Palmer\'','BHV_1a61d7e31f0a1db65ecc2bd2094bc34f',302016),('\'Karen Ng\'','\'Karen Ng\'','PSV_fccae76523b1f02c6d1af49ef29a6098',302017),('\'Terry Luan\'','\'Terry Luan\'','PSV_fccae76523b1f02c6d1af49ef29a6098',302018),('\'Shishir Gupta\'','\'Shishir Gupta\'','ICSV_becf1ddd7d3d6b5d6462d9fbb4063373',302019),('\'Chloé Messdaghi\'','\'Chloé Messdaghi\'','BBV_7ecc47fe3206727caabfd190ff9228e5',302020),('\'Kasimir Schulz\'','\'Kasimir Schulz\'','BBV_7ecc47fe3206727caabfd190ff9228e5',302021),('\'Dennis Giese\'','\'Dennis Giese\'','ESV_7fcf3dfd0ccec03ca990a07845e1ccb3',302022),('\'Braelynn\'','\'Braelynn\'','ESV_7fcf3dfd0ccec03ca990a07845e1ccb3',302023),('\'Tim Clevenger\'','\'Tim Clevenger\'','PSV_7707eff4769b045a48cea73e02ac710f',302024),('\'Kevin Mitchell\'','\'Kevin Mitchell\'','CHV_c6bdb925e89e1893db51535323976c9d',302025),('\'Chad Shortman\'','\'Chad Shortman\'','PSV_d05d63a0ac236a676d623a9287207ca9',302026),('\'Adel Karimi\'','\'Adel Karimi\'','PHV_29c6b90b58d5fad96a9af2585d509b7b',302027),('\'Andrzej Olchawa\'','\'Andrzej Olchawa\'','ASV_47b377b609cf73771b05d64871ed7f5e',302028),('\'Varjitt Jeeva\'','\'Varjitt Jeeva\'','CHV_2d25f38468255fb25f2965134f376106',302029),('\'Bob Wall\'','\'Bob Wall\'','CPV_1cbfecc02b52555187bf4f22c0b68a5f',302030),('\'Patrick Walsh\'','\'Patrick Walsh\'','CPV_1cbfecc02b52555187bf4f22c0b68a5f',302031),('\'Ezz Tahoun\'','\'Ezz Tahoun\'','PHV_6a665e527be8880ba703dd915ccc28ba',302032),('\'Lynn Hamida\'','\'Lynn Hamida\'','PHV_6a665e527be8880ba703dd915ccc28ba',302033),('\'Randi Tinney\'','\'Randi Tinney\'','ASV_f80015a8a915d2011d2827348af054d1',302034),('\'Danilo Erazo\'','\'Danilo Erazo\'','CHV_bf027ed11552e6267e897749ca64c64e',302035),('\'Matt Gaffney\'','\'Matt Gaffney\'','ASV_35481460f90e915a290403aed38db3a6',302036),('\'Vladyslav Zubkov\'','\'Vladyslav Zubkov\'','CHV_3cf49294ace268accf38d6b4bc3290c4',302037),('\'Martin Strohmeier\'','\'Martin Strohmeier\'','CHV_3cf49294ace268accf38d6b4bc3290c4',302038),('\'Jeff Man\'','\'Jeff Man\'','CPV_9a14b025359beb0e8adb64bff0515cf3',302039),('\'ET\'','\'ET\'','CPV_0f064d0a1d3af191a0d6e5d07197c7de',302040),('\'Gastón Aznarez\'','\'Gastón Aznarez\'','DC_6be510064fb4fe3aac8abf236b837e19',302041),('\'Octavio Gianatiempo\'','\'Octavio Gianatiempo\'','DC_6be510064fb4fe3aac8abf236b837e19',302042),('\'Elonka Dunin\'','\'Elonka Dunin\'','CPV_0f5270b086f9a1baf2c6368b01de7fd0',302043),('\'Klaus Schmeh\'','\'Klaus Schmeh\'','CPV_0f5270b086f9a1baf2c6368b01de7fd0',302044),('\'Mark Foudy\'','\'Mark Foudy\'','ADV_65fb517a8b6e4b4aaece997329bc2522',302045),('\'Mike Weigand\'','\'Mike Weigand\'','PLV_751e7dce53fd977b07f29ea67685d2d9',302046),('\'Stuart Wagner\'','\'Stuart Wagner\'','PLV_751e7dce53fd977b07f29ea67685d2d9',302047),('\'Lukas McCullough\'','\'Lukas McCullough\'','PSV_90faeee2c78e2eb53570030a9f1e998d',302048),('\'Matt Thomassen\'','\'Matt Thomassen\'','ASV_f2c75e746e314ee017b659ab95679b7e',302049),('\'Sean McKeever\'','\'Sean McKeever\'','ASV_f2c75e746e314ee017b659ab95679b7e',302050),('\'Billy Graydon\'','\'Billy Graydon\'','PSV_345d6768db94cf43b9c58471bbe71820',302051),('\'Lucas Rooyakkers\'','\'Lucas Rooyakkers\'','PSV_345d6768db94cf43b9c58471bbe71820',302052),('\'Leo Tsaousis\'','\'Leo Tsaousis\'','ADV_c5ecf74bf4eb77448c616e577eff4438',302053),('\'Lacey Harbour\'','\'Lacey Harbour\'','BHV_4d59e91ca02e0ef44fee3c476c2aaa20',302054),('\'Andrew \"DigitalAndrew\" Bellini\'','\'Andrew \"DigitalAndrew\" Bellini\'','IOTV_73ab2d17ddc4ffaa62a0a8c30155d662',302055),('\'Catherine J. Ullman\'','\'Catherine J. Ullman\'','PHV_094b802bb80f697a55c4504b24e690c2',302056),('\'Lillian Ash Baker\'','\'Lillian Ash Baker\'','ASV_b33411b25af267997ef4379a8eb3845b',302057),('\'Ava Petersen\'','\'Ava Petersen\'','IOTV_e883a6ae53ce9f84f11bcb492cdc1672',302058),('\'Justin Mott\'','\'Justin Mott\'','IOTV_e883a6ae53ce9f84f11bcb492cdc1672',302059),('\'Anthony Hendricks\'','\'Anthony Hendricks\'','CPV_e98912c54a26cfadcb346f516d12a4a4',302060),('\'Adam Batori\'','\'Adam Batori\'','ASV_8ab5067747e0311dc34d0a2bae07300a',302061),('\'Robert Pafford\'','\'Robert Pafford\'','ASV_8ab5067747e0311dc34d0a2bae07300a',302062),('\'Justin \"Rhynorater\" Gardner\'','\'Justin \"Rhynorater\" Gardner\'','BBV_9cb765711a7c40957bc56f09c547415f',302063),('\'Inti De Ceukelaire\'','\'Inti De Ceukelaire\'','BBV_c375ffe935af2567c953d2ff7be18174',302064),('\'Jessica Sexton\'','\'Jessica Sexton\'','BBV_c375ffe935af2567c953d2ff7be18174',302065),('\'Ryan Rutan\'','\'Ryan Rutan\'','BBV_c375ffe935af2567c953d2ff7be18174',302066),('\'Lucas Philippe\'','\'Lucas Philippe\'','BBV_c375ffe935af2567c953d2ff7be18174',302067),('\'Michael \"codingo\" Skelton\'','\'Michael \"codingo\" Skelton\'','BBV_c375ffe935af2567c953d2ff7be18174',302068),('\'Roni \"Lupin\" Carta\'','\'Roni \"Lupin\" Carta\'','BBV_c375ffe935af2567c953d2ff7be18174',302069),('\'Martin Doyhenard\'','\'Martin Doyhenard\'','BBV_96fb144c203dc256aaeaba45f1b1235c',302070),('\'James \"albinowax\" Kettle\'','\'James \"albinowax\" Kettle\'','BBV_96fb144c203dc256aaeaba45f1b1235c',302071),('\'Gareth Heyes\'','\'Gareth Heyes\'','BBV_96fb144c203dc256aaeaba45f1b1235c',302072),('\'Emile Fugulin\'','\'Emile Fugulin\'','BBV_c6e2911013076a40704b825fb0976657',302073),('\'Ben \"NahamSec\" Sadeghipour\'','\'Ben \"NahamSec\" Sadeghipour\'','BBV_d0b6be1763e9276a7ef181db5c225f4d',302074),('\'Gonçalo Marques Raposo de Magalhães\'','\'Gonçalo Marques Raposo de Magalhães\'','BBV_6803a900182db3d9d885f57fcb98276a',302075),('\'Lucas Philippe\'','\'Lucas Philippe\'','BBV_16a7a10122953f349a4cae8f5bbfa758',302076),('\'Harrison Richardson\'','\'Harrison Richardson\'','BBV_fd397e1a6d666bc5d34eb4dfc7c41ad2',302077),('\'Rotem Bar\'','\'Rotem Bar\'','BBV_0bd806232886593d6ed248d77f21a64c',302078),('\'Jason Haddix\'','\'Jason Haddix\'','BBV_2c156377bd057309ef06c8eee088c6cd',302079),('\'Ben \"NahamSec\" Sadeghipour\'','\'Ben \"NahamSec\" Sadeghipour\'','BBV_37a579751a580fc6ae0bf9c10b9698af',302080),('\'Justin \"Rhynorater\" Gardner\'','\'Justin \"Rhynorater\" Gardner\'','BBV_5a45fd9236da74be8609c3c7d9e3640c',302081),('\'Dhiyaneshwaran Balasubramaniam\'','\'Dhiyaneshwaran Balasubramaniam\'','BBV_53ac7d63aa8a8d1dc510c898ea9f17fb',302082),('\'Prince Chaddha\'','\'Prince Chaddha\'','BBV_53ac7d63aa8a8d1dc510c898ea9f17fb',302083),('\'Tarun Koyalwar\'','\'Tarun Koyalwar\'','BBV_53ac7d63aa8a8d1dc510c898ea9f17fb',302084),('\'Ryan Barnett\'','\'Ryan Barnett\'','BBV_527a69b2bb80a37e500eab43075b9eb8',302085),('\'Isabella Barnett\'','\'Isabella Barnett\'','BBV_527a69b2bb80a37e500eab43075b9eb8',302086),('\'Sydney Johns\'','\'Sydney Johns\'','BICV_fbf37a9dcec1851095ab015a4bdb2584',302087),('\'Nikkia Henderson\'','\'Nikkia Henderson\'','BICV_fbf37a9dcec1851095ab015a4bdb2584',302088),('\'Manvell Lessane\'','\'Manvell Lessane\'','BICV_fbf37a9dcec1851095ab015a4bdb2584',302089),('\'Dr. William (Bill) Butler\'','\'Dr. William (Bill) Butler\'','BICV_fbf37a9dcec1851095ab015a4bdb2584',302090),('\'Dr. Juel Tillman\'','\'Dr. Juel Tillman\'','BICV_fbf37a9dcec1851095ab015a4bdb2584',302091),('\'Kenneth Ellington\'','\'Kenneth Ellington\'','BICV_a899b6ca22c5423a78a01754a0773dbd',302092),('\'Ike Marizu\'','\'Ike Marizu\'','BICV_cbaddb929781b89be612a60d87bb1aac',302093),('\'Michaela Barnett\'','\'Michaela Barnett\'','BICV_cf5d939645e520798bc95163c057739a',302094),('\'Marcus Hutchins\'','\'Marcus Hutchins\'','BICV_cf5d939645e520798bc95163c057739a',302095),('\'Kevin Parker\'','\'Kevin Parker\'','BICV_b52be7738ab16432e98a7bfcd21ca101',302096),('\'Dr. Fatou Sankare\'','\'Dr. Fatou Sankare\'','BICV_87e044a4f020eebdaa2bcab35854a300',302097),('\'Levone Campbell\'','\'Levone Campbell\'','BICV_c56ae807d17fe52d591a54dbdbddbccf',302098),('\'Eli McRae\'','\'Eli McRae\'','BICV_be9e8f47f59859bfbe69dbd5495a12ac',302099),('\'Kaleeque Pierce\'','\'Kaleeque Pierce\'','BICV_6c120eb967bc5acabfa99e61e8be5c07',302100),('\'Simone Stephen\'','\'Simone Stephen\'','BICV_eb04b84d7592d0d6d4a2140407944ce6',302101),('\'Nikkia Henderson\'','\'Nikkia Henderson\'','BICV_2cba245f54569ecef4b446f448f9f52e',302102),('\'R.J. McCarley\'','\'R.J. McCarley\'','BICV_9faa5f9eb445f7f0f2630042129fa757',302103),('\'Gaspard Baye\'','\'Gaspard Baye\'','BICV_36d026e80a2edff4b9409438ef3b5639',302104),('\'Nader Zaveri\'','\'Nader Zaveri\'','BICV_84665d788fd8fc54de0aa03acb191128',302105),('\'Fernando Tomlinson\'','\'Fernando Tomlinson\'','BICV_84665d788fd8fc54de0aa03acb191128',302106),('\'Jessica Hoffman\'','\'Jessica Hoffman\'','BICV_2364bad51b905148b80a97d117c7940e',302107),('\'Xavier D. Johnson\'','\'Xavier D. Johnson\'','BICV_6e901d515f462f41a5086b70166512ef',302108),('\'Ian G. Harris\'','\'Ian G. Harris\'','BICV_19318fd56b7f134d86fe7a7a8ea41e7c',302109),('\'Aquarious Workman\'','\'Aquarious Workman\'','BICV_70c42404a96ae7645b93b089cc25d8c6',302110),('\'Dr. Louis DeWeaver III\'','\'Dr. Louis DeWeaver III\'','BICV_217497c53e1ea504b7f414939da3dc31',302111),('\'Sydney Johns\'','\'Sydney Johns\'','BICV_3eeeba77920e6dadca8d24b6b8a341b4',302112),('\'Ayan Islam\'','\'Ayan Islam\'','BICV_0d8b18e08bde6893ff2aa1126287a9eb',302113),('\'Ben \"NahamSec\" Sadeghipour\'','\'Ben \"NahamSec\" Sadeghipour\'','RTV_1a5fce89e5614aaed57be01e8d2c79dd',302114),('\'YTCracker\'','\'YTCracker\'','RTV_1a5fce89e5614aaed57be01e8d2c79dd',302115),('\'Barrett \"pwneip\" Darnell\'','\'Barrett \"pwneip\" Darnell\'','RTV_1a5fce89e5614aaed57be01e8d2c79dd',302116),('\'Ryan M. \"0dayCTF\" Montgomery\'','\'Ryan M. \"0dayCTF\" Montgomery\'','RTV_1a5fce89e5614aaed57be01e8d2c79dd',302117),('\'Savannah \"lazzslayer\" Lazzara\'','\'Savannah \"lazzslayer\" Lazzara\'','RTV_1a5fce89e5614aaed57be01e8d2c79dd',302118),('\'Colbert Zhu\'','\'Colbert Zhu\'','RTV_e8a1a5fa4b30fd130a0506c7507e74aa',302119),('\'Tom Porter\'','\'Tom Porter\'','RTV_e8a1a5fa4b30fd130a0506c7507e74aa',302120),('\'Adwiteeya Agrawal\'','\'Adwiteeya Agrawal\'','RTV_ce2a69366628306af2426edb43bc2a7a',302121),('\'Ian Foster\'','\'Ian Foster\'','RTV_ce2a69366628306af2426edb43bc2a7a',302122),('\'Matt Pawloski\'','\'Matt Pawloski\'','RTV_8c4efecde7a04a07aec451b5bbca5b15',302123),('\'Chris Gates\'','\'Chris Gates\'','RTV_738d5b539b6956217372d59bac003cdd',302124),('\'int eighty (of Dual Core)\'','\'int eighty (of Dual Core)\'','RTV_738d5b539b6956217372d59bac003cdd',302125),('\'Moses Frost\'','\'Moses Frost\'','RTV_2bda85288cea5f180d2130936edb82e6',302126),('\'Fred Wilmot\'','\'Fred Wilmot\'','RTV_ce3e127c7057209c2dd9f53b8be09003',302127),('\'Sebastien Tricaud\'','\'Sebastien Tricaud\'','RTV_ce3e127c7057209c2dd9f53b8be09003',302128),('\'Travis Weathers\'','\'Travis Weathers\'','RTV_6e6abcab86504679ce05e35696b7adaa',302129),('\'Ralph May\'','\'Ralph May\'','RTV_6e6abcab86504679ce05e35696b7adaa',302130),('\'RTV Staff\'','\'RTV Staff\'','RTV_0b8fc4d92d1c94c7f6dc21f1a15f59ad',302131),('\'RTV Staff\'','\'RTV Staff\'','RTV_8ae8071dfd8cf351034e0a7805652d8a',302132),('\'RTV Staff\'','\'RTV Staff\'','RTV_d64e351af56226f8d07ec0587ad778a1',302133),('\'Omar Santos\'','\'Omar Santos\'','RTV_bf972fdc107a2d866b9187ce675456af',302134),('\'Graham Helton\'','\'Graham Helton\'','RTV_bf972fdc107a2d866b9187ce675456af',302135),('\'Kevin \"Kent\" Clark\'','\'Kevin \"Kent\" Clark\'','RTV_bf972fdc107a2d866b9187ce675456af',302136),('\'Nick Aleks\'','\'Nick Aleks\'','RTV_203b93ea5c0ddaee2c33cdbe2f662f0e',302137),('\'Mishaal Khan\'','\'Mishaal Khan\'','RTV_b194bd316116fce164ca86892a116dd0',302138),('\'Ryan O\'Donnell\'','\'Ryan O\'Donnell\'','RTV_5da59774430023f5e71d09170921817a',302139),('\'Andrew Johnson\'','\'Andrew Johnson\'','RTV_b03fe77aca032c346e55bef97a9d096f',302140),('\'Sam Cosentino\'','\'Sam Cosentino\'','RTV_f26da7f42177d045ac83a2fb57d227d2',302141),('\'Josh Huff\'','\'Josh Huff\'','RTV_43ddc95daccd6459e1dc553aef482c67',302142),('\'Robert Pimentel\'','\'Robert Pimentel\'','RTV_43ddc95daccd6459e1dc553aef482c67',302143),('\'Trey Bilbrey\'','\'Trey Bilbrey\'','RTV_f82fcc29443e491720737c95d70fa541',302144),('\'Gaspard Baye\'','\'Gaspard Baye\'','RTV_088aaad82ecfdaac39a5c19e0aa45efb',302145),('\'Roberto Soares\'','\'Roberto Soares\'','RTV_08b62b3ae872f53dfc33191b1d28f51e',302146),('\'Tomer Peled\'','\'Tomer Peled\'','RTV_dc1ca3430732324cb9af9eaa78e9268e',302147),('\'Thomas X Meng\'','\'Thomas X Meng\'','RTV_43b3a2b7eea271f2d1af19b680157e36',302148),('\'Emanuel Valente\'','\'Emanuel Valente\'','RTV_5a6f89bdca5141b0c5681fb8a4a53202',302149),('\'Agostino Panico\'','\'Agostino Panico\'','RTV_653adfd535704d31db6526a46534c8a1',302150),('\'Shawn Abelson\'','\'Shawn Abelson\'','RTV_df04014deb2163f36b5f743a6fee05db',302151),('\'Ana Aslanishvili\'','\'Ana Aslanishvili\'','RTV_df04014deb2163f36b5f743a6fee05db',302152),('\'Chirag Savla\'','\'Chirag Savla\'','RTV_f1e1f484849ee61a11b78819dc80f1ff',302153),('\'Raunak Parmar\'','\'Raunak Parmar\'','RTV_f1e1f484849ee61a11b78819dc80f1ff',302154),('\'Omar Santos\'','\'Omar Santos\'','RTV_e72f5a1a5700f25a18e54cba731d3db4',302155),('\'Dan McInerney\'','\'Dan McInerney\'','RTV_e72f5a1a5700f25a18e54cba731d3db4',302156),('\'Daniel Rohrer\'','\'Daniel Rohrer\'','RTV_e72f5a1a5700f25a18e54cba731d3db4',302157),('\'Jay White\'','\'Jay White\'','RTV_e72f5a1a5700f25a18e54cba731d3db4',302158),('\'Paul Vixie\'','\'Paul Vixie\'','RTV_e72f5a1a5700f25a18e54cba731d3db4',302159),('\'Sarah Novotny\'','\'Sarah Novotny\'','RTV_e72f5a1a5700f25a18e54cba731d3db4',302160),('\'Michael Donley\'','\'Michael Donley\'','RTV_88ea1862a445e173439721538f02f234',302161),('\'Moses Frost\'','\'Moses Frost\'','RTV_8b003c7ffbe3b557e585be8ef95e9e87',302162),('\'Lee McWhorter\'','\'Lee McWhorter\'','RTV_0ece4e70c0c516de8ed5caf14cb4e206',302163),('\'Sandra Stibbards\'','\'Sandra Stibbards\'','RTV_0ece4e70c0c516de8ed5caf14cb4e206',302164),('\'Jose Plascencia\'','\'Jose Plascencia\'','RTV_fe1421bf8cb46a652d6959e3af27a64d',302165),('\'Nick McClendon\'','\'Nick McClendon\'','RTV_db6828edc75a3a8046dad4eeb7ba8def',302166),('\'Ignacio Daniel Navarro\'','\'Ignacio Daniel Navarro\'','RTV_0982b1a7ab0bbcea68e63238165a1739',302167),('\'Ori David\'','\'Ori David\'','RTV_d4f3176ebc0dc1e63d3d3e354916b889',302168),('\'Garrett Foster\'','\'Garrett Foster\'','RTV_586079b672ba32ec2c79b0f50b7c6b50',302169),('\'Zachary Stein\'','\'Zachary Stein\'','RTV_586079b672ba32ec2c79b0f50b7c6b50',302170),('\'John Rodriguez\'','\'John Rodriguez\'','RTV_2a58fcfc880068683e3f34ae3e66332f',302171),('\'Ricardo L0gan\'','\'Ricardo L0gan\'','RTV_6777a3447b057ae34df99e4c218d9bb4',302172),('\'Filipi Pires\'','\'Filipi Pires\'','RTV_a72b47b305e19361ead6ffbdbccc68b8',302173),('\'Muhammad Mudassar Yamin\'','\'Muhammad Mudassar Yamin\'','RTV_39c75a5f9d34870ae38c0481f884b941',302174),('\'Kirk Trychel\'','\'Kirk Trychel\'','RTV_bb99fe10837110bdbb836c1cf41f8a3e',302175),('\'Lenin Alevski\'','\'Lenin Alevski\'','RTV_6b443fc3a10a40d6851a67c345d3ff8c',302176),('\'Jeff Foley\'','\'Jeff Foley\'','RTV_6dbf637bca226e21fe144c785d290837',302177),('\'Eric Clay\'','\'Eric Clay\'','RTV_bc4da5ee2630cd8c0f3e1bbc24077d48',302178),('\'Nick Ascoli\'','\'Nick Ascoli\'','RTV_bc4da5ee2630cd8c0f3e1bbc24077d48',302179),('\'Omar Santos\'','\'Omar Santos\'','RTV_9a32a935c817060939a9aa3385aa8c91',302180),('\'David \"Icer\" Maynor\'','\'David \"Icer\" Maynor\'','RTV_c59f693d5156c965c106b603d0b58575',302181),('\'Blake Hudson\'','\'Blake Hudson\'','RTV_572fb679e367f3c9b285b0f0a09b1c69',302182),('\'Francisco Canteli\'','\'Francisco Canteli\'','RTV_3337d332f997e6d17d2c0a14c07139bf',302183),('\'Sim Cher Boon\'','\'Sim Cher Boon\'','RTV_e38abe6bcae7b720694c1e3d70744fa5',302184),('\'Alex Gonzalez\'','\'Alex Gonzalez\'','RTV_1f724ffb06e7b92076406941c72b892b',302185),('\'Bobby R\'','\'Bobby R\'','RTV_1f724ffb06e7b92076406941c72b892b',302186),('\'Ilkin Javadov\'','\'Ilkin Javadov\'','RTV_92c8996a62bfeb62d462596fa9ab553f',302187),('\'Aravind Prakash\'','\'Aravind Prakash\'','RTV_f0309299ac5abc1b5a52e4456bf8a299',302188),('\'Arun Nair\'','\'Arun Nair\'','RTV_f0309299ac5abc1b5a52e4456bf8a299',302189),('\'Shebin Mathew\'','\'Shebin Mathew\'','RTV_f0309299ac5abc1b5a52e4456bf8a299',302190),('\'Erik Hunstad\'','\'Erik Hunstad\'','RTV_7f619e3efdf47c5a11629cbad9e9b358',302191),('\'Alberto Rodriguez\'','\'Alberto Rodriguez\'','RTV_7f619e3efdf47c5a11629cbad9e9b358',302192),('\'Özgün Kültekin\'','\'Özgün Kültekin\'','RTV_3e41dd5307891b78a503f40a8089c0f2',302193),('\'Ronald Gonzalez\'','\'Ronald Gonzalez\'','RTV_3c985e4d92af328db7cc4b284e107897',302194),('\'Nitin Natarajan\'','\'Nitin Natarajan\'','BHV_8f136228bad95773b5d73b3c500d18e9',302195),('\'Christian Dameff\'','\'Christian Dameff\'','BHV_8f136228bad95773b5d73b3c500d18e9',302196),('\'Andrew Carney\'','\'Andrew Carney\'','BHV_8f136228bad95773b5d73b3c500d18e9',302197),('\'Matt Hazelett\'','\'Matt Hazelett\'','BHV_8f136228bad95773b5d73b3c500d18e9',302198),('\'Erika Cheung\'','\'Erika Cheung\'','BHV_8f136228bad95773b5d73b3c500d18e9',302199),('\'PatAttack\'','\'PatAttack\'','SOC_ca5d32702a2e1c5c05971d22b79e296b',302200),('\'Grind613\'','\'Grind613\'','SOC_ca5d32702a2e1c5c05971d22b79e296b',302201),('\'DotOrNot\'','\'DotOrNot\'','SOC_ca5d32702a2e1c5c05971d22b79e296b',302202),('\'DJ Vulp\'','\'DJ Vulp\'','SOC_ca5d32702a2e1c5c05971d22b79e296b',302203),('\'Daemon Chadeau\'','\'Daemon Chadeau\'','SOC_ca5d32702a2e1c5c05971d22b79e296b',302204),('\'CTRL / rsm\'','\'CTRL / rsm\'','SOC_ca5d32702a2e1c5c05971d22b79e296b',302205),('\'ZEE\'','\'ZEE\'','SOC_a3e543a28497ee019597e96da79656d2',302206),('\'YTCracker\'','\'YTCracker\'','SOC_a3e543a28497ee019597e96da79656d2',302207),('\'TRIODE\'','\'TRIODE\'','SOC_a3e543a28497ee019597e96da79656d2',302208),('\'Ohm-I & The NPC Collective\'','\'Ohm-I & The NPC Collective\'','SOC_a3e543a28497ee019597e96da79656d2',302209),('\'MC Frontalot\'','\'MC Frontalot\'','SOC_a3e543a28497ee019597e96da79656d2',302210),('\'Icetre Normal\'','\'Icetre Normal\'','SOC_a3e543a28497ee019597e96da79656d2',302211),('\'Dual Core\'','\'Dual Core\'','SOC_a3e543a28497ee019597e96da79656d2',302212),('\'Costume Contest\'','\'Costume Contest\'','SOC_a3e543a28497ee019597e96da79656d2',302213),('\'Skittish and Bus\'','\'Skittish and Bus\'','SOC_4f7ca6974b3b93972882a2d4ccd70aca',302214),('\'O\'Craven Celtic Pirate Band\'','\'O\'Craven Celtic Pirate Band\'','SOC_4f7ca6974b3b93972882a2d4ccd70aca',302215),('\'Ninjula\'','\'Ninjula\'','SOC_4f7ca6974b3b93972882a2d4ccd70aca',302216),('\'Miss Jackalope\'','\'Miss Jackalope\'','SOC_4f7ca6974b3b93972882a2d4ccd70aca',302217),('\'Grindhaus Selektor\'','\'Grindhaus Selektor\'','SOC_4f7ca6974b3b93972882a2d4ccd70aca',302218),('\'DJ Scythe\'','\'DJ Scythe\'','SOC_4f7ca6974b3b93972882a2d4ccd70aca',302219),('\'Costume Contest\'','\'Costume Contest\'','SOC_4f7ca6974b3b93972882a2d4ccd70aca',302220),('\'Wesley McGrew\'','\'Wesley McGrew\'','SOC_a79ef2c57a78c234a3d377978bed1fd5',302221),('\'Syntax (DJ) + Luna (VJ)\'','\'Syntax (DJ) + Luna (VJ)\'','SOC_a79ef2c57a78c234a3d377978bed1fd5',302222),('\'N8\'','\'N8\'','SOC_a79ef2c57a78c234a3d377978bed1fd5',302223),('\'mattrix\'','\'mattrix\'','SOC_a79ef2c57a78c234a3d377978bed1fd5',302224),('\'Magik Plan\'','\'Magik Plan\'','SOC_a79ef2c57a78c234a3d377978bed1fd5',302225),('\'Kampf\'','\'Kampf\'','SOC_a79ef2c57a78c234a3d377978bed1fd5',302226),('\'Scotch & Bubbles\'','\'Scotch & Bubbles\'','SOC_1bfc2dbf0f915c97ac7893276350e791',302227),('\'PankleDank\'','\'PankleDank\'','SOC_1bfc2dbf0f915c97ac7893276350e791',302228),('\'DJ St3rling\'','\'DJ St3rling\'','SOC_1bfc2dbf0f915c97ac7893276350e791',302229),('\'DJ Habbs\'','\'DJ Habbs\'','SOC_1bfc2dbf0f915c97ac7893276350e791',302230),('\'Call the Cops\'','\'Call the Cops\'','SOC_1bfc2dbf0f915c97ac7893276350e791',302231),('\'Archwisp\'','\'Archwisp\'','SOC_1bfc2dbf0f915c97ac7893276350e791',302232),('\'Talk Sinn\'','\'Talk Sinn\'','SOC_f9888c65566cfdcf46deafc6bd24e252',302233),('\'Stitcharoo\'','\'Stitcharoo\'','SOC_f9888c65566cfdcf46deafc6bd24e252',302234),('\'Relay\'','\'Relay\'','SOC_f9888c65566cfdcf46deafc6bd24e252',302235),('\'deaddoll\'','\'deaddoll\'','SOC_f9888c65566cfdcf46deafc6bd24e252',302236),('\'CaptHz\'','\'CaptHz\'','SOC_f9888c65566cfdcf46deafc6bd24e252',302237),('\'Acid-T\'','\'Acid-T\'','SOC_f9888c65566cfdcf46deafc6bd24e252',302238),('\'Harley Geiger\'','\'Harley Geiger\'','PLV_c31102e6d4e4cf55c130e22188933a74',302239),('\'Adam Dobell\'','\'Adam Dobell\'','PLV_c31102e6d4e4cf55c130e22188933a74',302240),('\'Cassie Crossley\'','\'Cassie Crossley\'','PLV_c31102e6d4e4cf55c130e22188933a74',302241),('\'Dr. Kosuke Onishi\'','\'Dr. Kosuke Onishi\'','PLV_5403fb174febc2aabd9ca9bf4074c995',302242),('\'Nasreen Djouini\'','\'Nasreen Djouini\'','PLV_94d21d94760c2e65056f6223cfc98556',302243),('\'Jordan Kasper\'','\'Jordan Kasper\'','PLV_94d21d94760c2e65056f6223cfc98556',302244),('\'Aeva Black\'','\'Aeva Black\'','PLV_94d21d94760c2e65056f6223cfc98556',302245),('\'Nicole Tisdale\'','\'Nicole Tisdale\'','PLV_64cf6d26f9a088d3ebe9e0fc21f8ac51',302246),('\'Kemba Walden\'','\'Kemba Walden\'','PLV_64cf6d26f9a088d3ebe9e0fc21f8ac51',302247),('\'Jacob H Braun\'','\'Jacob H Braun\'','PLV_64cf6d26f9a088d3ebe9e0fc21f8ac51',302248),('\'Elizabeth Eigner\'','\'Elizabeth Eigner\'','PLV_64cf6d26f9a088d3ebe9e0fc21f8ac51',302249),('\'William Loomis\'','\'William Loomis\'','PLV_bc1f93b58020a4822724a4955cf1a113',302250),('\'Michael Garcia\'','\'Michael Garcia\'','PLV_bc1f93b58020a4822724a4955cf1a113',302251),('\'Wan Ding Yao\'','\'Wan Ding Yao\'','PLV_2f8cfd584446d884bbaf10ff9f6712f3',302252),('\'Christine Lai\'','\'Christine Lai\'','PLV_2f8cfd584446d884bbaf10ff9f6712f3',302253),('\'Anjuli Shere\'','\'Anjuli Shere\'','PLV_2f8cfd584446d884bbaf10ff9f6712f3',302254),('\'Wouter Veenstra\'','\'Wouter Veenstra\'','PLV_faf966ff7295a5db176673abf647f13f',302255),('\'Randy Pestana\'','\'Randy Pestana\'','PLV_faf966ff7295a5db176673abf647f13f',302256),('\'Kerry-Ann Barrett\'','\'Kerry-Ann Barrett\'','PLV_faf966ff7295a5db176673abf647f13f',302257),('\'Brett DeWitt\'','\'Brett DeWitt\'','PLV_faf966ff7295a5db176673abf647f13f',302258),('\'UK Repersentative 2\'','\'UK Repersentative 2\'','PLV_787b6ba5b9a600e716ce6daef1b80839',302259),('\'Senior Representative from UK NCSC\'','\'Senior Representative from UK NCSC\'','PLV_787b6ba5b9a600e716ce6daef1b80839',302260),('\'Océane Thieriot\'','\'Océane Thieriot\'','PLV_787b6ba5b9a600e716ce6daef1b80839',302261),('\'Claudi d’Antoine\'','\'Claudi d’Antoine\'','PLV_787b6ba5b9a600e716ce6daef1b80839',302262),('\'Bill Marczak\'','\'Bill Marczak\'','PLV_787b6ba5b9a600e716ce6daef1b80839',302263),('\'Daniel Cuthbert\'','\'Daniel Cuthbert\'','PLV_787b6ba5b9a600e716ce6daef1b80839',302264),('\'Mike Holcomb\'','\'Mike Holcomb\'','ICSV_a9140e7bd94439673730ab630d2b6832',302265),('\'Ray Baeza\'','\'Ray Baeza\'','ICSV_40e1b1fe26d96531ab160b6ce40ad2b1',302266),('\'Dan Gunter\'','\'Dan Gunter\'','ICSV_066a2ef7d070520c82d8366572362d17',302267),('\'Andrew Tierney\'','\'Andrew Tierney\'','ICSV_c626fe8f8284c9a69b01c0efff6ce98a',302268),('\'Luca \"CYBERANTANI\" Bongiorni\'','\'Luca \"CYBERANTANI\" Bongiorni\'','ICSV_e0097e7d31f1c0cb6cffa3fae55c68d5',302269),('\'Aaron Crow\'','\'Aaron Crow\'','ICSV_b9e96b09896a34bf20809dab3744d25e',302270),('\'Asher Davila\'','\'Asher Davila\'','ICSV_5c13ef7bf1d45122ce6774e04583dabd',302271),('\'Jonathan Reiter\'','\'Jonathan Reiter\'','ICSV_8d52ab2c1f9af095d44c7fecbc9bb1e9',302272),('\'Adam Robbie\'','\'Adam Robbie\'','ICSV_b2399d5f895c23483f484c54752c045e',302273),('\'Bradley Nash\'','\'Bradley Nash\'','ICSV_b2399d5f895c23483f484c54752c045e',302274),('\'Ezz Tahoun\'','\'Ezz Tahoun\'','ICSV_169e542499b6280b8ce722693c7cf03e',302275),('\'Ray Baeza\'','\'Ray Baeza\'','ICSV_a5f58182d55d9998cda4edb7c1f387b0',302276),('\'Shane McFly\'','\'Shane McFly\'','ICSV_e93e144bf835afa04384d7e76da769f7',302277),('\'Brian Howard\'','\'Brian Howard\'','ICSV_e93e144bf835afa04384d7e76da769f7',302278),('\'Philip Acosta\'','\'Philip Acosta\'','ICSV_65f9a3546d191166caa9ba8d07b7e832',302279),('\'Cliff Neve\'','\'Cliff Neve\'','ICSV_65f9a3546d191166caa9ba8d07b7e832',302280),('\'Brad Proctor\'','\'Brad Proctor\'','ICSV_65f9a3546d191166caa9ba8d07b7e832',302281),('\'Nick Halt\'','\'Nick Halt\'','ICSV_0639b6c8f759dfbfb45012550a5a1882',302282),('\'Duncan Woodbury\'','\'Duncan Woodbury\'','ICSV_0639b6c8f759dfbfb45012550a5a1882',302283),('\'Kyle McMillan\'','\'Kyle McMillan\'','ICSV_3719b74069c18a5d23c5a0db339f471e',302284),('\'Jennifer Guerra\'','\'Jennifer Guerra\'','ICSV_03e0199bbb444174e973bbb66d8f6b51',302285),('\'Rebecca J. Rohan\'','\'Rebecca J. Rohan\'','ICSV_7e426c0aeebea331b5924eb2b10e8da5',302286),('\'Sting\'','\'Sting\'','ICSV_5094e5bb3f3923b14ce2c079d9f668a6',302287),('\'Mike Holcomb\'','\'Mike Holcomb\'','ICSV_390803c5e5f25fde4be055fe4a78a542',302288),('\'Ron Fabela\'','\'Ron Fabela\'','ICSV_9c3a7531b3c7ada45fa93e8216d7f343',302289),('\'Dillon Lee\'','\'Dillon Lee\'','ICSV_2ba37cb720884ef6aa8a29104714d5c6',302290),('\'Kirsten Renner\'','\'Kirsten Renner\'','ICSV_5cb70706021bb7163b1b06dbbe829ce6',302291),('\'Kevin Manna\'','\'Kevin Manna\'','ICSV_fefeeb3933e92b4d760f3cc5f71cd52d',302292),('\'Alex Kelly\'','\'Alex Kelly\'','ESV_844a1fcd60d186315bad39f5ea3f2e88',302293),('\'Alex Kelly\'','\'Alex Kelly\'','ESV_63040f4561153f946717334c861e1cd9',302294),('\'Alex Kelly\'','\'Alex Kelly\'','ESV_935b936f8578f1e15db0c1ed82c1192f',302295),('\'Andrew Morris\'','\'Andrew Morris\'','DL_2b7f03d64943a074b77007f4fe2023d3',302296),('\'Ham Radio Village Staff\'','\'Ham Radio Village Staff\'','CON_0bb87e9b4c1b24378598331dc8f67911',302297),('\'Ham Radio Village Staff\'','\'Ham Radio Village Staff\'','CON_3c2bc7fcd9c6997710b2ef37cd4f5cd0',302298),('\'Ham Radio Village Staff\'','\'Ham Radio Village Staff\'','CON_17cea17bf26f147160856e99cab31111',302299),('\'Dan \"dan_kb6nu\" Romanchik\'','\'Dan \"dan_kb6nu\" Romanchik\'','HRV_703743369285dcebcdcea89c4d57eac0',302300),('\'Hamster\'','\'Hamster\'','HRV_a4b2faa5a7c21bbfbee68b086c98b8ce',302301),('\'Jon Marler\'','\'Jon Marler\'','HRV_67716da4bff7ced29144dfc27de88b9b',302302),('\'Dan \"dan_kb6nu\" Romanchik\'','\'Dan \"dan_kb6nu\" Romanchik\'','HRV_ac62aad01597c4116827182ef59fca79',302303),('\'Kamikazi\'','\'Kamikazi\'','HRV_b0cde5f294ed6c87290a7f3bbf0fd24e',302304),('\'Seth\'','\'Seth\'','HRV_fdea195dc607f95c52ce359508ca07c4',302305),('\'Danny Quist\'','\'Danny Quist\'','HRV_aa4b1ea3b1ae5d96691ed6866e5c5acc',302306),('\'Jeremy\'','\'Jeremy\'','HRV_9dab90f9e39d23e9b28368cc27a488a1',302307),('\'Jeremy\'','\'Jeremy\'','HRV_76bee41d9b0c88773ee948818d4176a0',302308),('\'RF Hackers\'','\'RF Hackers\'','RFV_ec72a9157ffa5de6d1a5b3d021528fcc',302309),('\'bkobe\'','\'bkobe\'','RFV_e2aada102a835e9add1cc818009c58a0',302310),('\'Lozaning\'','\'Lozaning\'','RFV_959581a889e20a130a7d2767b4002667',302311),('\'Tiernan \"nvx\" Messmer\'','\'Tiernan \"nvx\" Messmer\'','RFV_ba74cd4605fabbf9837ac5f3ec45c482',302312),('\'C$\'','\'C$\'','RFV_061d3a43d46b4970a3dfc14e044ce780',302313),('\'Endeavors\'','\'Endeavors\'','RFV_061d3a43d46b4970a3dfc14e044ce780',302314),('\'r1otctrl\'','\'r1otctrl\'','RFV_c9dcf44fbb120b8f31eb3fe62914d176',302315),('\'Ronald Broberg\'','\'Ronald Broberg\'','RFV_8741abf528ef35cc1e650f6c9b3b8563',302316),('\'Robert Van Etta\'','\'Robert Van Etta\'','RFV_8741abf528ef35cc1e650f6c9b3b8563',302317),('\'m1ddl3w4r3\'','\'m1ddl3w4r3\'','RFV_0a02d385fa752b196bccbb41589a5a9f',302318),('\'RF Hackers\'','\'RF Hackers\'','RFV_d0f7c3fac88706c67224056ddd9b88e7',302319),('\'evildaemond (Adam Foster)\'','\'evildaemond (Adam Foster)\'','RFV_a62a567fbbfec2904e44ff6f04fd6ba9',302320),('\'Luigi Cruz\'','\'Luigi Cruz\'','RFV_8af6819bee49196d0367194fd04e9e7f',302321),('\'Chris Poore\'','\'Chris Poore\'','RFV_56829a9160b8ba04d62a111a8d37de6f',302322),('\'Kent Britain\'','\'Kent Britain\'','RFV_c48085f459bacd4a0162a0b3997af238',302323),('\'Abraxas3d\'','\'Abraxas3d\'','RFV_bc87281c1420f6e1e5d619836a94853b',302324),('\'Mikey Awbrey\'','\'Mikey Awbrey\'','RFV_8bd4f791cbbe74a3ca1b3d6156d56852',302325),('\'RF Hackers\'','\'RF Hackers\'','RFV_c06ec8ceecb8eca17e70bc311cf2ae0f',302326),('\'WiGLE Staff\'','\'WiGLE Staff\'','RFV_c06ec8ceecb8eca17e70bc311cf2ae0f',302327),('\'Sean Metcalf\'','\'Sean Metcalf\'','CLV_ee41de7c65debf75d9870aea60e09cd7',302328),('\'Christophe Tafani-Dereeper\'','\'Christophe Tafani-Dereeper\'','CLV_38d7a12c86cfd563ef5da0bc269e3c1b',302329),('\'Felipe Pr0teus\'','\'Felipe Pr0teus\'','CLV_c71ebfc555adb2212c74b9222a3b4e96',302330),('\'Lucas Cioffi\'','\'Lucas Cioffi\'','CLV_c71ebfc555adb2212c74b9222a3b4e96',302331),('\'Hubert Lin\'','\'Hubert Lin\'','CLV_d9be90eabb15aed7dbe296e7ac786ecf',302332),('\'Harsha Koushik\'','\'Harsha Koushik\'','CLV_392591cf6810a03a41edb9cc64d8d45b',302333),('\'Anand Tiwari\'','\'Anand Tiwari\'','CLV_392591cf6810a03a41edb9cc64d8d45b',302334),('\'Zander Mackie\'','\'Zander Mackie\'','CLV_38700948c06b95c807cf6a908c35073a',302335),('\'Wooseok Kim\'','\'Wooseok Kim\'','CLV_ef9f1d763db217fba551e0481f43ce41',302336),('\'Changhyun Park\'','\'Changhyun Park\'','CLV_ef9f1d763db217fba551e0481f43ce41',302337),('\'Eric Woodruff\'','\'Eric Woodruff\'','CLV_f64932360cff88c244d8f4df5917b830',302338),('\'Mike Ruth\'','\'Mike Ruth\'','CLV_aa1476a16ffa5b50533fa0aebdfbcf99',302339),('\'Victor Pasknel\'','\'Victor Pasknel\'','CLV_511f5e7f3c5d9c82c5a0951b00d2e5b1',302340),('\'Mohammed Ilyas Ahmed\'','\'Mohammed Ilyas Ahmed\'','CLV_b70cea6f45dc6c311b3bbefee3a9b4fa',302341),('\'Syed Aamiruddin\'','\'Syed Aamiruddin\'','CLV_b70cea6f45dc6c311b3bbefee3a9b4fa',302342),('\'Scott Weston\'','\'Scott Weston\'','CLV_cbaf80fa5bffb6393804bc02329ec252',302343),('\'Alex Foley\'','\'Alex Foley\'','CLV_e3101c3eb274bc707197a4ab888a032f',302344),('\'Rupali\'','\'Rupali\'','CLV_e3101c3eb274bc707197a4ab888a032f',302345),('\'Karl Fosaaen\'','\'Karl Fosaaen\'','CLV_ab4bb991712bba0875e700410709f49d',302346),('\'Liv Matan\'','\'Liv Matan\'','CLV_65a0a09ae553a4baef8ccf2c9cb0310c',302347),('\'Brandon Colley\'','\'Brandon Colley\'','CLV_710bf02cee7b21c92475ca476ca32aea',302348),('\'Filipi Pires\'','\'Filipi Pires\'','CLV_c4017ddd65a29a538f92ca36d0c7940f',302349),('\'Sam \"Frenchie\" Stewart\'','\'Sam \"Frenchie\" Stewart\'','CLV_0e69cf7894191a0ac1ff8d1f4aaffcc4',302350),('\'Ezz Tahoun\'','\'Ezz Tahoun\'','CLV_289363ba676a870a844ada69482bed04',302351),('\'Seth Art\'','\'Seth Art\'','CLV_4ef05b2981d8a8d2e83d834be58e2fb8',302352),('\'Jenko Hwong\'','\'Jenko Hwong\'','CLV_6f6525da71c874abcd3a338cb05de1d7',302353),('\'Nick Frichette\'','\'Nick Frichette\'','CLV_eb40e446b5c440b89719bf2032fd8d7e',302354),('\'Viktor Gazdag\'','\'Viktor Gazdag\'','CLV_2162f24a97c61902495904f4401a397c',302355),('\'Roberto Rodriguez\'','\'Roberto Rodriguez\'','CLV_863e603f1d0a829e1cef83ab99422f00',302356),('\'William Taylor\'','\'William Taylor\'','CLV_3aa2c43c4784023bc777ed57cbcdfa39',302357),('\'Jared Dygert\'','\'Jared Dygert\'','LPV_03a0982a4108106614a954b1cb9e5a75',302358),('\'Shina Liu\'','\'Shina Liu\'','TCV_1cc3921e8ef2f597f6dd997321d9db42',302359),('\'Niklas Lindroos\'','\'Niklas Lindroos\'','TCV_1cc3921e8ef2f597f6dd997321d9db42',302360),('\'Ezz Tahoun\'','\'Ezz Tahoun\'','TCV_1cc3921e8ef2f597f6dd997321d9db42',302361),('\'Akib Sayyed\'','\'Akib Sayyed\'','TCV_1cc3921e8ef2f597f6dd997321d9db42',302362),('\'Akib Sayyed\'','\'Akib Sayyed\'','TCV_d9431d6f7a58231f5f590018e376dad9',302363),('\'Nadeem Bagwan\'','\'Nadeem Bagwan\'','TCV_964c5ace2e4324b3301ad2a50a720c21',302364),('\'Zibran Sayyed\'','\'Zibran Sayyed\'','TCV_91986fb3c8d8254f75382e62b494eb0c',302365),('\'Akib Sayyed\'','\'Akib Sayyed\'','TCV_5ae0e789294c608d7088b542052826fb',302366),('\'Vinod Shrimali\'','\'Vinod Shrimali\'','TCV_ae5f12b054311c9f9315852a32abc173',302367),('\'Yurii Zadoianchuk\'','\'Yurii Zadoianchuk\'','PYV_4795b1510d65f74aa23d0c649250e7f3',302368),('\'Stephan Viljoen\'','\'Stephan Viljoen\'','PYV_4795b1510d65f74aa23d0c649250e7f3',302369),('\'Sebastiaan Pierrot\'','\'Sebastiaan Pierrot\'','PYV_4795b1510d65f74aa23d0c649250e7f3',302370),('\'Adrian Garcia\'','\'Adrian Garcia\'','PYV_b628d5332f099745db1ec07c03d1fada',302371),('\'Leigh-Anne Galloway\'','\'Leigh-Anne Galloway\'','PYV_e56c583f172971356ee77bced694c201',302372),('\'Leigh-Anne Galloway\'','\'Leigh-Anne Galloway\'','PYV_7085317fd1d9cf76a6e38217c809b1ac',302373),('\'Leigh-Anne Galloway\'','\'Leigh-Anne Galloway\'','PYV_e72b71a026bd398a0c2058661057e5ca',302374),('\'Leigh-Anne Galloway\'','\'Leigh-Anne Galloway\'','PYV_86192046f544431132f4d4e80ab4b70e',302375),('\'Leigh-Anne Galloway\'','\'Leigh-Anne Galloway\'','PYV_84199c08a830ebd84c13c593796669d1',302376),('\'Vincent Sloan\'','\'Vincent Sloan\'','PYV_01905a3182b92899cb4bb800ac36feec',302377),('\'Karthik Tadinada\'','\'Karthik Tadinada\'','PYV_c13b08ecc9e5cee2fe58050c3a50e03d',302378),('\'Suzanne Borders\'','\'Suzanne Borders\'','XRV_51ac365c6c83c1b828cd1697c2176c81',302379),('\'Jad Meouchy\'','\'Jad Meouchy\'','XRV_51ac365c6c83c1b828cd1697c2176c81',302380),('\'The Glad Scientist\'','\'The Glad Scientist\'','XRV_7f8c79ec461cf974dd75dd3d716f44ef',302381),('\'Stryker\'','\'Stryker\'','XRV_83f06d7ac11e604f10dc384eefbc7f9b',302382),('\'Zaire Moore\'','\'Zaire Moore\'','XRV_c856a9e10b3ebe96386da9cc7ca7630f',302383),('\'Jacob H Braun\'','\'Jacob H Braun\'','DC_aa64cba30431cbb8b9419f5919cd5333',302384),('\'Jayson E. Street\'','\'Jayson E. Street\'','DCGVR_682a170d91bbcd5c84c0c717140e53ea',302385),('\'Jayson E. Street\'','\'Jayson E. Street\'','DCGVR_81b3cbdbcc3ed2329e2e00455774d8ba',302386),('\'Amal Joy\'','\'Amal Joy\'','DCGVR_a04123a6fd78d4ffd3d9ea3cd9a8950e',302387),('\'Abhishek S\'','\'Abhishek S\'','DCGVR_a04123a6fd78d4ffd3d9ea3cd9a8950e',302388),('\'ᗩᒪETᕼE\'','\'ᗩᒪETᕼE\'','DCGVR_537288fd517434ab5976aec3fe6801db',302389),('\'xray\'','\'xray\'','DCGVR_537288fd517434ab5976aec3fe6801db',302390),('\'TX\'','\'TX\'','DCGVR_537288fd517434ab5976aec3fe6801db',302391),('\'overcast\'','\'overcast\'','DCGVR_537288fd517434ab5976aec3fe6801db',302392),('\'Abhishek S\'','\'Abhishek S\'','DCGVR_537288fd517434ab5976aec3fe6801db',302393),('\'Jonathan \"JBO\" Bar Or\'','\'Jonathan \"JBO\" Bar Or\'','DCGVR_0384371e2142ebd05a46acc0d379cdce',302394),('\'Allen Baranov\'','\'Allen Baranov\'','DCGVR_57b390a87f68a27173551b2d1120a7fb',302395),('\'Manfred\'','\'Manfred\'','DCGVR_09f3d956a39be123ca32cb2f0307dc1a',302396),('\'Xavier \"rubix1138\" Ashe\'','\'Xavier \"rubix1138\" Ashe\'','DCGVR_32282dc82bbf5511b20cd6a68af7f0ca',302397),('\'Neumann \"scsideath\" Lim\'','\'Neumann \"scsideath\" Lim\'','DCGVR_303d9e361591637078bc2f58d8705a17',302398),('\'Giglio\'','\'Giglio\'','DCGVR_038a0798eb1c36822622a3303791e827',302399),('\'Squiddy\'','\'Squiddy\'','DCGVR_23d844c1baae1eb4dee42f7a1da58759',302400),('\'Just Tulpa\'','\'Just Tulpa\'','DCGVR_45388915dddafb08b9cfd3fdd886798f',302401),('\'hoodiePony\'','\'hoodiePony\'','DCGVR_df9facdf73b3e31b7012ffe147065b12',302402),('\'Chloé Messdaghi\'','\'Chloé Messdaghi\'','APV_3de3abd9f3a15af86851d2a7a0196458',302403),('\'Kasimir Schulz\'','\'Kasimir Schulz\'','APV_3de3abd9f3a15af86851d2a7a0196458',302404),('\'Andra\'','\'Andra\'','APV_1d61a3b79aa7664754170cba237bd145',302405),('\'Javan Rasokat\'','\'Javan Rasokat\'','APV_1d61a3b79aa7664754170cba237bd145',302406),('\'punkcoder\'','\'punkcoder\'','APV_44de7fd12859117d876928286f543122',302407),('\'Jay Chen\'','\'Jay Chen\'','APV_8aeaf4bb38bbb0979eec0f82a5bd2cf7',302408),('\'Ravid Mazon\'','\'Ravid Mazon\'','APV_8aeaf4bb38bbb0979eec0f82a5bd2cf7',302409),('\'AreTillery\'','\'AreTillery\'','APV_d4644ca0ccba0e7062dc321b20575756',302410),('\'Gaurav Joshi\'','\'Gaurav Joshi\'','APV_f04a5babe510ddd96cb868eb4d8c91a2',302411),('\'HK\'','\'HK\'','APV_f04a5babe510ddd96cb868eb4d8c91a2',302412),('\'kvprashant\'','\'kvprashant\'','APV_f04a5babe510ddd96cb868eb4d8c91a2',302413),('\'Vikas Khanna\'','\'Vikas Khanna\'','APV_249221aa9d4837dea3f3e6830fbc9ba7',302414),('\'SheHacksPurple\'','\'SheHacksPurple\'','APV_27d1ed52d9925645232c1bbead165380',302415),('\'Kunal Bhattacharya\'','\'Kunal Bhattacharya\'','APV_29fa294e9afcb8e0b69d9e5ec2767410',302416),('\'Sara Attarzadeh\'','\'Sara Attarzadeh\'','APV_29fa294e9afcb8e0b69d9e5ec2767410',302417),('\'Shahar Man\'','\'Shahar Man\'','APV_29fa294e9afcb8e0b69d9e5ec2767410',302418),('\'Trupti Shiralkar\'','\'Trupti Shiralkar\'','APV_29fa294e9afcb8e0b69d9e5ec2767410',302419),('\'Jasper Insinger\'','\'Jasper Insinger\'','APV_702c56619749ad288a49af2a6a8efe3a',302420),('\'Peiyu Wang\'','\'Peiyu Wang\'','APV_d9edbdb069aab6d15a9192e18c3fcba8',302421),('\'Andra\'','\'Andra\'','APV_59ff14efa280c7733b6e5e966eb39ef5',302422),('\'Spyros Gasteratos\'','\'Spyros Gasteratos\'','APV_59ff14efa280c7733b6e5e966eb39ef5',302423),('\'Ori Ron\'','\'Ori Ron\'','APV_caa06a7b0412ae48c47440b054b8e80c',302424),('\'Tal Folkman\'','\'Tal Folkman\'','APV_caa06a7b0412ae48c47440b054b8e80c',302425),('\'David Sopas\'','\'David Sopas\'','APV_e8c24d70c43743e5d2003f4b62d5abb4',302426),('\'Paulo A. Silva\'','\'Paulo A. Silva\'','APV_e8c24d70c43743e5d2003f4b62d5abb4',302427),('\'Cassie Crossley\'','\'Cassie Crossley\'','APV_8ba38586b27a068061afc8d957e01dd9',302428),('\'Avi Lumelsky\'','\'Avi Lumelsky\'','APV_bd423215774decdebbadc1bd923fc911',302429),('\'Gal Elbaz\'','\'Gal Elbaz\'','APV_bd423215774decdebbadc1bd923fc911',302430),('\'Jason Haddix\'','\'Jason Haddix\'','APV_2fc13d979d7b7ad7643e11f499d63cae',302431),('\'Michelle Eggers\'','\'Michelle Eggers\'','APV_2d558eb82b7545c218c00bb2bd9a6b00',302432),('\'alevsk\'','\'alevsk\'','APV_a91190b3b4a87abd66f8a5f662e7dbe4',302433),('\'Vangelis Stykas\'','\'Vangelis Stykas\'','APV_9cddfea7d62ae023da35b72b033550df',302434),('\'Andra\'','\'Andra\'','APV_d44f62d54ff3e1cc060c30aa0bbd0b23',302435),('\'Konstantinos Papapanagiotou\'','\'Konstantinos Papapanagiotou\'','APV_63e0e5c8a4e9ce5504af3030a34053b8',302436),('\'Elad Pticha\'','\'Elad Pticha\'','APV_6a856edfba7293d3c55bb6ac2910c60c',302437),('\'Oreen Livni\'','\'Oreen Livni\'','APV_6a856edfba7293d3c55bb6ac2910c60c',302438),('\'jgamblin\'','\'jgamblin\'','APV_444f15021060ab1cdc5457430882d805',302439),('\'Harley Wilson\'','\'Harley Wilson\'','APV_a530dbf7148e6b79bdf04e9b2f3ce0e5',302440),('\'Harley Wilson\'','\'Harley Wilson\'','APV_70b1e24e2feb98d5532967bbf8ed685d',302441),('\'Harley Wilson\'','\'Harley Wilson\'','APV_60338c2ee815bba5ecd58ff25c209155',302442),('\'Aleise McGowan\'','\'Aleise McGowan\'','APV_da71f728bb3c1936a333d807ab5ad240',302443),('\'Tennisha Martin\'','\'Tennisha Martin\'','APV_da71f728bb3c1936a333d807ab5ad240',302444),('\'Aaron Shim\'','\'Aaron Shim\'','APV_678446590cbf12f7601b6d16b2432c4e',302445),('\'jen-ozmen\'','\'jen-ozmen\'','APV_678446590cbf12f7601b6d16b2432c4e',302446),('\'ILOVEPIE\'','\'ILOVEPIE\'','APV_b718a21ace598db4cf998a9814450732',302447),('\'Ofir Yakobi\'','\'Ofir Yakobi\'','APV_7ffbde0324c7ffe0e22b41087f2bf6ce',302448),('\'Shir Sadon\'','\'Shir Sadon\'','APV_7ffbde0324c7ffe0e22b41087f2bf6ce',302449),('\'Matthias Göhring\'','\'Matthias Göhring\'','APV_76bb3aa065001f383a75dff0b609f5f1',302450),('\'Florian Haag\'','\'Florian Haag\'','APV_76bb3aa065001f383a75dff0b609f5f1',302451),('\'Iggy\'','\'Iggy\'','APV_71158437cd63be0daa39e8a61b19d070',302452),('\'Charles Waterhouse\'','\'Charles Waterhouse\'','APV_9f179be6bced88664d2fd2a2ff07160b',302453),('\'Nikhil \"niks\" Shrivastava\'','\'Nikhil \"niks\" Shrivastava\'','APV_9f179be6bced88664d2fd2a2ff07160b',302454),('\'Antoine Carossio\'','\'Antoine Carossio\'','APV_2e418ffd27a38c51977261ed53a77084',302455),('\'Tristan Kalos\'','\'Tristan Kalos\'','APV_2e418ffd27a38c51977261ed53a77084',302456),('\'Wang Zhilong\'','\'Wang Zhilong\'','APV_2190e005ffbe128871438104e30fa9ce',302457),('\'Xinzhi Luo\'','\'Xinzhi Luo\'','APV_2190e005ffbe128871438104e30fa9ce',302458),('\'Ian Hickey\'','\'Ian Hickey\'','APV_3c91aa136d5c11be5a321c6214fe5441',302459),('\'iosifache\'','\'iosifache\'','APV_5c6dc550dcf70ffaed985f2b03b75891',302460),('\'Utku Yildirim\'','\'Utku Yildirim\'','APV_f1825b41a872ace1a97055919d3503fd',302461),('\'Elad Pticha\'','\'Elad Pticha\'','APV_3a7ef7f274b408ceb40ab55f12dcfaae',302462),('\'Oreen Livni\'','\'Oreen Livni\'','APV_3a7ef7f274b408ceb40ab55f12dcfaae',302463),('\'Ben Dechrai\'','\'Ben Dechrai\'','APV_8c5d8a12a66e202fbdc82a56b6634b67',302464),('\'Jason Romero\'','\'Jason Romero\'','BTV_9d14941aeb7fcad68441f5c045275c25',302465),('\'Kivanc Aydin\'','\'Kivanc Aydin\'','BTV_8be210260ca25930af6e1cf5b67e1760',302466),('\'Carson Zimmerman\'','\'Carson Zimmerman\'','BTV_ea4935859f2ef8261481eac93f7ae073',302467),('\'Russ McRee\'','\'Russ McRee\'','BTV_ea4935859f2ef8261481eac93f7ae073',302468),('\'Eric Lippart\'','\'Eric Lippart\'','BTV_ea4935859f2ef8261481eac93f7ae073',302469),('\'Enoch Long\'','\'Enoch Long\'','BTV_ea4935859f2ef8261481eac93f7ae073',302470),('\'Sarthak Taneja\'','\'Sarthak Taneja\'','BTV_e976aa5b7545962f8ebb3d26ec4c1b42',302471),('\'Natalie Simpson\'','\'Natalie Simpson\'','BTV_5c0eb71d6bdae98b8b7a0117e3a97b7f',302472),('\'Nivedita (Nivu) Jejurikar\'','\'Nivedita (Nivu) Jejurikar\'','BTV_5c0eb71d6bdae98b8b7a0117e3a97b7f',302473),('\'Catherine J. Ullman\'','\'Catherine J. Ullman\'','RTV_bff60ed9b72ca2a7be620aed2e067ebe',302474),('\'Jake Williams\'','\'Jake Williams\'','RTV_bff60ed9b72ca2a7be620aed2e067ebe',302475),('\'Meaghan Neill\'','\'Meaghan Neill\'','RTV_bff60ed9b72ca2a7be620aed2e067ebe',302476),('\'Ralph May\'','\'Ralph May\'','RTV_bff60ed9b72ca2a7be620aed2e067ebe',302477),('\'Matthew Nickerson\'','\'Matthew Nickerson\'','RTV_bff60ed9b72ca2a7be620aed2e067ebe',302478),('\'Eric Clay\'','\'Eric Clay\'','BTV_3adc1aae19bf1c0863d47f3d83353552',302479),('\'Nick Ascoli\'','\'Nick Ascoli\'','BTV_3adc1aae19bf1c0863d47f3d83353552',302480),('\'Sarthak Taneja\'','\'Sarthak Taneja\'','BTV_ba924f5b97c24634495f7c43d13f5390',302481),('\'Angelo Violetti\'','\'Angelo Violetti\'','BTV_fbd9ff5355aa37a59abf87be8524ac3a',302482),('\'David Zito\'','\'David Zito\'','BTV_fbd9ff5355aa37a59abf87be8524ac3a',302483),('\'Nicole Beckwith\'','\'Nicole Beckwith\'','BTV_fbd9ff5355aa37a59abf87be8524ac3a',302484),('\'Shelly Giesbrecht\'','\'Shelly Giesbrecht\'','BTV_fbd9ff5355aa37a59abf87be8524ac3a',302485),('\'Omenscan\'','\'Omenscan\'','BTV_263b293c7fe11fc1d8946f1c7ef3f58e',302486),('\'Dafinga\'','\'Dafinga\'','BTV_2c612b711d6c38ffa98587e6ee905b48',302487),('\'Aurora Johnson\'','\'Aurora Johnson\'','BTV_9ecd71da3a6e697d4cce3bdb25d4b739',302488),('\'Ben Goerz\'','\'Ben Goerz\'','BTV_9ecd71da3a6e697d4cce3bdb25d4b739',302489),('\'Ch33r10\'','\'Ch33r10\'','BTV_9ecd71da3a6e697d4cce3bdb25d4b739',302490),('\'Jamie Williams\'','\'Jamie Williams\'','BTV_9ecd71da3a6e697d4cce3bdb25d4b739',302491),('\'Rebecca Ford\'','\'Rebecca Ford\'','BTV_9ecd71da3a6e697d4cce3bdb25d4b739',302492),('\'Noah Lazzaro\'','\'Noah Lazzaro\'','BTV_6f3c5f9799d8f67acddbae6ac43f249a',302493),('\'Ezz Tahoun\'','\'Ezz Tahoun\'','BTV_e1a069d4fbc03cebb6c9cf8db6030b37',302494),('\'Cyb0rg42\'','\'Cyb0rg42\'','BTV_135715a7503d129194c3033ca37b6e97',302495),('\'Dani\'','\'Dani\'','BTV_135715a7503d129194c3033ca37b6e97',302496),('\'Shea Nangle\'','\'Shea Nangle\'','BTV_135715a7503d129194c3033ca37b6e97',302497),('\'Tennisha Martin\'','\'Tennisha Martin\'','BTV_135715a7503d129194c3033ca37b6e97',302498),('\'Pete Ortega\'','\'Pete Ortega\'','BTV_135715a7503d129194c3033ca37b6e97',302499),('\'David \"CountZ3r0\" Roman\'','\'David \"CountZ3r0\" Roman\'','BTV_b79646fa793e5fa389031f85b92557f2',302500),('\'Apurv Singh Gautam\'','\'Apurv Singh Gautam\'','BTV_e4fcf9d28e4ad31bddea4fc8b56cfa46',302501),('\'Karan Dwivedi\'','\'Karan Dwivedi\'','BTV_e4fcf9d28e4ad31bddea4fc8b56cfa46',302502),('\'Aakin Patel\'','\'Aakin Patel\'','BTV_3a54870471249ef35166be1329593ba0',302503),('\'Caspian Kilkelly\'','\'Caspian Kilkelly\'','BTV_3a54870471249ef35166be1329593ba0',302504),('\'Gwyddia\'','\'Gwyddia\'','BTV_3a54870471249ef35166be1329593ba0',302505),('\'Harlan Geer\'','\'Harlan Geer\'','BTV_3a54870471249ef35166be1329593ba0',302506),('\'Shea Nangle\'','\'Shea Nangle\'','BTV_3a54870471249ef35166be1329593ba0',302507),('\'Matt Mayes\'','\'Matt Mayes\'','BTV_3a54870471249ef35166be1329593ba0',302508),('\'Joe Slowik\'','\'Joe Slowik\'','BTV_63b51b1b3e0078cde874ad6cdc8bdd8b',302509),('\'Randy Pargman\'','\'Randy Pargman\'','BTV_63b51b1b3e0078cde874ad6cdc8bdd8b',302510),('\'Sydney Marrone\'','\'Sydney Marrone\'','BTV_63b51b1b3e0078cde874ad6cdc8bdd8b',302511),('\'th3CyF0x\'','\'th3CyF0x\'','BTV_63b51b1b3e0078cde874ad6cdc8bdd8b',302512),('\'Ryan Chapman\'','\'Ryan Chapman\'','BTV_63b51b1b3e0078cde874ad6cdc8bdd8b',302513),('\'Jason Craig\'','\'Jason Craig\'','BTV_f13a75768a7dae160de8e6c8c4e8223f',302514),('\'Lauren Proehl\'','\'Lauren Proehl\'','BTV_f13a75768a7dae160de8e6c8c4e8223f',302515),('\'Tina Velez\'','\'Tina Velez\'','BTV_f13a75768a7dae160de8e6c8c4e8223f',302516),('\'William Phillips\'','\'William Phillips\'','BTV_f13a75768a7dae160de8e6c8c4e8223f',302517),('\'Ricky \"HeadlessZeke\" Lawshae\'','\'Ricky \"HeadlessZeke\" Lawshae\'','IOTV_4c8a100eacd487d838ab8f1abd9199ac',302518),('\'Langston Clement\'','\'Langston Clement\'','PSV_c8a62aa1a0e3e081a11ccbc6dd40743e',302519),('\'Dan Goga\'','\'Dan Goga\'','PSV_c8a62aa1a0e3e081a11ccbc6dd40743e',302520),('\'Nick Warner\'','\'Nick Warner\'','PSV_27bfa2cce99133c86183d27356fe6a1c',302521),('\'Karen Ng\'','\'Karen Ng\'','PSV_7824899b138060f30ac47e069bbfe08f',302522),('\'Karen Ng\'','\'Karen Ng\'','PSV_58e720c6b1327cef284f47acaab2c980',302523),('\'Tim Clevenger\'','\'Tim Clevenger\'','PSV_ee8cba448e115206b721fa216e5dc00c',302524),('\'Tim Roberts\'','\'Tim Roberts\'','PSV_45d184cf12ba68050fcad62849dc089f',302525),('\'Luca \"CYBERANTANI\" Bongiorni\'','\'Luca \"CYBERANTANI\" Bongiorni\'','PSV_61a2d0b944dff4d0d8b10c4b6ce80745',302526),('\'Luca \"CYBERANTANI\" Bongiorni\'','\'Luca \"CYBERANTANI\" Bongiorni\'','PSV_d91b0599b6ef037e9759f016a8f7cc31',302527),('\'Justin Wynn\'','\'Justin Wynn\'','PSV_253655f98fb20aaf299e9068721cdbd5',302528),('\'Langston Clement\'','\'Langston Clement\'','PSV_a37684ccebfe9dcaafef9045f0bbf2f8',302529),('\'Dan Goga\'','\'Dan Goga\'','PSV_a37684ccebfe9dcaafef9045f0bbf2f8',302530),('\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_05f25b981f1936b988c4390b32eaf603',302531),('\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_6bd49ab1e71fdefd433bc193a0a81a3e',302532),('\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','\'A-ISAC and Embry-Riddle Aeronautical University - Prescott\'','ASV_658dbd580f12f1c74f7541d6010dde95',302533),('\'Boeing\'','\'Boeing\'','ASV_8576e1f98e2b0b4f0b51a861727c9afe',302534),('\'Boeing\'','\'Boeing\'','ASV_6812b5f5c1f559dc69735ed46511e13a',302535),('\'Boeing\'','\'Boeing\'','ASV_15818a03eb28293d3bfd490a0835fb45',302536),('\'AMSAT\'','\'AMSAT\'','ASV_ccb4bd4214e32ce231c4de990e08feff',302537),('\'AMSAT\'','\'AMSAT\'','ASV_857436d7c28be985fc0859856f811d7c',302538),('\'AMSAT\'','\'AMSAT\'','ASV_88398cea981ad493a087a9eb706b059b',302539),('\'Lockheed Martin\'','\'Lockheed Martin\'','ASV_797616f1fb5dce43306db18e5dc1244f',302540),('\'Lockheed Martin\'','\'Lockheed Martin\'','ASV_9e668584a374319d02c639a0ffeb4f30',302541),('\'Lockheed Martin\'','\'Lockheed Martin\'','ASV_01758d497c6a76e87281c819c7a695b2',302542),('\'IntelliGenesis and IG Labs\'','\'IntelliGenesis and IG Labs\'','ASV_ad4ceb417957dd9495178429ba0979e1',302543),('\'IntelliGenesis and IG Labs\'','\'IntelliGenesis and IG Labs\'','ASV_f376ed521e02323cff45f70d44bcdf85',302544),('\'IntelliGenesis and IG Labs\'','\'IntelliGenesis and IG Labs\'','ASV_98bad48418619c5a2d223bb8ef9d4be7',302545),('\'TSA\'','\'TSA\'','ASV_8a351ef28a4d427db4c97ddb37bfd36d',302546),('\'TSA\'','\'TSA\'','ASV_cd043c10f0d3a46115f236ce40c9f70f',302547),('\'TSA\'','\'TSA\'','ASV_fd185ecc99b388c7a71522cefdd9df2a',302548),('\'Dark Wolf\'','\'Dark Wolf\'','ASV_d46e9f574dbc7e7a527900ff4989a318',302549),('\'Dark Wolf\'','\'Dark Wolf\'','ASV_8da7890277780648e4f5081ee41b0e1e',302550),('\'Dark Wolf\'','\'Dark Wolf\'','ASV_d60a1c8163378d442e067952865187a9',302551),('\'Dark Wolf\'','\'Dark Wolf\'','ASV_b7bab191f0808cb2e6990c08b041d1d8',302552),('\'Dark Wolf\'','\'Dark Wolf\'','ASV_2159dc3f93f4b8fa24d97f0d42f55bd1',302553),('\'Dark Wolf\'','\'Dark Wolf\'','ASV_7d67ebbb9044316e6af12965be9e43cf',302554),('\'Dark Wolf\'','\'Dark Wolf\'','ASV_d2c749276247dd0dfb7d01668d93611b',302555),('\'Dark Wolf\'','\'Dark Wolf\'','ASV_52ed2b1280dde4eedda16e5466eeccd7',302556),('\'Dark Wolf\'','\'Dark Wolf\'','ASV_c09662cf6aed55e673c582c895ac0642',302557),('\'Dark Wolf\'','\'Dark Wolf\'','ASV_29c78b6d18d5253c041a347adee90ec1',302558),('\'Dark Wolf\'','\'Dark Wolf\'','ASV_95958523b00c3f031f8ab344578370f2',302559),('\'Dark Wolf\'','\'Dark Wolf\'','ASV_76b142a7aba024b7de8d91c23c0c8dd9',302560),('\'Hack-A-Sat\'','\'Hack-A-Sat\'','ASV_84b711725ec653ed4c583b77d8961814',302561),('\'Cromulence\'','\'Cromulence\'','ASV_84b711725ec653ed4c583b77d8961814',302562),('\'Hack-A-Sat\'','\'Hack-A-Sat\'','ASV_c764ca8830bd93c5460bbbed82a788bb',302563),('\'Cromulence\'','\'Cromulence\'','ASV_c764ca8830bd93c5460bbbed82a788bb',302564),('\'Hack-A-Sat\'','\'Hack-A-Sat\'','ASV_82c3890aa94b3063863c406a44e988b9',302565),('\'Cromulence\'','\'Cromulence\'','ASV_82c3890aa94b3063863c406a44e988b9',302566),('\'Hack-A-Sat\'','\'Hack-A-Sat\'','ASV_9de27f52e4301b7c693243d546f9d69b',302567),('\'Cromulence\'','\'Cromulence\'','ASV_9de27f52e4301b7c693243d546f9d69b',302568),('\'Hack-A-Sat\'','\'Hack-A-Sat\'','ASV_3b6855756deb1549f23db05c70a3cad0',302569),('\'Cromulence\'','\'Cromulence\'','ASV_3b6855756deb1549f23db05c70a3cad0',302570),('\'Hack-A-Sat\'','\'Hack-A-Sat\'','ASV_16c443bd55a2c14b94f9db8efa463d62',302571),('\'Cromulence\'','\'Cromulence\'','ASV_16c443bd55a2c14b94f9db8efa463d62',302572),('\'Pen Test Partners\'','\'Pen Test Partners\'','ASV_d21519101f1c59cf1582951efe1f7112',302573),('\'Pen Test Partners\'','\'Pen Test Partners\'','ASV_1380d9f0dee95ef1b3c8303f7c9c92a1',302574),('\'Pen Test Partners\'','\'Pen Test Partners\'','ASV_c3455d794619345ba78054caf112907a',302575),('\'CalPoly\'','\'CalPoly\'','ASV_93be41ce0cc50bcb24b1fe977d4f5b3a',302576),('\'CalPoly\'','\'CalPoly\'','ASV_9b3a1d822d7c8f31e9c7fd06e4ee6e53',302577),('\'CalPoly\'','\'CalPoly\'','ASV_040388051b8629defaea49cc84b6b822',302578),('\'CalPoly\'','\'CalPoly\'','ASV_d5040b83f36e22d5391e25e196a61cd1',302579),('\'CalPoly\'','\'CalPoly\'','ASV_303fc9cbbb7b6dce1df54e7cb30a06d5',302580),('\'CalPoly\'','\'CalPoly\'','ASV_7d742da1ce7d7f5a97abc309b7a84f04',302581),('\'CT Cubed\'','\'CT Cubed\'','ASV_d5b9ea7d148d29a3af9257f43cbe54c5',302582),('\'CT Cubed\'','\'CT Cubed\'','ASV_117b5b0a82314c6a1f199aef8230966f',302583),('\'CT Cubed\'','\'CT Cubed\'','ASV_63d80332ef9848ed8b0b1c09953ece43',302584),('\'Exotrail\'','\'Exotrail\'','ASV_034fe48481387c60a78035a25cda7573',302585),('\'Hack-A-Sat\'','\'Hack-A-Sat\'','ASV_034fe48481387c60a78035a25cda7573',302586),('\'Exotrail\'','\'Exotrail\'','ASV_685a1eba87ae88ceda9a1c528b56f617',302587),('\'Hack-A-Sat\'','\'Hack-A-Sat\'','ASV_685a1eba87ae88ceda9a1c528b56f617',302588),('\'Exotrail\'','\'Exotrail\'','ASV_4637d9034cc577777ed4254383010f71',302589),('\'Hack-A-Sat\'','\'Hack-A-Sat\'','ASV_4637d9034cc577777ed4254383010f71',302590),('\'Victor Fernandez Minguillon\'','\'Victor Fernandez Minguillon\'','ASV_e47d497ab702729f6cc31a20d91a98be',302591),('\'Tim Fowler\'','\'Tim Fowler\'','ASV_fdb8b65f7874e0f11729b0e91a42b01e',302592),('\'Michael Butler\'','\'Michael Butler\'','ASV_ca5562770dae0227feb238ee9f4be4f3',302593),('\'Jacob Oakley\'','\'Jacob Oakley\'','ASV_ca5562770dae0227feb238ee9f4be4f3',302594),('\'Hahna Kane Latonick\'','\'Hahna Kane Latonick\'','ASV_26a45214511533908d37ba4392b70e99',302595),('\'Jonathan Waterman\'','\'Jonathan Waterman\'','ASV_eb158028f20d058e97577f46b5a0a634',302596),('\'Nick Aleks\'','\'Nick Aleks\'','ASV_bfc8da17bae98171fd24aac04ba6a110',302597),('\'Rudy Mendoza\'','\'Rudy Mendoza\'','ASV_bfc8da17bae98171fd24aac04ba6a110',302598),('\'Ken Munro\'','\'Ken Munro\'','ASV_017a521b9eac5f8bc74e61870a6aa92d',302599),('\'RC Jones\'','\'RC Jones\'','ASV_243c31adcc86e45138e6744a04780a40',302600),('\'Jim \"Gurney\" Ross\'','\'Jim \"Gurney\" Ross\'','ASV_8321d95168dd0d7d930824e968171bcf',302601),('\'Mariia Mykhailova\'','\'Mariia Mykhailova\'','QTV_7a3f38f95c3318847acdb8e7400e8156',302602),('\'Josh Isaac\'','\'Josh Isaac\'','QTV_bf329932a7366f825d7e72e6c3e3cf43',302603),('\'Konstantinos Karagiannis\'','\'Konstantinos Karagiannis\'','QTV_a9dbbf5f00743b06b83e901586f21573',302604),('\'Bruna Shinohara de Mendonça\'','\'Bruna Shinohara de Mendonça\'','QTV_9c34fe91d8f104030b9f9f54e68780e3',302605),('\'Daiwei Zhu\'','\'Daiwei Zhu\'','QTV_eb891ff11d3c06f11ae8c90d04c3c4c4',302606),('\'Rick Altherr\'','\'Rick Altherr\'','QTV_eb891ff11d3c06f11ae8c90d04c3c4c4',302607),('\'Sorin Boloș\'','\'Sorin Boloș\'','QTV_cb18a51d107aa04af591cf8a0c99fa12',302608),('\'Adrian Coleșa\'','\'Adrian Coleșa\'','QTV_cb18a51d107aa04af591cf8a0c99fa12',302609),('\'Ben Varcoe\'','\'Ben Varcoe\'','QTV_a18cd6460a019f5f9cc92e8c66bb8030',302610),('\'Vadim Makarov\'','\'Vadim Makarov\'','QTV_3f26fb7a909252015e4aed8f64724f7e',302611),('\'Josh Izaac\'','\'Josh Izaac\'','QTV_32d5e89ec812c4adba4adffbe9615b7e',302612),('\'Michael Dascal\'','\'Michael Dascal\'','QTV_a8e39bdf2f78ecf2ab55344ecf8637ef',302613),('\'Evan Anderson\'','\'Evan Anderson\'','QTV_2df902d49fe84bddabc80596f03947af',302614),('\'Bob Gourley\'','\'Bob Gourley\'','QTV_603d5fbcbce4aea59883383315fc208f',302615),('\'Bruna Shinohara de Mendonça\'','\'Bruna Shinohara de Mendonça\'','QTV_603d5fbcbce4aea59883383315fc208f',302616),('\'Joan Arrow\'','\'Joan Arrow\'','QTV_603d5fbcbce4aea59883383315fc208f',302617),('\'Erez M Abrams\'','\'Erez M Abrams\'','QTV_7053c9410553949ff061c0df8987232c',302618),('\'Nina Bindel\'','\'Nina Bindel\'','QTV_0cd1a2a1b59aea81f1d6c3e17ee6ca82',302619),('\'James Howe\'','\'James Howe\'','QTV_0cd1a2a1b59aea81f1d6c3e17ee6ca82',302620),('\'Sven Cattell\'','\'Sven Cattell\'','AIV_87c140f31cb0226374c1b0d6bf37015f',302621),('\'Will Pearce\'','\'Will Pearce\'','AIV_87c140f31cb0226374c1b0d6bf37015f',302622),('\'Jerome Wynne\'','\'Jerome Wynne\'','AIV_87c140f31cb0226374c1b0d6bf37015f',302623),('\'Sean McGregor\'','\'Sean McGregor\'','AIV_87c140f31cb0226374c1b0d6bf37015f',302624),('\'Nicole DeCario\'','\'Nicole DeCario\'','AIV_87c140f31cb0226374c1b0d6bf37015f',302625),('\'Kent Wilson\'','\'Kent Wilson\'','AIV_87c140f31cb0226374c1b0d6bf37015f',302626),('\'Sven Cattell\'','\'Sven Cattell\'','AIV_48df293b5e6f0bd3345135b1d6028216',302627),('\'Lauren Putvin\'','\'Lauren Putvin\'','AIV_48df293b5e6f0bd3345135b1d6028216',302628),('\'Ravin Kumar\'','\'Ravin Kumar\'','AIV_48df293b5e6f0bd3345135b1d6028216',302629),('\'Ravid Mazon\'','\'Ravid Mazon\'','AIV_6cc9bccb8e8e19f45069b4f642f9c228',302630),('\'Jay Chen\'','\'Jay Chen\'','AIV_6cc9bccb8e8e19f45069b4f642f9c228',302631),('\'Ryan Tracey\'','\'Ryan Tracey\'','AIV_908a2b3083384cbe4f5aea90e18f6c78',302632),('\'Kasimir Schulz\'','\'Kasimir Schulz\'','AIV_908a2b3083384cbe4f5aea90e18f6c78',302633),('\'Tom Boner\'','\'Tom Boner\'','AIV_908a2b3083384cbe4f5aea90e18f6c78',302634),('\'Sean Oesch\'','\'Sean Oesch\'','AIV_1397b0d9ee45039e40c43744927240c0',302635),('\'Luke Koch\'','\'Luke Koch\'','AIV_1397b0d9ee45039e40c43744927240c0',302636),('\'Brian Weber\'','\'Brian Weber\'','AIV_1397b0d9ee45039e40c43744927240c0',302637),('\'Amul Chaulagain\'','\'Amul Chaulagain\'','AIV_1397b0d9ee45039e40c43744927240c0',302638),('\'Matthew Dixson\'','\'Matthew Dixson\'','AIV_1397b0d9ee45039e40c43744927240c0',302639),('\'Jared Dixon\'','\'Jared Dixon\'','AIV_1397b0d9ee45039e40c43744927240c0',302640),('\'Cory Watson\'','\'Cory Watson\'','AIV_1397b0d9ee45039e40c43744927240c0',302641),('\'Harriet Farlow\'','\'Harriet Farlow\'','AIV_5bb39ad6784d1e46589fa7669e105c8d',302642),('\'Nikki Pope\'','\'Nikki Pope\'','AIV_f967cac073cca8ecb4e97bfbca31b882',302643),('\'Leon Derczynski\'','\'Leon Derczynski\'','AIV_d6ea2e6e66e0e5dd115cc384d4b1f087',302644),('\'Erick Galinkin\'','\'Erick Galinkin\'','AIV_d6ea2e6e66e0e5dd115cc384d4b1f087',302645),('\'Jeffery Martin\'','\'Jeffery Martin\'','AIV_d6ea2e6e66e0e5dd115cc384d4b1f087',302646),('\'Subho Majumdar\'','\'Subho Majumdar\'','AIV_d6ea2e6e66e0e5dd115cc384d4b1f087',302647),('\'Ayush RoyChowdhury\'','\'Ayush RoyChowdhury\'','AIV_8cfe6a2faa3d50ebe6342470affb5194',302648),('\'Mulong Luo\'','\'Mulong Luo\'','AIV_8cfe6a2faa3d50ebe6342470affb5194',302649),('\'Mohit Tiwari\'','\'Mohit Tiwari\'','AIV_8cfe6a2faa3d50ebe6342470affb5194',302650),('\'Cyrus Nikolaidis\'','\'Cyrus Nikolaidis\'','AIV_80b453a737fae0ea63c5fda1e79ae277',302651),('\'Faizan Ahmad\'','\'Faizan Ahmad\'','AIV_80b453a737fae0ea63c5fda1e79ae277',302652),('\'Kellee Wicker (Moderator)\'','\'Kellee Wicker (Moderator)\'','AIV_49b4bb8362c351241d2607999672d09f',302653),('\'Christine Lai\'','\'Christine Lai\'','AIV_49b4bb8362c351241d2607999672d09f',302654),('\'David Lo\'','\'David Lo\'','AIV_49b4bb8362c351241d2607999672d09f',302655),('\'Austin Carson\'','\'Austin Carson\'','AIV_49b4bb8362c351241d2607999672d09f',302656),('\'Nick Landers\'','\'Nick Landers\'','AIV_49b4bb8362c351241d2607999672d09f',302657),('\'Walter Scheirer\'','\'Walter Scheirer\'','AIV_836c3b074c72b12be668d098d7897b77',302658),('\'Perry Carpenter\'','\'Perry Carpenter\'','AIV_9fb549727b1e18b90466f7b59ca3dfef',302659),('\'Sven Cattell\'','\'Sven Cattell\'','AIV_680b513914fc8ea28cb51bf6907af0ac',302660),('\'Will Pearce\'','\'Will Pearce\'','AIV_680b513914fc8ea28cb51bf6907af0ac',302661),('\'Jerome Wynne\'','\'Jerome Wynne\'','AIV_680b513914fc8ea28cb51bf6907af0ac',302662),('\'Sean McGregor\'','\'Sean McGregor\'','AIV_680b513914fc8ea28cb51bf6907af0ac',302663),('\'Nicole DeCario\'','\'Nicole DeCario\'','AIV_680b513914fc8ea28cb51bf6907af0ac',302664),('\'Kent Wilson\'','\'Kent Wilson\'','AIV_680b513914fc8ea28cb51bf6907af0ac',302665),('\'Christina Liaghati\'','\'Christina Liaghati\'','AIV_0859cca46fa5fe0d1d4ca82e6ea78f35',302666),('\'Bryan Hance\'','\'Bryan Hance\'','RCV_57c1542c2cb6380935e408ae1b4db10b',302667),('\'TheTechromancer\'','\'TheTechromancer\'','RCV_5d3c3593cc23690430be8c171689b8a7',302668),('\'Itay Cohen\'','\'Itay Cohen\'','RCV_df0d9040670d7d8a210b0240f354d2e2',302669),('\'Sudhanshu\'','\'Sudhanshu\'','RCV_b4644caabf0509a5dcea1dc66b6748b2',302670),('\'Daniel Cuthbert\'','\'Daniel Cuthbert\'','RCV_b4644caabf0509a5dcea1dc66b6748b2',302671),('\'Willis Vandevanter\'','\'Willis Vandevanter\'','RCV_dac3f5226e3ec8150959a94fc7e89feb',302672),('\'Vivek Ramachandran\'','\'Vivek Ramachandran\'','RCV_d204737503caf0a8604b507bc1d533d6',302673),('\'Mika Devonshire\'','\'Mika Devonshire\'','RCV_d2785f35ea37b7b317184cd65ddd7b31',302674),('\'Himanshu Das\'','\'Himanshu Das\'','RCV_d2785f35ea37b7b317184cd65ddd7b31',302675),('\'Megan Squire\'','\'Megan Squire\'','RCV_a1e0c0abf8d288a7b6028e89d342d9ca',302676),('\'Mishaal Khan\'','\'Mishaal Khan\'','RCV_0914b83aa75921794cc799632dcf22fd',302677),('\'Scott Helme\'','\'Scott Helme\'','RCV_93f9b64be1b775bf27ca92bb21e0700b',302678),('\'Shubham\'','\'Shubham\'','RCV_93f9b64be1b775bf27ca92bb21e0700b',302679),('\'Lenin Alevski\'','\'Lenin Alevski\'','RCV_5349149a6c6ece1afc105051e9da5f78',302680),('\'the gumshoo\'','\'the gumshoo\'','RCV_ac42e22aea2398bc8815970a8f742702',302681),('\'Ram\'','\'Ram\'','RCV_ac42e22aea2398bc8815970a8f742702',302682),('\'Jasper Insinger\'','\'Jasper Insinger\'','RCV_ef0395caeeb90ff86319fa3a839a1ac2',302683),('\'Steven Sheffield\'','\'Steven Sheffield\'','RCV_daac911767518b41088e790e6a080f12',302684),('\'CATO Networks\'','\'CATO Networks\'','RCV_93545828ddf473643fbbd9d1b5073509',302685),('\'Dhruv Shah\'','\'Dhruv Shah\'','RCV_93545828ddf473643fbbd9d1b5073509',302686),('\'Carlos Fragoso\'','\'Carlos Fragoso\'','RCV_d71bd8c57f74197bcb03d1b3403ec7cf',302687),('\'RedHunt Labs (Kunal)\'','\'RedHunt Labs (Kunal)\'','RCV_d5e7aa6fb5cf93a2ef7eb685a482f2c2',302688),('\'Anant Shrivastava\'','\'Anant Shrivastava\'','RCV_d5e7aa6fb5cf93a2ef7eb685a482f2c2',302689),('\'Daniel Miessler\'','\'Daniel Miessler\'','RCV_3e2a4f54ce6d915257b48ab1f636a1a4',302690),('\'Ankur\'','\'Ankur\'','RCV_3e2a4f54ce6d915257b48ab1f636a1a4',302691),('\'Jeff Foley\'','\'Jeff Foley\'','RCV_79ea9d97374c8e551b37c1c38bd1d6c7',302692),('\'Ram Ganesh\'','\'Ram Ganesh\'','RCV_3846c789d9f2e3404a824619ff33eac0',302693),('\'NG Yeow Boon\'','\'NG Yeow Boon\'','PLV_9c5e78a74959f08e0c9e6cc4d036375c',302694),('\'Bill Woodcock\'','\'Bill Woodcock\'','PLV_9c5e78a74959f08e0c9e6cc4d036375c',302695),('\'Herming Chiueh\'','\'Herming Chiueh\'','PLV_217d2a2e5f49a4f7f2b7646b3bd45ed8',302696),('\'Drew Green\'','\'Drew Green\'','IOTV_d395fcea7bbcd36ed8395816ac309f9a',302697),('\'John Rodriguez\'','\'John Rodriguez\'','IOTV_d395fcea7bbcd36ed8395816ac309f9a',302698),('\'Ken Pyle\'','\'Ken Pyle\'','IOTV_d395fcea7bbcd36ed8395816ac309f9a',302699),('\'Drew Green\'','\'Drew Green\'','IOTV_b4040aefeaa3ff94f35dd210ae2f405f',302700),('\'John Rodriguez\'','\'John Rodriguez\'','IOTV_b4040aefeaa3ff94f35dd210ae2f405f',302701),('\'Ken Pyle\'','\'Ken Pyle\'','IOTV_b4040aefeaa3ff94f35dd210ae2f405f',302702),('\'Drew Green\'','\'Drew Green\'','IOTV_615f6f46cc4201b683f3422e073e5c84',302703),('\'John Rodriguez\'','\'John Rodriguez\'','IOTV_615f6f46cc4201b683f3422e073e5c84',302704),('\'Ken Pyle\'','\'Ken Pyle\'','IOTV_615f6f46cc4201b683f3422e073e5c84',302705),('\'Kody K\'','\'Kody K\'','IOTV_dc2de0ca4ceb44b1d37cbb12d9494c6f',302706),('\'Kody K\'','\'Kody K\'','IOTV_0ed70279f8864cbbcb40766eb6d61787',302707),('\'Kody K\'','\'Kody K\'','IOTV_3eb50877fb18ffd92128eb5dd437ab02',302708),('\'Kody K\'','\'Kody K\'','IOTV_0b00439f43c37975bacf2c3fd3ed9636',302709),('\'Kody K\'','\'Kody K\'','IOTV_6be1324f6c121b645c63cadd58955935',302710),('\'Kody K\'','\'Kody K\'','IOTV_1a45d944aeb850b61f088bd9951a01bc',302711),('\'Kody K\'','\'Kody K\'','IOTV_5cb54489326cecd05a700e5e6b940257',302712),('\'Kody K\'','\'Kody K\'','IOTV_d2c5dcd4b80c28ff22783d8982a28bbf',302713),('\'Kody K\'','\'Kody K\'','IOTV_7e3cf611c1ed5cfb7d3e675767825a7b',302714),('\'Kody K\'','\'Kody K\'','IOTV_90c6cc1a6a1065f7a21b03ff9e8ee80c',302715),('\'Brandon Dudley\'','\'Brandon Dudley\'','ICSV_a9e5c0ebb44f5c8a5896b23b27210a18',302716),('\'Robert Landavazo\'','\'Robert Landavazo\'','ICSV_a9e5c0ebb44f5c8a5896b23b27210a18',302717),('\'Salvador Mendonza\'','\'Salvador Mendonza\'','MISC_cc46923886174d349d5bacc5ba5edb90',302718),('\'Lenin Alevski\'','\'Lenin Alevski\'','MISC_cc46923886174d349d5bacc5ba5edb90',302719),('\'Omar Santos\'','\'Omar Santos\'','MISC_cc46923886174d349d5bacc5ba5edb90',302720),('\'Alan Villaseñor\'','\'Alan Villaseñor\'','MISC_cc46923886174d349d5bacc5ba5edb90',302721),('\'Guillermo Buendia\'','\'Guillermo Buendia\'','MISC_cc46923886174d349d5bacc5ba5edb90',302722),('\'Gustavo Roberto\'','\'Gustavo Roberto\'','MISC_40c99124918943530846a3f452fa0bbf',302723),('\'Ignacio Daniel Navarro\'','\'Ignacio Daniel Navarro\'','MISC_8d612112362a105b8a13a70cf03f462b',302724),('\'Ashley Hiram M.\'','\'Ashley Hiram M.\'','MISC_64fdafe11711f5064729624f2c60148b',302725),('\'Isabel Manjarrez\'','\'Isabel Manjarrez\'','MISC_64fdafe11711f5064729624f2c60148b',302726),('\'R4v3n Bl4ck\'','\'R4v3n Bl4ck\'','MISC_161dee4df46c83679060460a950d943c',302727),('\'Jesika Juarez\'','\'Jesika Juarez\'','MISC_7326d24786b0e49d89efb9aad4f881b7',302728),('\'Armando Aguilar\'','\'Armando Aguilar\'','MISC_7326d24786b0e49d89efb9aad4f881b7',302729),('\'Thiago Bordini\'','\'Thiago Bordini\'','MISC_c4fb2f3a1e6fe1ae534597f3bcd07144',302730),('\'Filipi Pires\'','\'Filipi Pires\'','MISC_bc8ac50d5a677438ea39145d03ad11cd',302731),('\'Lenin Alevski\'','\'Lenin Alevski\'','MISC_4dc214f4b02d5bfdf90071f520b9cf76',302732),('\'Leonardo Pigñer\'','\'Leonardo Pigñer\'','MISC_042ef06d46bc82fc9211410a73e54c53',302733),('\'Katherina Canales\'','\'Katherina Canales\'','MISC_042ef06d46bc82fc9211410a73e54c53',302734),('\'Victor Santos\'','\'Victor Santos\'','MISC_042ef06d46bc82fc9211410a73e54c53',302735),('\'Cesar Ortega Ortega\'','\'Cesar Ortega Ortega\'','MISC_d6decdf6b963caf4a53913d1acb472c9',302736),('\'Soledad Antelada Toledano\'','\'Soledad Antelada Toledano\'','MISC_9c8a56f5a9aa22e726a0dd39cf830aea',302737),('\'Paulino Calderon\'','\'Paulino Calderon\'','MISC_ecced214613745f0857daa16f322d3b6',302738),('\'Isabel Manjarrez\'','\'Isabel Manjarrez\'','MISC_7e74f823ed1caf02079a67e086575462',302739),('\'Nestor Sánchez\'','\'Nestor Sánchez\'','MISC_8bf13953b5deea966b0fd4d76e0b8d14',302740),('\'Christiane Borges Santos\'','\'Christiane Borges Santos\'','MISC_8ccc4eb333ff06073ae59ef400fd3f12',302741),('\'Mauro Eldritch\'','\'Mauro Eldritch\'','MISC_8274783a9da57fd4aaf03d2c9c62788c',302742),('\'Cybelle Oliveira \'','\'Cybelle Oliveira \'','MISC_8274783a9da57fd4aaf03d2c9c62788c',302743),('\'Gastón Aznarez\'','\'Gastón Aznarez\'','MISC_62a43a32647f3bdbbce852abfefd97d7',302744),('\'Octavio Gianatiempo\'','\'Octavio Gianatiempo\'','MISC_62a43a32647f3bdbbce852abfefd97d7',302745),('\'Marco Figueroa\'','\'Marco Figueroa\'','MISC_08a65e49817fbe9b058352a887cb4820',302746),('\'Thiago Bordini\'','\'Thiago Bordini\'','MISC_9cf1aa43b4150b037e215999dd9a0551',302747),('\'Mauro Eldritch\'','\'Mauro Eldritch\'','MISC_9cf1aa43b4150b037e215999dd9a0551',302748),('\'Zoziel\'','\'Zoziel\'','MISC_9cf1aa43b4150b037e215999dd9a0551',302749),('\'Asher Davila\'','\'Asher Davila\'','MISC_b603523978e22560b31d20bc9bbdb729',302750),('\'Eduardo Chavarro Ovalle\'','\'Eduardo Chavarro Ovalle\'','MISC_1fbdd06afbd089a2fe9b71385f749366',302751),('\'Ueric Melo\'','\'Ueric Melo\'','MISC_5edaf44c168b090a10896093c495bcbf',302752),('\'Adversary Village Crew\'','\'Adversary Village Crew\'','ADV_7efc758b2efa05b7f86b6fa5bc47673d',302753),('\'Adversary Village Crew\'','\'Adversary Village Crew\'','ADV_f9fe05437a7f74a01ee64a5c0cc5b9a8',302754),('\'Adversary Village Crew\'','\'Adversary Village Crew\'','ADV_7f182cf402fa135dd52daf397cf654fb',302755),('\'Adversary Village Crew\'','\'Adversary Village Crew\'','ADV_75f332be9475da6a482be48cbae96d89',302756),('\'Adversary Village Crew\'','\'Adversary Village Crew\'','ADV_42b923a85b736871005380606f04934c',302757),('\'Adversary Village Crew\'','\'Adversary Village Crew\'','ADV_c6eb1835faf5f8f8ee1af15593a5b3a6',302758),('\'Adversary Village Crew\'','\'Adversary Village Crew\'','ADV_86c24db162dae82d9a297555628021d5',302759),('\'Adversary Village Crew\'','\'Adversary Village Crew\'','ADV_c7564cfc07b9a6890018a0476f21a62a',302760),('\'Adversary Village Crew\'','\'Adversary Village Crew\'','ADV_70842f6a1e1c9e23cf518ffa3d37772f',302761),('\'Abhijith “Abx” B R\'','\'Abhijith “Abx” B R\'','ADV_8df5cfb64613c404b0a4eaf6ffbf609e',302762),('\'Bryson Bort \'','\'Bryson Bort \'','ADV_8df5cfb64613c404b0a4eaf6ffbf609e',302763),('\'Ken Kato\'','\'Ken Kato\'','ADV_8df5cfb64613c404b0a4eaf6ffbf609e',302764),('\'Vivek Ramachandran\'','\'Vivek Ramachandran\'','ADV_8df5cfb64613c404b0a4eaf6ffbf609e',302765),('\'Sanne Maasakkers\'','\'Sanne Maasakkers\'','ADV_8df5cfb64613c404b0a4eaf6ffbf609e',302766),('\'Ryan O\'Donnell\'','\'Ryan O\'Donnell\'','ADV_0edfe4f648aa8c80d17a5f41f4d82eca',302767),('\'Rachel Murphy\'','\'Rachel Murphy\'','ADV_908dcc49d11d1cea2a40b4749f40991f',302768),('\'Mark Perry\'','\'Mark Perry\'','ADV_908dcc49d11d1cea2a40b4749f40991f',302769),('\'Suneel Sundar\'','\'Suneel Sundar\'','ADV_3206e1e79fb1cc12f07440420cfe169d',302770),('\'Niru Ragupathy\'','\'Niru Ragupathy\'','ADV_3206e1e79fb1cc12f07440420cfe169d',302771),('\'Joe Vest\'','\'Joe Vest\'','ADV_3206e1e79fb1cc12f07440420cfe169d',302772),('\'Drinor Selmanaj\'','\'Drinor Selmanaj\'','ADV_3206e1e79fb1cc12f07440420cfe169d',302773),('\'Chloé Messdaghi\'','\'Chloé Messdaghi\'','ADV_5c7947ccef7ef14320d038b18e5fd6a4',302774),('\'Sebastian Cesario\'','\'Sebastian Cesario\'','ADV_5c7947ccef7ef14320d038b18e5fd6a4',302775),('\'Kasimir Schulz\'','\'Kasimir Schulz\'','ADV_5c7947ccef7ef14320d038b18e5fd6a4',302776),('\'Julien Terriac\'','\'Julien Terriac\'','ADV_bbf3ae870c598fabfe6303bb17c5cd95',302777),('\'Cat Self\'','\'Cat Self\'','ADV_c5a5fe62cbc9b26c5f698c640d8381ca',302778),('\'Alexandre CABROL PERALES\'','\'Alexandre CABROL PERALES\'','ADV_d254896036f1baf4b781f145bd91f2dc',302779),('\'Quentin Fraty\'','\'Quentin Fraty\'','ADV_d254896036f1baf4b781f145bd91f2dc',302780),('\'Alaric Becker\'','\'Alaric Becker\'','ADV_d254896036f1baf4b781f145bd91f2dc',302781),('\'Tyler Casey\'','\'Tyler Casey\'','ADV_7828f7a28d50baf8b39398a18dc543bd',302782),('\'Trey Bilbrey\'','\'Trey Bilbrey\'','ADV_7828f7a28d50baf8b39398a18dc543bd',302783),('\'Adversary Village Crew\'','\'Adversary Village Crew\'','ADV_277e11f832faf6cb551b364050ff7e16',302784),('\'Yael Grauer\'','\'Yael Grauer\'','CPV_65445f3d09f0fd07b2f4a691a4024b42',302785),('\'Joseph Cox\'','\'Joseph Cox\'','CPV_243220426cd03a55dbd244ed0fa90eff',302786),('\'ben@armosec.io\'','\'ben@armosec.io\'','APV_588331384946c6cb125a317b411f0e25',302787),('\'Tejas Patel\'','\'Tejas Patel\'','AIxCC_33f33cc18a2b3fe6f610c08f1ee47024',302788),('\'Dr. Kathleen Fisher\'','\'Dr. Kathleen Fisher\'','AIxCC_61d4c18000ea762f7a352fa000e43556',302789),('\'Dr. Matt Turek\'','\'Dr. Matt Turek\'','AIxCC_816d7371f84ed96a131588bd87dcc446',302790),('\'Heather Adkins\'','\'Heather Adkins\'','AIxCC_816d7371f84ed96a131588bd87dcc446',302791),('\'Jason Clinton\'','\'Jason Clinton\'','AIxCC_816d7371f84ed96a131588bd87dcc446',302792),('\'Matt Knight\'','\'Matt Knight\'','AIxCC_816d7371f84ed96a131588bd87dcc446',302793),('\'David Weston\'','\'David Weston\'','AIxCC_816d7371f84ed96a131588bd87dcc446',302794),('\'Heather Adkins\'','\'Heather Adkins\'','AIxCC_8082182d7eb8ffda6cbed6cfd5503c91',302795),('\'Mike Walker\'','\'Mike Walker\'','AIxCC_baffbd7510180f45a291a82812df55f0',302796),('\'Matt Knight\'','\'Matt Knight\'','AIxCC_baffbd7510180f45a291a82812df55f0',302797),('\'Ruoyu \"Fish\" Wang\'','\'Ruoyu \"Fish\" Wang\'','AIxCC_baffbd7510180f45a291a82812df55f0',302798),('\'Dr. Jennifer Roberts\'','\'Dr. Jennifer Roberts\'','AIxCC_968e90d36ec08f1e2423370b052a0204',302799),('\'Dr. Susan Coller Monarez\'','\'Dr. Susan Coller Monarez\'','AIxCC_968e90d36ec08f1e2423370b052a0204',302800),('\'Andrew Carney\'','\'Andrew Carney\'','AIxCC_968e90d36ec08f1e2423370b052a0204',302801),('\'Dr. William Corvey\'','\'Dr. William Corvey\'','AIxCC_325f42d83597376a18531bb3894f847c',302802),('\'Alvaro Velasquez\'','\'Alvaro Velasquez\'','AIxCC_41d853d682a945fd6b1a89efc50461b1',302803),('\'Remy DeCausemaker\'','\'Remy DeCausemaker\'','AIxCC_fc3510cbc35d6ee4bad1fbb0cf7ba0b4',302804),('\'Aeva Black\'','\'Aeva Black\'','AIxCC_aa3e85280005a7ccbb1443536f3e9a5b',302805),('\'Dr. Andrew Fasano\'','\'Dr. Andrew Fasano\'','AIxCC_de3f16e28506967016681fa7d5f939c9',302806),('\'Mark Griffin\'','\'Mark Griffin\'','AIxCC_6a704545bf4351e42ae833c1ff0147a6',302807),('\'Dr. David A. Wheeler\'','\'Dr. David A. Wheeler\'','AIxCC_f6234eab60abe5fefe55045ebc16581d',302808),('\'Jeff Diecks\'','\'Jeff Diecks\'','AIxCC_f6234eab60abe5fefe55045ebc16581d',302809),('\'Chris Aniszczyk\'','\'Chris Aniszczyk\'','AIxCC_f6234eab60abe5fefe55045ebc16581d',302810),('\'Rachel Cummings\'','\'Rachel Cummings\'','CPV_1461a5ab415dc93d97a2e8762110f32f',302811),('\'Ankush Jain\'','\'Ankush Jain\'','APV_92a0f273aa14298e4fa46fd60083b80f',302812),('\'Ankita Gupta\'','\'Ankita Gupta\'','APV_92a0f273aa14298e4fa46fd60083b80f',302813),('\'Ankush Jain\'','\'Ankush Jain\'','APV_8431345e223b580dd41484d5cb9d07e4',302814),('\'Ankita Gupta\'','\'Ankita Gupta\'','APV_8431345e223b580dd41484d5cb9d07e4',302815),('\'Jonathan Leitschuh\'','\'Jonathan Leitschuh\'','APV_dfb4fa41c2b002453b6ba6c8d94f65b0',302816),('\'Jonathan Leitschuh\'','\'Jonathan Leitschuh\'','APV_664ab573b35c2af690e9fc4680631610',302817),('\'Tal Folkman\'','\'Tal Folkman\'','APV_3f3666e792280a6c783cdda643ff3479',302818),('\'Ori Ron\'','\'Ori Ron\'','APV_3f3666e792280a6c783cdda643ff3479',302819),('\'Mário Leitão-Teixeira\'','\'Mário Leitão-Teixeira\'','APV_3f3666e792280a6c783cdda643ff3479',302820),('\'Tal Folkman\'','\'Tal Folkman\'','APV_e057c724109bc2eeaf7470365a8351f6',302821),('\'Ori Ron\'','\'Ori Ron\'','APV_e057c724109bc2eeaf7470365a8351f6',302822),('\'Mário Leitão-Teixeira\'','\'Mário Leitão-Teixeira\'','APV_e057c724109bc2eeaf7470365a8351f6',302823),('\'Czesia Glik\'','\'Czesia Glik\'','APV_a437b36715b1fb20757945b49a430d41',302824),('\'Yossi Pik\'','\'Yossi Pik\'','APV_a437b36715b1fb20757945b49a430d41',302825),('\'Czesia Glik\'','\'Czesia Glik\'','APV_09ab16fd440002a6c0af364f2ae42231',302826),('\'Yossi Pik\'','\'Yossi Pik\'','APV_09ab16fd440002a6c0af364f2ae42231',302827),('\'Czesia Glik\'','\'Czesia Glik\'','APV_4a0c6cf5ff75fbbcafb6dc68d5622ad7',302828),('\'Yossi Pik\'','\'Yossi Pik\'','APV_4a0c6cf5ff75fbbcafb6dc68d5622ad7',302829),('\'mcdwayne\'','\'mcdwayne\'','APV_b2bab3a34f100b2c85e9ed53b50d6ffe',302830),('\'mcdwayne\'','\'mcdwayne\'','APV_e35d43d8d0b5de2682fd3bbecc8d0654',302831),('\'mcdwayne\'','\'mcdwayne\'','APV_3d6372c03a909d92f5db185d0fcf3d48',302832),('\'Mike Larkin\'','\'Mike Larkin\'','APV_cb91d0e73460705a3ae6351d3aad2c6e',302833),('\'Mário Leitão-Teixeira\'','\'Mário Leitão-Teixeira\'','APV_4c32cfe1fb0084b45e316988983bc541',302834),('\'Mário Leitão-Teixeira\'','\'Mário Leitão-Teixeira\'','APV_351cbc4021dbc683fd90f2078262af63',302835),('\'Adam Shostack\'','\'Adam Shostack\'','APV_3d7501beb579c9a49749922f1af2087b',302836),('\'Craig Lester\'','\'Craig Lester\'','ASV_d0742b8d694f5bdf05fb863c4b8c0816',302837),('\'Ken Munro\'','\'Ken Munro\'','ASV_44eb85058e574c23d5d7b09c85c52888',302838),('\'Bill Woodcock\'','\'Bill Woodcock\'','PLV_611768b3e9a47f490909f32b330af26b',302839),('\'Amit Elazari\'','\'Amit Elazari\'','RTV_73bb93d8577fbcf6c3f0a31710d51645',302840),('\'SIV\'','\'SIV\'','VMV_210d6561a3d3bdf20f4d74de651d0823',302841),('\'Catherine Terranova\'','\'Catherine Terranova\'','VMV_0a015eef1d42407511019e2c7bb6e4d8',302842),('\'Matt Blaze\'','\'Matt Blaze\'','VMV_0a015eef1d42407511019e2c7bb6e4d8',302843),('\'Harri Hursti\'','\'Harri Hursti\'','VMV_0a015eef1d42407511019e2c7bb6e4d8',302844),('\'Susan Greenhalgh\'','\'Susan Greenhalgh\'','VMV_aa0ef7136221a1615f6a86be71dd930e',302845),('\'Mary Kaiser\'','\'Mary Kaiser\'','VMV_aa0ef7136221a1615f6a86be71dd930e',302846),('\'Drew Springall\'','\'Drew Springall\'','VMV_aa0ef7136221a1615f6a86be71dd930e',302847),('\'Philip Stark\'','\'Philip Stark\'','VMV_aa0ef7136221a1615f6a86be71dd930e',302848),('\'Susan Greenhalgh\'','\'Susan Greenhalgh\'','VMV_995036d632c4ebf68dd7717c667c1771',302849),('\'Anna Bower\'','\'Anna Bower\'','VMV_995036d632c4ebf68dd7717c667c1771',302850),('\'Rich DeMillo\'','\'Rich DeMillo\'','VMV_995036d632c4ebf68dd7717c667c1771',302851),('\'Marilyn Marks\'','\'Marilyn Marks\'','VMV_995036d632c4ebf68dd7717c667c1771',302852),('\'Philip Stark\'','\'Philip Stark\'','VMV_477d209685a286a502065fc1be95dd95',302853),('\'Hallie Stern\'','\'Hallie Stern\'','VMV_4e810754bbcf30ad0097733a3b27f4b1',302854),('\'Tina Schneibs\'','\'Tina Schneibs\'','VMV_4e810754bbcf30ad0097733a3b27f4b1',302855),('\'Philip Stark\'','\'Philip Stark\'','VMV_7263bfa9a50facc9d8a2b6aed90c60b0',302856),('\'Dr. Matthew Canham\'','\'Dr. Matthew Canham\'','VMV_30d0f7facc6d058858f0c72fa92e0f8e',302857),('\'Will Baggett\'','\'Will Baggett\'','VMV_b295edfc7c37eb498aa08c96963a8ff0',302858),('\'Nate Young\'','\'Nate Young\'','VMV_21e573886c997f12336723a81b8c0c25',302859),('\'Jason Butryn\'','\'Jason Butryn\'','VMV_21e573886c997f12336723a81b8c0c25',302860),('\'Fleur van Leusden\'','\'Fleur van Leusden\'','VMV_9958a60ba2fe786d33686312b089654c',302861),('\'Catherine Terranova\'','\'Catherine Terranova\'','VMV_fd8309335bb2f63cb1228090f8a2dd1f',302862),('\'Harri Hursti\'','\'Harri Hursti\'','VMV_fd8309335bb2f63cb1228090f8a2dd1f',302863),('\'Matt Blaze\'','\'Matt Blaze\'','VMV_fd8309335bb2f63cb1228090f8a2dd1f',302864),('\'Harri Hursti\'','\'Harri Hursti\'','VMV_80d26333ef71d595741357f5036fb2fe',302865),('\'Tailor Tolliver\'','\'Tailor Tolliver\'','VMV_640feea0050272857bc9c77e3b4de9ef',302866),('\'Kendall Spencer\'','\'Kendall Spencer\'','VMV_f8bdecf087335b853b84fb79693bc948',302867),('\'Michael Moore\'','\'Michael Moore\'','VMV_10820599e124190f9eef177b6ca21aff',302868),('\'Renée DiResta\'','\'Renée DiResta\'','VMV_77a1fcec4174d2b4fd7aba0f2f0d3b94',302869),('\'Dave Scanlan\'','\'Dave Scanlan\'','VMV_6f22afda99e6d768cb0146e668e40b84',302870),('\'Constantine Nicolaidis\'','\'Constantine Nicolaidis\'','VMV_229772c4a2c0222c453db37cee224c2c',302871),('\'Constantine Nicolaidis\'','\'Constantine Nicolaidis\'','VMV_9a4dc0a1f2ceb3bbd5a2f8a556574060',302872),('\'Catherine Terranova\'','\'Catherine Terranova\'','VMV_9a4dc0a1f2ceb3bbd5a2f8a556574060',302873),('\'Jake Braun\'','\'Jake Braun\'','VMV_0c172d7e7c22a81511842395e40e490d',302874),('\'Nicole Tisdale\'','\'Nicole Tisdale\'','VMV_49f866da36db035f097cb782a2d91ec1',302875),('\'Michael Moore\'','\'Michael Moore\'','VMV_49f866da36db035f097cb782a2d91ec1',302876),('\'Nate Young\'','\'Nate Young\'','VMV_49f866da36db035f097cb782a2d91ec1',302877),('\'Jake Braun\'','\'Jake Braun\'','VMV_49f866da36db035f097cb782a2d91ec1',302878),('\'Derek DelGaudio\'','\'Derek DelGaudio\'','VMV_49f866da36db035f097cb782a2d91ec1',302879),('\'Kendall Spencer\'','\'Kendall Spencer\'','VMV_49f866da36db035f097cb782a2d91ec1',302880),('\'Todd Fletcher\'','\'Todd Fletcher\'','BTV_0b1998a697825d5140d2012d6eb0b3e7',302881),('\'CtrlAltFu\'','\'CtrlAltFu\'','BTV_4bc888c660304d78b5a72d318458338b',302882),('\'Ezz Tahoun\'','\'Ezz Tahoun\'','ADV_d1c3d4f2273d07e5de8b69608e182de8',302883),('\'Chris Davis\'','\'Chris Davis\'','MISC_894a3530941862332e3f6d8a263867bb',302884),('\'John \"2PAC\" Smithberger\'','\'John \"2PAC\" Smithberger\'','MISC_78489a4c07067869aeb589cedb00db40',302885),('\'Thomas Roccia\'','\'Thomas Roccia\'','MISC_73a210098ba4cd684d3100bb3ff2ab13',302886),('\'Col Travis Hartman\'','\'Col Travis Hartman\'','MISC_3954e596c6f07ff5e3ebca880818f4b0',302887),('\'Steve Dossey\'','\'Steve Dossey\'','MISC_ba082380da56d54ae3e475b1fab1ff21',302888),('\'Chris Cleary\'','\'Chris Cleary\'','MISC_c367f9ab99314718dccea8e06dac7d9e',302889),('\'Nia Luckey\'','\'Nia Luckey\'','MISC_7f49feabc928dd91af3c8f711d87f87c',302890),('\'Matt James\'','\'Matt James\'','MISC_1c1eb2cd794bd881ff61565c3fbe4199',302891),('\'Grey Fox\'','\'Grey Fox\'','CPV_b97254d4d8e2a7d76e740cb6884529be',302892),('\'Grey Fox\'','\'Grey Fox\'','CPV_9de2ee132c9721da825c2a74c872fdb0',302893),('\'Joseph\'','\'Joseph\'','PSV_9daa8f35abd647111f7d5877f06d3733',302894),('\'Iceman\'','\'Iceman\'','RFV_b842e5aca56fef4ef7fe8b0b65439659',302895),('\'Escobar\'','\'Escobar\'','HRV_820185c465f3bdefe30aef732a5656a4',302896);
/*!40000 ALTER TABLE `speakers` ENABLE KEYS */;
UNLOCK TABLES;
--
-- Table structure for table `villages`
--
DROP TABLE IF EXISTS `villages`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!50503 SET character_set_client = utf8mb4 */;
CREATE TABLE `villages` (
`ID` int NOT NULL AUTO_INCREMENT,
`Activated` tinyint(1) NOT NULL,
`Name` varchar(45) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`JSONname` varchar(55) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`TagName` varchar(5) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`HomePage` varchar(70) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`SchedulePage` varchar(200) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`Map` enum('None','Other-See Desc','Sahara_Full','Springhill_Full','LVCCW_Level1_Hall1','LVCCW_Level1_Hall2','LVCCW_Level1_Hall3','LVCCW_Level1_Hall4','LVCCW_Level2_North','LVCCW_Level2_West','LVCCW_Level2_East','LVCCW_Level3_North','LVCCW_Level3_South','LVCCW_Level1_RegHDA') CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`Mode` enum('Virtual','IRL','Hybrid','') CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`DCVillagesPage` varchar(60) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`DCForumPage` varchar(50) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci DEFAULT NULL,
`DCForumArticle` varchar(50) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci DEFAULT NULL,
`DCDiscordChan` varchar(70) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`DCDiscordChanName` varchar(35) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`SocialMediaLink1` varchar(60) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`SocialMediaLink2` varchar(60) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`SocialMediaLink3` varchar(60) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`SocialMediaLink4` varchar(60) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`SocialMediaLink5` varchar(60) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`SocialMediaLink6` varchar(80) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`SocialMediaLink7` varchar(80) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`VideoStreamSIte` enum('dcdiscord','villdiscord','youtube','twitch','dcdiscordyoutubetwitch','none') CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci DEFAULT NULL,
`VIdeoStreamURL` varchar(90) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`ThurHours` varchar(20) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`FriHours` varchar(20) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`SatHours` varchar(20) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`SunHours` varchar(20) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`Venue` varchar(30) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`VillageLoc` varchar(100) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`TalkLoc` varchar(50) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`VillageDesc` text CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`jsonVillageDesc` text CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci,
`DCVillageDescLink` varchar(60) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci NOT NULL,
`VillageLogoURL` varchar(150) CHARACTER SET utf8mb3 COLLATE utf8mb3_unicode_ci DEFAULT NULL,
PRIMARY KEY (`ID`),
UNIQUE KEY `TagName` (`TagName`)
) ENGINE=InnoDB AUTO_INCREMENT=71 DEFAULT CHARSET=utf8mb3 COLLATE=utf8mb3_unicode_ci;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Dumping data for table `villages`
--
LOCK TABLES `villages` WRITE;
/*!40000 ALTER TABLE `villages` DISABLE KEYS */;
INSERT INTO `villages` VALUES (2,1,'Aerospace Village','','ASV','https://aerospacevillage.org/','https://www.aerospacevillage.org/defcon-32-talk-schedule','LVCCW_Level1_Hall2','IRL','#aerospace','https://forum.defcon.org/node/248644','https://forum.defcon.org/node/248645','https://discord.com/channels/708208267699945503/732393044363444264','#av-lounge-bar-text','https://twitter.com/secureaerospace','https://www.linkedin.com/company/aerospace-village/','https://twitter.com/hack_a_sat','https://discord.gg/gV4EWuk','https://www.youtube.com/c/AerospaceVillage','https://defcon.social/@aerospacevillage','',NULL,'','','','','','','LVCC West/Floor 1/Hall 2/HW2-07-02','',' \n \n \n \n \n ...
\n
\n...
\n
\n...
\n
\nAerospace Village
\n
\nTwitter/X :
@secureaerospace\nWebsite:
https://www.aerospacevillage.org\n
\nThe aviation and space industries, security researchers, and the public share a common goal: safe, reliable, and trustworthy aviation and space operations. For too long, negative perceptions and fractured trust on all sides have held back collaboration between the aviation, space, and security researcher communities that has advanced safety, reliability, and security of other industries. As the traditional domains of aviation safety and cybersecurity increasingly overlap, more effective collaboration between stakeholders ensures we will be safer, sooner, together.
\n
\nThrough the Aerospace Village, the security research community invites industry leaders, researchers and academia interested in aviation and space security, safety, and resilience to attend, understand, collaborate together to achieve our common goals. Empathy and understanding build common ground, while acts and words likely to increase division between these two communities undermine these efforts. The Aerospace Village welcomes those who seek to improve aviation and space security, safety, and resilience through positive, productive collaboration among all ecosystem stakeholders.
\n
\n
\nOur Goal
\n
\nThe Aerospace Village is a volunteer team of hackers, pilots, and policy advisors who come from the public and private sectors. We believe the flying public deserves safe, reliable, and trustworthy air travel which is highly dependent on secure aviation and space operations.
\n
\n
\nOur Mission
\n
\n- Create, sustain, and grow an inclusive community focused on aerospace cybersecurity;
\n- Inspire the next generation of aerospace cybersecurity leaders;
\n- Promote and develop aerospace cybersecurity expertise and knowledge.
\n
\n
\nThe Aerospace Village will do this by:
\n
\n- Building connections, trust, and understanding among all Village participants.
\n- Developing aerospace security skills among DEF CON attendees through workshops and hands-on activities.
\n- Promoting constructive dialog through talks and interaction.
\n\n
The aviation and space industries, security researchers, and the public share a common goal: safe, reliable, and trustworthy aviation and space operations. For too long, negative perceptions and fractured trust on all sides have held back collaboration between the aviation, space, and security researcher communities that has advanced safety, reliability, and security of other industries. As the traditional domains of aviation safety and cybersecurity increasingly overlap, more effective collaboration between stakeholders ensures we will be safer, sooner, together.\n
Through the Aerospace Village, the security research community invites industry leaders, researchers and academia interested in aviation and space security, safety, and resilience to attend, understand, collaborate together to achieve our common goals. Empathy and understanding build common ground, while acts and words likely to increase division between these two communities undermine these efforts. The Aerospace Village welcomes those who seek to improve aviation and space security, safety, and resilience through positive, productive collaboration among all ecosystem stakeholders.\n
\n
Our Goal\n
The Aerospace Village is a volunteer team of hackers, pilots, and policy advisors who come from the public and private sectors. We believe the flying public deserves safe, reliable, and trustworthy air travel which is highly dependent on secure aviation and space operations.\n
\n
Our Mission\n
\n - Create, sustain, and grow an inclusive community focused on aerospace cybersecurity;\n
- Inspire the next generation of aerospace cybersecurity leaders;\n
- Promote and develop aerospace cybersecurity expertise and knowledge.\n
\n
The Aerospace Village will do this by:\n
\n - Building connections, trust, and understanding among all Village participants.\n
- Developing aerospace security skills among DEF CON attendees through workshops and hands-on activities.\n
- Promoting constructive dialog through talks and interaction.
\n
Links: Website -
https://www.aerospacevillage.org/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248645\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248644\n Twitter (@secureaerospace) -
https://twitter.com/secureaerospace\n
\r\n \r\n \r\n \r\n \r\n ...
\r\n
\r\n...
\r\n
\r\nAI Village
\r\nWebsite:
https://aivillage.org/\r\n
\r\nAI Village is focused on teaching you what you need to know to both defend and break AI. Come learn how ChatGPT, StableDiffusion, malware detectors, ML firewalls, and other AI based products work and how to break them. We have a talks track with world class ML security professionals talking about what they\'ve seen and done in the industry. This year we\'ve expanded the demo area into 8 stations with demos designed to get you up to speed with the underlying technology fast and hands on. Finally, we\'re running workshops in the morning on dedicated hardware and for the afternoon a generative red team event where you can assess open source models and defenses.\r\n
AI Village is focused on teaching you what you need to know to both defend and break AI. Come learn how ChatGPT, StableDiffusion, malware detectors, ML firewalls, and other AI based products work and how to break them. We have a talks track with world class ML security professionals talking about what they\'ve seen and done in the industry. This year we\'ve expanded the demo area into 8 stations with demos designed to get you up to speed with the underlying technology fast and hands on. Finally, we\'re running workshops in the morning on dedicated hardware and for the afternoon a generative red team event where you can assess open source models and defenses.
Links: Website -
https://aivillage.org/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248649\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248648\n
\r\n \r\n \r\n \r\n \r\n ...
\r\n
\r\n...
\r\nAppSec Village
\r\nTwitter/X: @AppSec_Village
\r\n
https://www.appsecvillage.com/\r\n
\r\nCome immerse yourself in everything the world of application security has
\r\nto offer. Whether you are a red, blue, or purple teamer, come learn from the
\r\nbest of the best to exploit software vulnerabilities and secure software.
\r\nSoftware is everywhere, and Application Security vulnerabilities are lurking
\r\naround every corner, making the software attack surface attractive for
\r\nabuse. If you are just an AppSec n00b or launch deserialization attacks for
\r\nfun and profit, you will find something to tickle your interest at the
\r\nAppSec Village.
\r\n
\r\nSoftware runs the world. Everything from IoT, medical devices, the power
\r\ngrid, smart cars, and voting apps - all have software behind them. Such a
\r\nvariety of topics will be reflected in our cadre of guest speakers
\r\nrepresenting all backgrounds and walks of life.
\r\n
\r\nAppSec Village welcomes all travelers to choose from talks and workshops by
\r\nexpert community members, an all-AppSec-focused CTF, contests that challenge
\r\nyour mind and your skillz, and more. Bring your thirst for knowledge and
\r\npassion for breaking things, and your visit to AppSec Village will be
\r\nthrilling!\r\n
Come immerse yourself in everything the world of application security has to offer. Whether you are a red, blue, or purple teamer, come learn from the best of the best to exploit software vulnerabilities and secure software. Software is everywhere, and Application Security vulnerabilities are lurking around every corner, making the software attack surface attractive for abuse. If you are just an AppSec n00b or launch deserialization attacks for fun and profit, you will find something to tickle your interest at the AppSec Village.\n
Software runs the world. Everything from IoT, medical devices, the power grid, smart cars, and voting apps - all have software behind them. Such a variety of topics will be reflected in our cadre of guest speakers representing all backgrounds and walks of life.\n
AppSec Village welcomes all travelers to choose from talks and workshops by expert community members, an all-AppSec-focused CTF, contests that challenge your mind and your skillz, and more. Bring your thirst for knowledge and passion for breaking things, and your visit to AppSec Village will be thrilling!\n
Links: Website -
https://www.appsecvillage.com/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248677\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248676\n Twitter (@AppSec_Village) -
https://twitter.com/AppSec_Village\n
\n \n \n \n \n ...
\n
\n...
\nBlacks In Cyber Village
\n
https://defcon.social/@blacksincyber\n
https://infosec.exchange/@blacksincyber\n
www.blacksincyberconf.com/bic-village\n
\nThe Blacks In Cybersecurity (B.I.C.) Village seeks to bring culturally diverse perspectives to the holistic Cybersecurity community; by way of a series of talks and a capture the flag event. In providing these activities, we hope to help highlight Black experiences, innovations in the field, Black culture and educate the community about Black history.
\nThe B.I.C. Village attracts and retains the presence of Hackers from the United States, Africa, Caribbean and Europe (so far) that are a part of the African Diaspora. This often underrepresented and misrepresented community harbors the drive, determination and stick-to-itiveness that is congruent to the Hacker Spirit yet, statistically lacks the proper resources to pursue careers or engage their perspectives on security topics and research.
\n
\nThrough the exposure and information provided by B.I.C. Village, we believe that we can normalize the discussion of deficiency or prejudices in Cybersecurity education/development for minority communities. We also believe this effort can be translated to allow for more diverse hobbyists and professionals to engage and contribute.\n
The Blacks In Cybersecurity (B.I.C.) Village seeks to bring culturally diverse perspectives to the holistic Cybersecurity community; by way of a series of talks and a capture the flag event. In providing these activities, we hope to help highlight Black experiences, innovations in the field, Black culture and educate the community about Black history.\nThe B.I.C. Village attracts and retains the presence of Hackers from the United States, Africa, Caribbean and Europe (so far) that are a part of the African Diaspora. This often underrepresented and misrepresented community harbors the drive, determination and stick-to-itiveness that is congruent to the Hacker Spirit yet, statistically lacks the proper resources to pursue careers or engage their perspectives on security topics and research.\n
Through the exposure and information provided by B.I.C. Village, we believe that we can normalize the discussion of deficiency or prejudices in Cybersecurity education/development for minority communities. We also believe this effort can be translated to allow for more diverse hobbyists and professionals to engage and contribute.\n
Links: Mastodon (defcon.social) -
https://defcon.social/@blacksincyber\n Mastodon (infosec.exchange) -
https://infosec.exchange/@blacksincyber\n Website -
http://www.blacksincyberconf.com/bic-village\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248661\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248660\n
\r\n \r\n \r\n \r\n \r\n ...
\r\n
\r\n...
\r\n
\r\nBioHacking Village
\r\nWebsite:
https://villageb.io/\r\n
\r\nDive into the Future at the Biohacking Village: Welcome to the Intersection of Biology and Technology
\r\nAre you ready to explore the next frontier where technology meets biology? The Biohacking Village at DEF CON invites hackers, cybersecurity experts, biologists, and tech enthusiasts to delve into the exhilarating world of biohacking. This is your unique opportunity to be at the forefront of a revolution that’s redefining the boundaries of biology, technology, and human potential.
\r\n
\r\n
Why the Biohacking Village?- Uncover the Unknown: Embark on a journey to explore how hacking skills can unlock new potentials in biotechnology. Discover the secrets of DNA hacking, medical device exploitation, and more.
\r\n- Challenge Your Skills: Put your hacking abilities to the test in an entirely new domain. From breaking into sophisticated bioinformatics databases to uncovering vulnerabilities in the latest medical devices, challenge yourself like never before.
\r\n- A Hub of Innovation: Witness groundbreaking demonstrations and hands-on workshops led by pioneers in biotechnology and cybersecurity. The Biohacking Village is your chance to see the future as it unfolds.
\r\n- Collaborate and Create: Join a diverse community of hackers, scientists, healthcare professionals, and ethicists. Collaborate on projects that push the boundaries of what\'s possible in health, security, and technology.
\r\n- Ethical Hacking for the Greater Good: Use your skills to make a real-world impact. Contribute to projects focusing on improving public health, securing medical data, and enhancing the safety of biomedical devices.
\r\n
\r\n
What Awaits You?- Innovative Talks & Panels: Engage with thought leaders discussing everything from CRISPR gene editing to the cybersecurity of implantable devices.
\r\n- Hands-on Workshops: Learn new skills in biohacking, from DIY biology to the art of securing complex bio-systems.
\r\n- Live Demonstrations: Experience cutting-edge technology in action, including live hacking of medical devices and bioinformatics systems.
\r\n- Networking Opportunities: Connect with like-minded individuals and industry leaders who share your passion for technology and innovation.
\r\n
\r\n
Join the Vanguard of Biocybersecurity\r\n
\r\nAt the Biohacking Village, we’re not just spectators; we’re active participants shaping the future. Whether you\'re a seasoned hacker or just curious about the intersection of biology and technology, there\'s something for everyone. Be a part of a community that’s breaking new ground and redefining the possibilities of technology and biology.
\r\n
\r\nEmbrace your curiosity, unleash your potential, and join us at the Biohacking Village – where the future of biohacking and cybersecurity converges.
\r\n\r\n
Dive into the Future at the Biohacking Village: Welcome to the Intersection of Biology and Technology\n
Are you ready to explore the next frontier where technology meets biology? The Biohacking Village at DEF CON invites hackers, cybersecurity experts, biologists, and tech enthusiasts to delve into the exhilarating world of biohacking. This is your unique opportunity to be at the forefront of a revolution that’s redefining the boundaries of biology, technology, and human potential.\n
Why the Biohacking Village?\n
\n - Uncover the Unknown: Embark on a journey to explore how hacking skills can unlock new potentials in biotechnology. Discover the secrets of DNA hacking, medical device exploitation, and more.\n
- Challenge Your Skills: Put your hacking abilities to the test in an entirely new domain. From breaking into sophisticated bioinformatics databases to uncovering vulnerabilities in the latest medical devices, challenge yourself like never before.\n
- A Hub of Innovation: Witness groundbreaking demonstrations and hands-on workshops led by pioneers in biotechnology and cybersecurity. The Biohacking Village is your chance to see the future as it unfolds.\n
- Collaborate and Create: Join a diverse community of hackers, scientists, healthcare professionals, and ethicists. Collaborate on projects that push the boundaries of what\'s possible in health, security, and technology.\n
- Ethical Hacking for the Greater Good: Use your skills to make a real-world impact. Contribute to projects focusing on improving public health, securing medical data, and enhancing the safety of biomedical devices.
\n
What Awaits You?\n
\n - Innovative Talks & Panels: Engage with thought leaders discussing everything from CRISPR gene editing to the cybersecurity of implantable devices.\n
- Hands-on Workshops: Learn new skills in biohacking, from DIY biology to the art of securing complex bio-systems.\n
- Live Demonstrations: Experience cutting-edge technology in action, including live hacking of medical devices and bioinformatics systems.\n
- Networking Opportunities: Connect with like-minded individuals and industry leaders who share your passion for technology and innovation.
\n
Join the Vanguard of Biocybersecurity\n
At the Biohacking Village, we’re not just spectators; we’re active participants shaping the future. Whether you\'re a seasoned hacker or just curious about the intersection of biology and technology, there\'s something for everyone. Be a part of a community that’s breaking new ground and redefining the possibilities of technology and biology.\n
Embrace your curiosity, unleash your potential, and join us at the Biohacking Village – where the future of biohacking and cybersecurity converges.\n
Links: Website -
https://villageb.io/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248655\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248654\n
\n \n \n \n \n ...
\n
\n...
\n
\nBlue Team Village (BTV)
\ntwitter/X, @BlueTeamVillage
\ndefcon.social, @
blueteamvillage@defcon.social\n
https://blueteamvillage.org/\n
\nWelcome to the other side of the hacking mirror. Blue Team Village (BTV) is both a place and a community built for and by people who defend computer systems, networks, and people against cyber attacks. It\'s a place to gather, talk, share, and learn from each other about the latest tools, technologies, and tactics that our community can use to detect attackers and prevent them from achieving their goals.
\n
\nProject Obsidian – BTV’s Home-Grown Content
\n
\nThe Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Malware Analysis, Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH). Deep dive into technical topics through workshops and exercises that provide practical hands-on experience across each discipline. Project Obsidian workshops provide cybersecurity training that will enable attendees to develop skills needed to be successful in their current and/or future role.
\n
\nTwo of the most valuable takeaways are how to strategically approach a task and the operational processes that support the objectives behind each task. Knowing ‘how’ to do something is only part of the challenge. Knowing ‘when’ and ‘why’ to perform certain tasks adds necessary context to develop the full story of defensive cybersecurity.\n
Welcome to the other side of the hacking mirror. Blue Team Village (BTV) is both a place and a community built for and by people who defend computer systems, networks, and people against cyber attacks. It\'s a place to gather, talk, share, and learn from each other about the latest tools, technologies, and tactics that our community can use to detect attackers and prevent them from achieving their goals.\n
Project Obsidian – BTV’s Home-Grown Content\n
The Blue Team Village’s Project Obsidian is an immersive, defensive cybersecurity learning experience that provides attendees with the opportunity to gain knowledge of Incident Response (IR), Digital Forensics (DF), Malware Analysis, Cyber Threat Intelligence (CTI), and Cyber Threat Hunting (CTH). Deep dive into technical topics through workshops and exercises that provide practical hands-on experience across each discipline. Project Obsidian workshops provide cybersecurity training that will enable attendees to develop skills needed to be successful in their current and/or future role.\n
Two of the most valuable takeaways are how to strategically approach a task and the operational processes that support the objectives behind each task. Knowing ‘how’ to do something is only part of the challenge. Knowing ‘when’ and ‘why’ to perform certain tasks adds necessary context to develop the full story of defensive cybersecurity.\n
Links: Mastodon (@blueteamvillage@defcon.social) -
https://defcon.social/@blueteamvillage\n Website -
https://blueteamvillage.org/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248658\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248657\n Twitter (@BlueTeamVillage) -
https://twitter.com/BlueTeamVillage\n
\r\n \r\n \r\n \r\n \r\n ...
\r\n
\r\n...
\r\nCar Hacking Village
\r\n
https://twitter.com/CarHackVillage\r\n
https://www.carhackingvillage.com/\r\n
\r\nFor 10 years, we\'ve been rocking the automotive security scene, and this time, we\'re cranking up the excitement. Dive into hands-on challenges, snag cool badges, and tackle exercises that\'ll take your learning to a whole new level! Let\'s make this defcon the most unforgettable yet!\r\n
\r\n \r\n \r\n \r\n \r\n ...
\r\n
\r\n...
\r\nCloud Village
\r\n
https://twitter.com/cloudvillage_dc\r\n
https://cloud-village.org\r\n
\r\nWith the industry’s rapid growth in cloud infrastructure, the presence of an open platform to discuss and showcase cloud research becomes a necessity.
\r\nCloud village is an open platform for researchers interested in the area of cloud security. We plan to organise talks, tool demos, CTF and workshops around Cloud Security and advancements.
\r\n
\r\nOur CTF will be a jeopardy style 2.5 days contest where participants will have to solve challenges around Cloud infrastructure, security, recon, etc. These challenges will cover different cloud platforms including AWS, GCP, Azure, Alibaba, Digital Ocean, etc. We will also reward our top 3 teams with awards.\r\n
With the industry’s rapid growth in cloud infrastructure, the presence of an open platform to discuss and showcase cloud research becomes a necessity.\nCloud village is an open platform for researchers interested in the area of cloud security. We plan to organise talks, tool demos, CTF and workshops around Cloud Security and advancements.\n
Our CTF will be a jeopardy style 2.5 days contest where participants will have to solve challenges around Cloud infrastructure, security, recon, etc. These challenges will cover different cloud platforms including AWS, GCP, Azure, Alibaba, Digital Ocean, etc. We will also reward our top 3 teams with awards.\n
Links: Website -
https://dc32.cloud-village.org\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248683\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248682\n Twitter (@cloudvillage_dc) -
https://twitter.com/cloudvillage_dc\n
\r\n \r\n \r\n \r\n \r\n ...
\r\n
\r\n...
\r\nCrypto Privacy Village
\r\ndefcon.social/mastodon, @
cryptovillage@defcon.social\r\n
https://cryptovillage.org\r\n
\r\nLaunched in 2014, Crypto & Privacy Village (CPV) is a community-run village centred on privacy and cryptography that aims to educate and inform the general public, students, educators, hackers, security and privacy professionals, and policymakers. We provide a unique hybrid space that features talks; chill space for relaxing with friends, doing CTFs, and cross industry networking; the Gold Bug Challenge and desk for hints and support; privacy-related art installations; and an information desk for questions about privacy and cryptography. Come talk with us about facial recognition technology, privacy enhancing clothing, or crypto backdoor laws!\r\n
Launched in 2014, Crypto & Privacy Village (CPV) is a community-run village centred on privacy and cryptography that aims to educate and inform the general public, students, educators, hackers, security and privacy professionals, and policymakers. We provide a unique hybrid space that features talks; chill space for relaxing with friends, doing CTFs, and cross industry networking; the Gold Bug Challenge and desk for hints and support; privacy-related art installations; and an information desk for questions about privacy and cryptography. Come talk with us about facial recognition technology, privacy enhancing clothing, or crypto backdoor laws!
Links: Mastodon (@cryptovillage@defcon.social) -
https://defcon.social/@cryptovillage\n Website -
https://cryptovillage.org/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248686\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248685\n
\r\n
\r\n\r\n .
\r\n
\r\n
\r\n.
\r\nData Duplication Village
\r\n
\r\nThe Data Duplication Village has all the updated bits and bytes available from infocon.org packed up into nice, neat packages. If you\'re looking for a copy of all the things, we\'ve got what you need to fill up all your storage including a few nice hash tables and all of the DefCon talks. Add to that just about every other security con talk known to hacker-kind! Our village provides a "free-to-you" service of direct access to terabytes of useful data to help build those hacking skills and talk with other storage enthusiasts.
\r\n
\r\nCheck the schedule and/or dcddv.org for the most up-to-date information.
\r\n
\r\n
HOW IT WORKS\r\nThe DDV provides a core set of drive duplicators and data content options. We accept 8TB and larger drives on a first come, first served basis and duplicate \'till we can no longer see straight. Bring in your blank SATA3 drives - check them in early - to get the data you want. Come back in about 24 hours to pick up your data-packed drive. Space allowing, we\'ll accept drives all the way through until Saturday morning - but remember, it\'s FIFO - get those drives in early!
\r\n
\r\n
WHAT YOU GET\r\nWe\'re working on more content right up until the last minute so keep checking on dcddv.org for the latest. We expect to have the following and more:
\r\n- All past hacking convention videos that DT could find, built on last years collection and always adding more for your data consuming appetite.
\r\n
\r\n- freerainbowtables.com, GSM A5/1 hash tables plus freerainbowtables.com tools Website:
https://dcddv.org
\r\n.
\r\n.\r\n
\r\n
The Data Duplication Village has all the updated bits and bytes available from infocon.org packed up into nice, neat packages. If you\'re looking for a copy of all the things, we\'ve got what you need to fill up all your storage including a few nice hash tables and all of the DefCon talks. Add to that just about every other security con talk known to hacker-kind! Our village provides a \"free-to-you\" service of direct access to terabytes of useful data to help build those hacking skills and talk with other storage enthusiasts.\n
Check the schedule and/or dcddv.org for the most up-to-date information.\n
## How It Works\n
The DDV provides a core set of drive duplicators and data content options. We accept 8TB and larger drives on a first come, first served basis and duplicate \'till we can no longer see straight. Bring in your blank SATA3 drives - check them in early - to get the data you want. Come back in about 24 hours to pick up your data-packed drive. Space allowing, we\'ll accept drives all the way through until Saturday morning - but remember, it\'s FIFO - get those drives in early!\n
## What You Get\n
We\'re working on more content right up until the last minute so keep checking on dcddv.org for the latest. This year, we\'re adding new data to duplicate! Humans will be able to choose from the following data sources for duplication:\n
\n - A) Infocon.org Archive - 6TB archive of all the past hacking convention videos that DT could find, built on last years collection and always adding more for your data consuming appetite.\n
- B) Rainbow tables 1 of 3 - 6TB from freerainbowtables.com, the Lanman, MSQLSHA1, and NTLM hash tables plus freerainbowtables.com tools\n
- C) Rainbow tables 2 of 3 - 6TB from freerainbowtables.com, the A5/1 GSM, and MD5 tables plus freerainbowtables.com tools\n
- D) Vx Underground Archive - 8TB archive of the latest papers, samples, and code from Vx Underground\n
- E) Rainbow tables 3 of 3 - 8TB of New NTLM-9 hash tables and a copy of the Infocon.org mirrors
\n
Links: Website -
https://dcddv.org/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248950\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248949\n
\r\n \r\n \r\n \r\n \r\n ...
\r\n
\r\n...
\r\nHAM Radio Village
\r\n
https://defcon.social/@HamRadioVillage\r\n
https://hamvillage.org\r\n
\r\nHam radio is the original group of electronic hackers, starting long before computers, circuit chips, or even transistors. Continuing this pioneer spirit, Ham Radio Village is here to support advancement of the hobby with a cybersecurity slant. Everything we do today involves wireless communications of some sort, and a basic knowledge of how radio works is crucial. In the HRV, you can learn hand-on with topics such as how to legally use a radio to send commands to a satellite, communicating around the globe when no other methods exist, and how to send and receive real-time location data without relying on any cellular networks. You can put your skills to the test by trying to find the hidden transmitters in the Ham Radio Fox Hunt contest, as well as transmitting memes over the airwaves to defcon attendees. We provide license testing services for those looking to become licensed or upgrade their license class, as well as guidance on how to hack on the medium to achieve the best results and have the most fun!\r\n
Ham radio is the original group of electronic hackers, starting long before computers, circuit chips, or even transistors. Continuing this pioneer spirit, Ham Radio Village is here to support advancement of the hobby with a cybersecurity slant. Everything we do today involves wireless communications of some sort, and a basic knowledge of how radio works is crucial. In the HRV, you can learn hand-on with topics such as how to legally use a radio to send commands to a satellite, communicating around the globe when no other methods exist, and how to send and receive real-time location data without relying on any cellular networks. You can put your skills to the test by trying to find the hidden transmitters in the Ham Radio Fox Hunt contest, as well as transmitting memes over the airwaves to defcon attendees. We provide license testing services for those looking to become licensed or upgrade their license class, as well as guidance on how to hack on the medium to achieve the best results and have the most fun!
Links: Mastodon (defcon.social) -
https://defcon.social/@HamRadioVillage\n Website -
https://hamvillage.org/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248667\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248666\n
\r\n \r\n \r\n \r\n \r\n ...
\r\n
\r\n...
\r\nHHV/SSV
\r\ndefcon.social/mastodon, @DC_HHV
\r\n
https://ddhhv.org\r\n
\r\nEvery day our lives become more connected to consumer hardware. Every day the approved uses of that hardware are reduced, while the real capabilities expand. Come discover hardware hacking tricks and tips regain some of that capacity, and make your own use for things! We have interactive demos to help you learn new skills. We have challenges to compete against fellow attendees. We have some tools to help with your fever dream modifications. Come share what you know and learn something new.\r\n
Every day our lives become more connected to consumer hardware. Every day the approved uses of that hardware are reduced, while the real capabilities expand. Come discover hardware hacking tricks and tips regain some of that capacity, and make your own use for things! We have interactive demos to help you learn new skills. We have challenges to compete against fellow attendees. We have some tools to help with your fever dream modifications. Come share what you know and learn something new.
Links: Website -
https://ddhhv.org/\n Mastodon (@DC_HHV@defcon.social) -
https://defcon.social/@DC_HHV\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248670\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248669\n
\r\n \r\n \r\n \r\n \r\n ...
\r\n
\r\n...
\r\nICS Village
\r\n
https://www.icsvillage.com/\r\n
\r\n
Mission. ICS Village is a non-profit organization with the purpose of providing education and awareness of Industrial Control System security.
- Connecting public, industry, media, policymakers, and others directly with ICS systems and experts.
\r\n- Providing educational tools and materials to increase understanding among media, policymakers, and general population.
\r\n- Providing access to ICS for security researchers to learn and test.
\r\n- Hands on instruction for industry to defend ICS systems.
\r\n
Exhibits. Interactive simulated ICS environments that provide safe yet realistic examples to preserve safe, secure, and reliable operations. We bring real components such as Programmable Logic Controllers (PLC), Human Machine Interfaces (HMI), Remote Telemetry Units (RTU), and actuators, to simulate a realistic environment throughout different industrial sectors. Visitors can connect their laptops to assess these ICS devices with common security scanners, network sniffers to sniff the industrial traffic, and more! We will also have space dedicated to Maritime technology as well as Escape Rooms ran by Idaho National Labs and CISA. In addition to talks, hands-on demos/hacking, and escape rooms we are collaborating with BioHacking Village to demonstrate how Industrial Control Systems are used in Health Care. Because of that, we request that we be close to BHV.
\r\n
\r\n
\r\n\r\n
**Mission**. ICS Village is a non-profit organization with the purpose of providing education and awareness of Industrial Control System security.\n
\n - Connecting public, industry, media, policymakers, and others directly with ICS systems and experts.\n
- Providing educational tools and materials to increase understanding among media, policymakers, and general population.\n
- Providing access to ICS for security researchers to learn and test.\n
- Hands on instruction for industry to defend ICS systems.
\n
**Exhibits**. Interactive simulated ICS environments that provide safe yet realistic examples to preserve safe, secure, and reliable operations. We bring real components such as Programmable Logic Controllers (PLC), Human Machine Interfaces (HMI), Remote Telemetry Units (RTU), and actuators, to simulate a realistic environment throughout different industrial sectors. Visitors can connect their laptops to assess these ICS devices with common security scanners, network sniffers to sniff the industrial traffic, and more! We will also have space dedicated to Maritime technology as well as Escape Rooms ran by Idaho National Labs and CISA. In addition to talks, hands-on demos/hacking, and escape rooms we are collaborating with BioHacking Village to demonstrate how Industrial Control Systems are used in Health Care.\n
Links: Website -
https://www.icsvillage.com/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248689\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248688\n
\r\n
\r\n \r\n
\r\n \r\n \r\n \r\n \r\n ...
\r\n
\r\n...
\r\nIOT Village
\r\n
https://defcon.social/@IoTVillage/\r\n
https://iotvillage.org/defcon.html\r\n
\r\n
Hack all the things at IoT Village!\r\nIoT Village advocates for advancing security in the Internet of Things (IoT) industry through bringing researchers and industry together. IoT Village hosts talks by expert security researchers, interactive hacking labs, live bug hunting in the latest IoT tech, and competitive IoT hacking contests, including our 4 time black badge DEF CON CTF. Over the years, IoT Village has served as a platform to showcase and uncover hundreds of new vulnerabilities, giving attendees from around the globe the opportunity to learn about the most innovative techniques to both hack and secure IoT. IoT Village is organized by security consulting and research firm,
Independent Security Evaluators (ISE).
\r\n
\r\nFollow both ISE
(@ISEsecurity) and IoT Village
(@IoTvillage) on Twitter for updates on talks, contests, and giveaways.
\r\n
\r\n
\r\n\r\n
\r\n
\r\n \r\n \r\n \r\n
\r\n
\r\n\r\n
\r\n \r\n \r\n \r\n \r\n .
\r\n
\r\n.
\r\n
\r\nPhysical Security Village
\r\n
\r\nThe Physical Security Village explores the world of door hardware bypasses and techniques generally outside of the realm of cyber-security and lockpicking. Come learn some of these lock bypasses, how to fix them, and have the opportunity to try them out for yourself.
\r\n
\r\nWe’ll be covering the basics, like the under-the-door-tool and latch slipping attacks, as well as an in depth look at more complicated bypasses. Learn about elevator hacking, defeating alarm systems and surveillance cameras, and cut-away and display models of common hardware to show how it works on the inside.
\r\n
\r\nWe are one of the easiest villages to get started in - read the instruction sheets we have or scan a QR code to learn the techniques, or ask any of our volunteers in the green shirts if you have questions! Looking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!
\r\n
\r\nMastodon:
https://defcon.social/@physsec\r\nWebsite:
https://physsec.org/
\r\n.
\r\n.\r\n
\r\n
\r\n \r\n \r\n \r\n
The Physical Security Village explores the world of door hardware bypasses and techniques generally outside of the realm of cyber-security and lockpicking. Come learn some of these lock bypasses, how to fix them, and have the opportunity to try them out for yourself.\n
We’ll be covering the basics, like the under-the-door-tool and latch slipping attacks, as well as an in depth look at more complicated bypasses. Learn about elevator hacking, defeating alarm systems and surveillance cameras, and cut-away and display models of common hardware to show how it works on the inside.\n
We are one of the easiest villages to get started in - read the instruction sheets we have or scan a QR code to learn the techniques, or ask any of our volunteers in the green shirts if you have questions! Looking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!\n
Links: Mastodon (defcon.social) -
https://defcon.social/@physsec\n Website -
https://physsec.org/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248896\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248895\n
\r\n
\r\n
\r\n \r\n \r\n \r\n \r\n .
\r\n
\r\n.
\r\nLock Pick Village
\r\n
\r\nWant to tinker with locks and tools the likes of which you\'ve only seen in movies featuring secret agents, daring heists, or covert entry teams?
\r\n
\r\nThen come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.
\r\n
\r\nThe Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.
\r\n
\r\nExperts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.
\r\n
\r\nTwitter/X:
https://twitter.com/toool\r\nWebsite:
https://www.toool.us/
\r\n.
\r\n.\r\n
\r\n
\r\n
Want to tinker with locks and tools the likes of which you\'ve only seen in movies featuring secret agents, daring heists, or covert entry teams?\n
Then come on by the Lockpick Village, run by The Open Organization Of Lockpickers, where you will have the opportunity to learn hands-on how the fundamental hardware of physical security operates and how it can be compromised.\n
The Lockpick Village is a physical security demonstration and participation area. Visitors can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficultly to try it themselves.\n
Experts will be on hand to demonstrate and plenty of trial locks, pick tools, and other devices will be available for you to handle. By exploring the faults and flaws in many popular lock designs, you can not only learn about the fun hobby of sport-picking, but also gain a much stronger knowledge about the best methods and practices for protecting your own property.\n
Links: Website -
https://www.toool.us/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248928\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248927\n Twitter (@toool) -
https://twitter.com/toool\n
\r\n
\r\n\r\n
\r\n \r\n \r\n \r\n \r\n .
\r\n
\r\n
\r\n.
\r\n
\r\nPacket Hacking Village
\r\n
\r\nThe Packet Hacking Village at DEF CON provides a community learning experience for people of all skill levels, from absolute beginners to seasoned professionals. While DEF CON is made up of dozens of small community-of-interest villages, we are one of the largest and most well known. We host practical training, network forensics and analysis games, and the renowned Capture The Packet event, which has been a Black Badge contest over 10 times and draws world-class hackers from around the world. Our mission has always been simple: to teach people good internet safety practices, and to provide an atmosphere that encourages everyone to explore and learn.
\r\n
\r\nWe provide a welcoming environment for hackers of all skill levels and backgrounds to network, learn new things, and be active participants in DEF CON. Our famous “Wall of Sheep” provides a fun and interactive take on internet security and privacy, while our contests Packet Inspector, Packet Detective, and Capture The Packet serve as a zero-to-hero pathway for individuals to learn network security, packet analysis, and delve into advanced security topics. Every year we strive to bring something new and innovative to DEF CON, whether it’s never-seen-before talks or creative games to teach and test skills.
\r\n
\r\nDepending on what talks, contests, and events participants select, they can expect to learn any/all of the following:
\r\n
\r\nBasic Internet security and privacy, network cable construction, honeypot setup and operation, regex, Linux training, packet interception and decoding, network analysis, sniffing, and forensics, reverse engineering, file forensics, system forensics, cryptography analysis, and more to be determined by the talks and workshops that we accept.
\r\n
\r\nThe Packet Hacking Village and Wall of Sheep have been a part of DEF CON since DEF CON 9, and we are proud to provide education and training to the hacker community at no cost.
\r\n
\r\nTwitter:
@wallofsheep\r\nFacebook:
https://www.facebook.com/wallofsheep\r\nTumblr:
https://wallofsheep.tumblr.com/\r\nInstagram:
https://www.instagram.com/wallofsheep/\r\nPintrest:
https://www.pinterest.com/wallofsheep/\r\nYoutube:
https://www.youtube.com/channel/UCnL...dNvO381slSA06w\r\nMastodon:
https://defcon.social/@wallofsheep\r\n
\r\n.
\r\n
\r\n.\r\n
\r\n
\r\n
The Packet Hacking Village at DEF CON provides a community learning experience for people of all skill levels, from absolute beginners to seasoned professionals. While DEF CON is made up of dozens of small community-of-interest villages, we are one of the largest and most well known. We host practical training, network forensics and analysis games, and the renowned Capture The Packet event, which has been a Black Badge contest over 10 times and draws world-class hackers from around the world. Our mission has always been simple: to teach people good internet safety practices, and to provide an atmosphere that encourages everyone to explore and learn.\n
We provide a welcoming environment for hackers of all skill levels and backgrounds to network, learn new things, and be active participants in DEF CON. Our famous “Wall of Sheep” provides a fun and interactive take on internet security and privacy, while our contests Packet Inspector, Packet Detective, and Capture The Packet serve as a zero-to-hero pathway for individuals to learn network security, packet analysis, and delve into advanced security topics. Every year we strive to bring something new and innovative to DEF CON, whether it’s never-seen-before talks or creative games to teach and test skills.\n
Depending on what talks, contests, and events participants select, they can expect to learn any/all of the following:\n
Basic Internet security and privacy, network cable construction, honeypot setup and operation, regex, Linux training, packet interception and decoding, network analysis, sniffing, and forensics, reverse engineering, file forensics, system forensics, cryptography analysis, and more to be determined by the talks and workshops that we accept.\n
The Packet Hacking Village and Wall of Sheep have been a part of DEF CON since DEF CON 9, and we are proud to provide education and training to the hacker community at no cost.\n
Links: Facebook -
https://www.facebook.com/wallofsheep\n Instagram -
https://www.instagram.com/wallofsheep/\n YouTube -
https://www.youtube.com/channel/UCnL9S5Wv_dNvO381slSA06w\n Mastodon (defcon.social) -
https://defcon.social/@wallofsheep\n Pinterest -
https://www.pinterest.com/wallofsheep/\n Tumblr -
https://wallofsheep.tumblr.com/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248890\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248889\n Twitter (@wallofsheep) -
https://twitter.com/wallofsheep\n
![\"Click](\"filedata/fetch?id=244969&d=1682363862&type=small\" "\\"password.jpg\\"")
\n\n\n\n
\n
\n
\n
\n
\n
\n
\n.
\nPassword Village
\n
\nWhen:
\nFriday: 10:00 - 20:00
\nSaturday: 10:00 - 20:00
\nSunday: 10:00 - 14:00
\nWhere: Contest Area, Forums
\n
\nTwitter: \n@passwordvillage\n
\nWebsite: \nhttps://passwordvillage.org\n
\n
\nThe Password Village provides training, discussion, and hands-on
\naccess to hardware and techniques utilized in modern password cracking,
\nwith an emphasis on how password cracking relates to your job function
\nand the real world . No laptop? No problem! Feel free to use one of our
\nterminals to access a pre-configured GPGPU environment to run password
\nattacks against simulated real-world passwords. Village staff and
\nexpert volunteers will be standing by to assist you with on-the-spot
\ntraining and introductions to Hashcat, as well as other FOSS cracking
\napplications. Already a password cracking aficionado? Feel free to
\ngive a lightning talk, show off your skills, help a n00b learn the
\nbasics, or engage in riveting conversation with other password crackers.​
\n​\n\n\n\n\n\n\n\n\n\n\n\n\nStarts\n\nAugust 13, 2023 10:00\n\n\n\nEnds\n\nAugust 13, 2023 14:00\n\n\n\nLocation\n\nContest Area, Forums\n\n\n\'',NULL,'',NULL),(25,1,'Payment Village','','PYV','https://www.paymentvillage.org/','https://www.paymentvillage.org/workshops','LVCCW_Level2_West','IRL','#payment','https://forum.defcon.org/node/248892','https://forum.defcon.org/node/248893','https://discord.com/channels/708208267699945503/732733473558626314','#payv-labs-text','https://twitter.com/paymentvillage','https://www.twitch.tv/paymentvillage','https://www.youtube.com/channel/UCivO-5rpPcv89Wt8okBW21Q','https://t.me/paymentvillage','','','',NULL,'','','','','','','LVCC West/Floor 2/W202','',' \r\n
\r\n\r\n \r\n
\r\n \r\n \r\n .
\r\n
\r\n.
\r\n
\r\nPayment Village
\r\n
\r\nCome to the Payment Village to learn about payment technologies, their history, and how hackers bypass security and fraud mechanisms to cash out! Payment technologies play a crucial role in our daily lives, yet many of us lack an understanding of how they work. We invite you to explore the history of payments and to learn how modern-day payments work. The village is jam-packed with hands-on experiences and exciting challenges!
\r\n
\r\nUnsure where to start? Sign up for one of our workshops to get going. Do you have adept problem-solving skills? Pick up a Payment Village credit card and take part in our card hacking challenge! Looking for a unique challenge and want to get physical? Try our scavenger hunt. Bigger and better than last year! Try your hand at our cash-grab machines with real money. Catch as much money as you can to decipher the clues and solve the challenges.
\r\n
\r\nLast year, we were overwhelmed by the response to our village credit cards and terminals. This year, with the help of our sponsors we will expand upon the implementation, make the challenges even better and produce more cards for DEF CON attendees to get hold of. These working cards are unique to the payment village and cost us $5 per card. With sponsorship, we will be able to give away more cards and teach a few more attendees about payments.
\r\n
\r\nWebsite:
https://www.paymentvillage.org/\r\nYouTube channel:
https://www.youtube.com/c/PaymentVillage\r\nTelegram group chat: t.me/paymentvillage
\r\nTwitter/X:
@paymentvillage
\r\n
\r\n.
\r\n.\r\n
\r\n
\r\n \r\n \r\n \r\n
Come to the Payment Village to learn about payment technologies, their history, and how hackers bypass security and fraud mechanisms to cash out! Payment technologies play a crucial role in our daily lives, yet many of us lack an understanding of how they work. We invite you to explore the history of payments and to learn how modern-day payments work. The village is jam-packed with hands-on experiences and exciting challenges!\n
Unsure where to start? Sign up for one of our workshops to get going. Do you have adept problem-solving skills? Pick up a Payment Village credit card and take part in our card hacking challenge! Looking for a unique challenge and want to get physical? Try our scavenger hunt. Bigger and better than last year! Try your hand at our cash-grab machines with real money. Catch as much money as you can to decipher the clues and solve the challenges.\n
Links: Website -
https://www.paymentvillage.org/\n YouTube -
https://www.youtube.com/c/PaymentVillage\n Telegram -
https://t.me/paymentvillage\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248893\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248892\n Twitter (@paymentvillage) -
https://twitter.com/paymentvillage\n
\r\n
\r\n\r\n
\r\n \r\n \r\n \r\n \r\n .
\r\n
\r\n.
\r\nRecon Village
\r\n
\r\nRecon Village is an Open Space with Talks, Live Demos, Workshops, Discussions, CTFs, etc., with a common focus on Reconnaissance. The core objective of this village is to spread awareness about the importance of reconnaissance and open-source intelligence (OSINT) and demonstrate how even a small piece of information about a target can cause catastrophic damage to individuals and organizations. As recon is a vital phase for infosec as well as investigations, folks should have this skill set in their arsenal. People should check out Recon Village, as they get to learn novel point/recon techniques, play hands-on CTF, participate in Live Recon, and, most of all, have fun. At RV, we keep things simple, and the focus is on generating quality content using talks, workshops, CTF, live hacking, hackathons, etc. This year, we are launching a new hands-on event, i.e. Live Recon Contest, where we will challenge participants to perform recon on organization (pre-approved) - live and compete against each other to find as many as recon flags. This will include gauging skills like domain discovery, subdomain enumerations, GitHub Dorking, Metadata Extraction, data harvesting, social media profiling, threat intel mining, correlations and aggregations, and a lot more.
\r\n
\r\nAlso, to reduce the barrier to entry, we are going to host 101 Hands-on OSINT & Recon Workshops where people can learn and practice some new skills.
\r\n
\r\nSimilar to the previous years, there will be Awesome rewards for the winners, along with free t-shirts, stickers, village coins, and other schwag which attendees can grab and show off. We will be making changes to our badge as well. P.S. We will not be selling it, though.
\r\n
\r\nWebsite:
https://reconvillage.org/\r\nTwitter/X:
@reconvillage\r\nYoutube:
https://www.youtube.com/reconvillage
\r\n
\r\n.
\r\n.\r\n
\r\n
\r\n \r\n
Recon Village is an Open Space with Talks, Live Demos, Workshops, Discussions, CTFs, etc., with a common focus on Reconnaissance. The core objective of this village is to spread awareness about the importance of reconnaissance and open-source intelligence (OSINT) and demonstrate how even a small piece of information about a target can cause catastrophic damage to individuals and organizations. As recon is a vital phase for infosec as well as investigations, folks should have this skill set in their arsenal. People should check out Recon Village, as they get to learn novel point/recon techniques, play hands-on CTF, participate in Live Recon, and, most of all, have fun. At RV, we keep things simple, and the focus is on generating quality content using talks, workshops, CTF, live hacking, hackathons, etc. This year, we are launching a new hands-on event, i.e. Live Recon Contest, where we will challenge participants to perform recon on organization (pre-approved) - live and compete against each other to find as many as recon flags. This will include gauging skills like domain discovery, subdomain enumerations, GitHub Dorking, Metadata Extraction, data harvesting, social media profiling, threat intel mining, correlations and aggregations, and a lot more.\n
Also, to reduce the barrier to entry, we are going to host 101 Hands-on OSINT & Recon Workshops where people can learn and practice some new skills.\n
Similar to the previous years, there will be Awesome rewards for the winners, along with free t-shirts, stickers, village coins, and other schwag which attendees can grab and show off. We will be making changes to our badge as well. P.S. We will not be selling it, though.\n
Links: Website -
https://reconvillage.org/\n YouTube -
https://www.youtube.com/reconvillage\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248908\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248907\n Twitter (@reconvillage) -
https://twitter.com/reconvillage\n
\r\n
\r\n\r\n
\r\n \r\n \r\n \r\n \r\n .
\r\n
\r\n
\r\n.
\r\nRadio Frequency Village
\r\n
\r\nAfter 17 years of evolution, from the WiFi Village, to the Wireless Village, RF Hackers Sanctuary presents: The Radio Frequency Village at DEFCON 32. The Radio Frequency Village is an environment where people come to learn about the security of radio frequency (RF) transmissions, which includes wireless technology, applications of software defined radio (SDR), Bluetooth (BT), Zigbee, WiFi, Z-wave, Radio Frequency Identification (RFID), Infrared (IR) and other protocols within the usable RF spectrum. As a security community we have grown beyond WiFi, and even beyond Bluetooth and Zigbee. The RF Village includes talks on all manner of radio frequency command and control as well as communication systems. While everyone knows about the WiFi and Bluetooth attack surfaces, most of us rely on many additional technologies every day. RF Hackers Sanctuary is supported by a group of experts in the area of information security as it relates to RF technologies. RF Hackers Sanctuary’s common purpose is to provide an environment in which participants may explore these technologies with a focus on improving their skills through offense and defense. These learning environments are provided in the form of guest speakers, panels, and Radio Frequency Capture the Flag games, to promote learning on cutting edge topics as it relates to radio communications. We promise to still provide free WiFi.
\r\n
\r\n
https://rfhackers.com/the-crew\r\n
\r\nSpeaker and contest schedule can be found on our Website:
\r\n
https://rfhackers.com/calendar\r\n
\r\nCo-located with the RF Village is the RF Capture the Flag. Come for the talks, stay for the practice and the competition.
\r\n
\r\nWho runs this thing?
\r\nRF Hackers Sanctuary is a group of all volunteers with expertise in radio security and various other related fields. We are the original creators of the WiFi Capture the Flag, Wireless Capture the Flag, and RF Capture the Flag. We are the original founders of the WiFi Village, Wireless Village, and RF Village. Often imitated, never duplicated.
\r\n
\r\nTL;DR
\r\nTwitter/X:
@rfhackers and
@rf_ctf\r\nDiscord:
https://discordapp.com/invite/JjPQhKy\r\nWebsite:
https://rfhackers.com
\r\n.
\r\n.\r\n
\r\n
\r\n \r\n \r\n
After 17 years of evolution, from the WiFi Village, to the Wireless Village, RF Hackers Sanctuary presents: The Radio Frequency Village at DEFCON 32. The Radio Frequency Village is an environment where people come to learn about the security of radio frequency (RF) transmissions, which includes wireless technology, applications of software defined radio (SDR), Bluetooth (BT), Zigbee, WiFi, Z-wave, Radio Frequency Identification (RFID), Infrared (IR) and other protocols within the usable RF spectrum. As a security community we have grown beyond WiFi, and even beyond Bluetooth and Zigbee. The RF Village includes talks on all manner of radio frequency command and control as well as communication systems. While everyone knows about the WiFi and Bluetooth attack surfaces, most of us rely on many additional technologies every day. RF Hackers Sanctuary is supported by a group of experts in the area of information security as it relates to RF technologies. RF Hackers Sanctuary’s common purpose is to provide an environment in which participants may explore these technologies with a focus on improving their skills through offense and defense. These learning environments are provided in the form of guest speakers, panels, and Radio Frequency Capture the Flag games, to promote learning on cutting edge topics as it relates to radio communications. We promise to still provide free WiFi.\n
Co-located with the RF Village is the RF Capture the Flag. Come for the talks, stay for the practice and the competition.\n
Who runs this thing?\n
RF Hackers Sanctuary is a group of all volunteers with expertise in radio security and various other related fields. We are the original creators of the WiFi Capture the Flag, Wireless Capture the Flag, and RF Capture the Flag. We are the original founders of the WiFi Village, Wireless Village, and RF Village. Often imitated, never duplicated.\n
Links: Website -
https://rfhackers.com/\n Discord -
https://discordapp.com/invite/JjPQhKy\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248905\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248904\n Twitter (@rfhackers) -
https://twitter.com/rfhackers\n Twitter (@rf_ctf) -
https://twitter.com/rf_ctf\n
\r\n
\r\n\r\n
\r\n \r\n \r\n \r\n \r\n .
\r\n
\r\n.
\r\nSEC Village
\r\n
\r\n
\r\n
\r\nThe Social Engineering Community is formed by a group of individuals who have a passion to enable people of all ages and backgrounds interested in Social Engineering with a venue to learn, discuss, and practice this craft. We plan to use this opportunity at DEF CON to present a community space that offers those elements through panels, research opportunities, and contests in order to act as a catalyst to foster discussion, advance the craft and create a space for individuals to expand their network. DEF CON attendees can either participate in these events, or they can watch the events unfold and learn about Social Engineering as an audience member. We plan to accomplish the above by bringing together passionate individuals to have a shared stake in building this community. To do this, positions which can be rotated such as judges, coaches, panelists will be offered to different community members each year allowing for new faces and ideas so that more individuals have an opportunity to give back equally.
\r\n
\r\nTwitter/X:
@sec_defcon\r\nWebsite:
https://www.se.community/\r\n
\r\n
\r\n
\r\n.
\r\n.\r\n
\r\n
\r\n
\n - Hours
\n- Friday: 08:30 – 18:00\nSaturday: 10:00 – 18:00\nSunday: 10:00 – 14:00\n \n
- Location
\n- The Social Engineering Community Village will be in the LVCC West Hall rooms W317-319
\n
Welcome to the Social Engineering Community! The SEC village focuses purely on the human aspect of security, Social Engineering, to enable people of all ages and backgrounds interested in the subject matter to have a venue to learn, discuss, and practice this craft.\n
This year, over three days at DEF CON, you can expect the following events to take place in the village:\n
\n - Vishing Competition (#SECVC): This edge-of-your-seat competition is where prior selected teams (who have already put WEEKS of work into the competition) place live phone calls inside a soundproof booth in front of SEC audience members to elicit as many objectives as possible. The highest score wins! This competition takes place only on Friday.
- Youth Challenge: Anyone 18 and under is invited to compete and learn about more than just Social Engineering; our challenges include areas in cryptography, network security, defusing intergalactic implosion bombs, and more. Can you stop the universe from imploding into what we’re assuming is probably another universe but much smaller? We hope so! Otherwise, even the dolphins will have to find a new home.
- Cold Calls: This event lets DEF CON attendees sign up in the village (first come, first serve style) to place live phone calls inside the soundproof booth. We provide the target and phone number, then give a few objectives (easy, medium, and hard), and start a countdown timer to see if they have the skills to get information from a stranger with no preparation. There is nothing to prepare for, just bring yourself!
- New: This year, we may have a couple more surprises up our sleeves – stay tuned and check out our website as it gets closer to DEF CON with our daily schedule!
\n
Links: Website -
https://www.se.community/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248914\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248913\n
\r\n
\r\n \r\n
\r\n \r\n \r\n \r\n \r\n .
\r\n
\r\n
\r\n.
\r\nVoting Village
\r\n
\r\n
\r\n
\r\nThe Voting Village is an interactive educational environment that provides the public with the unique opportunity to have hands-on experience with our current election infrastructure. Attendees will be able to interact with multiple different types of voting systems, all of which are currently in use across the country today. Hackers will have the opportunity to test how secure these voting systems truly are, and will report to the Voting Village Lead\'s any vulnerabilities they find. The Voting Village explores all aspects of election security and works to promote a more secure democracy.
\r\n
\r\nAttendees of Voting Village will also have access to Harri Hursti, the world\'s premier hacker and leading election and cyber security expert who has successfully hacked voting machines on multiple occasions. Aside from Harri, attendees will have access to other experts as well as the option of joining us for our speaker track (TALKS) that will take place every day except for the last Sunday of DEF CON. Our speaker track represents the most relevant government agencies and the top media outlets. Additionally, there will be multiple showings of Harri\'s HBO documentary, Kill Chain: The Cyber War on America\'s Elections. We will also have two Capture The Flags (CONTESTS) taking place throughout DEF CON.
\r\n
\r\nDue to it being a presidential election year, the focus on elections is going to be extremely heightened. Having an open research environment like the Voting Village helps offset the misinformation and disinformation that is rampant leading up to a presidential election. The Voting Village not only addresses election infrastructure related issues but also focuses on information integrity as a critical element of our election system. Our talks given by the most reputable subject matter experts cover all of these election related topics.
\r\n
\r\nTwitter/X:
@VotingVillageDC\r\nWebsite:
https://votingvillage.org\r\n
\r\n
\r\n
\r\n.
\r\n.\r\n
\r\n
\r\n
The Voting Village is an interactive educational environment that provides the public with the unique opportunity to have hands-on experience with our current election infrastructure. Attendees will be able to interact with multiple different types of voting systems, all of which are currently in use across the country today. Hackers will have the opportunity to test how secure these voting systems truly are, and will report to the Voting Village Lead\'s any vulnerabilities they find. The Voting Village explores all aspects of election security and works to promote a more secure democracy.\n
Attendees of Voting Village will also have access to Harri Hursti, the world\'s premier hacker and leading election and cyber security expert who has successfully hacked voting machines on multiple occasions. Aside from Harri, attendees will have access to other experts as well as the option of joining us for our speaker track (TALKS) that will take place every day except for the last Sunday of DEF CON. Our speaker track represents the most relevant government agencies and the top media outlets. Additionally, there will be multiple showings of Harri\'s HBO documentary, Kill Chain: The Cyber War on America\'s Elections. We will also have two Capture The Flags (CONTESTS) taking place throughout DEF CON.\n
Due to it being a presidential election year, the focus on elections is going to be extremely heightened. Having an open research environment like the Voting Village helps offset the misinformation and disinformation that is rampant leading up to a presidential election. The Voting Village not only addresses election infrastructure related issues but also focuses on information integrity as a critical element of our election system. Our talks given by the most reputable subject matter experts cover all of these election related topics.\n
Links: Website -
https://votingvillage.org/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248922\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248921\n Twitter (@VotingVillageDC) -
https://twitter.com/VotingVillageDC\n
\r\n
\r\n\r\n \r\n
\r\n \r\n \r\n \r\n \r\n .
\r\n
\r\n.
\r\nRed Team Village
\r\n
\r\nThe Red Team Village is focused on training the art of critical thinking, collaboration, and strategy in offensive security. The RTV brings together information security professionals to share new tactics and techniques in offensive security. Attendees may spend all three days engaged in introductory workshops or challenge themselves in an immersive Capture the Flag competition to put their newly obtained skills to the test.
\r\n
\r\nTwitter/X:
@RedTeamVillage_\r\nWebsite:
https://redteamvillage.io
\r\n.
\r\n.\r\n
\r\n
\r\n \r\n
The Red Team Village is focused on training the art of critical thinking, collaboration, and strategy in offensive security. The RTV brings together information security professionals to share new tactics and techniques in offensive security. Attendees may spend all three days engaged in introductory workshops or challenge themselves in an immersive Capture the Flag competition to put their newly obtained skills to the test.
Links: Website -
https://redteamvillage.io/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248911\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248910\n Twitter (@RedTeamVillage_) -
https://twitter.com/RedTeamVillage_\n
\r\n
\r\n\r\n
\r\n \r\n \r\n \r\n \r\n .
\r\n.
\r\nTamper Evident Village
\r\n
\r\nTamper-evident" refers to a physical security technology that provides evidence of tampering (access, damage, repair, or replacement) to determine authenticity or integrity of a container or object(s). In practical terms, this can be a piece of tape that closes an envelope, a plastic detainer that secures a hasp, or an ink used to identify a legitimate document. Tamper-evident technologies are often confused with "tamper resistant" or "tamper proof" technologies which attempt to prevent tampering in the first place. Referred to individually as "seals," many tamper technologies are easy to destroy, but a destroyed (or missing) seal would provide evidence of tampering! The goal of the TEV is to teach attendees how these technologies work and how many can be tampered with without leaving evidence.
\r\n
\r\nThe Tamper-Evident Village includes the following contests and events:
\r\n
\r\n* The Box; an electronic tamper challenge. An extremely realistic explosive with traps, alarms, and a timer ticking down. One mistake and BOOM, you\'re dead. Make every second count! Sign ups on-site when the TEV begins.
\r\n
\r\n* Tamper-Evident King of the Hill; a full-featured tamper challenge. Tamper single items at your leisure and attempt to beat the current best. There can be only ONE! No sign ups required, play on-site when the TEV begins.
\r\n
\r\n* Badge Counterfeiting Contest; submit your best forgery of a DEF CON human badge. Other target badges are also available for those looking for more counterfeit fun!
\r\n
\r\n* For your viewing pleasure, collections of high-security tamper-evident seals from around the world.
\r\n
\r\n* Presentations & demonstrations on various aspects of tamper-evident seals and methods to defeat them.
\r\n
\r\n* Hands-on fun with adhesive seals, mechanical seals, envelopes, and evidence bags.
\r\n
\r\n.
\r\n.\r\n
\r\n
\r\n
\"Tamper-evident\" refers to a physical security technology that provides evidence of tampering (access, damage, repair, or replacement) to determine authenticity or integrity of a container or object(s). In practical terms, this can be a piece of tape that closes an envelope, a plastic detainer that secures a hasp, or an ink used to identify a legitimate document. Tamper-evident technologies are often confused with \"tamper resistant\" or \"tamper proof\" technologies which attempt to prevent tampering in the first place. Referred to individually as \"seals,\" many tamper technologies are easy to destroy, but a destroyed (or missing) seal would provide evidence of tampering! The goal of the TEV is to teach attendees how these technologies work and how many can be tampered with without leaving evidence.\n
The Tamper-Evident Village includes the following contests and events:\n
\n - The Box; an electronic tamper challenge. An extremely realistic explosive with traps, alarms, and a timer ticking down. One mistake and BOOM, you\'re dead. Make every second count! Sign ups on-site when the TEV begins.\n
- Tamper-Evident King of the Hill; a full-featured tamper challenge. Tamper single items at your leisure and attempt to beat the current best. There can be only ONE! No sign ups required, play on-site when the TEV begins.\n
- Badge Counterfeiting Contest; submit your best forgery of a DEF CON human badge. Other target badges are also available for those looking for more counterfeit fun!\n
- For your viewing pleasure, collections of high-security tamper-evident seals from around the world.\n
- Presentations & demonstrations on various aspects of tamper-evident seals and methods to defeat them.\n
- Hands-on fun with adhesive seals, mechanical seals, envelopes, and evidence bags.
\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248917\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248916\n
\r\n
\r\n\r\n
\r\n \r\n \r\n \r\n \r\n .
\r\n
\r\n
\r\n.
\r\nQuantum Village
\r\n
\r\nAttention Quantum Hackers - Quantum Village is Back for DEF CON 32! Come and explore and discover new technologies to hack - this year, we are focusing on quantum tech and society; from how to hack quantum networks to how ‘thinking quantum’ could change the world. We have a plethora of new activities, open to all levels, for hackers to come and learn quantum technologies - workshops, some talks, interactive demonstrations, and real quantum hardware! We also have the return of our infamous Quantum-CTF - pitch your wits against the Quantum Quizmasters and earn points for glory! Come and learn more about this exciting emerging field of technology and science, and become a QUANTUM HACKER!
\r\n
\r\nWe are very excited to bring back Quantum Village after our standing-room only success these last two years! This year we want to focus on looking at the parallels between how classical computing developed and became distributed and interconnected through LANs and WANs and later social networks, and how quantum computing is looking to do the same with the ‘quantum internet’, and what it means to have a ‘social quantum network’. To this end we are working with some quantum infrastructure companies to have a real quantum network present at the event and ready for people to hack, e.g. via messing with the fibre lines we plan on distributing throughout the village.
\r\n
\r\nWe also want to use this analogy to get participants to ask questions about how quantum technologies can, should, and may fit into society at large, building on our ‘Quantum Life’ sessions in previous years that have lead to some really engaging discussions and thought provoking debates - all of which we would continue to build upon.
\r\n
\r\nWe also want to provide a bigger, more expansive Quantum CTF competition within the village that we would like to build our own hardware (e.g. badges) to present both as part of the challenge.
\r\n
\r\nTwitter/X:
@quantum_village\r\nWebsite:
https://quantumvillage.org/
\r\n.
\r\n.\r\n
\r\n
\r\n \r\n \r\n \r\n
Attention Quantum Hackers - Quantum Village is Back for DEF CON 32! Come and explore and discover new technologies to hack - this year, we are focusing on quantum tech and society; from how to hack quantum networks to how ‘thinking quantum’ could change the world. We have a plethora of new activities, open to all levels, for hackers to come and learn quantum technologies - workshops, some talks, interactive demonstrations, and real quantum hardware! We also have the return of our infamous Quantum-CTF - pitch your wits against the Quantum Quizmasters and earn points for glory! Come and learn more about this exciting emerging field of technology and science, and become a QUANTUM HACKER!\n
We are very excited to bring back Quantum Village after our standing-room only success these last two years! This year we want to focus on looking at the parallels between how classical computing developed and became distributed and interconnected through LANs and WANs and later social networks, and how quantum computing is looking to do the same with the ‘quantum internet’, and what it means to have a ‘social quantum network’. To this end we are working with some quantum infrastructure companies to have a real quantum network present at the event and ready for people to hack, e.g. via messing with the fibre lines we plan on distributing throughout the village.\n
We also want to use this analogy to get participants to ask questions about how quantum technologies can, should, and may fit into society at large, building on our ‘Quantum Life’ sessions in previous years that have lead to some really engaging discussions and thought provoking debates - all of which we would continue to build upon.\n
We also want to provide a bigger, more expansive Quantum CTF competition within the village that we would like to build our own hardware (e.g. badges) to present both as part of the challenge.\n
Links: Website -
https://quantumvillage.org/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248902\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248901\n Twitter (@quantum_village) -
https://twitter.com/quantum_village\n
\r\n
\r\n\r\n \r\n
\r\n \r\n \r\n \r\n \r\n .
\r\n
\r\n.
\r\nPolicy Village
\r\n
\r\nMastodon:
https://defcon.social/@defconpolicy\r\nTwitter/X:
@defconpolicy\r\nWebsite:
https://defcon.org/policy/
\r\n
\r\n.
\r\n.\r\n
\r\n
\r\n \r\n \r\n \r\n
The DEF CON community understands that creating a safer digital society requires collaboration between security and policy experts. Policy @ DEF CON provides a space for representatives of all areas of security to come together to educate and engage each other.\n
Tech policy is being written as we speak and we believe that including diverse expert voices will improve outcomes and help to bridge gaps between technical and policy practitioners. Senior government officials, nonprofit and private sector experts, security researchers, hackers, academics and technologists from around the world all come together at Policy @ DEF CON.\n
Links: Mastodon (defcon.social) -
https://defcon.social/@defconpolicy\n Website -
https://defcon.org/policy/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248899\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248898\n Twitter (@defconpolicy) -
https://twitter.com/defconpolicy\n
\r\n \r\n \r\n \r\n \r\n ...
\r\n
\r\n...
\r\n
\r\nEmbedded Village
\r\n
\r\nEmbedded systems exist at the intersection of hardware and software, built to accomplish a specific task. Often these disciplines are dealt with individually, but understanding the custom relationships between hardware and software is key to performing security research on these devices.
\r\n
\r\nEmbedded Systems Village advances the security of embedded systems by hosting hands-on hacking workshops, showcasing new security research demos, and organizing exciting hacking contests to educate attendees and manufacturers on the approach hackers use to attack these devices. Attendees will leave the village with an understanding of how to reduce complex, exotic devices to their underlying embedded components and to extract the information required to use the tools and techniques taught at other villages where embedded systems are on display.
\r\n\r\n
Embedded systems exist at the intersection of hardware and software, built to accomplish a specific task. Often these disciplines are dealt with individually, but understanding the custom relationships between hardware and software is key to performing security research on these devices.\n
Embedded Systems Village advances the security of embedded systems by hosting hands-on hacking workshops, showcasing new security research demos, and organizing exciting hacking contests to educate attendees and manufacturers on the approach hackers use to attack these devices. Attendees will leave the village with an understanding of how to reduce complex, exotic devices to their underlying embedded components and to extract the information required to use the tools and techniques taught at other villages where embedded systems are on display.\n
Links: Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248664\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248663\n
\r\n
\r\n \r\n
\r\n \r\n \r\n \r\n \r\n .
\r\n
\r\n.
\r\nTelecom Village
\r\n
\r\nThe Telecom Village is a platform for anyone with an interest in both the offensive and defensive facets of telecom security. The village is where a variety of events, including talks, CTFs, and discussions centred on telecom security, take place. The Telecom Village’s primary focus would be on Telecom Security. We plan to host multiple hands-on events as part of the village to give participants an overview security specific challenges in a Telcom Network. This includes: CTFs in telecom signaling security and another one in Private 5G and select set of mini workshops and panels, spread across two days.
\r\n
\r\nThis Year we are planning to cover the following points Live4G/5G(SA) with Commercial BTS, internals and of a SIM Card, Simulating 4G/5G in a portal portable computing device, fundamentals of VoLTE/VoNR and its Attack vectors, MBSS for Telecom Security etc.
\r\n
\r\nTelecom Security is an extremely focused and relatively closed domain within the Industry. We hope to bring this to a larger audience, ensure that they have a source which could act as a structure to facilitate learning and development in the sector. We will see larger adoption of Private 5G network across the globe and industries, which will come with it’s own set of unique challenges. We hope this village will play a key role is development and identification of key talents/projects which will help in tackling security challenges that plagues the telecom sector.
\r\n
\r\nWebsite:
https://telecomvillage.com Twitter/X:
@TelecomVillage
\r\n.
\r\n.\r\n
\r\n
\r\n
The Telecom Village is a platform for anyone with an interest in both the offensive and defensive facets of telecom security. The village is where a variety of events, including talks, CTFs, and discussions centred on telecom security, take place. The Telecom Village’s primary focus would be on Telecom Security. We plan to host multiple hands-on events as part of the village to give participants an overview security specific challenges in a Telcom Network. This includes: CTFs in telecom signaling security and another one in Private 5G and select set of mini workshops and panels, spread across two days.\n
This Year we are planning to cover the following points Live4G/5G(SA) with Commercial BTS, internals and of a SIM Card, Simulating 4G/5G in a portal portable computing device, fundamentals of VoLTE/VoNR and its Attack vectors, MBSS for Telecom Security etc.\n
Telecom Security is an extremely focused and relatively closed domain within the Industry. We hope to bring this to a larger audience, ensure that they have a source which could act as a structure to facilitate learning and development in the sector. We will see larger adoption of Private 5G network across the globe and industries, which will come with it’s own set of unique challenges. We hope this village will play a key role is development and identification of key talents/projects which will help in tackling security challenges that plagues the telecom sector.\n
Links: Website -
https://telecomvillage.com/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248919\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248918\n Twitter (@TelecomVillage) -
https://twitter.com/TelecomVillage\n
\r\n
\r\n\r\n
\r\n \r\n \r\n \r\n \r\n .
\r\n
\r\n.
\r\nXR Village
\r\n
\r\n
\r\n
\r\nTalks, playground for using XR tech, open bug hunt, bug bounty workshop, tech & art performances, VR gaming, and cross conference AR “Pokemon Go!” style collection experience. Federal agencies CISA and national laboratories Idaho & Pacific Northwest will be hosting interactive demos and an escape room in our space. They will be in collaboration with the ICS Village.
\r\n
\r\n
Workshop / Open Bug Hunt Pwn-a-Palooza (Collab with Hardware Hacking Village, Red Team Village)
\r\nThe event is an open bug hunt with components of hardware hacking, XR rooted devices for workshop tie-in (VR headsets, glasses) and we are working with other villages and seeking support from industry pros to better direct the expectation of the hunt. We would like to offer prizing.
\r\n
\r\n
Playground\r\nOpen area for exploring emerging and existing XR tech; gaming, haptics, deconstructed devices to play with.
\r\n
\r\n
AR hunt / collection game\r\nCollect village “stickers” throughout the con a la Pokemon Go! Style AR overlay that interacts with all the other villages at DEF CON. Think red mowhawks from Red Team Village, a viking from Adversary Village, a goat from OWASP, etc.
\r\n
\r\nMastodon:
https://defcon.social/xrvillage\r\nWebsite:
https://www.xrvillage.org\r\n
\r\n
\r\n
\r\n.
\r\n.\r\n
\r\n
\r\n
Talks, playground for using XR tech, open bug hunt, bug bounty workshop, tech & art performances, VR gaming, and cross conference AR “Pokemon Go!” style collection experience. Federal agencies CISA and national laboratories Idaho & Pacific Northwest will be hosting interactive demos and an escape room in our space. They will be in collaboration with the ICS Village.\n
Workshop / Open Bug Hunt Pwn-a-Palooza (Collab with Hardware Hacking Village, Red Team Village)\n
The event is an open bug hunt with components of hardware hacking, XR rooted devices for workshop tie-in (VR headsets, glasses) and we are working with other villages and seeking support from industry pros to better direct the expectation of the hunt. We would like to offer prizing.\n
Playground\n
Open area for exploring emerging and existing XR tech; gaming, haptics, deconstructed devices to play with.\n
AR hunt / collection game\n
Collect village “stickers” throughout the con a la Pokemon Go! Style AR overlay that interacts with all the other villages at DEF CON. Think red mowhawks from Red Team Village, a viking from Adversary Village, a goat from OWASP, etc.\n
Links: Mastodon (defcon.social) -
https://defcon.social/xrvillage\n Website -
https://www.xrvillage.org/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248925\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248924\n
\r\n \r\n \r\n \r\n \r\n ...
\r\n
\r\n...
\r\n
\r\n
\r\nAdversary Village
\r\nMastodon:
https://defcon.social/@AdversaryVillage\r\nTwitter:
https://twitter.com/AdversaryVillag\r\nWebsite:
https://adversaryvillage.org\r\n
\r\nAdversary Village is a community initiative which primarily focuses on adversary simulation, purple teaming, and adversary tradecraft. The village covers adversary emulation, threat/APT/ransomware emulation, breach and adversarial attack simulation, supply chain security, adversary tactics, research on nation-state sponsored threat-actors, adversary intelligence, life, adversarial mindset, adversary philosophy and hacker survival skills.
\r\n
\r\nThe goal of the Adversary Village is to build an open security community for the researchers and organizations, who are putting together new means, methodologies towards the simulation and emulation of adversary tactics and purple teaming.
\r\n
\r\nSubsequent to feedback from past editions, Adversary Village shall focus on hosting hands-on deep technical workshops, live demonstrations, panel discussions and a ton of other hands-on activities on adversarial attack simulation/emulation, adversary tactics and hacker survival skills.
\r\nAdversary Village would have the following hands-on activities for this year at DEF CON;
\r\n
\r\n
Adversary simulator and purple teaming hands-on booth:\r\nAdversary Simulator booth is a volunteer assisted activity, which has hands-on adversary emulation plans and exercises specific to a wide variety of threat-actors; these are meant to provide the participants with a better understanding of adversarial attack emulation. The booth will be hosting a simulated environment meant to recreate enterprise infrastructure, operational technology environment, which serves targets for various attack simulations.
\r\n
\r\nThe hands-on simulator booth also hosts an activity, which would need the participants to generate their own adversary emulation plans to assess the efficacy of the defense systems based on publicly available cyber threat intelligence.
\r\n
\r\n
Choose-your-own adversary adventure game:\r\nAdversary adventure is a story-scenario based, interactive, choose-your-own adventure model interactive game. This is a gamified version of table-top exercises which is presented to the participants as they can choose to play as an attacker, post exploitation OR a Defender who is defending against an attacker group-threat actor OR even play as a CISO who is dealing with an adversarial situation such as a ransomware incident.
\r\n
\r\n
Hands-on deep technical workshops:\r\nAdversary Village will feature a limited number of deep technical workshops focused on advanced adversary tradecraft and techniques.
\r\n
\r\n
Adversary Wars CTF:\r\nAdversary Village will be hosting a CTF named "Adversary Wars", where the participants will have to pose as adversaries and replicate adversarial actions against each element of a “target” organization. Adversary Wars would have real world simulation of CTF scenarios and challenges, where the participants can perform various attacks and learn new attack vectors, TTPs, techniques, etc. To visualize the CTF environment, the contest area will feature a miniature model of the city made using interlocking-plastic-bricks. The breached components OR organization buildings will be physically marked in the city model as the CTF progresses.
\r\n
\r\nJust like in previous years, winning teams in the CTF competition can expect fantastic prizes. Additionally, there will be complimentary hoodies (yes, the iconic adversary village hoodies), free t-shirts, cool stickers, village coins, badges, and various other swag for the village participants.
\r\n\r\n ','\'
Adversary Village is a community initiative which primarily focuses on adversary simulation, purple teaming, and adversary tradecraft. The village covers adversary emulation, threat/APT/ransomware emulation, breach and adversarial attack simulation, supply chain security, adversary tactics, research on nation-state sponsored threat-actors, adversary intelligence, life, adversarial mindset, adversary philosophy and hacker survival skills.\n
The goal of the Adversary Village is to build an open security community for the researchers and organizations, who are putting together new means, methodologies towards the simulation and emulation of adversary tactics and purple teaming.\n
Subsequent to feedback from past editions, Adversary Village shall focus on hosting hands-on deep technical workshops, live demonstrations, panel discussions and a ton of other hands-on activities on adversarial attack simulation/emulation, adversary tactics and hacker survival skills.\nAdversary Village would have the following hands-on activities for this year at DEF CON;\n
Adversary simulator and purple teaming hands-on booth:\nAdversary Simulator booth is a volunteer assisted activity, which has hands-on adversary emulation plans and exercises specific to a wide variety of threat-actors; these are meant to provide the participants with a better understanding of adversarial attack emulation. The booth will be hosting a simulated environment meant to recreate enterprise infrastructure, operational technology environment, which serves targets for various attack simulations.\n
The hands-on simulator booth also hosts an activity, which would need the participants to generate their own adversary emulation plans to assess the efficacy of the defense systems based on publicly available cyber threat intelligence.\n
Choose-your-own adversary adventure game:\nAdversary adventure is a story-scenario based, interactive, choose-your-own adventure model interactive game. This is a gamified version of table-top exercises which is presented to the participants as they can choose to play as an attacker, post exploitation OR a Defender who is defending against an attacker group-threat actor OR even play as a CISO who is dealing with an adversarial situation such as a ransomware incident.\n
Hands-on deep technical workshops:
\nAdversary Village will feature a limited number of deep technical workshops focused on advanced adversary tradecraft and techniques.\n
Adversary Wars CTF:
\nAdversary Village will be hosting a CTF named \"Adversary Wars\", where the participants will have to pose as adversaries and replicate adversarial actions against each element of a “target” organization. Adversary Wars would have real world simulation of CTF scenarios and challenges, where the participants can perform various attacks and learn new attack vectors, TTPs, techniques, etc. To visualize the CTF environment, the contest area will feature a miniature model of the city made using interlocking-plastic-bricks. The breached components OR organization buildings will be physically marked in the city model as the CTF progresses.\n
Just like in previous years, winning teams in the CTF competition can expect fantastic prizes. Additionally, there will be complimentary hoodies (yes, the iconic adversary village hoodies), free t-shirts, cool stickers, village coins, badges, and various other swag for the village participants.\n
Links: Mastodon (defcon.social) -
https://defcon.social/@AdversaryVillage\n Website -
https://adversaryvillage.org/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248652\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248651\n Twitter (@AdversaryVillag) -
https://twitter.com/AdversaryVillag\n
\'','','\'https://info.defcon.org/blobs/v_adversary.png\''),(62,1,'Artificial Intelligence Cyber Challenge','Artificial Intelligence Cyber Challenge (AIxCC)','AIxCC','https://aicyberchallenge.com/','https://aicyberchallenge.com/','LVCCW_Level1_Hall3','IRL','#aixcc','https://forum.defcon.org/node/248672','https://forum.defcon.org/node/248673','','','https://twitter.com/DARPA','','','','','','',NULL,'','','','','','','LVCC West/Floor 1/Hall 3/HW3-05-06','',' \r\n
\r\n \r\n \r\n \r\n \r\n ...
\r\n
\r\n...
\r\nAIxCC
\r\n
https://twitter.com/DARPA\r\n
https://aicyberchallenge.com/\r\n
\r\nThe Artificial Intelligence Cyber Challenge (AIxCC) is a
\r\ntwo-year competition and educational experience asking the best and
\r\nbrightest in AI and cybersecurity to defend the software on which the world
\r\nrelies. AIxCC will ask competitors to design novel AI systems to secure this
\r\ncritical code and will award a cumulative $29.5 million in prizes to teams
\r\nwith the best systems, including $7 million in prizes to small businesses to
\r\nempower entrepreneurial innovation during the initial phase of AIxCC.
\r\n
\r\nAIxCC will bring together leading AI companies that will work with DARPA to
\r\nmake their cutting-edge technology and expertise available for challenge
\r\ncompetitors. These companies will collaborate with DARPA to enable
\r\ncompetitors to develop state-of-the-art cybersecurity systems.
\r\nAIxCC is collaborating closely with the open-source community to guide teams
\r\nin creating AI systems capable of addressing vital cybersecurity issues,
\r\nsuch as the security of critical infrastructure and software supply chains.
\r\nMost software, and thus most of the code needing protection, is open-source
\r\nsoftware, often developed by community-driven volunteers. Further,
\r\nopen-source software comprises most of the code running on critical
\r\ninfrastructure in the United States today, including the electricity and
\r\ntelecommunications sectors.
\r\n
\r\nAIxCC competitions will occur at one of the world’s top cybersecurity
\r\nconferences, DEF CON. The semifinal competition will be at DEF CON 2024, and
\r\nthe final competition at DEF CON 2025, where the top prize will be $4
\r\nmillion.\r\n
\r\n Attached Files\r\n
\r\n
\r\n\r\n
\r\n \r\n\r\n \r\n \r\n \r\n \r\n \r\n ','\'
The Artificial Intelligence Cyber Challenge (AIxCC) is a two-year competition and educational experience asking the best and brightest in AI and cybersecurity to defend the software on which the world relies. AIxCC will ask competitors to design novel AI systems to secure this critical code and will award a cumulative $29.5 million in prizes to teams with the best systems, including $7 million in prizes to small businesses to empower entrepreneurial innovation during the initial phase of AIxCC.\n
AIxCC will bring together leading AI companies that will work with DARPA to make their cutting-edge technology and expertise available for challenge competitors. These companies will collaborate with DARPA to enable competitors to develop state-of-the-art cybersecurity systems. AIxCC is collaborating closely with the open-source community to guide teams in creating AI systems capable of addressing vital cybersecurity issues, such as the security of critical infrastructure and software supply chains. Most software, and thus most of the code needing protection, is open-source software, often developed by community-driven volunteers. Further, open-source software comprises most of the code running on critical infrastructure in the United States today, including the electricity and telecommunications sectors.\n
AIxCC competitions will occur at one of the world’s top cybersecurity conferences, DEF CON. The semifinal competition will be at DEF CON 2024, and the final competition at DEF CON 2025, where the top prize will be $4 million.\n
Links: Website -
https://aicyberchallenge.com/\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248673\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248672\n Twitter (@DARPA) -
https://twitter.com/DARPA\n
\'','','\'https://info.defcon.org/blobs/v_AIxCC.png\''),(65,1,'Bug Bounty Village','','BBV','https://bugbountydefcon.com/','https://www.bugbountydefcon.com/agenda','LVCCW_Level2_North','IRL','#bbv','https://forum.defcon.org/node/248952','https://forum.defcon.org/node/248953','','','https://twitter.com/BugBountyDEFCON','https://www.youtube.com/BountyTalks','https://twitter.com/arl_rose','https://twitter.com/infinitelogins','https://www.youtube.com/infinitelogins','','','none','','','','','','','LVCC West/Floor 2/W215','','
\r\n
\r\n \r\n
\r\n \r\n .
\r\n
\r\n.
\r\nBug Bounty Village
\r\n
\r\nThe global bug bounty community has witnessed exponential growth, with thousands of members actively engaged in the field. This thriving ecosystem now represents a legitimate and sought-after profession for hackers and cybersecurity specialists. It\'s time to acknowledge and celebrate this evolution by introducing a dedicated Bug Bounty Village at DEFCON, where hunters, learners, and enthusiasts can converge, interact with top-tier hackers, attend insightful talks, and immerse themselves in hands-on activities.
\r\n
\r\nOur Bug Bounty Village promises to be a focal point for DEFCON attendees. It will feature exclusive talks by some of the world\'s foremost bug bounty hunters, who will unveil their groundbreaking techniques and share real-world vulnerabilities discovered through their exploits. Furthermore, representatives from leading global companies with established bug bounty programs will provide invaluable insights, guidance, and recommendations for both aspiring hunters and organizations keen on launching their bug bounty initiatives.
\r\n
\r\nInclusive Learning & Community Engagement:
\r\nOur village aims to cater to all levels of expertise, from beginners taking their first steps in bug hunting to seasoned professionals looking to enhance their skills. We will conduct a series of workshops that cover a wide spectrum of topics, ranging from fundamental concepts for newcomers to advanced techniques tailored to the most experienced hackers in the field. Participants will have the opportunity to delve into practical exercises and learn to utilize tools like Portswigger Burp Proxy effectively.
\r\n
\r\n
\r\nTwitter/X:
@BugBountyDEFCON\r\nWebsite:
https://bugbountydefcon.com\r\nOrganizer\'s Twitter/X:
@arl_rose,
@infinitelogins\r\nOrganizer\'s YouTube:
@BountyTalks,
@infinitelogins
\r\n.
\r\n.\r\n
\r\n
\r\n
','\'
The global bug bounty community has witnessed exponential growth, with thousands of members actively engaged in the field. This thriving ecosystem now represents a legitimate and sought-after profession for hackers and cybersecurity specialists. It\'s time to acknowledge and celebrate this evolution by introducing a dedicated Bug Bounty Village at DEFCON, where hunters, learners, and enthusiasts can converge, interact with top-tier hackers, attend insightful talks, and immerse themselves in hands-on activities.\n
Our Bug Bounty Village promises to be a focal point for DEFCON attendees. It will feature exclusive talks by some of the world\'s foremost bug bounty hunters, who will unveil their groundbreaking techniques and share real-world vulnerabilities discovered through their exploits. Furthermore, representatives from leading global companies with established bug bounty programs will provide invaluable insights, guidance, and recommendations for both aspiring hunters and organizations keen on launching their bug bounty initiatives.\n
Inclusive Learning & Community Engagement:\n
Our village aims to cater to all levels of expertise, from beginners taking their first steps in bug hunting to seasoned professionals looking to enhance their skills. We will conduct a series of workshops that cover a wide spectrum of topics, ranging from fundamental concepts for newcomers to advanced techniques tailored to the most experienced hackers in the field. Participants will have the opportunity to delve into practical exercises and learn to utilize tools like Portswigger Burp Proxy effectively.\n
Links: Website -
https://bugbountydefcon.com/\n Organizer YouTube (bountytalks) -
https://www.youtube.com/c/bountytalks\n Organizer YouTube (infinitelogins) -
https://www.youtube.com/c/infinitelogins\n Discuss (DEF CON Forums) -
https://forum.defcon.org/node/248953\n Sub-forum (DEF CON Forums) -
https://forum.defcon.org/node/248952\n Twitter (@BugBountyDEFCON) -
https://twitter.com/BugBountyDEFCON\n Twitter (@arl_rose) -
https://twitter.com/arl_rose\n Twitter (@infinitelogins) -
https://twitter.com/infinitelogins\n
\'','','\'https://info.defcon.org/blobs/v_BugBounty.png\''),(69,1,'DEF CON Hackers with Disabilities','','HDA','','','LVCCW_Level1_RegHDA','IRL','',NULL,NULL,'','','https://twitter.com/HDA_DEFCON','','','','','','',NULL,'','','','','','','','','',NULL,'',NULL),(70,1,'DEF CON Groups','','DCG','','','LVCCW_Level2_North','','',NULL,NULL,'','','','','','','','','',NULL,'','','','','','','','','',NULL,'',NULL);
/*!40000 ALTER TABLE `villages` ENABLE KEYS */;
UNLOCK TABLES;
SET @@SESSION.SQL_LOG_BIN = @MYSQLDUMP_TEMP_LOG_BIN;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2024-08-10 15:00:22
![Badge Assembly PSA](\"https://firebasestorage.googleapis.com/v0/b/junctor-hackertracker.appspot.com/o/DEFCON32%2Fbadge_assembly.jpg?alt=media\"){kind=link}
![Badge Power PSA](\"https://firebasestorage.googleapis.com/v0/b/junctor-hackertracker.appspot.com/o/DEFCON32%2Fbadge_power.jpg?alt=media\"){kind=link}