All day Esports arena. Challenge your friends and drop shells, green, red, and blue.
- ics Calendar file
A walkthrough of how Theori's Robo Duck CRS was designed and built to use LLMs to find and fix bugs in AIxCC.
SpeakerBio: Tyler Nighswander, Theori
- ics Calendar file
Have you ever tried Vegemite or like conversing in a foreign language? Do you miss familiar twangs or water flowing down a sink in the right direction? +61: the Australian Embassy is the meetup just for you. Every year a few random Australians end up coalescing around an inflatable kangaroo somewhere in the halls and this year we decided to get our shit together and find a place to catch up, share notes, reminisce about your adventure to the Bass Pro Shop and complain about the jetlag. Feel free to join us (or dont) as we catch up on the happenings of hacker summer camp.
- ics Calendar file
What if learning Nix was like a speed-run?
A few months ago, I'd never touched Nix. Then my friend's brother told me about PlanetNix at Scale22x. I flew from Florida to California with Nix on an old laptop and only four days of flailing experience. I felt grossly under prepared, but after the talks and meeting brilliant people, I was hooked.
Today, I'm building Nix infrastructure full-time and manage every device I own declaratively with tools like Clan.
This talk maps my route from 'what the hell is a derivation?' to contributing to Nix projects in 100 days. I'll share the exact learning path, struggles, and wins. As someone close enough to remember the pain but far enough to have some solutions, I'll crash-course some tough Nix concepts with live demos showing my real usage.
For beginners and the Nix-curious, this can be a great launch point for YOUR speed-run. Nix's learning curve is infamous, but with the right fundamentals and some problem framing, it doesn't have to be.
SpeakerBio: adeciDeveloper, NixOS enthusiast, hardware repair tech.
- ics Calendar file
Join IoT Village co-founders Steve Bono and Ted Harrington as they discuss how the world of IoT security has evolved in the past 10 years of IoT Village. Led by panel host Rachael Tubbs, Steve and Ted will discuss with industry experts what we've learned in 10 years about the state of IoT security.
Speakers:Stephen Bono,Rachael Tubbs
- ics Calendar file
This series of self-guided labs will introduce even the most novice hacker to the world of embedded device firmware and software exploitation. First-come first-served, don't miss a chance try out these labs and get started with embedded device hacking.
- ics Calendar file
If you've never popped open an embedded device and tried to get a simple shell, this is the lab for you. This is a first-come first-served workshop where you can walk through the step by step instructions to finding and connecting to a debug interface on an embedded device.
- ics Calendar file
Quantum can be confusing. In this talk, Sohum will share the five stories that helped define the field of quantum computing as is today. These stories answer the most pressing questions about quantum computing, including:
1) What is quantum computing going to help us with, and why is it important?
2) What’s taking so long?
3) Who’s winning the race?
4) What does a quantum future look like?
SpeakerBio: Sohum ThakkarSohum Thakkar is on a mission to make quantum computing intuitive for everyone. A former Apple engineer and quantum algorithms researcher at QC Ware — where he worked with Fortune 100 clients including JP Morgan, Roche, and the U.S. Air Force Research Lab — Sohum combines deep technical expertise with a proclivity for storytelling. He is the founder of Qolour, which teaches quantum concepts through digital storytelling and a hands-on device called Qubi, a sphere that behaves according to the laws of quantum mechanics. His work bridges science, design, and education to raise global quantum literacy.
- ics Calendar file
AND!XOR creates electronic badges filled with hacker challenges. We love doing this, especially coming up with unique ways for hackers to earn them. 5N4CK3Y is a vending machine hardware hacking project from AND!XOR. We retrofitted it into an IoT CTF based badge dispensing machine, bling and all. Find enough flags on our web hosted CTF platform, you get a 5N4CK3Y dispense code, punch it in, and a badge is vended to you! There are a variety of challenges to earn a badge as well others to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, network security, phreaking, wireless, and cryptography to name a few. There's a little bit of everything, so it's a perfect way to learn something at one of the many DEF CON villages and talking with people you meet, then attempt the CTF challenges to dispense a badge. Hardware hacking is our passion and we want people to learn on badges once they get them.
A computer, desire to learn, and make friends to beg, borrow, and steal from if you need a tool which you do not already own. Our challenges are multidisciplinary. While we will not give away what is required this year, tools participants have used in the past include: Computer, Ghidra, AFL, telephone, lock pick set, SDR, Flipper Zero, UART Adapter, FT2232 hardware debugger, chip clip, telephone parts, TV remote control, audio recorder, tracing paper, pencil, solder iron & solder, hot air gun, exacto knife, lighter, ice from a Malört cocktail being sipped on by Lintile, copper wire, booze, and ramen. In short, any tools required for the CTF challenges can be obtained at DEF CON.
Absolutely not, we invite maximum participation.
- ics Calendar file
An introduction to the gold standard of physical key escrow, the Knox Box (and associated products) by a former employee, including information about the new eLock. All information is from the public domain or private research, but we can all but guarantee you'll learn something new.
SpeakerBio: craic'd
- ics Calendar file
This 2-day hands-on training teaches the concepts, tools, and techniques to analyze, investigate, and hunt malware by combining two powerful techniques: malware analysis and memory forensics. This course will introduce attendees to the basics of malware analysis, reverse engineering, Windows internals, and memory forensics. Then it gradually progresses into more advanced concepts of malware analysis & memory forensics. Attendees will learn to perform static, dynamic, code, and memory analysis. To keep the training completely practical, it consists of various scenario-based hands-on labs after each module which involves analyzing real-world malware samples and investigating malware-infected memory images (crimewares, APT malwares, Fileless malwares, Rootkits, etc.). This hands-on training is designed to help attendees gain a better understanding of the subject in a short period. Throughout the course, the attendees will learn the latest techniques used by adversaries to compromise and persist on the system. In addition, it also covers various code injection, hooking, and rootkit techniques used by adversaries to bypass forensic tools and security products. In this training, you will also understand how to integrate malware analysis and memory forensics techniques into a custom sandbox to automate malware analysis. After taking this course, attendees will be better equipped with the skills to analyze, investigate, hunt, and respond to malware-related incidents.
Whether you are a beginner interested in learning malware analysis, threat hunting, and memory forensics from scratch or an experienced professional who would like to enhance your existing skills to perform a forensic investigation to respond to an incident or for fun, this training will help you accomplish your goals.
Note: Students will be provided with real-world malware samples, malware-infected memory images, course material, lab solution manual, video demos, custom scripts, and a Linux VM.
Attendees should walk away with the following skills:
Sajan Shetty is a Cyber Security enthusiast. He is an active member of Cysinfo, an open Cyber Security Community (https://www.cysinfo.com) committed to educating, empowering, inspiring, and equipping cybersecurity professionals and students to better fight and defend against cyber threats. He has conducted training sessions at Black Hat Asia, Black Hat USA, Black Hat Europe, Black Hat SecTor, Black Hat Middle East, Black Hat Spring, BruCON, HITB, and his primary fields of interest include machine learning, malware analysis, and memory forensics. He has various certifications in machine learning and is passionate about applying machine learning techniques to solve cybersecurity problems.
SpeakerBio: Monnappa "Monnappa22" K A, Co-Founder at CysinfoMonnappa K A is a Security professional with over 17 years of experience in incident response and investigation. He previously worked for Microsoft & Cisco as a threat hunter, mainly focusing on threat hunting, investigation, and research of advanced cyber attacks. He is the author of the best-selling book "Learning Malware Analysis." He is a review board member for Black Hat Asia, Black Hat USA, and Black Hat Europe. He is the creator of the Limon Linux sandbox and the winner of the Volatility Plugin Contest 2016. He co-founded the cybersecurity research community "Cysinfo" (https://www.cysinfo.com). He has conducted training sessions on malware analysis, reverse engineering, and memory forensics at Black Hat Asia, Black Hat USA, Black Hat Europe, Black Hat SecTor, Black Hat Middle East, Black Hat Spring, BruCON, HITB, FIRST, SEC-T, OPCDE, and 4SICS-SCADA/ICS cybersecurity summit. He has presented at various security conferences, including Black Hat, FIRST, SEC-T, 4SICS-SCADA/ICS summit, DSCI, National Cyber Defence Summit, and Cysinfo meetings on various topics related to memory forensics, malware analysis, reverse engineering, and rootkit analysis. He has also authored various articles in eForensics and Hakin9 magazines. You can find some of his contributions to the community on his YouTube channel (http://www.youtube.com/c/MonnappaKA), and you can read his blog posts at https://cysinfo.com.
- ics Calendar file
This 2-day hands-on training teaches the concepts, tools, and techniques to analyze, investigate, and hunt malware by combining two powerful techniques: malware analysis and memory forensics. This course will introduce attendees to the basics of malware analysis, reverse engineering, Windows internals, and memory forensics. Then it gradually progresses into more advanced concepts of malware analysis & memory forensics. Attendees will learn to perform static, dynamic, code, and memory analysis. To keep the training completely practical, it consists of various scenario-based hands-on labs after each module which involves analyzing real-world malware samples and investigating malware-infected memory images (crimewares, APT malwares, Fileless malwares, Rootkits, etc.). This hands-on training is designed to help attendees gain a better understanding of the subject in a short period. Throughout the course, the attendees will learn the latest techniques used by adversaries to compromise and persist on the system. In addition, it also covers various code injection, hooking, and rootkit techniques used by adversaries to bypass forensic tools and security products. In this training, you will also understand how to integrate malware analysis and memory forensics techniques into a custom sandbox to automate malware analysis. After taking this course, attendees will be better equipped with the skills to analyze, investigate, hunt, and respond to malware-related incidents.
Whether you are a beginner interested in learning malware analysis, threat hunting, and memory forensics from scratch or an experienced professional who would like to enhance your existing skills to perform a forensic investigation to respond to an incident or for fun, this training will help you accomplish your goals.
Note: Students will be provided with real-world malware samples, malware-infected memory images, course material, lab solution manual, video demos, custom scripts, and a Linux VM.
Attendees should walk away with the following skills:
Sajan Shetty is a Cyber Security enthusiast. He is an active member of Cysinfo, an open Cyber Security Community (https://www.cysinfo.com) committed to educating, empowering, inspiring, and equipping cybersecurity professionals and students to better fight and defend against cyber threats. He has conducted training sessions at Black Hat Asia, Black Hat USA, Black Hat Europe, Black Hat SecTor, Black Hat Middle East, Black Hat Spring, BruCON, HITB, and his primary fields of interest include machine learning, malware analysis, and memory forensics. He has various certifications in machine learning and is passionate about applying machine learning techniques to solve cybersecurity problems.
SpeakerBio: Monnappa "Monnappa22" K A, Co-Founder at CysinfoMonnappa K A is a Security professional with over 17 years of experience in incident response and investigation. He previously worked for Microsoft & Cisco as a threat hunter, mainly focusing on threat hunting, investigation, and research of advanced cyber attacks. He is the author of the best-selling book "Learning Malware Analysis." He is a review board member for Black Hat Asia, Black Hat USA, and Black Hat Europe. He is the creator of the Limon Linux sandbox and the winner of the Volatility Plugin Contest 2016. He co-founded the cybersecurity research community "Cysinfo" (https://www.cysinfo.com). He has conducted training sessions on malware analysis, reverse engineering, and memory forensics at Black Hat Asia, Black Hat USA, Black Hat Europe, Black Hat SecTor, Black Hat Middle East, Black Hat Spring, BruCON, HITB, FIRST, SEC-T, OPCDE, and 4SICS-SCADA/ICS cybersecurity summit. He has presented at various security conferences, including Black Hat, FIRST, SEC-T, 4SICS-SCADA/ICS summit, DSCI, National Cyber Defence Summit, and Cysinfo meetings on various topics related to memory forensics, malware analysis, reverse engineering, and rootkit analysis. He has also authored various articles in eForensics and Hakin9 magazines. You can find some of his contributions to the community on his YouTube channel (http://www.youtube.com/c/MonnappaKA), and you can read his blog posts at https://cysinfo.com.
- ics Calendar file
Using built in RPC calls godot allows for peer-to-peer calls were logic can be hidden on one side of the application versus the other.
A long time contributor to the community with some random knowledge in different parts of the cybersecurity field.
- ics Calendar file
The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies.
In this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Starting from simple recon to gaining access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments.
By end of the training, participants will be able to apply their knowledge to perform architecture reviews, security assessments, red team exercises, and pen-testing engagements on Kubernetes Clusters and Containersed environments successfully. Also, the trainer will provide step by step guide (Digital Book) with resources and references to further your learning.
SpeakerBio: Madhu "madhuakula" Akula, Pragmatic Security LeaderMadhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud Native Security Architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). He holds industry certifications like CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), OSCP (Offensive Security Certified Professional), etc.
Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON 24, 26, 27, 28, 29 & 30, BlackHat 2018, 19, 21 & 22, USENIX LISA 2018, 19 & 21, SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, Github Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon 2018, 19, 21 & 22, SACON, Serverless Summit, null and multiple others.
His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVE’s, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.
- ics Calendar file
The adoption of Kubernetes use in production has increased to 83% from a survey by CNCF. Still, most security teams struggle to understand these modern technologies.
In this real-world scenario-based training, each participant will be learning Tactics, Techniques, and Procedures (TTPs) to attack and assess Kubernetes clusters environments at different layers like Supply chain, Infrastructure, Runtime, and many others. Starting from simple recon to gaining access to microservices, sensitive data, escaping containers, escalating to clusters privileges, and even its underlying cloud environments.
By end of the training, participants will be able to apply their knowledge to perform architecture reviews, security assessments, red team exercises, and pen-testing engagements on Kubernetes Clusters and Containersed environments successfully. Also, the trainer will provide step by step guide (Digital Book) with resources and references to further your learning.
SpeakerBio: Madhu "madhuakula" Akula, Pragmatic Security LeaderMadhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud Native Security Architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). He holds industry certifications like CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), OSCP (Offensive Security Certified Professional), etc.
Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON 24, 26, 27, 28, 29 & 30, BlackHat 2018, 19, 21 & 22, USENIX LISA 2018, 19 & 21, SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, Github Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon 2018, 19, 21 & 22, SACON, Serverless Summit, null and multiple others.
His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVE’s, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.
- ics Calendar file
When a company gives vendors access to its technical garden to process personal data, it’s the company’s responsibility to ensure vendors have adequate protections in place. Data protection/processing agreements (DPAs) are a control companies use to contractually obligate and specify what adequate protections vendors must have and to outline the consequences if vendors fail to protect the personal data. Propagating the right DPAs with vendors prevents invasive species from taking root in a company’s technical garden. Gardeners who attend this talk will walk away with a high-level understanding of: (a) how DPAs can be used to protect your company’s technical garden, (b) what information privacy/legal needs to know when negotiating a DPA, and (c) which DPA terms are roses to be cultivated or weeds to be removed.
Speakers:Irene Mo,Alyssa ColeyIrene is an attorney with experience counseling clients on United States and international privacy and data protection laws and regulations. She has helped companies of all sizes build and scale their privacy and data security compliance programs. Known as a problem solver, Irene’s clients trust her to collaborate across multiple business units within their companies to get privacy done. When there is a Hail Mary pass, her clients know she’s the one getting the ball across the goal line. In her free time, Irene is on the leadership board of several non-profits including Women in Security and Privacy (WISP), the Diversity in Privacy Section for the IAPP, the American Bar Association (ABA) Center of Innovation, and Lagniappe Law Lab.
SpeakerBio: Alyssa Coley, Privacy & Product Counsel at ScopelyAlyssa is on the board of Women In Security and Privacy (WISP) and is Privacy & Product Counsel at an Augmented Reality (AR) mobile gaming company. As in-house counsel, she focuses on integrating privacy by design into product development and ensuring global privacy compliance. Previously, she gained experience in privacy consulting and cybersecurity incident response. She has been involved with WISP for nearly a decade where she developed her interest in locksport and continues to further WISP's mission to advance women and underrepresented communities to lead the future of security and privacy.
- ics Calendar file
As vulnerabilities are discovered and security patches are applied, the structure of the Chrome V8 Engine and its internal sandbox continues to evolve and become increasingly complex. In this fast-changing environment, finding and exploiting potential vulnerabilities in V8 requires an understanding of its architecture, as well as analysis and exploitation techniques.
In this workshop, we will share the detailed exploitation steps for beginners who have no prior experience with Chrome V8 exploits. It will be an opportunity to learn how to explore bugs using GDB, the d8 debugger and develop exploitation code.
This workshop is designed for beginners, and we will provide VDI environments for hands-on practice. You can join freely with just your personal laptop and no setup required. Take this opportunity to experience Chrome V8 exploitation firsthand!
Speakers:Hoseok Lee,Hyaesun Ji,JaeSeok Jung,Taeeun Lee,Youngseo ParkHoseok Lee is the team leader of EQSTLab at SK Shieldus and serves as Executive Manager at the Ransomware Response Center under the Korean Anti-Ransomware Alliance (KARA). He specializes in researching emerging security vulnerabilities and analyzing cybersecurity trends. Through numerous presentations on cyber threat intelligence and ransomware developments, he has demonstrated broad expertise in the field of cybersecurity. Under his leadership, EQSTLab conducts comprehensive analyses of security threats across various domains including AI LLMs, IoT, and cloud environments. Based on these findings, the team develops practical penetration testing and vulnerability analysis guides that can be directly applied in the field. These resources are freely available on the official website for security professionals worldwide.
SpeakerBio: Hyaesun JiHyaesun Ji is the Project Leader of the EQSTLab at SK Shieldus, specializing in the identification and analysis of cutting-edge security vulnerabilities and emerging cybersecurity threats. She actively leads research projects focused on driving innovation and enhancing the organization's overall security posture, significantly contributing to stronger threat mitigation and cyber resilience.
SpeakerBio: JaeSeok JungI conduct CVE vulnerability analyses, produce technical reports to deliver security intelligence based on my findings, and research the latest vulnerability trends.
SpeakerBio: Taeeun LeeTaeeun Lee is the Security Researcher of the EQSTLab at SK Shieldus. He is deeply involved in researching software and platform vulnerabilities, focusing on identifying security flaws and analyzing potential exploits. Before diving into the inner workings of the V8 engine, he specialized in investigating and securing CMS platforms as well as Electron-based applications, during which he uncovered and documented several vulnerabilities that were later assigned CVEs. He continually keeps abreast of evolving cyber threats and security trends, reflecting a strong commitment to protecting systems and data through ongoing research and expertise development.
SpeakerBio: Youngseo ParkManager and Security Researcher at EQST Lab, SK shieldus, specializing in web security, pwnable challenges, and JavaScript engine exploitation. Develops professional technical training resources based on in-depth research into V8 internals, JIT vulnerabilities, and modern browser exploitation methods.
- ics Calendar file
Business logic vulnerabilities in APIs are often design oversights that lead to dangerous outcomes. They occur when attackers abuse legitimate API behavior to bypass controls or exploit workflows. In this talk, we’ll share field experience developing behavioral analysis techniques that surface exploitable API behaviors at scale.
We developed a method for passively analyzing API responses - clustering similar logic flows and flagging anomalies that suggest potential abuse paths. You’ll see how business logic vulns manifest in real-world APIs, how attackers chain together valid actions to achieve unintended outcomes, and how defenders can catch these issues early. The session will conclude with practical strategies for integrating business logic awareness into threat modeling and CI/CD pipelines.
Speakers:Antoine Carossio,Tristan KalosFormer pentester for the French Intelligence Services. Former Machine Learning Research @ Apple.
SpeakerBio: Tristan KalosTristan Kalos, co-founder and CEO at Escape, draws from a background as a software engineer and Machine Learning Researcher at UC Berkeley. Motivated by firsthand experience witnessing a client's database stolen through an API in 2018, he has since become an expert in API security, helping security engineers and developers worldwide building secure applications. He is an experienced keynote and conference speaker, presenting at Forum InCyber, bSides, APIdays, GraphQL conf, and other international software development and cyber security conferences.
- ics Calendar file
Are you looking to install or upgrade a physical access control system? Having installed, repaired and upgraded dozens of large and small access control systems, I have found that many vendors install a "minimum viable product" that can leave your system unreliable and trivial to bypass.
This session will give you the tools and knowledge you need to work with your vendor to implement your system using best practices in the following areas:
As a low voltage hardware junkie, Tim has had the opportunity to design, expand, upgrade and repair numerous physical access control, alarm and video systems, including a stint at a security vendor where he was certified in Lenel/S2 access and video. Tim works today at SailPoint as a Cybersecurity Network Engineer.
- ics Calendar file
Welcome to accessDenied, a high-stakes, hands-on tabletop experience where you're not just playing cards… you're protecting critical infrastructure. Imagine trying to secure your facilities, water, power, communication, while your so-called “allies” across the table spot every vulnerability you missed. And you? You're doing the same to them. In this game, you'll simulate cyber attacks, defend your systems, and learn how breaches ripple through networks, all through fast-paced, strategic play based on real-world incidents like the Maroochy Water hack and the Kyiv power grid attack.
🔍 Who Should Play?
🎯 What You’ll Learn
accessDenied isn't just for fun, it’s designed to educate non-cybersecurity players and create smarter conversations about digital threats to critical infrastructure. Whether you're a hacker, a healthcare nerd, or just want to try something new, this tabletop challenge belongs in your DEF CON lineup.
SpeakerBio: Jack Voltaic, RITUnited States military installations and their surrounding communities share an interest in the resiliency of cyber-critical infrastructure systems. In addition to civil-military interdependencies, a failure in one critical infrastructure sector can cause cascading effects across others. ACI launched the Jack Voltaic (JV) initiative to address gaps and build resilience. Beginning with the first exercise (JV 1.0) in 2016, these exercises addressed multi-sector cyber-critical infrastructure challenges.
Civil-military Local, community level Multi-sector Unclassified
With JV 4.0, ACI’s critical infrastructure resilience program will mature and transition. Through partnerships with other academic and policy communities, ACI seeks to foster the growth of JV-inspired practices. Multiple initiatives through 2025 will build upon the momentum and lessons of JV 1.0 - 3.0.
- ics Calendar file
- ics Calendar file
Is there a security boundary between Active Directory and Entra ID in a hybrid environment? The answer to this question, while still somewhat unclear, has changed over the past few years as there has been more hardening of how much “the cloud” trusts data from on-premises. The reason for this is that many threat actors, including APTs, have been making use of known lateral movement techniques to compromise the cloud. In this talk, we take a deep dive together into Entra ID and hybrid trust internals. We will introduce several new lateral movement techniques that allow us to bypass authentication, MFA and stealthily exfiltrate data using on-premises AD as a starting point, even in environments where the classical techniques don’t work. All these techniques are new, not really vulnerabilities, but part of the design. Several of them have been remediated with recent hardening efforts by Microsoft. Very few of them leave useful logs behind when abused. As you would expect, none of these “features” are documented. Join me for a wild ride into Entra ID internals, undocumented authentication flows and tenant compromise from on-premises AD.
References:
SpeakerBio: Dirk-jan MollemaDirk-jan Mollema is a security researcher focusing on Active Directory and Microsoft Entra (Azure AD) security. In 2022 he started his own company, Outsider Security, where he performs penetration tests and reviews of enterprise networks and cloud environments. He blogs at dirkjanm.io, where he publishes his research, and shares updates on the many open source security tools he has written over the years. He presented previously at TROOPERS, DEF CON, Black Hat and BlueHat, is a current Microsoft MVP and has been awarded as one of Microsoft’s Most Valuable Researchers multiple times.
- ics Calendar file
This hands-on two-day training offers a comprehensive guide to incident response in the Microsoft cloud, covering various topics essential for handling threats and attacks. The course starts with an overview of the concepts of the Microsoft cloud that are relevant for incident response. Participants will learn how to scope an incident in the Microsoft cloud and how to leverage it to set up an incident response capability. On the first day you will be immersed in the world of Azure attacks, we cover the different phases of an attack focusing on the evidence an attack leaves and how you can identify attacks based on the available evidence. On the second day we will shift our focus to Microsoft 365. The training covers the different types of evidence available in a Microsoft 365 environment. Participants will gain an understanding of how to acquire data from a Microsoft 365 environment using multiple methods and tools, and how to parse, enrich, and analyze the Microsoft 365 Unified Audit Log (UAL). The best part of the training is that everything you learn you'll apply with hands-on labs in a CTF like environment. Additionally we have created two full attack scenarios in both Azure & M365 and you're tasked in the CTF to solve as many pieces of the puzzle as you can.
SpeakerBio: Korstiaan Stam, Founder and CEO at Invictus Incident ResponseKorstiaan Stam is the Founder and CEO of Invictus Incident Response & SANS Trainer - FOR509: Cloud Forensics and Incident Response. Korstiaan is a passionate incident responder, preferably in the cloud. He developed and contributed to many open-source tools related to cloud incident response. Korstiaan has gained a lot of knowledge and skills over the years which he is keen to share.
Way before the cloud became a hot topic, Korstiaan was already researching it from a forensics perspective. “Because I took this approach I have an advantage, because I simply spent more time in the cloud than others. More so, because I have my own IR consultancy company, I spent a lot of time in the cloud investigating malicious behavior, so I don’t just know one cloud platform, but I have knowledge about all of them.” That equips him to help students with the challenge of every cloud working slightly or completely different. “If you understand the main concepts, you can then see that there’s also a similarity among all the clouds. That is why I start with the big picture in my classes and then zoom in on the details. Korstiaan also uses real-life examples from his work to discuss challenges he’s faced with students to relate with their day-to-day work. “To me, teaching not only means sharing my knowledge on a topic, but also applying real-life implications of that knowledge. I always try to combine the theory with the everyday practice so students can see why it’s important to understand certain concepts and how the newly founded knowledge can be applied.”
- ics Calendar file
This hands-on two-day training offers a comprehensive guide to incident response in the Microsoft cloud, covering various topics essential for handling threats and attacks. The course starts with an overview of the concepts of the Microsoft cloud that are relevant for incident response. Participants will learn how to scope an incident in the Microsoft cloud and how to leverage it to set up an incident response capability. On the first day you will be immersed in the world of Azure attacks, we cover the different phases of an attack focusing on the evidence an attack leaves and how you can identify attacks based on the available evidence. On the second day we will shift our focus to Microsoft 365. The training covers the different types of evidence available in a Microsoft 365 environment. Participants will gain an understanding of how to acquire data from a Microsoft 365 environment using multiple methods and tools, and how to parse, enrich, and analyze the Microsoft 365 Unified Audit Log (UAL). The best part of the training is that everything you learn you'll apply with hands-on labs in a CTF like environment. Additionally we have created two full attack scenarios in both Azure & M365 and you're tasked in the CTF to solve as many pieces of the puzzle as you can.
SpeakerBio: Korstiaan Stam, Founder and CEO at Invictus Incident ResponseKorstiaan Stam is the Founder and CEO of Invictus Incident Response & SANS Trainer - FOR509: Cloud Forensics and Incident Response. Korstiaan is a passionate incident responder, preferably in the cloud. He developed and contributed to many open-source tools related to cloud incident response. Korstiaan has gained a lot of knowledge and skills over the years which he is keen to share.
Way before the cloud became a hot topic, Korstiaan was already researching it from a forensics perspective. “Because I took this approach I have an advantage, because I simply spent more time in the cloud than others. More so, because I have my own IR consultancy company, I spent a lot of time in the cloud investigating malicious behavior, so I don’t just know one cloud platform, but I have knowledge about all of them.” That equips him to help students with the challenge of every cloud working slightly or completely different. “If you understand the main concepts, you can then see that there’s also a similarity among all the clouds. That is why I start with the big picture in my classes and then zoom in on the details. Korstiaan also uses real-life examples from his work to discuss challenges he’s faced with students to relate with their day-to-day work. “To me, teaching not only means sharing my knowledge on a topic, but also applying real-life implications of that knowledge. I always try to combine the theory with the everyday practice so students can see why it’s important to understand certain concepts and how the newly founded knowledge can be applied.”
- ics Calendar file
As threat actors evolve in speed, sophistication, and stealth, traditional defense strategies alone are no longer sufficient. This panel delves into the strategic importance of adopting an adversarial mindset, where defenders must think like attackers to stay ahead. Industry experts will discuss how adversary emulation and offensive cyber security techniques are being used not just to test systems, but to actively inform and strengthen defensive strategies. From red teaming to threat-informed defense, the panel will dive into how organizations are embedding adversarial thinking into their security programs to uncover blind spots, reduce response times, and build resilience against real-world threats. Whether you are defending an enterprise or building the next wave of security tools, embracing the adversarial mindset is no longer optional, it is essential. The panel will also cover a range of adversarial scenarios, including not only nation-state sponsored threat actors and targeted cyberattacks, but also the evolving warfare landscape witnessed recently, the use of technology by adversaries during conflicts, and effective countermeasures to address these challenges.
Speakers:Abhijith "Abx" B R,Keenan SkellyAbhijith B R, also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry. Currently he is involved with multiple organizations as a consulting specialist, to help them build offensive security operations programs, improve their current security posture, assess cyber defense systems, and bridge the gap between business leadership and cyber security professionals. Abhijith’s professional exposure is stretched across multiple industries and various other sectors. As the founder of Adversary Village, Abhijith spearheads a community driven initiative exclusively focused on adversary simulation, adversary tactics, purple teaming, threat-actor/ransomware research-emulation, and offensive security-adversary tradecraft.
SpeakerBio: Keenan SkellyKeenan Skelly is a nationally recognized cybersecurity and emerging technology strategist with 25 years of experience across government, private sector, and entrepreneurial leadership. She, most recently served as a Senior Policy Advisor at the White House Office of the National Cyber Director (ONCD), where she guided national initiatives on cybersecurity workforce, AI policy, and strategic technology development. A former Plank Owner of NPPD at DHS of the Comprehensive Review Program (the predecessor to CISA), Keenan also led multi-agency counter-IED and critical infrastructure protection programs across the federal government. She has founded and led multiple tech startups focused on threat intelligence, cybersecurity, and gamified training; and is the Founder of the XRVillage. Named one of the Top 25 Women in Cybersecurity, she is a frequent speaker on national security, AI, and immersive technology. Her unique background blends operational expertise, policy acumen, and visionary innovation.
- ics Calendar file
Hackers have a unique perspective on the world and in particular on the technological artifacts within it. When most people look at a high tech system, they see what they were meant to see by the people who created it. Hackers see technology as it truly is, not as it was meant to be, and this way of looking at things enables hackers to discover possibilities that were never intended in the first place.
For centuries, military and intelligence strategists have sought to view the world from a similar perspective - a perspective that can see the hidden possibilities and weaknesses in things and take advantage of them to create unexpected results.
This unique course draws lessons from both the hacker community and from military thinking in order to deepen your ability to understand adversaries and see things the way that adversaries see them.
Honing this skill is particularly valuable for people who are building technological systems that might be subject to misuse and need to be able to anticipate that misuse. Whether you are an aspiring red teamer, a hardware engineer, software developer or product owner striving to understand how your product will be abused, or you work in fraud detection, risk analysis, election security, or any other domain where you face an adversary, you’ll find this course a valuable addition to your skill set.
We will…
After completing the course you’ll leave with:
This interesting and fast-moving class will include hands-on exercises to apply and reinforce the skills learned. You’ll leave this course with a fresh perspective and a toolkit of techniques to better accomplish your mission. Come join us.
Speakers:Tom Cross,Greg ContiTom Cross is an entrepreneur and technology leader with three decades of experience in the hacker community. Tom attended the first DefCon in 1993 and he ran bulletin board systems and listservs in the early 1990’s that served the hacker community in the southeastern United States. He is currently Head of Threat Research at GetReal Security, Principal at Kopidion, and creator of FeedSeer, a news reader for Mastodon. Previously he was CoFounder and CTO of Drawbridge Networks, Director of Security Research at Lancope, and Manager of the IBM Internet Security Systems X-Force Advanced Research team. He has written papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. He has spoken at numerous security conferences, including Black Hat Briefings, Defcon, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides. He has a B.S. in Computer Engineering from the Georgia Institute of Technology. He can be found on Linkedin as https://www.linkedin.com/in/tom-cross-71455/, on Mastodon as https://ioc.exchange/@decius, and on Bluesky as https://bsky.app/profile/decius.bsky.social.
SpeakerBio: Greg Conti, Co-Founder and Principal at KopidionGreg Conti is a hacker, maker, and computer scientist. He is a nine-time DEF CON speaker, a seven-time Black Hat speaker, and has been a Black Hat Trainer for 10 years. He’s taught Adversarial Thinking techniques at West Point, Stanford University bootcamps, NSA/U.S. Cyber Command, and for private clients in the financial and cybersecurity sectors. Greg is Co-Founder and Principal at Kopidion, a cyber security training and professional services firm.
Formerly he served on the West Point faculty for 16 years, where he led their cybersecurity research and education programs. During his U.S. Army and Military Intelligence career he co-created U.S. Cyber Command’s Joint Advanced Cyberwarfare Course, deployed to Iraq as Officer-in-Charge of U.S. Cyber Command’s Expeditionary Cyber Support Element, and was the first Director of the Army Cyber Institute.
Greg is co-author of On Cyber: Towards an Operational Art for Cyber Operations, and approximately 100 articles and papers covering hacking, online privacy, usable security, cyber conflict, and security visualization. Greg holds a B.S. from West Point, an M.S. from Johns Hopkins University, and a Ph.D. from the Georgia Institute of Technology, all in computer science. His work may be found at gregconti.com (https://www.gregconti.com/), kopidion.com (https://www.kopidion.com/) and LinkedIn (https://www.linkedin.com/in/greg-conti-7a8521/).
- ics Calendar file
Hackers have a unique perspective on the world and in particular on the technological artifacts within it. When most people look at a high tech system, they see what they were meant to see by the people who created it. Hackers see technology as it truly is, not as it was meant to be, and this way of looking at things enables hackers to discover possibilities that were never intended in the first place.
For centuries, military and intelligence strategists have sought to view the world from a similar perspective - a perspective that can see the hidden possibilities and weaknesses in things and take advantage of them to create unexpected results.
This unique course draws lessons from both the hacker community and from military thinking in order to deepen your ability to understand adversaries and see things the way that adversaries see them.
Honing this skill is particularly valuable for people who are building technological systems that might be subject to misuse and need to be able to anticipate that misuse. Whether you are an aspiring red teamer, a hardware engineer, software developer or product owner striving to understand how your product will be abused, or you work in fraud detection, risk analysis, election security, or any other domain where you face an adversary, you’ll find this course a valuable addition to your skill set.
We will…
After completing the course you’ll leave with:
This interesting and fast-moving class will include hands-on exercises to apply and reinforce the skills learned. You’ll leave this course with a fresh perspective and a toolkit of techniques to better accomplish your mission. Come join us.
Speakers:Tom Cross,Greg ContiTom Cross is an entrepreneur and technology leader with three decades of experience in the hacker community. Tom attended the first DefCon in 1993 and he ran bulletin board systems and listservs in the early 1990’s that served the hacker community in the southeastern United States. He is currently Head of Threat Research at GetReal Security, Principal at Kopidion, and creator of FeedSeer, a news reader for Mastodon. Previously he was CoFounder and CTO of Drawbridge Networks, Director of Security Research at Lancope, and Manager of the IBM Internet Security Systems X-Force Advanced Research team. He has written papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. He has spoken at numerous security conferences, including Black Hat Briefings, Defcon, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides. He has a B.S. in Computer Engineering from the Georgia Institute of Technology. He can be found on Linkedin as https://www.linkedin.com/in/tom-cross-71455/, on Mastodon as https://ioc.exchange/@decius, and on Bluesky as https://bsky.app/profile/decius.bsky.social.
SpeakerBio: Greg Conti, Co-Founder and Principal at KopidionGreg Conti is a hacker, maker, and computer scientist. He is a nine-time DEF CON speaker, a seven-time Black Hat speaker, and has been a Black Hat Trainer for 10 years. He’s taught Adversarial Thinking techniques at West Point, Stanford University bootcamps, NSA/U.S. Cyber Command, and for private clients in the financial and cybersecurity sectors. Greg is Co-Founder and Principal at Kopidion, a cyber security training and professional services firm.
Formerly he served on the West Point faculty for 16 years, where he led their cybersecurity research and education programs. During his U.S. Army and Military Intelligence career he co-created U.S. Cyber Command’s Joint Advanced Cyberwarfare Course, deployed to Iraq as Officer-in-Charge of U.S. Cyber Command’s Expeditionary Cyber Support Element, and was the first Director of the Army Cyber Institute.
Greg is co-author of On Cyber: Towards an Operational Art for Cyber Operations, and approximately 100 articles and papers covering hacking, online privacy, usable security, cyber conflict, and security visualization. Greg holds a B.S. from West Point, an M.S. from Johns Hopkins University, and a Ph.D. from the Georgia Institute of Technology, all in computer science. His work may be found at gregconti.com (https://www.gregconti.com/), kopidion.com (https://www.kopidion.com/) and LinkedIn (https://www.linkedin.com/in/greg-conti-7a8521/).
- ics Calendar file
Recent conflicts have shown us that wars today aren’t just fought with traditional weapons, they are fought with code, misinformation, and influence. This panel dives into how adversaries are using a mix of traditional and unconventional tactics, from cyber attacks to psychological operations, to gain the upper hand on modern battlefields. We will look at real examples from recent wars, explore the technologies driving these shifts, and discuss what defense, security, and policy leaders need to take away from it all.
Speakers:Gregory Carpenter,Barb Hirz,Bret Fowler,John Johnson,Michael TasseyDr. Carpenter is an expert in submolecular information security, specializing in medical IoT, and DNA/nano-tech security, with extensive experience in deception, information warfare, and electronic warfare. His background includes work at the NSA and three decades in government, he has led numerous operations combatting cybercrime, adversarial activity, and counterexploitation theory. A recognized leader in counter-deception, psychological operations, and the application of advanced security techniques, Dr. Carpenter has spoken at numerous international conferences, including several DEFCON villages, Le Hack, Victoria International Privacy and Security Summit, Hack in Paris, Hacker Halted and Cyber Chess. Dr. Carpenter is a member of the Special Operations Medical Association and the Royal Society of Arts, leveraging these networks to advance the integration of security into emerging technologies. With a focus on defending the digital infrastructure at the molecular level, Dr. Carpenter’s work encompasses the intersection of cybersecurity and biological systems, ensuring that both digital and physical infrastructures remain secure against evolving threats.
SpeakerBio: Barb Hirz, Director of Strategy and Innovation at Nebraska Defense Research CorporationMs. Barb Hirz is the Director of Strategy and Innovation at the Nebraska Defense Research Corporation, where she leads future capability integration and coordinates with customers and mission partners to ensure effective capability demonstrations. She is dedicated to advancing defense technology, driving mission improvements, and fostering intellectual agility in the workforce to address complex Department of Defense (DoD) challenges. Previously, Ms. Hirz served as Chief Engineer at U.S. Strategic Command, overseeing nuclear mission capability and cyber requirements, and has held positions at the Office of the Secretary of Defense and the National Security Agency. She has a background in commercial banking and IT solutions and holds numerous awards, including the Joint Meritorious Civilian Service Award. Ms. Hirz earned a B.S. in Business Administration from Creighton University, an M.S. in Military Operational Art from the Air Command and Staff College, and a Graduate Certificate in Nuclear Deterrence from Harvard University.
SpeakerBio: Bret Fowler, Chief Executive Officer at STAG, MSGT (Ret)Brett Fowler is a nationally recognized cybersecurity expert and the CEO of STAG, a rapidly growing cybersecurity firm with a global reach and an exponential growth rate of 230% in 2020. A lifelong technology ambassador, Brett began his journey in middle school and has since advised Congressional and Senatorial leaders, while also supporting national efforts, including securing U.S. election systems. Under his leadership, STAG is transforming advanced analytics into accessible web applications, filling critical market gaps.
A former U.S. Air Force Cyber Warfare Operator with over 3,000 hours of cyber operations experience, Brett combines deep technical expertise with agile leadership, driving innovation and resilience in both government and industry. He is a trusted voice on national advisory boards and a frequent lecturer at the University of Texas at San Antonio, where he teaches courses on cybersecurity and entrepreneurship. Brett holds an M.S. in Computer Science from Utica College and lives in San Antonio, TX, with his wife and children.
SpeakerBio: John Johnson, CEO at Founder of Aligned Security, DrDr. Johnson has over 30 years of experience leading technology and cybersecurity programs at organizations in various industry segments, from startups to large global corporations. He is the CEO and Founder of Aligned Security, providing executive cybersecurity advisory services. He also founded the nonprofit Docent Institute, which promotes career development, cybersecurity education and outreach to professionals, students and underserved communities. He is co-founder of Chicago Cyber Hub, a Midwest center of excellence for Cybersecurity. John has broad industry experience, starting at Los Alamos National Laboratory and subsequently as a security leader at large and small enterprises, including John Deere, Deloitte, and Campbell Soup Company. He has developed and taught numerous university cybersecurity courses online and in person. Dr. Johnson serves on the ISSA International Board of Directors, ISSA Education Foundation, and is an active leader within ISC2, InfraGard, and IEEE. John is concerned with the ethical use of advancing technologies and the opportunities and risks they pose to humanity.
SpeakerBio: Michael Tassey, Managing Director at Broadmoor Consulting Inc.Mike Tassey is a cybersecurity strategist with 27 years of experience across defense, finance, and critical infrastructure. At the Air Force Office of Special Investigation, he led red team operations and secured global investigative systems. At NASDAQ, he helped defend the exchange from nation-state cyber threats and re-architect its global security posture. A DEF CON and Black Hat speaker, Mike co-designed the Wireless Aerial Surveillance Platform—the first civilian cyber drone, now in the International Spy Museum.
- ics Calendar file
Attendees sit down with real-world threat intelligence and walk through the process of analyzing a threat actor, identifying relevant TTPs, and creating a red team emulation plan using ATT&CK Navigator. By the end, they’ll have a completed adversary worksheet and a mini playbook for red team usage.
SpeakerBio: Fredrik Sandström, Head of Cyber Security at BasaltFredrik Sandström, M.Sc. is Head of Cyber Security at Basalt, based in Stockholm, Sweden. He has nearly a decade of experience in penetration testing, alongside a background in software development and embedded systems engineering. His early work includes software development for organizations such as the Swedish Defence Research Agency (FOI).
Since 2015, Fredrik has focused on delivering advanced security assessments—including penetration testing, red teaming, and threat emulation—for clients in diverse sectors such as banking, insurance, automotive, energy, communications, and IT services. He holds multiple industry-recognized certifications, including GXPN (GIAC Exploit Researcher and Advanced Penetration Tester), GCPN (GIAC Cloud Penetration Tester), GRTP (GIAC Red Team Professional), and HTB Certified Bug Bounty Hunter (CBBH).
Fredrik is also an active contributor to the security community. He has presented at major conferences such as SEC-T—Sweden’s leading offensive security conference—and DevCon in Bucharest, Romania, a key event for developers and IT professionals in Eastern Europe.
- ics Calendar file
Adversary Simulator booth has hands-on adversary emulation plans specific to a wide variety of threat-actors and ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics. This is a volunteer assisted activity where anyone, both management and technical folks can come-in and experience different categories of simulation, emulation and purple scenarios.
Adversary Simulator booth will be having a lab environment focused on recreating enterprise infrastructure, aimed at simulation and emulating various adversaries. Visitors will be able to view, simulate and control various TTPs used by adversaries. The simulator is meant to be a learning experience, irrespective of whether one is hands-on with highly sophisticated attack tactics or from the management.
- ics Calendar file
We are kicking off Adversray Village
- ics Calendar file
Marcus J. Carey is the creator of the best selling Tribe of Hackers cybersecurity book series. Marcus is renowned in the cybersecurity industry and has spent his more than 20-year career working in penetration testing, incident response, and digital forensics with federal agencies such as NSA, DC3, DIA, and DARPA. He started his career in cryptography in the U.S. Navy and holds a Master's degree in Network Security from Capitol College. Marcus was previously the founder and CEO of Threatcare (acquired by ReliaQuest), a venture-backed cybersecurity and software services company based in Austin, Texas. He regularly speaks at security conferences across the country. Marcus is passionate about giving back to the community through things like mentorship, hackathons, and speaking engagements, and is a voracious reader in his spare time.
SpeakerBio: Sanne Maasakkers, Threat intel at Mandiant (Google)Sanne Maasakkers is working for Threat intel at Mandiant, previously at NCSC-NL. After spending some years in offensive security, she now uses this knowledge to make Dutch vital infrastructure more resilient. She is mainly interested in researching social engineering tactics and techniques of the bigger APTs and presented 'Phish like an APT' last year at the digital version of Adversary Village. Additionally, she likes to host CTFs for young talents, coach the European CTF team, and host awareness sessions.
SpeakerBio: Bryson Bort, CEO and Founder at ScytheAbhijith B R, also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry. Currently he is involved with multiple organizations as a consulting specialist, to help them build offensive security operations programs, improve their current security posture, assess cyber defense systems, and bridge the gap between business leadership and cyber security professionals. Abhijith’s professional exposure is stretched across multiple industries and various other sectors. As the founder of Adversary Village, Abhijith spearheads a community driven initiative exclusively focused on adversary simulation, adversary tactics, purple teaming, threat-actor/ransomware research-emulation, and offensive security-adversary tradecraft.
- ics Calendar file
Adversary Village proudly presents "Adversary Wars CTF", an official contest at DEF CON, where the participants will have to pose as adversaries and replicate adversarial actions against each element of a “target” organization. Adversary Wars would have real world simulation of CTF scenarios and challenges, where the participants can perform various attacks and learn new attack vectors, TTPs, techniques, etc. To visualize the CTF environment, the contest area will feature a miniature model of the city made using interlocking-plastic-bricks. The breached components OR organization buildings will be physically marked in the city model as the CTF progresses.
- ics Calendar file
Welcome to the "AI Art Battle" Generative AI Art Contest!
This unique competition invites creative minds to dive into the world of artificial intelligence and art. The challenge is to craft the most imaginative prompts that will be used by generative AI models to create artwork.
Contestants will not be creating the art themselves; instead, they will focus on designing prompts for well-known topics that push the boundaries of creativity and innovation.
How It Works:
Select a Topic:
Contestants will choose from a list of random topics.
These could range from historical events, famous literary works, mythical creatures, futuristic landscapes, to iconic pop culture references.
Craft a Prompt:
Using their creativity, contestants will write a detailed prompt designed to guide AI models in generating original artwork. The prompts should be clear, imaginative, and offer enough detail to spark the AI's artistic capabilities.
Submission:
Each contestant will submit their prompt and the intended outcome.
AI Generation:
The submitted prompts will be fed into a generative AI art model, which will create corresponding artworks based on the prompts.
A random panel will determine who the winners are.
- ics Calendar file
OT environments typically are very predictable, lack variation and human interaction. AI works much harder in IT environments, therefore should cost less in OT environments. Why should one pay the same for two very different technologic performances? Chat will engage audience to on premise that AI pricing models should be different in IT and OT.
SpeakerBio: Daryl Haegley, Technical Director at Air Force & Space Force Control Systems Cyber Resiliency
- ics Calendar file
During this demo, we will showcase some labs and exercises, where participants can experience first hand what it is like to think -- and hack -- like an AI Red Teamer. The exercises are taken from Hack The Box's offering on the AI Red Teamer Job Role Path, designed in collaboration with Google's ML Red Team.
SpeakerBio: Olesya Menon, Google
- ics Calendar file
This talk will focus on AI red-teaming as an evaluation process and how it might fit into a broader AI evaluation ecosystem. The first part will contextualize the current state of AI red-teaming evaluations. We will discuss feedback that CSET has received from various AI stakeholders, such as ambiguity around current best practices for AI red-teaming and how lack of transparency hinders community efforts to develop those best practices. The second part will introduce the idea of a "virtuous cycle" for AI evaluations, in which an information sharing and reporting ecosystem can create beneficial feedback loops for AI development, testing, flaw and vulnerability disclosure, and patching.
SpeakerBio: Colin Shea-Blymyer, Faculty Research Fellow, Center for Security and Emerging Technology (CSET) at Georgetown University
- ics Calendar file
AI systems are entering your software supply chain—whether you planned for it or not. This open-source tool generates AI SBOMs for Hugging Face models, parsing whatever metadata it can find (or infer) into CycloneDX JSON format. It includes an AI SBOM completeness score, supports downloads, and offers APIs for integration into your workflows. It’s the first tool to do this for AI models on HF, built for security teams who want visibility into what these models are made of. Stop by to see it in action.
SpeakerBio: Helen OakleyHelen Oakley, CISSP, GPCS, GSTRT, operates at the intersection of AI, cybersecurity, and software supply chains—where the rules are still being written. At SAP, she leads a global team of architects and security experts, securing development and pipelines at scale. She built the first open-source AI SBOM generator for Hugging Face models to bring clarity to AI supply chains. Helen is a core contributor to OWASP’s Agentic AI Security guide, mapping how autonomous systems can be attacked or manipulated. She also co-leads the AI SBOM initiative under CISA and is a Founding Partner of AISUF.org, shaping secure AI frameworks for critical infrastructure. Named one of the Top 20 Canadian Women in Cybersecurity, she co-founded LeadingCyberLadies.com to support and connect the next wave of builders, breakers, and leaders.
- ics Calendar file
In this session, we’ll take a deep dive into the future of web security through the lens of ethical hacking and artificial intelligence. Attendees will have the opportunity to see AI in action through a live demo, where we will demonstrate how AI can identify and resolve security flaws in web applications. The session will feature real-time security testing using AI-powered tools, illustrating how these technologies give ethical hackers an edge in the fight against malicious attacks.
SpeakerBio: Ilkin JavadovAs an ethical hacker and security expert, Ilkin Javadov has made significant contributions to the cybersecurity community. A frequent speaker at world-renowned cyber conferences such as GISEC 2023-2024, DEFCON 31 Red Team Village 2023-2024, and InCyber Forum Canada 2023-2024, Ilkin shares valuable insights into the latest cyberthreats and defense strategies. Notably, Ilkin is one of the elite 20 hackers who ethically infiltrated the German Armed Forces (Bundeswehr) earning a place in their Hall of Fame and receiving a prestigious medal from a General in recognition of exceptional contributions to national security. With extensive experience in ethical hacking and cybersecurity, Ilkin continues to advance the field by mentoring and educating the next generation of security professionals.
- ics Calendar file
AIMAL (Artificially Intelligent Malware Launcher) is a modular red team framework built to simulate advanced malware evasion techniques against modern AV/EDR/IDS solutions. It supports Process Herpaderping, Process Hollowing, Thread Hijacking, Process Ghosting, and many other evasion techniques as delivery mechanisms, with stealth enhancements including PPID spoofing, shellcode polymorphism, syscall mutation (Hell's Gate), and aggressive AMSI/ETW bypassing. AIMAL adapts to simulated detection responses through a feedback loop that mutates behavior on the fly, rotating techniques until the payload bypasses detection. Integration with the OpenAI API allows AIMAL to suggest the best evasion strategy based on alert context, helping simulate the decision-making process of advanced threat actors. Designed for research, red teaming, and adversarial simulation, AIMAL brings real-world stealth techniques into a clean, testable interface. Live demo will include payload staging, detection simulation, and mutation in action.
Speakers:Endrit Shaqiri,Natyra ShaqiriEndrit Shaqiri is an offensive security researcher, red team tool developer, and international karate champion currently pursuing his Master’s in Cybersecurity Engineering and Cryptography at Istanbul Technical University. He is also admitted to Boston University’s Master’s in Artificial Intelligence program, where he plans to continue his research on AI-powered malware and adaptive evasion systems. He is the creator of AIMaL — the Artificially Intelligent Malware Launcher — a modular framework designed for simulating modern malware evasion techniques against AV/EDR/IDS systems. Endrit has built a tool that bridges hands-on malware development with AI-assisted mutation logic. His passion lies in crafting adaptive malware simulation frameworks for red teamers, researchers, and students alike. This is his first appearance at DEF CON, bringing a glimpse of how tomorrow’s adversaries may automate and evolve in real-time.
SpeakerBio: Natyra ShaqiriNatyra Shaqiri is a cybersecurity student at Southern Maine Community College with a growing focus on malware analysis, system security, and ethical hacking. As co-developer of AIMAL — the Artificially Intelligent Malware Launcher — Natyra has contributed to the design and modularization of the tool’s evasion techniques, helping implement feedback-driven mutation logic and stealth strategy testing. She is passionate about adversarial security, system internals, and hands-on red team simulation frameworks. This marks her debut at DEF CON, where she brings the perspective of a rising cybersecurity engineer.
- ics Calendar file
AIMAL (Artificially Intelligent Malware Launcher) is a modular red team framework built to simulate advanced malware evasion techniques against modern AV/EDR/IDS solutions. It supports Process Herpaderping, Process Hollowing, Thread Hijacking, Process Ghosting, and many other Evasion Techniques as delivery mechanisms, with stealth enhancements including PPID spoofing, shellcode polymorphism, syscall mutation (Hell’s Gate), and aggressive AMSI/ETW bypassing. AIMAL adapts to simulated detection responses through a feedback loop that mutates behavior on the fly — rotating techniques until the payload bypasses detection. Integration with the OpenAI API allows AIMAL to suggest the best evasion strategy based on alert context, helping simulate the decision-making process of advanced threat actors. Designed for research, red teaming, and adversarial simulation, AIMAL brings real-world stealth techniques into an intelligent feedback-driven system that learns and adapts like an evolving threat. Whether used for red team drills or research into next-gen evasion, AIMaL demonstrates how AI can weaponize malware beyond static signatures and into dynamic decision-making.
This process is not just about executing code — it’s about demonstrating how real malware adapts. The user is taken through a full offensive simulation workflow: 1. AIMAL prints a stylized menu with ET options. 2.The user selects an evasion technique (e.g., Process Herpaderping). 3. The user selects a payload (e.g., reverse shell). 4. AIMAL copies and prepares the full module structure (not just EXEs). 5. The user simulates a detection alert type and string. 6. AIMAL uses OpenAI to suggest a bypass strategy. 7. The user can authorize AIMAL to automatically:Addjunkfunctions (hash evasion), Inject stealth upgrades (e.g., call RandomNoise(), add extra PolymorphShellcodeAfter()), Apply PPID spoofing or syscall mutations, Rebuild, mutate and repack the payload.
AIMAL has already demonstrated success against multiple AVs. Using static stealth alone, it bypassed both signature and behavioral detection of Windows Defender and McAfee. Bitdefender and Kaspersky were bypassed on static signatures; after OpenAI integration, AIMAL also defeated their behavioral detection.
https://github.com/EndritShaqiri/AIMaL
Speakers:Endrit Shaqiri,Natyra ShaqiriEndrit Shaqiri is an offensive security researcher, red team tool developer, and international karate champion currently pursuing his Master’s in Cybersecurity Engineering and Cryptography at Istanbul Technical University. He is also admitted to Boston University’s Master’s in Artificial Intelligence program, where he plans to continue his research on AI-powered malware and adaptive evasion systems. He is the creator of AIMaL — the Artificially Intelligent Malware Launcher — a modular framework designed for simulating modern malware evasion techniques against AV/EDR/IDS systems. Endrit has built a tool that bridges hands-on malware development with AI-assisted mutation logic. His passion lies in crafting adaptive malware simulation frameworks for red teamers, researchers, and students alike. This is his first appearance at DEF CON, bringing a glimpse of how tomorrow’s adversaries may automate and evolve in real-time.
SpeakerBio: Natyra ShaqiriNatyra Shaqiri is a cybersecurity student at Southern Maine Community College with a growing focus on malware analysis, system security, and ethical hacking. As co-developer of AIMAL — the Artificially Intelligent Malware Launcher — Natyra has contributed to the design and modularization of the tool’s evasion techniques, helping implement feedback-driven mutation logic and stealth strategy testing. She is passionate about adversarial security, system internals, and hands-on red team simulation frameworks. This marks her debut at DEF CON, where she brings the perspective of a rising cybersecurity engineer.
- ics Calendar file
AirBleed is a proof-of-concept hack demonstrating a hidden communication technique leveraging a little-known vulnerability in macOS's Bluetooth property list files (Bluetooth.plist). By fragmenting payloads into tiny pieces and injecting them into device caches that go unnoticed by standard security tools, this capability enables operatives to establish dead-drop channels for passing critical data — all without arousing suspicion. [1] Stealth-by-Design: Uses legitimate Bluetooth device caches to hide encrypted payloads up to 248 bytes per fragment. [2] Dual-Use Impact: Enables clandestine communication or counter-plotter operations by law enforcement and intel. [3] Live Demo: DEFCON demo will allow attendees to send their own Bluetooth plist payloads to a vulnerable MacBook Pro. [4] Implications: Offers a novel toolkit for counterintelligence to monitor — and disrupt — hidden networks and dead drops.
Speakers:Ray "CURZE$" Cervantes,Yvonne "Von Marie" CervantesRay is an offensive security engineer and counterintelligence innovator with a background in forensic psychology, turning aggressive tradecraft into powerful defense tools. He is currently researching facial behavioral analysis and creating AI-driven solutions for the legal and trial consulting fields. ChatGPT, Copilot, and Claude all predict that his work will land him in handcuffs within 5–10 years — a risk Ray embraces as proof he’s pushing the boundaries of security and innovation.
SpeakerBio: Yvonne "Von Marie" CervantesYvonne is a YouTube craft content creator and handmade crafter featured in craft magazines for her work on unique art pieces. She currently designs for four design company teams and also creates comic books with Ray. She is currently researching facial behavioral analysis through designing research ideas and strategies for improving the legal and trial consulting fields.
- ics Calendar file
While the Cyber Demonstrator challenge is occurring, folks will be able to see what's happening inside the avionics on the aircraft and how their logging and reporting interacts with AI analysis systems to generate cyber alerts.
- ics Calendar file
This is a live tutorial of hacking against keyboards of all forms. Attacking the keyboard is the ultimate strategy to hijack a session before it is encrypted, capturing plaintext at the source and (often) in much simpler ways than those required to attack network protocols.
In this session we explore available attack vectors against traditional keyboards, starting with plain old keyloggers. We then advance to "Van Eck Phreaking" style attacks against individual keystroke emanations as well as RF wireless connections, and we finally graduate to the new hotness: acoustic attacks by eavesdropping on the sound of you typing!
Use your newfound knowledge for good, with great power comes great responsibility!
A subset of signal leak attacks focusing on keyboards. This talk is compiled with open sources, no classified material will be discussed.
SpeakerBio: Federico Lucifredi, Product Management Director for Ceph Storage at IBM and Red Hat
- ics Calendar file
Getting started in cyber from nontraditional entry points
SpeakerBio: Alethe Denis, Red Team at Bishop FoxDEF CON Groups Dept 2nd Lead
- ics Calendar file
Historically, Phishing attacks require extensive manual effort involving meticulous target research, intricate scenario crafting, and technical infrastructure deployment. However, the landscape is evolving with the adoption of Artificial Intelligence, which is transforming how phishing campaigns are conducted by reducing the required skill levels and effort. This talk explores how Artificial Intelligence enables threat actors to automate the critical phases of phishing campaigns, from initial reconnaissance to creating compelling and targeted communications and standing up attack infrastructures. It covers:x000D x000D - The inherent challenges in conventional phishing operations, emphasizing the extensive manual labor required for target reconnaissance, scenario development, and infrastructure setup. Attendees will understand why these labor-intensive processes have historically constrained the scalability and customization of phishing campaigns.x000D - How to utilize various AI models to craft convincing, contextually accurate phishing messages that mimic authentic corporate communication patterns. x000D - End-to-end Automated approaches for quickly standing up credible phishing websites, significantly lowering technical entry barriers for threat actors.x000D x000D At the end, participants should understand how to deploy AI-driven phishing campaigns using different models to achieve various results and address challenges within a phishing attack workflow.x000D
SpeakerBio: Daniel Marques, Red Team Senior ManagerAs an experienced Red Team leader, Daniel applies a strong software development and networking background to help Fortune 500 companies identify and remediate vulnerabilities in various technologies, including corporate networks, applications, and smart devices. With more than 15 years of experience in Cybersecurity, prominent local and international security conferences such as HOU.SEC.CON, ISC2 Security Congress, and Black Hat Regional Summit featured his Offensive Security research. Daniel holds a B.Sc. in Computer Science and an M.Sc. in Cybersecurity. In 2019, Daniel was part of the team that won the DEF CON Biohacking Village Capture the Flag competition.
--
With over 15 years in offensive security, Daniel applies a strong software development and networking background to help Fortune 500 companies identify and remediate vulnerabilities in various technologies, including corporate networks, applications, and smart devices. With more than 15 years of experience in Cybersecurity, prominent local and international security conferences such as HOU.SEC.CON, ISC2 Security Congress, and Black Hat Regional Summit featured his Offensive Security research. Daniel holds a B.Sc. in Computer Science and an M.Sc. in Cybersecurity. In 2019, Daniel was part of the team that won the DEF CON Biohacking Village Capture the Flag competition.
- ics Calendar file
Chakras are the energy centers in your body where energy flows. These energy centers are directly linked to mental, physical, emotional and spiritual attributes and well-being. Chakras are constantly in flux and can be imbalanced by becoming underactive or overactive and our being as a whole becomes imbalanced often leading to dis-ease and/or emotional blocks that disrupt our internal environment and harmony.
During this workshop, we will explore each chakra from the root up to the crown through their attributes, color, element, mantra, affirmation, crystals and essential oils.
Then, we will drop into our physical and energetic bodies in a Reiki infused guided, grounding and clearing chakra meditation for a journey of deep relaxation, Earth connection and energy restoration.
This workshop is inclusive of all bodies. EveryBODY is Welcome here.
SpeakerBio: Megan AllenHi, I’m Megan Allen.
My work focuses on a holistic approach to health; moving the body’s natural energy into alignment with Earth and the seven chakras. I practice integrative wellness - honoring a person's emotional, mental, physical and spiritual well-being. I provide intuitive healing sessions and work with clients to relax the mind, increase body awareness and balance energy flow.
I also facilitate community wellness workshops, ceremonies and transformational group programs inviting participants to disconnect from their busy lives, turn inward and tap into the present to restore and maintain the body’s energetic balance and cultivate self-love, empowerment and sovereignty.
I inspire people to activate their highest potential in alignment with their wise hearts and to promote healing from within. I tailor my sessions to reflect this; using techniques from my healing disciplines as well as my love for Traditional Chinese Medicine, holistic aromatherapy, crystals and essential oils, tarot, animal medicine cards and a deep reverence for nature.
Nature is one of my greatest teachers. It constantly teaches me about grounding, stability, resilience, boundaries, growth, and stillness.
- ics Calendar file
AI models have had a ~4x YoY increase in compute for the last 70 years. In the security domain, what has 4x effective compute brought us in 2025 and what will it bring us in 2026? In this session, Jason will give us a survey of the bleeding edge of security applications, from a frontier AI lab perspective, including advanced persistent threats, and what new security threats are coming from AI and can be defended by AI in 2026 and beyond.
SpeakerBio: Jason Clinton, CISO at Anthropic
- ics Calendar file
Angry Magpie is an open-source toolkit that demonstrates critical bypasses in enterprise Data Loss Prevention (DLP) systems through browser-based techniques. Our research identifies a class of attacks — Data Splicing — that enable exfiltration of sensitive data by transforming it to evade detection patterns used by both proxy and endpoint DLP solutions. The toolkit showcases four primary techniques: data sharding, ciphering, transcoding, and channel smuggling, each demonstrating specific architectural limitations in current DLP implementations. Security teams can use Angry Magpie to test their defense mechanisms against these practical attacks, providing valuable insights for enhancing data protection strategies. With browsers now serving as the primary access point for enterprise data, understanding and addressing these vulnerabilities has become essential for maintaining effective data security posture. Special thanks to Pankaj Sharma from the SquareX research team for his contributions to Angry Magpie toolkit.
Speakers:Jeswin Mathai,Xian Xiang ChangJeswin leads the design and implementation of SquareX’s infrastructure. Previously, he was part of Pentester Academy (acquired by INE) where he was responsible for managing the whole lab platform that was used by thousands of customers. A seasoned speaker and researcher, Jeswin has showcased his work at prestigious international stages such as DEF CON US, DEF CON China, RootCon, Black Hat Arsenal, and Demo Labs at DEF CON. He has also imparted his knowledge globally, training in-class sessions at Black Hat US, Asia, HITB, RootCon, and OWASP NZ Day. Jeswin is also the creator of popular open-source projects such as AWSGoat, AzureGoat, and PAToolkit.
SpeakerBio: Xian Xiang ChangXian is a software engineer at SquareX, contributing to the industry's first browser detection and response solution. With deep technical expertise in browser security, he architected DetectiveSQ, a containerized system for dynamically analyzing Chrome extensions, earning recognition at Black Hat Asia Arsenal and exemplifying his ability to transform complex security challenges into practical defensive tools.
- ics Calendar file
Construct, test, and use a real antenna. Two kits are available: a VLF Foxhunt Loop to win your local fox hunts, and a LoRa Yagi antenna and become the alpha-ham dominating oppressive gain and narrow beam width.
Join us as we condense the sum total of humanity's antenna knowledge into 30 gripping fun-filled minutes of building, testing, and using a built from scratch antenna. Afterwards the instructors will be around to help with assembly in the Village.
This talk will demonstrate building this year's antenna building workshop. Our selections this year include a VHF loop for fox-hunting, suitable for use in this year's fox-hunt. Second is a LoRa compatible Yagi. You will learn the basics of antenna construction, testing, and finally verifying with the cold cruel uncaring reality of physics that your antenna works.
We will also cover trouble-shooting antennas, common pitfalls, and unsolicited life advice.
Speakers:Nate "wants.beer" Martin,Danny QuistChem Engineer, ex Navy Nuke and deep submersible pilot. Currently Director of planning for large Si wafer manufacturer.
SpeakerBio: Danny Quist
- ics Calendar file
Apple Intelligence, Apple’s newest AI product, is designed to enhance productivity with AI while maintaining Apple's focus on user experience and privacy, often highlighting its use of localized models as a key advantage. But how well do these assurances hold up under scrutiny? While Apple emphasizes privacy as a core principle, my findings challenge some of these claims, illustrating the importance of scrutinizing AI-driven assistants before widespread adoption.
In this talk, we take a closer look at the data flows within Apple Intelligence, examining how it interacts with user data and the potential security and privacy risks that come with it. Using traffic analysis and OS inspection techniques, we explore what information is accessed, how it moves through the system, and where it gets transmitted. Our findings challenge common security assumptions of Apple, revealing unexpected behaviors and data leaks. From encrypted traffic to data leakage concerns, this presentation will provide practical insights for users and security professionals alike.
SpeakerBio: Yoav MagidYoav Magid is a security researcher at Lumia Security, where his work centers on AI security. Yoav’s other topics of interest are social engineering and embedded operating systems. With a solid foundation in cybersecurity, Yoav holds a B.Sc. in Computer Science and is currently preparing to pursue an MBA.
Bringing over seven years of cyber security experience, he has honed his skills in embedded research and programming, tackling real-world challenges in high-stakes environments. Yoav also founded a large-scale LGBTQIA+ Employee Resource Group (ERG) that fosters international collaboration and support in his last organization.
- ics Calendar file
Using an electronic circuit camera, we zoom in on cryptosecure devices and their circuits. Descriptions of existing cryptocurrency hardware lead to consideration of future integrations in the physical world and how secure elements work. We pass around a showcase of half a dozen wallets and similar hardware, as well as Nitrokeys (for defence) and ChipWhisperers (for attack.) We get set up with a set of hardware development software tools, and consider the physical production workflow that top manufacturers follow in high security areas.
Speakers:Param D Pithadia,Michael "MSvB" Schloh von BennewitzParam is an Electrical Engineering Student from Georgia Tech with a strong passion for and interest in crypto. Although he primarily got interested in cryptography and hardware security through a class at Georgia Tech, he is also working at a software company on crypto adoption and ease of use. With a unique blend of HW and SW skills, Param is truly enthusiastic about all aspects of crypto.
SpeakerBio: Michael "MSvB" Schloh von Bennewitz, Chairman, Monero DevicesMichael Schloh von Bennewitz (MSvB) is a computer scientist specializing in cryptosecure electronics and embedded development. He is the founder of Monero Devices and responsible for research, development, and maintenance of Opensource software repositories. A prolific speaker in four languages, Michael presents at technical meetings every year.
- ics Calendar file
Max 20 attendees since hardware is included for free.
Want to play with an open-source messaging system that has been deployed to space for a number of on-orbit projects?
In this workshop, you will work with a toolkit designed to create flexible and secure digital interactions across distributed systems while also eliminating common problems associated with consistency, availability, and partitioning of these systems and architectures. We'll walk you through compiling, configuring, and deploying a simple distributed wireless messaging application on our ESP32 badge board. Once it's flashed and working, the hardware is yours! Then dig deeper to learn the mechanisms that make Aranya work and make your own modifications.
The badge board you will receive is a multi-purpose development board based on the ESP32-S3 with 2MB PSRAM and 4MB Flash. It provides battery management, USB-C, two Qwiic ports, microSD, a big RGB notification LED, and a big tactile button. Battery included! For more information, check out the repo.
Toolz: A Mac or Linux machine (WSL will work) and a USB type-C cable. Chrome or Python for the front-end.
Skillz: Familiarity with command-line tools. Understanding Rust, Embassy, and esp-rs will be handy, but not required.
- ics Calendar file
Max 20 attendees since hardware is included for free.
Want to play with an open-source messaging system that has been deployed to space for a number of on-orbit projects?
In this workshop, you will work with a toolkit designed to create flexible and secure digital interactions across distributed systems while also eliminating common problems associated with consistency, availability, and partitioning of these systems and architectures. We'll walk you through compiling, configuring, and deploying a simple distributed wireless messaging application on our ESP32 badge board. Once it's flashed and working, the hardware is yours! Then dig deeper to learn the mechanisms that make Aranya work and make your own modifications.
The badge board you will receive is a multi-purpose development board based on the ESP32-S3 with 2MB PSRAM and 4MB Flash. It provides battery management, USB-C, two Qwiic ports, microSD, a big RGB notification LED, and a big tactile button. Battery included! For more information, check out the repo.
Toolz: A Mac or Linux machine (WSL will work) and a USB type-C cable. Chrome or Python for the front-end.
Skillz: Familiarity with command-line tools. Understanding Rust, Embassy, and esp-rs will be handy, but not required.
- ics Calendar file
The Arcade Party is back! Come play your favorite classic arcade games while jamming out to Keith Myers DJing. Your favorite custom built 16 player LED foosball table will be ready for some competitive games. This epic party, free for DEF CON 33 attendees to enjoy and play, is hosted by the Military Cyber Professionals Association (a tech ed charity) and friends.
- ics Calendar file
Artificially Insecure turns secure-coding training into a high-energy tabletop challenge. In six rounds, players draw AI-generated code-snippet cards each round. Your mission is to locate the flaw and spell out the correct code to get an instant prize and be entered into a Lego giveaway.
SpeakerBio: Ken "cktricky" Johnson, Co-Founder and CTO at DryRun SecurityKen Johnson, has been hacking web applications professionally for 16 years. Ken is both a breaker and builder and is the CTO & Co-Founder of DryRun Security. Previously, Ken was a Director with GitHub's Product Security Engineering team and has held both technical and leadership roles both within the consulting world as well as a corporate defender. Previously, Ken has spoken about varying AppSec topics at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, OWASP Global events, DevOpsDays DC, LASCON, RubyNation, and numerous other events. Ken's current passion project is the Absolute AppSec podcast with Seth Law and the practical secure code review course they offer thru DEF CON and other training venues.
Ken utilizes LLMs heavily in his work and has a wealth of real world applicable skills to share in applying LLMs to the application security domain.
- ics Calendar file
Attack Flow Detector is an open-source tool that helps defenders uncover coordinated cyber attacks buried in noisy alert data. Instead of relying on LLMs or black-box AI, it uses explainable machine learning to map alerts, logs, and telemetry to MITRE ATT&CK techniques, cluster them into contextualized attack steps, and chain them into complete killchains. Built for blue teamers and SOC analysts, it's lightweight, interpretable, and easy to deploy in real environments. This demo will show how the tool processes real-world-style data, generates actionable tickets, and supports root cause analysis. If you're drowning in false positives or lone incidents, this is for you.
Speakers:Ezz Tahoun,Kevin ShiEzz Tahoun is an award-winning cybersecurity data scientist recognized globally for his innovations in applying AI to security operations. He has presented at multiple DEFCON villages, including Blue Team, Cloud, Industrial Control Systems (ICS), Adversary, Wall of Sheep, Packet Hacking, Telecom, and Creator Stage, as well as BlackHat Sector, MEA, EU, and GISEC. His groundbreaking work earned him accolades from Yale, Princeton, Northwestern, NATO, Microsoft, and Canada's Communications Security Establishment. At 19, Ezz began his PhD in Computer Science at the University of Waterloo, quickly gaining recognition through 20 influential papers and 15 open-source cybersecurity tools. His professional experience includes leading advanced AI-driven projects for Orange CyberDefense, Forescout, RBC, and Huawei Technologies US. Holding certifications such as aCCISO, CISM, CRISC, GCIH, GSEC, CEH, and GCP-Cloud Architect, Ezz previously served as an adjunct professor in cyber defense and warfare.
SpeakerBio: Kevin ShiKevin is a data scientist specializing in cybersecurity and machine learning, currently working at the Canadian Institute for Cybersecurity at the University of New Brunswick. He holds a Master’s degree in Data Science from the University of Windsor, where he focused on applying advanced analytics and machine learning techniques to complex cybersecurity problems. His expertise includes developing and optimizing AI-driven methods for threat detection, anomaly identification, and security event analysis. His research contributions emphasize practical implementations of data science in cybersecurity operations, bridging theoretical approaches with real-world applications.
- ics Calendar file
- ics Calendar file
“Public access - off” should mean safe, right? Not when a wildcard principal sneaks into Terraform or a quick-start template letting any logged-in account (yours, mine, or a stranger’s) access your sensitive data.
We ran a large-scale, cross-cloud hunt for this quiet misconfiguration, testing it in AWS, Azure and GCP and measuring how often it shows up in real environments. The flaw is sneaky: anonymous requests are getting blocked, yet any authenticated account can still perform actions such as list, get, or even put objects - so a quick browser check tricks you into thinking the bucket is private. Our data shows that more than 15% of cloud environments had at least one bucket publicly exposing sensitive data. As for the remaining 85%, “not public” doesn’t always mean private. Further analysis revealed that many of these supposedly restricted buckets still exposed sensitive information unintentionally, including configuration files, code, and AI models.
In this talk we’ll outline our scan approach, present the headline numbers and walk through our methodology for detecting risky buckets.
Speakers:Danielle Aminov,Yaara ShrikiDanielle Aminov is a part of Wiz’s threat research team, specializing in network-based threats and threat intelligence. She develops detection strategies for large cloud environments. With over six years in offensive security within the IDF and in the cyber department of a global consulting firm, Danielle has expertise in red team operations and penetration testing.
SpeakerBio: Yaara ShrikiYaara Shriki is a Threat Researcher at Wiz, specializing in cloud security and network-based attacks. She explores novel ways to integrate ML and NLP into her security work. Yaara is currently pursuing an MSc in Computer Science at Tel Aviv University. She previously worked as a security researcher at Aqua Security and Checkpoint.
- ics Calendar file
Hands-on Demonstration – approximately 40 minutes to learn about the protocol and system, the research behind the tool, and the hands-on activity.
Participants will learn about the standard satellite communication protocol developed by the Consultative Committee for Space Data Systems (CCSDS). The CCSDS protocols prioritize reliability and efficiency, however those guidelines are often ignored or implemented improperly. We will demonstrate how to detect and protect against vulnerabilities in CCSDS protocols. We want to inform those in the space sector about potential problems in CCSDS protocols and their impacts, along with a method for automating security assessments of these systems.
- ics Calendar file
Tune in for a demonstration of a prototype autonomous system developed as a collaboration between Microsoft Research, Microsoft Defender Research, and Microsoft Discovery & Quantum.
SpeakerBio: Mike Walker, Senior Director at Microsoft Research
- ics Calendar file
Imagine discovering critical intelligence hidden inside live video streams faster than any human analyst could. We'll begin with a compelling hypothetical scenario: a breaking news livestream unintentionally captures crucial clues about a missing person's location, but overwhelmed human investigators miss the moment. Inspired by real world challenges investigators face daily, this scenario motivated us to build Autonomous Video Hunter (AVH), a system of AI powered agents that scour video content in real time to extract actionable OSINT.x000D x000D Technical core:x000D We'll showcase how AVH combines open source AI models for image recognition and audio transcription, orchestrated by custom Python based agents. These agents autonomously analyze video streams, detect critical visuals, logos, speech keywords, and quickly cross reference these clues against online databases and OSINT repositories.x000D x000D Live demo:x000D Experience AVH live as it identifies a target logo and relevant context (e.g., social media profiles and geolocation clues) from a random video clip in mere seconds. We'll also address practical challenges, from reducing false positives to scaling efficiently across multiple simultaneous streams.x000D x000D By the end of this lightning talk, attendees will understand how autonomous agents transform overwhelming video data into OSINT insights rapidly and effectively. We'll also share a lightweight open source AVH tool for the OSINT community to use and build upon.
SpeakerBio: Kevin Dela RosaKevin Dela Rosa is the CTO of Cloudglue (formerly Aviary Inc), building AI video understanding platforms that transform audiovisual content into structured data for LLM and agentic retrieval use cases. With 14+ years in multimodal AI, he previously led engineering teams at Snapchat developing billion-scale visual search systems and generative AI products. His work has been featured at technical conferences including CVPR, NeurIPS, AAAI, ISMIR, AWS re:Invent, KubeCon, and cultural and entertainment venues ranging from Cannes and Art Basel to the Super Bowl and The Late Late Show. At Cloudglue, he leads research and development of technologies enabling AI systems to comprehend complex audiovisual content, focusing on creating systems that allow AI agents to see, hear, and understand the visual world at scale
- ics Calendar file
How well do you know your man pages? Find out by teaming up with up to 3 other people (or come solo and get matched up with some new friends) and play "Aw, man...pages!". Across several rounds, your knowledge of man pages will be tested to the limit. Can you remember what command line flag is being described by its help text? Can you identify a tool just from a man page snippet? Can you provide the long-form flag when only given the short? Will you prove yourself worthy to be crowned the man page champion?
None. We will provide answer sheets and pens. Participants can form teams of up to 4 people beforehand, or at the event (last year's winners all met each other at the contest).
No
- ics Calendar file
AzDevRecon is a powerful web-based enumeration tool designed for offensive security professionals, red teamers, and penetration testers targeting Azure DevOps. It streamlines the discovery of misconfigurations, exposed secrets, and security gaps by leveraging token-based authentication, including Personal Access Tokens (PAT) and Azure DevOps Access Tokens (with aud=499b84ac-1321-427f-aa17-267ca6975798). AzDevRecon automates project and repository discovery, pipeline analysis, and user permission mapping, helping security teams uncover escalation paths and hardcoded credentials. Its intuitive web-based interface simplifies complex reconnaissance, enabling faster and more effective security assessments of Azure DevOps environments. This presentation will demonstrate how AzDevRecon enhances offensive security capabilities, providing actionable insights to strengthen DevOps security postures.
Features: - Token-Based Enumeration – Extract insights using Azure DevOps Access tokens or PAT. - Project & Repository Discovery – Identify accessible projects and repositories. - Pipeline & Build Enumeration – Analyze Azure Pipelines for security flaws. - Secrets & Credential Hunting – Detect hardcoded secrets and exposed tokens. - User & Permission Analysis – Map roles, permissions, and escalation paths. - Web-Based UI – Easy-to-use interface for efficient enumeration.
SpeakerBio: Trouble1Raunak Parmar works as a senior cloud security engineer at White Knight Labs. His areas of interest include web penetration testing, Azure/AWS security, source code review, scripting, and development. He has 4+ years of experience in information security. He enjoys researching new attack methodologies and creating open-source tools that can be used during cloud red team activities. He has worked extensively on Azure and AWS and is the author of Vajra, an offensive cloud security tool. He has spoken at multiple respected security conferences like Black Hat, Defcon RTV, MCTTP, HackSpaceCon, RootCon, and also at local meetups.
- ics Calendar file
More than 95 percent of Fortune 500 use Azure today! A huge number of organizations use Azure AD (Entra ID) as an Identity and Access Management platform. This makes it imperative to understand the risks associated with Azure as it contains an enterprises infrastructure, apps, identities and a lot more!
In addition to cloud-only identity, the ability to connect on-prem Active Directory, applications and infrastructure to Azure brings some very interesting opportunities and risks too. Often complex to understand, this setup of components, infrastructure and identity is a security challenge.
This hands-on training aims towards abusing Azure and a number of services offered by it. We will cover multiple complex attack lifecycles against a lab containing multiple live Azure tenants.
All the phases of Azure red teaming and pentesting – Recon, Initial access, Enumeration, Privilege Escalation, Lateral Movement, Persistence and Data mining are covered. We will also discuss detecting and monitoring for the techniques we use.
The course is a mixture of fun, demos, exercises, hands-on and lecture. The training focuses more on methodology and techniques than tools. If you are a security professional trying to improve your skills in Azure cloud security, Azure Pentesting or Red teaming the Azure cloud this is the right class for you!
Following topics are covered:
Attendees will get free two months access to an Azure environment comprising of multiple tenants and a Certified by AlteredSecurity Red Team Professional for Azure (CARTP) certification attempt.
SpeakerBio: Nikhil, Founder at Altered SecurityNikhil’s areas of interest include red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 15+ years of experience in red teaming.
He specializes in assessing security risks in secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Azure, Active Directory attacks, defense and bypassing detection mechanisms. Nikhil has held trainings and bootcamps for various corporate clients (in US, Europe and SE Asia), and at the world's top information security conferences.
He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more.
Nikhil is the founder of Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/
- ics Calendar file
More than 95 percent of Fortune 500 use Azure today! A huge number of organizations use Azure AD (Entra ID) as an Identity and Access Management platform. This makes it imperative to understand the risks associated with Azure as it contains an enterprises infrastructure, apps, identities and a lot more!
In addition to cloud-only identity, the ability to connect on-prem Active Directory, applications and infrastructure to Azure brings some very interesting opportunities and risks too. Often complex to understand, this setup of components, infrastructure and identity is a security challenge.
This hands-on training aims towards abusing Azure and a number of services offered by it. We will cover multiple complex attack lifecycles against a lab containing multiple live Azure tenants.
All the phases of Azure red teaming and pentesting – Recon, Initial access, Enumeration, Privilege Escalation, Lateral Movement, Persistence and Data mining are covered. We will also discuss detecting and monitoring for the techniques we use.
The course is a mixture of fun, demos, exercises, hands-on and lecture. The training focuses more on methodology and techniques than tools. If you are a security professional trying to improve your skills in Azure cloud security, Azure Pentesting or Red teaming the Azure cloud this is the right class for you!
Following topics are covered:
Attendees will get free two months access to an Azure environment comprising of multiple tenants and a Certified by AlteredSecurity Red Team Professional for Azure (CARTP) certification attempt.
SpeakerBio: Nikhil, Founder at Altered SecurityNikhil’s areas of interest include red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 15+ years of experience in red teaming.
He specializes in assessing security risks in secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Azure, Active Directory attacks, defense and bypassing detection mechanisms. Nikhil has held trainings and bootcamps for various corporate clients (in US, Europe and SE Asia), and at the world's top information security conferences.
He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more.
Nikhil is the founder of Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/
- ics Calendar file
In spite of novel cybersecurity threats, digital security advice has remained largely unchanged in recent years. In fact, much of the viral advice in response to high-profile attacks or threats doesn't actually address the risks people are most likely to face. In this talk, we'll analyze high-profile digital privacy and security concerns, whether the viral advice to address said concerns is effective and practical, and what steps could be taken—both before and after an issue arises.
SpeakerBio: Yael Grauer, Program Manager of Cybersecurity Research at Consumer ReportsYael Grauer is a program manager of cybersecurity research at Consumer Reports. She also does freelance investigative tech reporting, maintains the Big Ass Data Broker Opt-Out List, and is a proud member of the Lockdown Systems Collective.
- ics Calendar file
Backdoors and Breaches es un taller interactivo y altamente práctico que utiliza un juego de cartas diseñado específicamente para entrenar a equipos de seguridad en la identificación, análisis y respuesta ante incidentes cibernéticos. Este taller va mucho más allá de la teoría, permitiendo a los participantes experimentar situaciones realistas de ciberataques en un entorno controlado, colaborativo y, sobre todo, didáctico.x000D x000D Durante la sesión, los participantes trabajarán en equipo para resolver incidentes simulados. Cada carta representa un elemento clave de la cadena de ataque: desde el compromiso inicial, persistencia, escalada de privilegios y movimiento lateral, hasta la comunicación con servidores de comando y control (C2) y la exfiltración de datos. También se incluyen cartas de "injects" que añaden complicaciones inesperadas, y "procedures" que permiten emplear técnicas y recursos defensivos. Esto obliga a los jugadores a pensar estratégicamente, adaptarse y tomar decisiones rápidas, simulando la presión y la incertidumbre que acompañan los incidentes en la vida real.x000D x000D El taller inicia con una breve explicación del juego y sus categorías de cartas, seguida de la presentación de un escenario que los equipos deberán investigar y resolver. A lo largo del ejercicio, los participantes lanzarán dados para determinar el éxito o fracaso de acciones clave, aprendiendo a interpretar probabilidades, planificar respuestas y trabajar con recursos limitados. Además, cada paso del juego será comentado y relacionado con técnicas reales de respuesta ante incidentes, controles de seguridad, y procesos de detección y mitigación utilizados en entornos profesionales.x000D x000D El objetivo principal de este taller es fortalecer la capacidad de análisis, colaboración y toma de decisiones bajo presión. Los asistentes no solo aprenderán a detectar vectores de ataque, sino también a emplear herramientas forenses, aplicar medidas de contención y erradicación, y comunicar de forma efectiva sus hallazgos y acciones. La sesión está pensada tanto para equipos SOC, analistas de seguridad, estudiantes y profesionales de ciberseguridad, como para cualquier persona interesada en mejorar sus habilidades prácticas de respuesta a incidentes.x000D x000D Al final del taller, los participantes habrán desarrollado confianza en su capacidad para enfrentar incidentes reales, comprendido la importancia del trabajo en equipo y habrán vivido de primera mano cómo las pequeñas decisiones pueden tener un gran impacto en la seguridad de una organización.x000D x000D https://www.blackhillsinfosec.com/tools/backdoorsandbreaches/
SpeakerBio: Nikolas Behar, Information Security Consultant | Professor of Cybersecurity | Red Team LeaderNikolas Behar is an esteemed Red Team leader and consultant with a rich history in cybersecurity, having previously held roles at Deloitte, Accenture, and PwC. His expertise lies in red teaming and threat intelligence, where he excels in integrating complex offensive security strategies. Behar has significantly enhanced detection capabilities and operational efficiency in his roles, and his innovative approach to reporting has improved stakeholder comprehension. His practical experience with MITRE TIDs and utilizing open-source intelligence from entities like US-CERT and FR-CERT underscores his deep connection to the current cybersecurity landscape.x000D x000D Holding an MSc in Information Security from the University of London, Behar is also a seasoned educator in cybersecurity, teaching at multiple universities. His ability to distill complex concepts and engage diverse audiences has been showcased across various platforms, including prestigious conferences like Fal.con, BSides, and the InfoSecurity Magazine Summit. Dedicated to advancing the field, Behar leads research into emerging threats, develops cutting-edge tools, and mentors future cybersecurity professionals, reflecting his commitment to the community and continuous learning.
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
Jeff Geisperger is a security engineer with 15 years of experience specializing in hardware and device security. His work ranges from low-level firmware and embedded systems to the cloud services that power modern devices, with a focus on end-to-end security across the stack. Outside of his professional role, Jeff is active in the hardware hacking and badgelife communities. What began as a hobby collecting badges has grown into designing both indie and large-scale conference badges for thousands of attendees.
- ics Calendar file
- ics Calendar file
BadVR Data Exploration through VR visualization. See RF signals, cellular signals and step into the data with a hands-on VR experience
Speakers:Suzanne Borders,Jad MeouchySuzanne Borders, CEO + Founder, BadVR, Inc. Suzanne studied psychology at University of Missouri, Kansas City and previously worked as Lead UX/Product Designer for over 9 years at companies such as Remine (raised $48M) and CREXi (raised $54M) where she specialized in designing intuitive, high-performant data analytic interfaces. In 2019, Suzanne founded BadVR and was awarded a “Rising Stars” innovation award from IEEE. To date, she’s raised over $4M in non-dilutive funding for BadVR, via grants from the National Science Foundation, NOAA, Magic Leap, Qualcomm, and more. Suzanne has grown the company from 2 to 25 people and was awarded 4 patents for innovations she created while leading the BadVR team. Over the past 5 years, Suzanne emerged as a thought-leader in the immersive data visualization and analytics space. She has been a keynote speaker at over 25 national and international conferences. In her spare time, Suzanne travels for inspiration (81 countries and counting) and is proud to be a published author and former punk. Suzanne thrives at the intersection of product design, immersive technology, and data; she’s a believer in the artistry of technology and the technicality of art and remains passionately dedicated to democratizing access to data through universally accessible products.
SpeakerBio: Jad Meouchy, CTO + Co-Founder at BadVRJad Meouchy, CTO + Co-Founder, BadVR, Inc. Jad, originally from northern Virginia, holds dual B.S. degrees in Computer Engineering and Psychology from Virginia Tech, and is a graduate of the Thomas Jefferson High School for Science and Technology. While in college, he engineered and built the data visualization components of an emergency response simulation that went on to receive 2M in public grant funding. Over his 15-year career, Jad has founded five startups and successfully exited three. His professional expertise is in software architecture and development, specifically big data analytics and visualization, and virtual and augmented reality development. Based in Los Angeles since 2010, Jad promotes the community by organizing developer meetups and events, and volunteering time for STEM initiatives.
- ics Calendar file
Bandxhil es una amenaza sofisticada que ha operado bajo el radar en Latinoamérica desde al menos 2016, especializándose en el robo de información confidencial y el control remoto de sistemas comprometidos. Este actor destaca por su Remote Access Trojan (RAT) modular desarrollado en Java, el cual está diseñado para evadir detección y adaptarse a múltiples sistemas operativos, incluidos Windows, Linux y macOS.x000D Durante esta charla, exploraremos la cadena completa de infección de Bandxhil, iniciando con su acceso inicial mediante campañas de phishing. Estos correos imitan facturas legítimas y redirigen a las víctimas hacia plataformas como OneDrive, donde se descarga un script Visual Basic altamente ofuscado. Este script despliega el payload principal, un archivo JAR modular que sirve como base de la operación de este actor.x000D A lo largo de la sesión, desglosaremos sus técnicas clave, incluyendo:x000D • Uso de LOLBins para ejecución.x000D • Ofuscación y cifrado de variables AES, Blowfish y XOR y combinado con codificación Base64.x000D • Keylogging, captura de pantalla y grabación de audio/video para la recopilación de datos.x000D • Comunicación con servidores C&C vía sockets TCP y tráfico cifrado, diseñado para evitar detección.x000D • Compilación dinámica de módulos maliciosos x000D Para cerrar, se compartirán lecciones aprendidas y estrategias de detección basadas en el framework MITRE ATT&CK y el Modelo Diamante, junto con reglas YARA y estrategias prácticas para su mitigación en entornos corporativos.x000D
SpeakerBio: Armando Aguilar, Cyber Threat Analyst at Financial InstitutionArmando Aguilar es un analista de inteligencia de ciberamenazas con más de 7 años de experiencia en la identificación, análisis y mitigación de amenazas que se encuentran afectado a México y Latinoamérica. Actualmente, es miembro del equipo de Threat Intelligence en una institución financiera mexicana_x000D_ x000D A lo largo de su trayectoria profesional, Armando se ha desempeñado como analista de Inteligencia de Ciberamenazas, especializándose en el análisis de malware, traza de campañas y creación de perfilamientos de amenazas (Threat Profile). Cuenta con amplia experiencia en OSINT Assessment, análisis de técnicas estructuradas y pruebas de penetración.x000D x000D Armando es egresado de la carrera Ingeniería en Computación de la Facultad de Estudios Superiores Aragón, donde inició su formación en Ciberseguridad en el Laboratorio de Seguridad Informática. Continuó su preparación en los Diplomados de Tecnologías de la Información y Seguridad Informática; y ha recibido capacitaciones por parte de la UNAM sobre temas de Computo Forense, Respuesta a Incidentes, Auditoria de Seguridad Informática y Pruebas de Penetración. Actualmente, cuenta con las certificaciones del Cyber Threat Intelligence (GCTI) y Certified Forensic Analyst (GCFA) emitidas por el GIAC, Certification Threat Intelligence Analyst (CTIA) y Certified Ethical Hacker (CEH) emitida por EC-Council y Certification Malware Analysis Professional emitida por Elearnsecurity.
- ics Calendar file
This session will walk the participants through the tenants of threat emulation culminating in them emulating a threat actor of their choice.
This workshop will give participants a chance to get hands on with threat emulation by covering: How To Define The Threat: What is likely and what are we afraid of?
Gather Intel: Is there any historic reporting of said threat? Students will research a threat actor and gather actionable Behaviors. Capability Development: We will use that intel gathered to engineer a threat emulation scenario to fit our needs using modern frameworks, scripts, payloads, and even customizing our delivery infrastructure.
Put It To Work: You will get a chance to test your threat against a live environment.
SpeakerBio: Trey Bilbrey, Head at SCYTHE LabsTrey Bilbrey is the Lead of SCYTHE Labs, specializing in Purple Team Exercises, Threat Emulation, Critical Infrastructure, and holistic cyber operations. Trey's 15+ years of industry experience has allowed him to become an excellent educator, defender of networks, and a cultivator of cybersecurity professionals. Prior to joining SCYTHE, Trey held positions at notable organizations such as Hack The Box (HTB Academy content Developer), The Army Corps of Engineers (ICS/SCADA Penetration Testing), and a veteran of the United States Marine Corps (Defensive and Offensive Cyber Operations). Current certifications include the CISSP, GICSP, GCIP, and K>FiveFour RTAC.
- ics Calendar file
The Beaconator C2 framework provides multiple highly evasive payloads, created to provide red teams with code execution, versatility, and ease of use. It is intended to be a Swiss Army knife for evasive C2, with a unified listener and basic tools to manage an engagement. The goal is to empower red/purple teams to emulate emerging adversary tactics that are evasive, prove them out, and then open tickets with various AV/EDR vendors to improve detectability for these blind spots that are now exploited in the wild.
Speakers:Mike "CroodSolutions" Manrod,Ezra "Shammahwoods" WoodsMike serves as the CISO for Grand Canyon Education and adjunct faculty for Grand Canyon University, teaching malware analysis. Mike also co-founded the Threat Intelligence Support Unit (TISU), a community for threat and adversary research. He is also a co-author/contributor for the joint book project, Understanding New Security Threats published by Routledge in 2019, along with numerous articles. When not working, he spends time playing video games and doing random projects with his kids.
SpeakerBio: Ezra "Shammahwoods" WoodsEzra is an avid security researcher currently working as an information security engineer with Grand Canyon Education.
- ics Calendar file
No one can deny that the job of a bug bounty hunter is tedious at times. The goal of this talk is simple: to make you a more efficient hacker using Caido. There is a lot to cover, but you can expect content surrounding the following: AI integration, collaboration, automation (JIT and otherwise), efficient navigation, and a slew of new Caido features. Caido is a rapidly evolving tool - consider this your crash course on getting back up to speed.
SpeakerBio: Justin "rhynorater" Gardner, Advisor at CaidoI'm a full-time Bug Bounty Hunter and Host of the Critical Thinking - Bug Bounty Podcast. I also work as an Advisor for Caido (HTTP Proxy). When I'm not putting in reports or disseminating technical info on the pod, I'm normally spending time with my wife and 2 daughters, lifting heavy things, playing volleyball, or getting folded in BJJ
- ics Calendar file
We usually view the world of cybersecurity through the lens of a malicious attacker versus a legitimate actor within a given system. This approach fails when considering the world of data privacy where there are three actors in play: the possibly-benevolent vendor, the legitimate user and the inevitable malicious actor. Using this privacy-focused lens, we survey the current regulatory landscape before turning our attention to how privacy is (not) applied to the automotive world.
Our talk focuses on the unique privacy risks the automotive industry is facing with the advent of smart, connected, cars. We present a real-world case study showing how quickly and thoroughly a bad actor could invade the privacy of a car owner, based on a privacy leak vulnerability designated CVE-2025-26313 (reserved).
Speakers:Lior ZL,Jacob AvidarLior is a security researcher in the PlaxidityX Threat Research Labs. Lior is part of a team of security researchers and data scientists who focus on innovation in the cybersecurity world, both from an offensive and a defensive perspective. Lior’s past experience is in enterprise cybersecurity and systems development. Lior holds an M.Sc in Computer Science.
SpeakerBio: Jacob Avidar, VP R&D and CISO at PlaxidityXJacob Avidar is the VP R&D and CISO of PlaxidityX (formerly Argus). Jacob founded the Threat Research Labs team that focuses on exploring high-risk vulnerabilities through cyber attacks in the Automotive industry. Exposing these risks allow OEMs and Tier-1 vendors to deal with violations and thus protect cars and people's lives from cyber attacks.
- ics Calendar file
AI systems are evolving from copilots to autonomous, multi-agent architectures, expanding the attack surface across tool execution, persistent memory, and inter-agent communication. This hands-on session extends copilot security methods to agentic ecosystems, covering threat modeling for multi-agent pipelines, supply-chain defenses, safeguarding sensitive workflows, and prompt injection at scale. Through real-world case studies—independent and integrated assistant deployments—you’ll learn to implement policy-as-code guardrails, fine-grained access controls, and red-team strategies for agent behavior. Whether you’re securing or penetrating AI workflows, you’ll leave equipped with actionable patterns to defend and harden end-to-end autonomous systems without stifling innovation.
Speakers:Jeremiah Edwards,Andra LezzaJeremiah is the Head of the AI business unit at Sage, and focuses on delivering world class AI for Finance, Accounting, and Business Operations. He leads the expert team which has invented and deployed over 16 AI services in 8 global products, making 20 million AI predictions daily. Before joining Sage, he founded and led data science and machine learning teams at Covid Act Now, FLYR Labs, Squelch, Apteligent (VMware), and Orange Labs. His interests include data privacy, ethical AI, and building AI systems that help people in their daily lives and jobs. He holds degrees in mathematics from MIT and Pierre and Marie Curie University. When not working on machine learning and AI, he can be found trail running, climbing rocks, and doing math.
SpeakerBio: Andra Lezza, Principal Application Security Specialist at SageAndra is a Principal Application Security Specialist at Sage, with over seven years of experience in the field of application security. She is responsible for implementing DevSecOps practices, conducting security assessments, and developing secure coding guidelines for software engineering and AI/ML teams. She has a strong background in software development and project management, as well as a master's degree in information and computer sciences. She has been co-leading the OWASP London Chapter since 2019, where she organises and delivers events and workshops on various security topics. She is passionate about educating and empowering developers and stakeholders to build and deliver secure software and best practices in a fast-paced, results-driven environment.
- ics Calendar file
- ics Calendar file
This will be a hands-on workshop, taking a few hours, that will require a laptop along with a Type II Hypervisor that dives into the practical application of the MITRE ATT&CK framework, emphasizing its value beyond simple enumeration of adversary tactics. By using ATT&CK to conduct practical exercises, organizations can better understand their threat landscape and take proactive measures to mitigate vulnerabilities. The hands-on workshop and discussion involves analyzing attacks by industry, drawing connections to real-world scenarios, and incorporating simulations to enhance risk management strategies. How do you prepare for an attack? When do you take real data to formulate an attack scenario. How do you test that plan?
A significant focus is placed on utilizing the MITRE Caldera tool for simulating and analyzing attack scenarios in specific environments. The tool provides insights into adversary tactics, allowing organizations to evaluate their defenses, detection capabilities, and mitigation strategies effectively.
SpeakerBio: Frank Victory
- ics Calendar file
Join us for a guided walkthrough of the Blacks in Cybersecurity Village (BIC) badge from DEF CON 33, led by the badge’s developer. This session explores the PCB design, embedded circuits that power the badge, and how this year’s design supports Shitty Add-Ons (SAOs). New to DEF CON? You’ll also get an introduction to the history of BIC badges and how they fit into the broader culture of DEF CON badge collecting. All experience levels are welcome to join and explore.
SpeakerBio: Eli McRaeEli McRae is a loser who doesn't know nothing about how to computer... That doesn't stop him though. He does hacking and hacking-related activities for the Arkansas Air National Guard and private sector. He is a founding member of the statewide Arkansas Hackers crew and has worked as an educator and technical trainer. He currently works as a pentester for a global MSSP.
- ics Calendar file
This started off as a basic project I taught in Ukraine last year with Hackers arise. It has evolved onto an updated 32 bit system with MXLinux from Ubuntu. Although a big pain in the ass; we also updated to python3 finally in this version as well.
- ics Calendar file
Defcon 32 we discussed how to transfect DNA using a lighter in the privacy of your home, Defcon 33 we want to bring the next phase which is BioCypher. BioCypher is a tool that will help with plasmid design to embed cryptographic messages. As quantum computing threatens traditional encryption, it’s time to ditch silicon and embrace self-assembling biomolecular firewalls. DNA Origami Cryptography (DOC) uses viral scaffolds to create nanometer-scale encryption keys over 700 bits long—strong enough to give Shor’s algorithm an existential crisis. Beyond brute-force resistance, DOC enables protein-binding steganography and multi-part message integrity, allowing encrypted communication through braille-like molecular folds. Whether securing classified data or encoding musical notes into microscopic strands, DOC offers a biological alternative to post-quantum doom. In this talk, we’ll explore how molecular self-assembly is turning DNA into the hacker-proof cipher of the future, now introducing Biocypher! The rough demo awaits for all to use the tool and think about a bio-crypto-future!
SpeakerBio: James Utley, PhDDr. James Utley, PhD, is a Johns Hopkins-trained Immunohematology expert, CABP, and AI/data science leader. As Technical Director, he led 150K+ cellular transfusions, advancing DoD and FDA-approved therapies. A bold biohacker, he pioneers CRISPR/genetic engineering, earning the moniker “the pirate.”
- ics Calendar file
The Device Lab is highly-collaborative environment where security researchers test medical instruments, applications, and devices in real-time from participating Medical Device Manufacturers. Any potential issues are reported directly to the manufacturer, and coordinated vulnerability disclosures are produced.
As part of their product security programs, their proactive initiatives to test their products, and to enhance the cybersecurity of their medical technologies, select medical device makers are teaming up with the Biohacking Village.
These manufacturers are inviting security researchers to learn and to test their products in dedicated spaces set aside for them. Their staff will answer questions, educate researchers, and triage any potential security issues. Researchers who perform testing should expect to follow the manufacturers’ published coordinated vulnerability disclosure policy and report any potential issues found so they can be addressed. Security researchers must sign the Hippocratic Oath for Hackers and agree to the framework of boundaries and rules of engagement during and post conference engagement.
- ics Calendar file
Bringing together diverse cultures and queer voices for an afternoon of connection. Come support our vibrant community!
- ics Calendar file
The Digital Markets Act (DMA) is a landmark European law which aims to make digital markets fairer and open. The DMA regulates the behaviour of “gatekeepers”: large digital players whose closed platforms may limit innovation and choice for users. The DMA sets out “do’s and don’ts”, such as enabling interoperability, allowing alternative services (e.g. browsers or app stores), and treating third parties on equal footing.
In this presentation, you get to hear first-hand from the DMA enforcers about their experience, focusing on the first-ever enforcement action taken under the DMA. In March 2025, the European Commission spelled out how Apple must make iOS and iPadOS work seamlessly with third-party products and services, in particular connected devices such as smartwatches and headphones. We provide insights into how we delivered this concrete change, how the security community played a useful role, and what the benefits will be for developers and users.
We give a perspective on how the DMA preserves system integrity, security and user privacy when introducing interoperability to a previously closed platform. We also give a broader outlook on what other benefits businesses and end users can expect from the DMA, especially in terms of giving users full control and choice over their devices and data.
SpeakerBio: Victor Le Pochat, DMA Enforcement Team at European CommissionVictor Le Pochat works in the enforcement team for the Digital Markets Act at the European Commission (DG Connect). Prior to the Commission, he was a postdoctoral researcher working on monitoring the security and privacy of large web ecosystems. He previously presented his work at Black Hat, FOSDEM, and various academic cybersecurity conferences. Victor speaks in a personal capacity and does not speak on behalf of the European Commission.
- ics Calendar file
In Windows, the cornerstone of data protection is BitLocker, a Full Volume Encryption technology designed to secure sensitive data on disk. This ensures that even if an adversary gains physical access to the device, the data remains secure and inaccessible.
One of the critical aspects of any data protection feature is its ability to support recovery operations failure cases. To support BitLocker recovery, design changes were applied in the Windows Recovery Environment (WinRE). This led us to a pivotal question: did these changes introduce new attack surfaces impacting BitLocker?
In this talk, we will share our journey of researching a fascinating and mysterious component: WinRE. Our exploration begins with an overview of the WinRE architecture, followed by a retrospective analysis of the attack surfaces exposed with the introduction of BitLocker. We will then discuss our methodology for effectively researching and exploiting these exposed attack surfaces. Our presentation will reveal how we identified multiple 0-day vulnerabilities and developed fully functional exploits, enabling us to bypass BitLocker and extract all protected data in several different ways.
Finally, we will share the insights Microsoft gained from this research and explain our approach to hardening WinRE, which in turn strengthens BitLocker.
Speakers:Alon "alon_leviev" Leviev,Netanel Ben SimonAlon Leviev (@alon_leviev) is a self-taught security researcher working with the Microsoft Offensive Research & Security Engineering (MORSE) team. Alon specializes in low-level vulnerability research targeting hardware, firmware, and Windows boot components. He has presented his findings at internationally-recognized security conferences such as DEF CON 32 (2024), Black Hat USA 2024, Black Hat EU 2023, CanSecWest 2024, and CONFidence 2024. Prior to his career in cybersecurity, Alon was a professional Brazilian jiu-jitsu athlete, winning several world and European titles.
SpeakerBio: Netanel Ben SimonNetanel Ben-Simon has been a security researcher for over eight years, and is currently working with the Microsoft Offensive Research & Security Engineering (MORSE) team. He specializes in low-level vulnerability research, fuzzing & Exploitation on various platform types such as Windows, Linux, and Embedded Devices. Over the past year, he has conducted in-depth vulnerability research on different UEFI components with a focus on Windows security posture around the boot environment, bug hunting and mitigations.
- ics Calendar file
Blackdagger is a next-gen cybersecurity workflow automation framework built to streamline and accelerate complex operations across DevSecOps, MLOps, MLSecOps, and Continuous Automated Red Teaming (CART). It uses a declarative YAML-based Directed Acyclic Graph (DAG) system to define, visualize, and execute automated pipelines — no heavy scripting required. With a built-in web UI, a containerized red teaming toolkit called Blackcart, and integration with GitHub Actions for OPSEC-friendly task execution, Blackdagger empowers teams to deploy, manage, and scale cyber workflows in real-time. Attendees will see live demos of red team pipelines, stealthy GitHub-based automation, and browser-based workflow execution via the Blackdagger Web Kit. Whether you're defending or attacking, Blackdagger turns security automation into an intuitive, visual experience — backed by real-world NATO and defense applications.
Speakers:Mahmut "ErdemOzgen" Erdem Ozgen,Ata SerenMahmut is a computer engineer from Ankara, Turkey, specializing in software engineering, cybersecurity, ML systems, and DevSecOps. A Bahcesehir University graduate (2015-2020), he has played key roles at HAVELSAN, developing secure DevSecOps pipelines and cybersecurity architectures for Turkish Armed Forces, contributing to national security systems advancement. He has extensive experience with machine learning and LLMs, applying theoretical concepts to practical solutions. As a student research assistant at Istanbul Big Data Education and Research Center, he implemented learning-based algorithms for drone routing and conducted text processing and sentiment analysis. His technical expertise encompasses Python, Go, C/C++, Java, JavaScript, Docker, Kubernetes, Terraform, and blockchain technologies. Fluent in English and Turkish, he has received notable recognition, including first place in the Presidency of Defence Industries Cyber Capstone Projects and a full scholarship from Bahcesehir University. Additionally, he has served on the NATO Locked Shields exercise green team, implementing ML and LLM-based systems, and currently serves as a red team capability leader in the NATO CWIX exercise.
SpeakerBio: Ata SerenAta is a specialized cyber security engineer with expertise in application security, DevSecOps, and penetration testing. Currently pursuing a Master’s degree in Cyber Security at Middle East Technical University, his thesis focuses on static application security testing, tool mechanisms, and innovative approaches in the field. With professional experience at HAVELSAN, he has contributed to significant NATO projects and open-source cybersecurity tools including DevSecOpsBuilder, Blackcart, and Blackdagger. His involvement in the NATO Locked Shields exercise in 2024 and 2025 demonstrates his practical expertise in cyber defense operations at an international level. A recognized voice in the cybersecurity community, he has presented the Blackdagger tool at Black Hat USA, Europe, and Asia conferences alongside his colleague. Most recently, he spoke at CyCon 2025, introducing a new cybersecurity framework to industry professionals. His technical proficiency spans multiple programming languages including Python, Golang, and C/C++, complemented by extensive knowledge of cybersecurity fundamentals, cloud security, and AI/ML approaches to security challenges. He is currently expanding his red teaming capabilities while studying for the OSCP certification from OffSec.
- ics Calendar file
- ics Calendar file
A cyber defense Capture the Flag inspired by a mix of trending nation-state actor kill chains. You are an incident responder tasked to investigate multiple incidents. You will have access to a SIEM and other forensic data; however, just like in real life, these tools have issues you must overcome to uncover what happened.
The CTF challenges contestants to leverage diverse cyber defense skills, including Incident Response, Forensics, and Threat Hunting. Both host and network telemetry are required to solve all the flags.
BTV’s Project Obsidian crew developed the CTF to allow anyone, regardless of skill or knowledge, to participate and sharpen their cyber defense skills. We recommend creating or joining a team if you are new to cyber defense. We highly recommend attending the other BTV Project Obsidian presentations and panels to learn even more about different cyber defense topics.
Attendees will be required to use a laptop, tablet, or mobile device. Prior knowledge of using a SIEM is preferred.
No
- ics Calendar file
BOAZ (Bypass, Obfuscate, Adapt, Zero-Trust) evasion was inspired by the concept of multi-layered approach which is the evasive version of defence-in-depth first proposed in a presentation at BH USA14. BOAZ was developed to provide greater control over combinations of evasion methods, enabling more granular evaluations against antivirus and EDR. It is designed to bypass before, during, and post execution detections that span signature, heuristic, and behavioural detection mechanisms. BOAZ supports both x86/x64 binary (PE) or raw payload as input and output EXE or DLL. It has been tested on separated Windows 11 Enterprise, Windows 10, and Windows Server 2022 VMs with 14 desktop AVs and 7 EDRs installed including Windows Defender, Norton, BitDefender, Sophos, and ESET. The design of BOAZ evasion is modular, so users can add their own toolset or techniques to the framework. BOAZ is written in C++ and C and uses Python3 as the main linker to integrate all modules. There have been significant improvements implemented since its inception. The new version of the BOAZ evasion tool, set for release at DEF CON 33, will feature three novel threadless process injection primitives, along with newly implemented loaders and behavioural evasion techniques.
SpeakerBio: Thomas "XM20" Xuan MengThomas is a cybersecurity researcher, reverse engineer, and developer with a diverse background in policing, academia, and civil service. He holds a PhD in Computational Engineering, an MPhil in Criminological Research, and a BSc in Mathematics, and was awarded a university medal in Cybersecurity from Edinburgh Napier University.
- ics Calendar file
Drinor Selmanaj is a cybersecurity pioneer, Forbes Technology Council member, and published author. As Founder of Sentry, he leads an elite team securing unicorn-stage companies and Big Four clients across critical sectors. He also founded the Cyber Academy, where his hands-on training programs and AI-driven edtech solutions have launched thousands of careers and are redefining how cybersecurity talent is developed worldwide.
SpeakerBio: Drinor Selmanaj, Founder and CTO at SentryDrinor Selmanaj is a cybersecurity frontier with over a decade of paramount experience in penetration testing, cyberterrorism combat, and global privacy amidst NATO representatives, multinational corporations, tech giants, and heads of state. Moreover, he is a prolific investor in the tech scene with several cybersecurity-related companies and initiatives under his name.At Sentry, Drinor leads a global team of cybersecurity researchers while providing cutting-edge penetration testing and other cybersecurity services to unicorn corporations, including some of the Big Four.Likewise, Selmanaj is well-known for his efforts in security education, having trained thousands of students while continuously responding to the chronic cybersecurity talent shortage. His students are renowned professionals employed in leading application security firms and have received multiple recognitions from numerous organizations, including the U.S. Department of Defense.
At Cyber Academy, he has developed state-of-the-art courses covering a variety of topics, ranging from the foundations of cybersecurity to red teaming and adversary emulations. Additionally, Drinor has developed cyber ranges equipped with the latest offensive and defensive scenarios for training the new cybersecurity workforce.As a consultant, he has assessed vulnerabilities, opportunities, and mitigation pathways for critical information infrastructures on a national level, the finance/health sector, and electoral systems. As a result, Drinor found success in providing a clear sight of national cybersecurity while delivering a comprehensive and concrete action plan.Drinor Selmanaj is an award-winning cybersecurity professional, lecturer, public speaker, and executive aspiring to boost innovation, all the while perpetually pursuing excellence and standing one step ahead of cyber threats
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
As a former enlisted Marine, Human Rights volunteer in Cameroon, Ukrainian Peace Corps member, and Army Officer, I bring a diverse background to my current role as a Network Analyst. My lifelong passion for computers—rooted in the era of dial-up—drove me to create the Cyber Calendar. This project aims to illuminate essential cyber practices and address the complacency creep that often undermines our security.
SpeakerBio: Chris DeCarmenAs a former enlisted Marine, Human Rights volunteer in Cameroon, Ukrainian Peace Corps member, and Army Officer, I bring a diverse background to my current role as a Network Analyst. My lifelong passion for computers—rooted in the era of dial-up—drove me to create the Cyber Calendar. This project aims to illuminate essential cyber practices and address the complacency creep that often undermines our security.
- ics Calendar file
- ics Calendar file
Carey Parker is on a mission to raise the awareness of everyday, non-technical people on the crucially important topics of cybersecurity and privacy. There are plenty of resources for computer geeks (like himself), but is striving to reach the 99% of the population who use the Internet all the time but have no real idea how safe they are nor how to make themselves safer. It might seem like a lost cause, but trust him, it’s not! There are dozens of free and simple things we can all be doing to protect ourselves, our family, and our friends.
SpeakerBio: Carey ParkerCarey Parker is on a mission to raise the awareness of everyday, non-technical people on the crucially important topics of cybersecurity and privacy. There are plenty of resources for computer geeks (like himself), but is striving to reach the 99% of the population who use the Internet all the time but have no real idea how safe they are nor how to make themselves safer. It might seem like a lost cause, but trust him, it’s not! There are dozens of free and simple things we can all be doing to protect ourselves, our family, and our friends.
- ics Calendar file
Laura Sang Hee Scherling, EdD, is a director and adjunct lecturer at Columbia University. Scherling is the founder of the Cyber Care Institute and co-founder of Civic Art Lab. Her previous books include Ethics in Design and Communication, Digital Transformation in Design, and Product Design, Technology, and Social Change. She is a contributor to Tech Policy Press and Design Observer. Scherling is passionate about tech ethics, Internet freedom, and cybersecurity awareness.
Accepted Payment Methods: Cash, Venmo, and Paypal
SpeakerBio: Laura S. Scherling, EdDLaura Sang Hee Scherling, EdD, is a director and adjunct lecturer at Columbia University. Scherling is the founder of the Cyber Care Institute and co-founder of Civic Art Lab. Her previous books include Ethics in Design and Communication, Digital Transformation in Design, and Product Design, Technology, and Social Change. She is a contributor to Tech Policy Press and Design Observer. Scherling is passionate about tech ethics, Internet freedom, and cybersecurity awareness. Accepted Payment Methods: Cash, Venmo, and Paypal
- ics Calendar file
- ics Calendar file
Jon DiMaggio is the Chief Security Strategist at Analyst1 and a cybercrime hunter who doesn’t just follow ransomware gangs, he infiltrates them. A former U.S. intelligence analyst with a background in signals intelligence, Jon has spent his career going deep undercover inside some of the world’s most dangerous cybercrime syndicates. In 2024, he embedded himself within the notorious LockBit ransomware gang, gathering intelligence that helped law enforcement take down one of the most prolific cybercriminal operations in history.
His investigative series The Ransomware Diaries exposed LockBit’s inner workings and earned widespread recognition. Jon is the author of The Art of Cyberwarfare (No Starch Press), a two-time SANS Difference Makers Award winner, has appeared on 60 Minutes, and has been featured in The New York Times, Wired, and Bloomberg. He is also a regular speaker at DEFCON, RSA, and other major security conferences. Whether he’s chasing cybercriminals or telling their stories, Jon brings the kind of firsthand insight you only get when you’ve walked into the lion’s den, and walked out.
- ics Calendar file
- ics Calendar file
- ics Calendar file
Kyle Cucci is a malware analyst and detection engineer with Proofpoint’s Threat Research team. Previously, he led the forensic investigations and malware research teams at a large global bank. Kyle is the author of the book "Evasive Malware: A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats" and is a regular speaker at conferences, speaking on topics like malware analysis, offensive security, and security engineering. In his free time, Kyle enjoys contributing to the community via open source tooling, research, and blogging.
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
Aamiruddin Syed is Cybersecurity Professional with over decade in years of experience in the industry. He specializes in DevSecOps, Shift-Left Security, cloud security, and internal penetration testing. He authored book titled "Supply Chain Software Security-AI, IoT, Application Security" with Apress/Springer. He has extensive expertise in automating security into CI/CD pipelines, developing security automation, and building security into infrastructure as code. He has worked on securing cloud platforms by applying security best practices to infrastructure provisioning and configuration. Leveraging his penetration testing skills, he routinely conducts targeted internal assessments of critical applications and systems to proactively identify risks. He excels at bridging the gap between security and engineering teams to enable building security directly into products.A recognized advocate for secure development, Aamiruddin is a frequent speaker and session chair at leading industry conferences including RSA Conference, DEFCON, and Black Hat.
Payment method: Zelle, Wire transfer
SpeakerBio: Aamiruddin SyedAamiruddin Syed is Cybersecurity Professional with over decade in years of experience in the industry. He specializes in DevSecOps, Shift-Left Security, cloud security, and internal penetration testing. He authored book titled "Supply Chain Software Security-AI, IoT, Application Security" with Apress/Springer. He has extensive expertise in automating security into CI/CD pipelines, developing security automation, and building security into infrastructure as code. He has worked on securing cloud platforms by applying security best practices to infrastructure provisioning and configuration. Leveraging his penetration testing skills, he routinely conducts targeted internal assessments of critical applications and systems to proactively identify risks. He excels at bridging the gap between security and engineering teams to enable building security directly into products. A recognized advocate for secure development, Aamiruddin is a frequent speaker and session chair at leading industry conferences including RSA Conference, DEFCON, and Black Hat.
- ics Calendar file
Garrett Gee is a USA Today bestselling author and 7-figure entrepreneur, recognized for his expertise in cybersecurity and hacking. As the founder and owner of Hacker Warehouse, he has established a premier destination for computer security tools, serving clients from Fortune 100 companies to government agencies.
With over 20 years of cybersecurity experience, Gee has become a sought-after consultant in the industry. He is the author of the bestselling book “The Hacker Mindset,” a transformative guide that empowers individuals to break free from conventional constraints and achieve their personal and professional goals.
As an international speaker and media expert, Garrett actively engages with a community of learners and hackers, promoting continuous growth and innovation in both cybersecurity and personal development.
For more about Garrett visit https://GarrettGee.com
SpeakerBio: Garrett GeeGarrett Gee is a USA Today bestselling author and 7-figure entrepreneur, recognized for his expertise in cybersecurity and hacking. As the founder and owner of Hacker Warehouse, he has established a premier destination for computer security tools, serving clients from Fortune 100 companies to government agencies.
With over 20 years of cybersecurity experience, Gee has become a sought-after consultant in the industry. He is the author of the bestselling book “The Hacker Mindset,” a transformative guide that empowers individuals to break free from conventional constraints and achieve their personal and professional goals.
As an international speaker and media expert, Garrett actively engages with a community of learners and hackers, promoting continuous growth and innovation in both cybersecurity and personal development.
- ics Calendar file
- ics Calendar file
A practical guide to hardware hacking.
Join IoT Village for a hands-on workshop where people can learn step-by-step techniques to gain root access on a smart camera. Some of the methods involved are PCB analysis, power analysis, and exploiting debug interfaces to achieve shell access.
- ics Calendar file
Join us for an interactive workshop where we will walk you through the ins and outs of botnet deployment and operation via a command and control web server. Geared towards beginners, this workshop offers a hands-on approach to understanding how botnets function. You’ll also learn an effective defense strategy against the botnet you have created. No experience needed we will give you everything you need!
- ics Calendar file
This area will feature guided breach simulation exercises for participants to engage with. There will be two activities, "Breach-the-Hospital" and "Breach-the-Office," based on two LEGO sets. A simulated cyber range will be available for each scenario, providing an exact replica of an enterprise production environment. We will provide a detailed walkthrough of the attack scenarios, including Tools-Techniques-and-Procedures (TTPs) commands and how-to guides, demonstrating how to atatck and breach the hospital's infrastructure or the office environment. This exercise will give participants a clear understanding of how adversaries infiltrate corporate environments.
- ics Calendar file
This is the story of how Malware Village, Malmons aka Malware Monsters, and everything good that followed came into existence — all sparked by the Big BAN. In early 2024, after standing up for others, I was banned and ostracized from the local cybersecurity communities in my home country. At the time, I had never spoken at a conference outside that community — I hadn’t even attended DEF CON as an attendee. At first, it felt like the end of everything, because that local community meant the world to me back then. But then I stopped and asked myself:
“Why not create my own world — one filled with light?” “I shall shine bright to light the way, even in the darkest night.” The best revenge is to shine bright and live your best life. Now, let there be light — in the world of bits and bytes.
SpeakerBio: Lena "LambdaMamba" Yu, CEO at World Cyber Health
- ics Calendar file
Forget the black and white world of traditional Red Teaming, where success means finding that one perfect exploit. In the age of GenAI, we're painting with a whole new palette. When your target can think, reason, and never give the same answer twice, how do you know if you've really broken it? Welcome to the technicolor challenge of AI Red Teaming, where we're not just looking for vulnerabilities - we're evaluating personality quirks, safety boundaries, and whether an AI system has gone rogue in fascinating new ways. Join me to explore why it takes AI to test AI, how the future of Red Teaming is less binary, and even your testing tools need to think outside the (black) box.
SpeakerBio: Jason Ross, OWASP GenAI Security Project, Red Teaming Initative at OWASPJason Ross is a passionate cybersecurity expert with a diverse skill set in generative AI, Penetration Testing, Cloud Security, and OSINT. As a product security principal at Salesforce, Jason performs security testing and exploit development with a specific focus on generative AI, Large Language Models, and Agentic systems.
Jason is a frequent speaker at industry conferences, and is active in the security community: participating as a core member of the OWASP Generative AI Security Project, and serving as a DEF CON NFO goon.
- ics Calendar file
Bricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation.
- ics Calendar file
We have exposed critical offensive capabilities in the azbridge tool, which has been available in Microsoft Azure's GitHub repository since 2018. This tool is a legitimate utility connecting network-isolated assets. Our research demonstrates how an attacker can weaponize this tool using its default configuration.
azbridge supports attackers in establishing covert C2 channels, exfiltrating data, and enabling lateral movement while evading scrutiny by perimeter defenses. It leverages back-end services that serve Azure Relay endpoints (*.servicebus.windows.net) and encapsulates malicious traffic in TLS-encrypted connections to *.cloudapp.azure.com endpoints, defeating egress filtering and proxy inspection.
We demonstrate how attackers can use it to maintain persistent network access, bypass network security controls, and conduct post-exploitation using Microsoft's tool. More sophisticated adversaries can re-implement the functionality of this tool in their tradecraft (e.g., implants). For our defensive side friends, we provide initial recommendations on recognizing these techniques to defend against adversaries exploiting legitimate infrastructure.
While not a 0-day, as of 03/14/2025, there are no reports of adversaries using azbridge, and no researchers have reported this tool’s potential for abuse. Therefore, we believe it is a novel use case or at least one that has not been publicly discussed.
Edward is a red teamer and former offensive security consultant focused on adversary simulation, malware development, and social engineering. He works on bypassing security controls, evading detection, and testing the limits of modern defenses. When he’s not on an engagement, he’s refining techniques, building tools, and keeping up with the ever-changing security landscape.
SpeakerBio: Josh HuffJosh
Josh is an offensive security professional with more than 10 years in Information Security. He has an Associate's Degree in Computer Forensics and Security, as well as several certifications. He began his professional career in IT as a contractor for the US Army Corps of Engineers before moving to his current company where he has held roles both on the defensive and offensive sides of security.
When not in the office Josh satisfies his curiosity exploring Red Team Infrastructure and Open Source Intelligence. He is a husband, father of two, and enjoys playing multiple instruments. Want an OSINT challenge - see if you can find his account for live streaming music.
Currently Josh is Senior Red Team Operator at a fortune 50 insurance company.
SpeakerBio: Robert PimentelRobert is a seasoned offensive security professional with more than a decade of experience in Information Security. He started his career in the U.S. Marine Corps, working on secure telecommunications. Robert holds a master's degree in Cybersecurity, numerous IT certifications, and a background as an instructor at higher education institutions like the New Jersey Institute of Technology and American University.
Robert is committed to sharing his knowledge and experiences for the benefit of others. He enjoys Brazilian steakhouses and cuddling with his pugs while writing Infrastructure as Code to automate Red Team Infrastructure.
Robert currently serves as a Red Team Lead at Humana, Inc.
- ics Calendar file
Dive into the world of hardware hacking with this intensive, hands-on class that bridges the gap between software security and physical hardware. Over the course of two action-packed days, you'll learn to identify and exploit vulnerabilities common in IoT devices, medical equipment, and embedded systems. Starting with hardware basics and circuit board analysis, you'll quickly progress to mastering essential interfaces like UART, SPI, and JTAG. Get hands-on experience with industry software tools while learning to extract firmware, bypass authentication systems, and analyze Bluetooth Low Energy (BLE) implementations. Perfect for security professionals, researchers, and hardware enthusiasts, this course combines real-world case studies with practical exercises using actual devices. You'll leave equipped with a solid foundation in hardware security assessment, understanding common attack vectors, and knowing how to integrate hardware security testing into your product development lifecycle. Bring your curiosity - we'll provide the hardware!
Speakers:Will McCardell,Garrett Freibott,Cody Hein,Aaron WassermanWill McCardell is a Lead Offensive Security Engineer at Praetorian and a member of the IoT Penetration Testing team. He has a decade of software engineering and offensive security experience as well as a deep passion for hardware testing.
SpeakerBio: Garrett Freibott, Senior Security Engineer at PraetorianGarrett Freibott is a Senior Security Engineer at Praetorian and a member of the IoT Penetration Testing team. He has experience in open-source software development, application penetration testing, and enterprise software security. Garrett has a B.S. in Computer Science from Arizona State University and the OSCP.
SpeakerBio: Cody Hein, Senior Security Engineer at PraetorianCody Hein is a Senior Security Engineer at Praetorian and a member of the IoT Penetration Testing team. His background includes audio video systems engineering and US Army Space operations, including SATCOM and other RF communications. He specializes in hardware reverse engineering, firmware analysis, and RF wireless communications with a focus on securing connected devices. Cody is passionate about lifelong learning and dedicated to sharing knowledge with others.
SpeakerBio: Aaron Wasserman, Senior Security Engineer at PraetorianAaron Wasserman is an accomplished IoT penetration tester with a passion for uncovering hardware vulnerabilities. He is a Senior Security Engineer at Praetorian and a member of the IoT Penetration Testing team. Aaron is dedicated to advancing cybersecurity practices and sharing knowledge within the community. He holds both a Masters and Bachelor’s from Georgia Tech's School of Electrical and Computer Engineering and also several offensive security certifications including the ACIP and OSCP.
- ics Calendar file
Dive into the world of hardware hacking with this intensive, hands-on class that bridges the gap between software security and physical hardware. Over the course of two action-packed days, you'll learn to identify and exploit vulnerabilities common in IoT devices, medical equipment, and embedded systems. Starting with hardware basics and circuit board analysis, you'll quickly progress to mastering essential interfaces like UART, SPI, and JTAG. Get hands-on experience with industry software tools while learning to extract firmware, bypass authentication systems, and analyze Bluetooth Low Energy (BLE) implementations. Perfect for security professionals, researchers, and hardware enthusiasts, this course combines real-world case studies with practical exercises using actual devices. You'll leave equipped with a solid foundation in hardware security assessment, understanding common attack vectors, and knowing how to integrate hardware security testing into your product development lifecycle. Bring your curiosity - we'll provide the hardware!
Speakers:Will McCardell,Garrett Freibott,Cody Hein,Aaron WassermanWill McCardell is a Lead Offensive Security Engineer at Praetorian and a member of the IoT Penetration Testing team. He has a decade of software engineering and offensive security experience as well as a deep passion for hardware testing.
SpeakerBio: Garrett Freibott, Senior Security Engineer at PraetorianGarrett Freibott is a Senior Security Engineer at Praetorian and a member of the IoT Penetration Testing team. He has experience in open-source software development, application penetration testing, and enterprise software security. Garrett has a B.S. in Computer Science from Arizona State University and the OSCP.
SpeakerBio: Cody Hein, Senior Security Engineer at PraetorianCody Hein is a Senior Security Engineer at Praetorian and a member of the IoT Penetration Testing team. His background includes audio video systems engineering and US Army Space operations, including SATCOM and other RF communications. He specializes in hardware reverse engineering, firmware analysis, and RF wireless communications with a focus on securing connected devices. Cody is passionate about lifelong learning and dedicated to sharing knowledge with others.
SpeakerBio: Aaron Wasserman, Senior Security Engineer at PraetorianAaron Wasserman is an accomplished IoT penetration tester with a passion for uncovering hardware vulnerabilities. He is a Senior Security Engineer at Praetorian and a member of the IoT Penetration Testing team. Aaron is dedicated to advancing cybersecurity practices and sharing knowledge within the community. He holds both a Masters and Bachelor’s from Georgia Tech's School of Electrical and Computer Engineering and also several offensive security certifications including the ACIP and OSCP.
- ics Calendar file
- ics Calendar file
This year, for the first time ever, Bug Bounty Village is bringing you a Capture the Flag with a twist. This CTF is designed to feel just like a real bug bounty hunt.
Dive into a vulnerable application and see if you can uncover its hidden weaknesses just like you would on a bug bounty program. The CTF is designed to be accessible for all experience levels, from beginners looking for their first bug to veteran hunters eager for a very interesting challenge. Expect a range of vulnerabilities, from trivial finds to sophisticated ones that will push you to the limit.
But that’s not all. We’re adding a unique real-world flavor to the competition. Participants onsite at DEF CON will submit some of their bug reports for those to be validated by real bug bounty triagers volunteering their expertise to make this experience as real as possible. This process will determine scores based not just on technical prowess but on report quality and professionalism, just like in a bug bounty program.
Get ready for a realistic bug bounty experience, a chance to grow your skills, connect with the community, and show what you’re made of.
Please note that you must be present on-site for our award ceremony on Sunday at 13:00 in order to receive any prizes.
- ics Calendar file
Everything you need to know about getting started in bug bounty
SpeakerBio: Jason Haddix
- ics Calendar file
Kit cost $100
- ics Calendar file
Culture isn’t just found in galleries or libraries - it lives in code, on screens, and sometimes, in the viruses that once infected our machines. Building a Malware Museum tells the story behind creating the world’s first online Malware Museum and its evolution into the Museum of Malware Art in Helsinki.
Only we can save the culture of our time. And our culture is digital. Preserving digital culture is hard: Software rots. Hardware vanishes. File formats die. And some digital artifacts - like computer viruses - were never meant to survive.
Mikko Hypponen has been archiving malware since 1991, originally for research - but today, this collection also holds cultural value. These digital fossils now offer a glimpse into a forgotten world of underground creativity, early hacking culture, and unintended digital aesthetics. Thanks to modern emulation techniques, it’s now possible to safely relive how those early viruses looked, sounded, and behaved.
In November 2024, Mikko opened the world's first Museum of Malware Art, in Helsinki. This art museum features modern art commissioned from artists around the world, all inspired by malware or cyber attacks.
This is a journey through preservation, nostalgia, and the art of archiving what was never meant to last. Because even malware is part of our history.
References:
SpeakerBio: Mikko HypponenMikko Hypponen is a global security expert who has been working in malware research since 1991. He is currently the Chief Research Officer at WithSecure, a Helsinki-based security company. Mikko has published his research in The New York Times, Wired, and Scientific American. He has lectured at Oxford, Harvard, and MIT. Mr. Hypponen's research team was the first to locate, analyze, and develop protection against the ILOVEYOU email worm - the largest malware outbreak in history. Mikko is also the curator for The Malware Museum at The Internet Archive and for The Museum of Malware Art in Helsinki.
- ics Calendar file
The frequency of space missions has been increasing in recent years, raising concerns about security breaches and satellite cyber threats. Each space mission relies on highly specialized hardware and software components that communicate through dedicated protocols and standards developed for mission-specific purposes. Numerous potential failure points exist across both the space and ground segments, any of which could compromise mission integrity. Given the critical role that space-based infrastructure plays in modern society, every component involved in space missions should be recognized as part of critical infrastructure and afforded the highest level of security consideration.
This briefing highlights a subset of vulnerabilities that we identified within last couple of years across both ground-based systems and onboard spacecraft software. We will provide an in-depth analysis of our findings, demonstrating the impact of these vulnerabilities by showing our PoC exploits in action—including their potential to grant unauthorized control over targeted spacecraft. Additionally, we will show demonstrations of the exploitation process, illustrating the real-world implications of these security flaws.
Speakers:Andrzej Olchawa,Milenko Starcik,Ayman Boulaich,Ricardo FradiqueAyman Boulaich is a cybersecurity researcher specializing in vulnerabilities within aerospace systems. He has contributed to identifying critical security issues in NASA's open-source software frameworks, such as Core Flight System (cFS) and CryptoLib.
SpeakerBio: Ricardo Fradique, Cybersecurity Engineer at VisionSpace Technologies GmbHRicardo Fradique is a Cybersecurity Engineer at VisionSpace Technologies GmbH, with a focus on Offensive Security and Vulnerability Research. He has been credited in several CVEs, and a regular CTF player.
- ics Calendar file
This session will walk you through bypassing mobile app security protections like root detection and SSL pinning using tools like Frida and apktool. It covers both static patching and dynamic code instrumentation to help you manipulate app behavior for testing and analysis.
SpeakerBio: Grigoris Papoutsis, Senior Training Developer at Hack The BoxGrigoris is a Senior Training Developer at Hack The Box. He is passionate about Mobile Security and creating innovative content for cybersecurity Training. In addition to his role, Grigoris also teaches Mobile Application Security at the University of Piraeus. He graduated with an M.Sc. degree in Digital Systems Security, and he holds a B.Sc. in Computer Science with a specialization in Software Development. Grigoris has previously worked as a Penetration Tester, and he has been one of the founders and a core member of the cybersecurity research group INSSec at the University of West Attica since 2019.
- ics Calendar file
Join us for a bite-sized introduction to machine code programming with x86 assembly language! In this beginner-friendly course, we'll cover the essentials of assembly language and show you how to get started. You'll learn about registers, operands, and instructions, as well as how to write and debug simple assembly programs. Our experienced instructors will guide you through hands-on exercises and examples, so you can practice what you've learned in a relaxed and supportive environment. By the end of this course, you'll have a solid foundation in x86 assembly language and be able to tackle more advanced topics with confidence. Whether you're new to programming or just looking for a new challenge, "Byte-Sized Basics" is the perfect place to start your journey into machine code programming.
SpeakerBio: rh4hunnid, Arizona State University
- ics Calendar file
Let’s face it — traditional HTTP C2 is burning out. Between aging domains, TLS cert management, sandbox fingerprinting, and blue teams getting smarter at categorizing traffic and infrastructure, your custom C2 feels less covert and more like a liability. Red teams and threat actors alike are shifting toward living off legitimate services — AWS, GitHub, Box, Notion, whatever blends in — but building solutions that are custom to a single C2 framework? Let’s stop doing that. Let’s share the fun! C4 (Cross-Compatible Command & Control) is here to change that. It’s a modular toolkit of WASM-powered plugins that makes external C2 easy to implement, regardless of your implant's language or target OS. Whether you’re writing in C, Rust, Go, Python, C#, or something else entirely, C4 plugins can be loaded directly into your implant and run on Windows, macOS, or Linux. But the real game-changer? C4 provides a single, centralized collection of over 10 fully-documented, operationally-ready external C2 modules — not just proof-of-concepts, but production-level integrations with trusted sites that fly under the radar. No more hunting through GitHub repos, hand-rolling fragile API calls, or hacking together glue code for every new environment. Stop reinventing external C2 and start planting some C4 in your implants!
SpeakerBio: Scott "ScottCTaylor12" Taylor, Senior Red Team Operator at Sony's Global Threat EmulationScott Taylor is a Senior Red Team Operator on Sony's Global Threat Emulation team. Scott has previously worked at the MITRE Corporation and T. Rowe Price focused on emulating adversary behaviors. While Scott has been a technical professional for a decade, only the second half was focused on offensive security. He started as a Linux system administration intern where he learned to build before later learning to break. Scott leverages his system administration background in his offensive security career where he passionately researches command and control (C2) infrastructure for red team operations. Open-source publications by Scott include custom C2 channels for popular C2 frameworks, leveraging cloud services for C2, and automating red team infrastructure deployment.
- ics Calendar file
Dive into the world of Operational Technology (OT) adversary emulation — no racks of hardware required. With Caldera for OT (C4OT) and our new virtual device simulators, you can explore the inner workings of OT network communications from the comfort of your own home lab. The biggest industrial control systems incidents — FrostyGoop, PIPEDREAM, Industroyer — didn’t rely on flashy zero-days to impact physical systems. Instead, they used native OT protocols to send valid messages with malicious intent. Now, with C4OT, you can step into the attacker’s shoes and explore the quirks and capabilities of protocols like Modbus, DNP3, and IEC61850. No hardware? No problem. No experience? Even better. In this session, we’ll show you how to get started with adversary emulation against simulated OT devices, unlocking a hands-on environment to test your attacks, validate your defenses, and gain practical insights into the world of industrial cybersecurity. Whether you’re a defender looking to understand the threats, a researcher diving into OT protocol behavior, or a red-teamer eager to sharpen your skills, C4OT gives you the tools to experiment safely and effectively. Join us to see how C4OT is revolutionizing adversary emulation for OT — one packet at a time.
Speakers:Devon Colmer,Tony WebberDevon serves as the lead for Caldera for operational technology (OT) within MITRE’s Critical Infrastructure Protection Innovation Center (CIPIC). He specializes in OT adversary emulation and detection engineering, leading the development of OT plugins for MITRE’s Caldera platform. Beyond Caldera, he is researching a common data model for OT protocols to lower the barrier of entry for OT network defenders.
SpeakerBio: Tony WebberTony is the lead for counter measures for operational technology in MITRE’s Critical Infrastructure Protection Innovation Center (CIPIC). His work has spanned systems engineering, solution prototyping, capabilities development, and deployment of cybersecurity and cyber situational awareness solutions for defending industrial control systems. His current focus is adversary emulation for ICS and space systems.
- ics Calendar file
Join us to learn about OT security related to the ground stations that enable space system operations. In this mini-CTF participants will:
We’ll provide the laptops during this 20 minute experience. You provide some general knowledge of networking and packet routing, and we’ll tailor the experience for experts on those topics.
- ics Calendar file
The Call Center Village contest is a community security-challenge that simulates common attack-surfaces found in multi-tenant, multi-industry, BPO call centers - often referred to as "answering services."
Test your skills in physical entry, network security, audio manipulation, messaging protocols, telephony tools, and application security based on our actual experiences working in the call center industry.
As a community, you will work together to break into AnswerTarget - the most modern and secure call-center never built - to unlock physical and digital flags that reveal clues for the Call Center Village social-engineering challenge.
Earn a Call Center Village challenge medal (and your chance at socially-engineering a real-world call center agent) by completing challenges during contest hours!
Prerequisites:
There are no prerequisites or pre-qualifications. We have all the required tools available for you to use, including laptops with a host of standard hacker and voice-related software tools, a flipper zero, a proxmark with writable cards, lock-picks, snap-tools, rubber-duckies, IP phones, headsets, microphones, and more!
- ics Calendar file
Have you ever looked at a tin can, a pile of coax, some solder, a few connectors, and your radio and thought, I’m not sure, but CAN IT HAM? In this new contest for DEF CON 33, the Ham Radio Village is challenging participants to see what they can turn into functioning antennas.
We'll have some basic supplies – tin cans, coax, solder, connectors,– but feel free to bring your own weird components if you want. The 10 best builds will get tested, and the top 3 will score bragging rights & prizes!
Come participate in some radio shenanigans, hack something together and see what you can make work (plus maybe learn something along the way).
Design and build a functioning amateur radio antenna using non-traditional or improvised materials (e.g., tin cans, coat hangers, umbrellas, plumbing pipe).
If it looks absurd and still gets on the air, you're doing it right. HRV will have connectors, soldering stations, and some raw materials for available for use. See what other materials you can find to make the best improvised antenna!
All antennas must be summitted by 10AM on Sunday.
Any antennas not picked up by 2pm on Sunday will be donated to the Ham village or disposed accordingly.
None - Bring your hands and brain and give it a try! You can also bring any* materials from off-site to construct your antenna
no
- ics Calendar file
Come compete in the world’s most challenging cyber defense competition based on the Aries Security Cyber Range. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth, so only the best prepared and battle hardened will escape the crucible.
- ics Calendar file
The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEMs and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.
https://www.carhackingvillage.com/ctf-rules
No, contest is in person only.
- ics Calendar file
- ics Calendar file
The payment fraud landscape is experiencing a resurgence of 'carding' through sophisticated Near Field Communication (NFC) relay attacks, which combine social engineering and custom mobile malware to bypass contactless payment security measures, enabling unauthorized transactions. A critical emerging trend is the proliferation of Malware-as-a-Service (MaaS) platforms, primarily operated by Chinese-speaking threat actors, who develop and distribute advanced NFC relay capabilities as turn-key solutions to global affiliates, facilitating complex card-present fraud schemes on an unprecedented scale and leading to arrests in the U.S. and EU. This MaaS operational model, featuring affiliate networks and advanced tools, signifies a critical evolution in financial threats, alarming global financial institutions and necessitating urgent adaptation of fraud prevention strategies. The discussion will explore MaaS operations, presenting key findings from the Supercard X analysis, including its technical capabilities, and examining the implications for the payment industry, with mitigation strategies and actionable intelligence such as actor communications and distinct Tactics, Techniques, and Procedures (TTPs) being shared. Furthermore, the talk will reveal how developers of well-known Android banking trojans are integrating NFC relay functionalities to enhance their cash-out techniques, providing attendees with a deep dive into NFC Relay MaaS, exclusive threat intelligence, and an understanding of the evolving fraud landscape, including the operational models, tools, and TTPs employed by modern NFC Relay MaaS platforms, as well as the systemic risks posed to global financial institutions and the urgent need for adaptive security postures.
Speakers:Federico Valentini,Alessandro StrinoFederico Valentini is passionate about technologies in general and has a deep interest in cybersecurity, particularly Penetration Testing, Malware Analysis, and Social Engineering techniques. He's currently leading the Threat Intelligence Team and Incident Response at Cleafy. He oversees all the activities related to monitoring and uncovering new threats and attack patterns that malicious actors use. He has spoken at HackInBO 2022, Botconf 2023, Cert-EU 2023, BSides Cyprus 2023, FS-ISAC 2024, Botconf 2025, and other private events managed by CertFIN in the Italian territory.
SpeakerBio: Alessandro Strino, Senior Malware Analyst at CleafyAlessandro Strino has a solid background in Penetration testing and modern malware analysis. His main research topics are binaries and computer forensics. Nevertheless, he is passionate about binary exploitation, reverse engineering, and privilege escalation techniques. He now works as a senior malware analyst at Cleafy. He has spoken at Botconf 2023, Cert-EU 2023, BSides Cyprus 2023, FS-ISAC 2024, and Botconf 2025.
- ics Calendar file
Join us on Day 1 of DEFCON for an insightful session on mastering interview techniques and leveraging referrals in the cybersecurity industry. Learn from experts about the best practices to ace your interviews and how to effectively network to get those valuable referrals
Speakers:Krity Kharbanda,Aastha SahniKrity is currently working as Senior Application Security Engineer at ServiceNow.
SpeakerBio: Aastha Sahni, Security Analyst II at MicrosoftAastha is currently working as Security Analyst II at Microsoft.
- ics Calendar file
During World War II, the predecessor to the CIA, the Office of Strategic Services, developed a framework for the French Resistance to identify vulnerabilities in key German defenses and infrastructure. The framework, titled “CARVER” applies the following designations to enumerated components of complex systems: Criticality, Accessibility, Recuperability, Vulnerability, Effect, Recognizability. The same framework, viewed through a security framework, will highlight a system’s strengths or weaknesses, depending on the analyst’s tasking. The panel will follow this outline: overview of election integrity issues; history of carver analysis; the ranking matrix; why we chose the items as critical; ranking of each item; discussion of the final rankings; how to secure.
Speakers:Michael Moore,Nate Young,Will BaggetMichael Moore is the CISO for the Arizona Secretary of State's Office. Michael has worked to develop federal, state, and local government partnerships as well as collaborated with trusted vendors to protect democracy and fulfill our shared duty to the American voter. The greatest threats to elections are MDM and the resulting insider threat caused by radicalized citizens. The best protection against these threats is combatting lies with the truth, developing secure and resilient systems that prevent attacks whenever possible, allow for detections of compromise and facilitate accurate and rapid recovery. Michael has pushed forward these initiatives in his own organization as well as across the Elections community.
SpeakerBio: Nate Young, CIO Maricopa County Elections, ArizonaWill Baggett is a Lead Investigator for Digital Forensics and Insider Threat at a Fiscal Infrastructure organization. He is also Director of Digital Forensics at Operation Safe Escape (volunteer role), a non-profit organization providing assistance to victims of domestic abuse.
- ics Calendar file
When Liberty Safe was found to have provided safe unlock codes to authorities, it made us wonder; how was it even possible for Liberty to do this? Our talk will cover the vulnerabilities we found and journey into the various families of locks made by SecuRam, the OEM of safe locks used by Liberty Safe and other Safe vendors. Our exploration began with an “analog” lock from Liberty Safe but quickly expanded to SecuRam’s “digital” lock lines, where we found a debug port that allowed access to all firmware and data. Through this, we discovered that codes are stored on the externally accessible keypad, rather than securely inside the safe (as well as other issues). These locks, deployed widely in consumer, and commercial safes at major retail chains exhibit vulnerabilities that enable opening them in seconds with a Raspberry Pi. We invite you to our session to see us crack UL-certified High-Security Electronic Locks live!
References:
See our slides for detailed citations.
Speakers:Mark Omo,James RowleyMark Omo is a professional security researcher and engineer, but mostly a fearless leader, a job which he definitely loves way more than actually hacking things. Mark has a background in Consumer and Medical and Aerospace products. He spends his days making PowerPoints and his nights hacking away on embedded hardware.
SpeakerBio: James RowleyJames Rowley is a professional security researcher and engineer who loves that job so much he does it in most of his free time too. Aside from cracking electronic safe locks, he has years of experience working on embedded security, and helping build better products there; he has presented on those topics at Hardwear.io in the past. He has been hacking and making things since childhood, eventually making it a career. Born, raised, and still living in the Southwest US, he loves exploring and photographing that desert environ almost as much as tearing down products.
- ics Calendar file
Sharing the lessons learned from 42-beyond-bug's AIxCC journey with the open source community.
SpeakerBio: Xinyu Xing, President at B3YOND
- ics Calendar file
Adversary adventure is a story-scenario based, interactive, cyber war-gaming, choose-your-own adventure model interactive game. This is a gamified version of table-top exercises which is presented to the participants as they can choose to play as an attacker, post exploitation OR a Defender who is defending against an attacker group-threat actor OR even play as a CISO who is dealing with an adversarial situation such as a ransomware incident.
- ics Calendar file
A long time ago, browsers were wrappers for HTTP web requests and little else. The modern browser, however, is crammed with so many features that it is practically an operating system. This talk will demonstrate how to (ab)use years of legacy features along with recent additions to Google Chrome to mimic the capabilities of a conventional C2 implant while evading traditional endpoint protection.
We will introduce our new open-source framework "ChromeAlone" which implements features such as proxying raw TCP traffic, phishing for Yubikey USB codes, dumping cookies and credentials, keylogging browser windows, and executing shell commands from Chrome. Our implementation leverages Chrome's built-in features, sideloads malicious components without user interaction, and obfuscates code using WebAssembly to evade detection. This research exposes significant security implications of Chrome's expanding feature set and the challenges of securing modern browsers against abuse.
References:
Michael Weber is a member of the Praetorian Security Labs team where he creates tools to help his fellow consultants not stay up until 2am hunting for material risks. He specializes in chrome shenanigans, malware development, vulnerability research, and online poker datamining.
- ics Calendar file
(DCNextGen is for youth 8-18 attending DEF CON) Unlock hidden messages and become a Cipher Sleuth! This session steps through a series of ciphers, all based on strips of letters. Starting with ROT13, we progress through the Caesar cipher, the Vigenère cipher, and finally the US military’s competitor to the Enigma machine, the M138A. We exploit the weaknesses of early ciphers and see how to fix them, so you’re secret messages stay secret!
SpeakerBio: Bradán Lane, Bradán Lane StudiosBradán graduated third grade with a degree in crayon. This, combined with his unwavering belief in “how difficult could it be”, has made him eminently qualified to wash dishes. His background in UX Designer & User Research and as a purveyor of personas demonstrates his profound talent for making stuff up with confidence. Bradán pre-dates the internet and ARPANET.
- ics Calendar file
We present a set of power side channel attacks against protocols from the classical phase of quantum key distribution. Cascade error correction and Toeplitz hashing based privacy amplification both prove to be vulnerable to full key recovery attacks when an attacker is assumed to the ability to monitor power consumption on the post processing device. We examine attack performance on both Cortex-M4 MCU and Artix-7 FPGA.
SpeakerBio: Niall Canavan
- ics Calendar file
There's a lot of air time given to offensive cyber capabilities - and no doubt, we're in a new era of AI-assisted cyber capabilities. But what about the defenders? We've been forcing AI to imitate human analyst workflows, but what if that's holding both machines and humans back? Through real-world experiments at Anthropic, we'll show how letting AI tackle security problems in its own way can allow humans to focus on the nuanced work machines can't do (yet).
SpeakerBio: Jackie Bow, Anthropic
- ics Calendar file
CTF Starts - 10AM, 8th August.
CTF Ends - 23:59, 9th August.
- ics Calendar file
- ics Calendar file
CMD+CTRL is an immersive learning and hacking platform where developers, security professionals, and tech enthusiasts come together to sharpen their skills in web application security. Players compete in a real-world environment, uncovering vulnerabilities and learning security techniques hands-on. With real-time scoring, the experience stays engaging, fostering both collaboration and friendly competition.
At DEF CON 33 come try out some of our classic Cyber Ranges in a casual, non-competitive environment. Learn about web application security and hack into anything from a healthcare platform to an e-commerce site!
Computer with internet access.
No pre-qualification.
- ics Calendar file
The Code Breaker Challenge is an advanced cryptographic puzzle designed for DEF CON attendees who want to push their problem-solving skills to the limit. Anyone who successfully cracks the code will receive an exclusive invite to a private pool party, where they can celebrate their achievement alongside fellow codebreakers.
How It Fits DEF CON’s Theme: Access Everywhere
Usable: The challenge is designed to be solved with logic, pattern recognition, and cryptographic knowledge—no special equipment or insider access required.
Accessible: Participants from all backgrounds can attempt it, regardless of whether they are seasoned cryptographers or first-time codebreakers.
Private & Secure: The challenge will incorporate modern encryption principles that highlight privacy-preserving technologies, showing the importance of cryptography in maintaining free and open access to information.
Structure The challenge will be a multi-layered puzzle, incorporating historical ciphers, steganography, and modern cryptographic techniques.
Participants will have the entire duration of DEF CON to solve it.
Those who succeed will be given a unique code or token to redeem their invitation to the private pool party.
Code Breakers need to access a computer and internet. Everything else is provided.
No pre-qual
- ics Calendar file
Something isn’t right...
Hackwell Heights Medical Center, a naval hospital, has been thrust into chaos. A highly skilled spy has infiltrated the hospital's cybersecurity defenses, stealing sensitive patient information and threatening the lives of those under its care. As the hospital teeters on the brink of catastrophe, it’s up to you and your team to track down the intruder, uncover their methods, and stop the devastating chain of attacks before it’s too late.
Will you rise to the challenge and secure the future of Hackwell Heights Medical Center, or will the spy vanish with secrets that could endanger countless lives?
Join the Biohacking Village CTF and prove your skills in Code Crimson: A Biohackers Emergency.
- ics Calendar file
Got nerves of steel? Step into our soundproof booth, grab a mystery target with its number and three challenge tiers, and see if you can nail easy, medium, and hard objectives - first come, first served!
- ics Calendar file
Take a step away from the village chaos and make art with friends. Journey through the woods, space, and a disco skate rink with Smallstep's trusted opossum, Craig, as you color your way to certificate nirvana.
Speakers:Carl Tashian,Hunter Hawke
- ics Calendar file
Un espacio seguro y exclusivo para mujeres apasionadas por la ciberseguridad. El Comadres en Cyber Meetup es una oportunidad para conocerse, compartir experiencias, construir comunidad y apoyarse mutuamente dentro del ecosistema tech. Ya seas principiante o experta, este encuentro es para ti: para conectar, inspirar y seguir abriendo camino juntas en el mundo de la seguridad digital.
- ics Calendar file
Kubernetes is a security challenge that many organizations need to take on, and we as pentesters, developers, security practitioners, and the technically curious need to adapt to these challenges. In this talk we will look at tactics, techniques, and tools to assess and exploit Kubernetes clusters. We will evade runtime syscall filters, exploit custom sidecars, and chain attacks that go from compromising a build environment, to exploiting production applications. We’ll cover real world attack paths, provide practical advice, and guidance using the experience of conducting hundreds of reviews of containerized environments and even building secure Kubernetes-based services.
SpeakerBio: Mark ManningMark Manning (@antitree) has experience running a container security research practice as a penetration tester and working in a product security org building a Kubernetes service for thousands of customers. He has been focused on containerization and orchestration technologies like Kubernetes and performs containerization and sandboxing assessments and research. This includes running container breakouts and attack simulations on orchestration environments, performing architecture reviews of devops pipelines, and working with developers to assist with applications that leverage containerization technologies like namespace isolation, Linux kernel controls, syscall filtering, gVisor, and integration with products like Docker and Kubernetes.
- ics Calendar file
Like any good summer camp, we should take a moment to unwind – a recess, if you will. One that’s filled with friendship (bracelets) and… dragonflies? Stop by to make your own pride flags and other crafty beaded accessories! (No experience required, while supplies last)
- ics Calendar file
Privacy isn’t straightforward—yet it’s essential for systems and security. In this hands-on workshop, we’ll unpack the contextual layers of privacy through a gamified exercise to reveal the awkward realities of privacy choices. We’ll map key privacy threat categories with animal memes, explore lightweight threat modeling techniques for security and privacy, and apply these insights using the LINDDUN GO framework. You’ll leave with practical skills to tackle privacy risks head-on.
Speakers:AviD,Kim WuytsAviD is a prominent security architect and developer, with decades of experience building secure products and protecting complex systems. He has been designing, developing, and testing secure applications for over 20 years, and is obsessed with maximizing value output from security efforts, threat modeling in particular.
At Bounce Security, Avi supports organizations of all sizes with incorporating security into their development workflows, often providing training on secure coding and other security topics. He is also a frequent speaker and trainer at security conferences and developer conferences, and has trained thousands of developers on security.
AviD is a member of the OWASP Board of Directors, a leader of the OWASP Israel chapter, and co-founded the OWASP Threat Modeling project. He is also a community moderator on https://Security.StackExchange.com/. Avi also co-authored the Threat Modeling Manifesto https://www.threatmodelingmanifesto.org/.
SpeakerBio: Kim WuytsDr. Kim Wuyts is a leading privacy engineer with over 15 years of experience in security and privacy. Before joining PwC Belgium as Manager Cyber & Privacy, Kim was a senior researcher at KU Leuven where she led the development and extension of LINDDUN, a popular privacy threat modeling framework. Her mission is to raise privacy awareness and get organizations to embrace privacy engineering best practices. She is a guest lecturer, experienced speaker, and invited keynote at international privacy and security conferences such as OWASP Global AppSec, RSA, Troopers, CPDP, and IAPP DPC. In the last few years, Kim has been delivering privacy awareness and privacy threat modeling training at many events, including academic guest lectures and corporate training.
Kim is also a co-author of the Threat Modeling Manifesto+Capabilities, program co-chair of the International Workshop on Privacy Engineering (IWPE), and a member of ENISA’s working group on Data Protection Engineering.
- ics Calendar file
Modern vehicles operate as real-time cyber-physical systems, where even subtle manipulations on the CAN bus can lead to catastrophic outcomes. Traditional anomaly detectors fall short when malicious actors mimic expected sensor behaviors while altering the vehicle's state contextually. This talk explores how exploiting inter-signal correlations — rather than relying on individual identifiers or decoding — uncovers stealthy attacks. We present a deep sequence-learning approach tailored for raw CAN payloads, focusing on time-aware and context-sensitive detection. No reverse engineering of signal structures. Just patterns, timing, and trust redefined. Live demo included using real-world CAN datasets and emulated environments.
SpeakerBio: Ravi Rajput
- ics Calendar file
Copycat is a browser extension-based red team toolkit for simulating web-based identity attacks. This tool simulates ten web-based identity attacks through a single browser extension with minimal permissions, operating primarily through hidden windows that execute attacks without user awareness. With Copycat, red teams can simulate complex attack scenarios including silent Gmail and LinkedIn hijacking, credential theft through login and OTP stealing, login page redirection, autofill extraction from enterprise applications, and multiple OAuth manipulation techniques. Copycat runs entirely in-browser with no special hardware requirements. Red teams can use Copycat to demonstrate attack vectors that bypass EDRs, SASE, and other traditional security controls, as these techniques operate within legitimate authenticated sessions rather than breaking them. The tool is fully modifiable, with each module designed for customization to target different services or authentication flows. Source code and documentation will be available for security researchers to extend and improve the framework. Special mention to Pankaj Sharma, Tejeswara S. Reddy, and Arpit Gupta for their contributions in building this toolkit!
Speakers:Dakshitaa Babu,Shourya Pratap Singh,Albin AntonyDakshitaa is a security researcher and product evangelist at SquareX, where she leads the security research team. A self-taught cybersecurity researcher mentored by offensive security veteran Vivek Ramachandran, she specializes in web attacks — malicious websites, files, scripts, and extensions capable of bypassing traditional security solutions. Her research directly fuels SquareX's product innovation, ensuring it stays ahead of evolving threats. As a product evangelist, she is the principal author of SquareX's technical collateral. She has contributed to bleeding-edge browser security research presented at BSides SF Adversary Village, Recon Village, and the DEF CON main stage. Her work on email security bypasses, breaking secure web gateways, MV3 extension vulnerabilities, browser syncjacking, polymorphic extensions, and browser-native ransomware has been covered by leading media outlets, including Forbes, TechRadar, Mashable, The Register, Bleeping Computer, and CyberNews.
SpeakerBio: Shourya Pratap SinghShourya Pratap Singh is responsible for building SquareX's security-focused extension and conducts research on countering web security risks. As a rising figure in cybersecurity, Shourya has presented his work on global stages including the DEFCON main stage, Recon Village, and Adversary Village, as well as at Black Hat Arsenal EU. He has also delivered several workshops at prestigious events such as the Texas Cyber Summit. Shourya earned his bachelor's degree from IIIT Bhubaneswar and holds a patent. His professional interests focus on strengthening the security of browser extensions and web applications.
SpeakerBio: Albin Antony
- ics Calendar file
A strong security culture can’t be bought — it has to be built. The key lies in making security a natural, painless part of developers’ workflows - and knowing how is the difference between success and failure.
In this exercise, you’ll step into the shoes of a developer, tasked with prioritizing and solving vulnerabilities with the right combination of tools, training, and AI - and finally achieving the elusive culture of security.
SpeakerBio: Vincent Cannone
- ics Calendar file
As industrial environments become increasingly interconnected, the OT DMZ stands as a critical yet vulnerable boundary between enterprise IT networks and operational technology. In this talk, we expose the offensive strategies adversaries use to penetrate the OT DMZ and pivot into sensitive control system networks. Drawing from real-world red team operations and threat intelligence, we’ll explore how misconfigured remote access solutions, poorly segmented architectures, and legacy services create exploitable pathways into industrial environments. Attendees will gain insight into tradecraft used to move from enterprise footholds into OT networks, including techniques for identifying and abusing jump hosts, proxy services, Citrix gateways, and RDP relays. We’ll demonstrate practical TTPs for lateral movement, credential access, and evasion within the DMZ layer—highlighting how assumptions about segmentation often fall short in practice. Finally, we’ll discuss defensive takeaways to help asset owners detect and mitigate these threats before they escalate. This presentation is aimed at offensive security professionals, defenders, and industrial security leaders seeking to understand how the OT perimeter is being targeted—and how to better protect it.
SpeakerBio: Christopher Nourrie, SCEChristopher Nourrie is a threat hunter at Southern California Edison (SCE). He specializes in IT and OT threat hunting while supporting the Red Team program. With over 11 years of experience in offensive security, his expertise includes penetration testing, network security assessments, and adversary emulation. Before joining SCE, Chris was a Principal Penetration Tester at Dragos, Inc., concentrating on red teaming and penetration testing within industrial environments. He also served as an Exploitation Analyst at the National Security Agency (NSA) within the Tailored Access Operations (TAO) division under U.S. Cyber Command, supporting offensive cyber operations. His expertise encompasses open-source intelligence (OSINT), network reconnaissance,, and advanced attack methodologies. Chris also played a pivotal role in cybersecurity education, teaching advanced adversary tactics at the NSA’s National Cryptologic School. He is the author of Pentesting Industrial Networks and delivers an OT penetration testing course that helps security professionals strengthen their industrial cybersecurity defenses. Chris is a dedicated researcher who studies advanced threat actor tactics, techniques, and procedures (TTPs) targeting enterprise and industrial environments. He continuously integrates emerging insights into his tradecraft, refining methodologies to stay ahead of evolving cyber threats. His contributions to the field help organizations bolster their security posture against sophisticated adversaries.
- ics Calendar file
- ics Calendar file
- ics Calendar file
Multiple agencies have attempted to regulate cryptocurrencies through various means. This workshop will begin with a short presentation about the different organizations with an interest in regulating cryptocurrency (SEC, CFTC, IRS, and DOJ) and provide examples of enforcement actions. Next, participants will break out into discussion groups to consider the pros and cons of regulation by enforcement. Then, participants will be given a hypothetical cryptocurrency and be assigned a role either as a 'regulator' or as a 'developer.' The participants will engage in a settlement type discussion to determine if the cryptocurrency should be regulated under one agency, multiple agencies, or not at all.
Speakers:Veronika,Chelsea ButtonChelsea is a lawyer specializing in consumer finance, data and technology. She advises clients on updates in the law and defends them in litigation. She is a cryptocurrency advocate, with multiple professional publications.
- ics Calendar file
Join your fellow hackers managing the Cryptocurrency areas of Defcon, and get a sneak peak of what each workshop teaches as well as an overview of the showcases and programs happening in our Defcon Community, Contest, and Vendor areas. Chad and Param will report on cryptocurrency trends and perspectives from their distinguished positions in industry and academy. We will announce the teams competing in the Cryptocurrency Cyber Challenge, and give an overview of what's available in the vending area. Meet the organizers of years of cryptocurrency content at Defcon and bring your questions to the Community Stage!
Speakers:Michael "MSvB" Schloh von Bennewitz,Chad Calease,Param D PithadiaMichael Schloh von Bennewitz (MSvB) is a computer scientist specializing in cryptosecure electronics and embedded development. He is the founder of Monero Devices and responsible for research, development, and maintenance of Opensource software repositories. A prolific speaker in four languages, Michael presents at technical meetings every year.
SpeakerBio: Chad Calease, KrakenChad Calease designs for failure—on purpose. At Kraken, he hovers where crypto, resilience engineering, and human behavior collide. A systems thinker with instincts that cultivate resilience, Chad champions the Kraken value of being “Productively Paranoid”—as both a design principle and a survival trait. His work challenges us to outpace risk, interrogate ease, and own our exposures before they own us—by building with the assumption that failure isn’t an if, but a when.
SpeakerBio: Param D Pithadia, Georgia Institute of TechnologyParam is an Electrical Engineering Student from Georgia Tech with a strong passion for and interest in crypto. Although he primarily got interested in cryptography and hardware security through a class at Georgia Tech, he is also working at a software company on crypto adoption and ease of use. With a unique blend of HW and SW skills, Param is truly enthusiastic about all aspects of crypto.
- ics Calendar file
In recent years, ransomware has been one of the most prolific forms of cybercrime with financial gain as primary motive. The problem keeps getting bigger with a new operation seeing the light almost every month. While reverse engineering ransomware is fun, it also serves a greater purpose: can we find a vulnerability that allows us to decrypt a victim’s files without interacting with the criminals? Enter the DoNex ransomware, a new operation that has entered the scene very recently. They have a leak website on the dark web where some victims have been named and shamed. Reverse engineering of a DoNex sample revealed a vulnerability that allowed us to decrypt every encrypted file for victims under a trivial condition. To help victims recover from a ransomware attack, we published a decryption tool on the NoMoreRansom platform, an initiative from a number of parties including the Dutch National Police to keep ransomware operators from extorting victims. In this talk, we will dive into the technical details of DoNex and how we exploited a vulnerability to decrypt files affected by DoNex without the need to negotiate with the cybercriminals.
SpeakerBio: Gijs Rijnders
- ics Calendar file
In this live incident response simulation, participants are divided into teams and dropped into the aftermath of a cryptojacking breach inside an AWS environment. Drawing from anonymized real-world incidents, each team receives a curated dataset of AWS-native logs representing a mining attack that originated from within an Amazon EKS cluster and abused EC2 nodes and IAM roles.
Participants are challenged to:
Detect if cryptomining took place
Identify the exact AWS resource responsible (EC2 instance or EKS pod)
Reconstruct the attack sequence using real AWS telemetry
Present a concise evidence-backed narrative of attacker behavior
No vendor tooling. No slides. Just a time-bound hands-on challenge with AWS-native logs and a simulated IR situation.
SpeakerBio: Adelia IbragimovaAdelia Ibragimova is a security engineer with a focus on cloud-native detection, incident response, and SOC automation. With hands-on experience at EPAM Systems and Amazon, designs and operates scalable detection platforms across AWS, GCP, and Azure, background includes real-time incident handling and the use of open-source tools to drive investigation and response in production environments
- ics Calendar file
Threat intelligence reports from reputed parties contain a wealth of OSINT including threat actor details, campaign information, IOCs (indicators of compromise), and TTPs (Tactics, Techniques and Procedures). Such threat intelligence is predominantly consumed with a human in the loop due to several challenges posed: Threat intelligence is often in natural language and difficult to extract automatically; These reports may have incomplete information and may require synthesizing multiple reports to construct a better view of the attack; Some intelligence such as TTPs are often implicit in the report and requires language comprehension; Not all indicators in a report are malicious and further they could have different degrees of confidence on the level of maliciousness and what they define as malicious.x000D x000D The labor intensive manual process not only makes it difficult/error prone to identify actionable threat intelligence in the form of battlecards but also leave users vulnerable to mentioned attacks due to the increased time gap threat reports and manual extraction of intelligence. The problem is exacerbated by the fact that many similar threat reports with different pieces of intelligence scattered across reports especially for emerging attacks.x000D x000D We build an agentic system to automate the collection and synthesis of cyber threat intelligence from threat reports using LLM Agents and unsupervised machine learning techniques into battlecards. At a high-level, CTI-Agent first extracts threat actor, campaign, TTPs and IOCs from recently published threat reports from reputed parties using specially crafted prompts on LLMs (Large Language Models) as well as using regular expressions/known knowledge which we refer to as signature based techniques. The agent also generates concise summaries for each threat report using LLMs. After performing a round of validation, the agent uses the summaries and extracted intelligence to synthesize multiple reports together and provide a battlecard with easily digestible threat intelligence. The agent follows the proven ReAct (Reason Action) framework to plan tasks autonomously and achieve the final goal of producing accurate battlecards by reasoning and then acting (i.e. calling various tools) multiple times. We plan to share our experience and lessons learnt during the process of build the CTI-Agent.x000D x000D The outline of the presentation is as follows:x000D x000D CTI to Battlecards_x000D_ How battlecards are used to help protect networks_x000D_ Manual, time consuming, error-prone_x000D_ Multiple threat reports with inconsistent descriptions_x000D_ May contain conflicting IOCs/TTPs_x000D_ x000D Modeling CTI Reports_x000D_ Converting unstructured or semi-structured data into structured threat information_x000D_ Challenges involved_x000D_ x000D Three key LLM patterns_x000D_ Prompting LLMs (simple and CoT prompting)x000D RAG (Retrieval Augmented Generation)x000D Agents_x000D_ x000D Prompting LLMs_x000D_ How to effectively prompt LLMs to elicit best output_x000D_ Examples_x000D_ x000D RAG_x000D_ Describe a RAG system using a diagram_x000D_ x000D Agents_x000D_ Describe an magnetic system using a diagram_x000D_ x000D Evals_x000D_ Evaluating LLM/Agentic systems is a challenging task_x000D_ Show how one can incrementally build an eval dataset to evaluate_x000D_ x000D Agent Tool Calling_x000D_ Introduce Agent tool calling_x000D_ Introduce MCP protocol_x000D_ x000D Multi-Agent Systems_x000D_ Common patterns_x000D_ Introduce A2A protocol_x000D_ x000D Popular Agent Planning Techniques_x000D_ Introduce what agent planning is_x000D_ Introduce patterns like Reflection and ReAct_x000D_ x000D Guardrails_x000D_ Explain the need to have guardrails_x000D_ Provide examples_x000D_ x000D Multi-Agentic System Overview_x000D_ Monitor and collect recent threat reports from reputed parties_x000D_ Agentic System to extract Threat Actor, Campaign, TTPs and IOCs_x000D_ Extract using CoT prompted LLMs_x000D_ Extract using signature based methods x000D Validate the collected threat intelligence information via reflection and LLM-as-a-Judge_x000D_ Create threat report summaries for each threat report prompting LLMs_x000D_ Collect additional IOCs related to campaigns using in-house intelligence_x000D_ Save reports, summaries, threat intelligence data to a database_x000D_ Cluster threat reports to identify related threat reports (i.e. those reports discussing the same threat or campaign)x000D Generate language embeddings for the threat summaries for threat reports_x000D_ Generate graph embeddings by modeling threat reports and threat intelligence extracted as a graph and using unsupervised graph learning algorithm_x000D_ Combine both embeddings together and perform unsupervised learning to cluster embeddings together_x000D_ The embeddings in the same cluster correspond to threat reports discussing the same threat or campaign_x000D_ Generate battlecards that can be readily used by security operations professionals_x000D_ Note: The above steps will be visualized into multiple slides and showed how to realize them in practice.x000D x000D Agentic System Evaluation_x000D_ Dataset_x000D_ Experimental results_x000D_ x000D Lessons Learned_x000D_ Various lessons learned during the construction and evaluation of this system plus several other agentic systems that the author built_x000D_ x000D Summary_x000D_ Key take aways from the presentation_x000D_
SpeakerBio: Mohamed NabeelMohamed Nabeel, PhD, is a cyber security veteran leading the efforts on proactive detection and graph based threat intelligence research and development. He is an open-source enthusiast and a member of Apache Software Foundation. Currently, he is a principal security researcher at Palo Alto Networks. He is passionate about securing AI, and building AI powered tools and systems to help defenders stay one step ahead of Internet miscreants. During his spare time, he teaches AI/Cyber Security to graduate students and mentors cyber security research students at National University. He has authored and presented 25+ US patents and 25+ papers at top security conferences including RSAC, VirusBulletin, IEEE S&P and Usenix Security. Some of his inventions are patented by a rising cyber security firm named bfore.ai and some are successfully productized and deployed at PANW.
- ics Calendar file
This panel brings together offensive cyber security experts and community leaders to explore the critical role of the adversarial mindset in modern cyber security. From red teaming and threat emulation to vulnerability research, we'll discuss how thinking like an attacker strengthens defense strategies. e will also highlight the power of grassroots security communities in sharing knowledge, advancing tradecraft, and building the next generation of defenders. Join us for a conversation that bridges offense, defense, and the culture that makes it all possible.
Speakers:Len Noe,Chris Glanden,Filipi Pires,Phillip WylieLen Noe is a Technical Evangelist, White Hat Hacker, and BioHacker. Noe is an international security speaker who has presented in over 50 countries and at multiple major security conferences worldwide including presenting at the World Conference at the Hague. Len is a global thought leader in the Transhuman/Human+ movement and utilizes microchip implants to advance cyber security and the human experience. Len has had his research published in multiple news outlets globally and is a regular participant on numerous security podcasts. Prior to 2001 Noe was a Black/Grey Hat Hacker and learned most of his skills by practical application. Noe has spent 29 years working in the areas of web development, system engineering/administration, architecture, and coding; for the past nine years, he has focused on information security from an attacker’s perspective. He also actively participates in the activities of the information security communities in Texas, the Autism Society, and many others.
SpeakerBio: Chris Glanden, Indie Filmmaker| Founder and CEO at BarCode SecurityChris Glanden (AKA Pr0ph-1T) is a cybersecurity advisor, thought leader, and prolific content creator with over 25 years of industry experience. Formerly a security solutions engineer, he's now the Founder and CEO of BarCode Security, a boutique services firm specializing in creative narrative strategy, helping organizations and individuals strengthen their brand presence and visibility. He's also the host of the award-winning podcast "BarCode" and a founding member of the Cyber Circus Network (CCN). With a passion for storytelling that extends beyond the microphone, he also writes and directs indie films based on true stories spawned from within the cyberworld.
SpeakerBio: Filipi Pires, Head of Identity Threat Labs and Global Product Advocate at SeguraI’ve been working as Head of Identity Threat Labs and Global Product Advocate at Segura®, Red Team Village Director, Senior Advisor Raices Cyber Academy, Founder of Red Team Community (Brazil and LATAM), AWS Community Builder, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others, I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).
SpeakerBio: Phillip Wylie, Offensive Security MentorPhillip Wylie is a distinguished cybersecurity professional with over 27 years of combined IT and cybersecurity experience, including more than 21 years focused on information security. Specializing in offensive security with over a decade of hands-on experience, Phillip has extensive expertise in penetration testing, red team operations, and social engineering engagements, working both as a consultant and as an in-house pentester for enterprise organizations.
As a passionate educator, Phillip served as an Adjunct Instructor at Dallas College for over 3.5 years and has developed curricula for INE and P3F. He is the concept creator and co-author of The Pentester BluePrint: Starting a Career as an Ethical Hacker and was featured in Tribe of Hackers: Red Team. Phillip hosts two prominent cybersecurity podcasts: The Phillip Wylie Show and Simply Offensive.
Phillip is a sought-after conference speaker, hands-on workshop instructor, and dedicated mentor to cybersecurity professionals worldwide.
- ics Calendar file
Our vulnerability disclosure ecosystem is strained. NVD backlogs persist, while the CVE program, after a near-critical funding crisis impacting its stability, struggles with vulnerability volume and assignment consistency under ongoing resource pressure. CISA's role also evolves amidst these challenges. This talk dissects these US program issues and their impact on AppSec professionals, then examines rising global players like ENISA and other vulnerability databases, assessing their pros, cons, and impact on vulnerability management.
SpeakerBio: jgamblinResearcher. Builder. Hacker. Traveler.
- ics Calendar file
Everything you need to know about getting started in cybersecurity
SpeakerBio: Gerald Auger., Chief Content Creator, PhD
- ics Calendar file
Various cyber tools and techniques have been utilized based on information from past attacks. Game players will learn about different cyber security frameworks, cyber-attack processes, and how they can use utilized in a fun way. The game is built to teach key cyber terms, theory and apply techniques based on real-world scenarios.
As a player, you are part of a Cyber Protection Team (CPT) assigned to the mission to prevent various attacks on critical infrastructure. Your task is to use the available information that your team has at your disposal to stop the adversary from achieving their objective.
Players will find themselves in a variety of future scenarios based on a specific industry/sector focus e.g. manufacturing, utilities, defense, finance. The task will be to defend each individual network/system to govern, identify, protect, detect, respond and recover against abnormal/suspicious activities on the network. You will be working against a global hacker network who is threatening to disrupt the overall operations of critical infrastructure sites for nefarious means.
Cyber Defender - The Game, teaches cyber professionals how hackers operate, the cyber kill chain, and tactics, techniques and procedures (TTPs) that can be employed to defend and attack critical infrastructure.
No
No
- ics Calendar file
Participants fly a custom narrow-body airliner with realistic controls and functions on approach to KBZN while encountering various cyber-anomalies. This challenge typically takes about 6 minutes, with a maximum of 15 minutes.
- ics Calendar file
Step into an empowering panel experience spotlighting accomplished women reshaping the cybersecurity landscape. Through candid conversation, our panelists—from industry leaders to public-sector defenders—share real-world stories about breaking into and thriving in cyber, building resilient networks, and advancing diversity. You'll hear how they navigated nontraditional entry points, found mentorship, bridged the gender gap, and built careers rooted in both technical skill and community. Perfect for early-career professionals and aspiring leaders, this session offers practical advice, personal insight, and inspiration to chart your own game-changing path in cybersecurity.
Speakers:Nikkia Henderson,Arielle Baine,Zandreia KeysMs. Nikkia Henderson is a Portfolio Manager in the federal government with 15+ years of experience. She's an advocate for women in cybersecurity and enjoys tea, cooking, beaches, and aquariums.
SpeakerBio: Arielle Baine, Chief of Cybersecurity for Region 3 at CISAMs. Arielle Baine is the Chief of Cybersecurity for Region 3 at DHS’s Cybersecurity and Infrastructure Security Agency (CISA), overseeing operations across six states and D.C. She leads a team focused on cyber preparedness, risk mitigation, and incident response through public-private partnerships. Baine brings over 13 years of federal and DoD cybersecurity experience, with previous roles at the FDA, FTC, and Hanscom Air Force Base. She holds a master’s in cybersecurity and certifications including CISSP, CCSP, and CEH.
SpeakerBio: Zandreia KeysMs. Zandreia Keys is a senior intelligence and cybersecurity executive with more than 20 years of experience leading threat intelligence operations, cyber risk analysis, and national security strategy. A U.S. Navy veteran and federal leader, she has built and led high-impact intelligence teams across multiple agencies, driving modernization, mission integration, and secure information sharing across the cyber enterprise.
Ms. Keys is recognized for her ability to bridge operational intelligence with executive decision-making, strengthen public-private collaboration, and lead through change in complex environments. Outside of her professional work, she is also an entrepreneur and mentor, committed to cultivating diverse talent in the national security and cybersecurity fields.
- ics Calendar file
You know how to secure and break systems - but what about the laws and policies that govern them? Whether you like it or not, cybersecurity is now deeply entangled with law and politics. Governments are making decisions about encryption, vulnerability disclosure, surveillance, and the limits of offensive operations - decisions that shape what you can build, break, publish, or patch. What you need is a fast-paced, no-jargon-needed crash course in cyber policy, designed specifically for DEF CON attendees. We'll start early: the crypto wars (no, not that crypto), hacking laws, and security research. From there, we'll look at how today’s key institutions - legislatures, federal agencies, international coalitions - are approaching the future of cybersecurity. Topics include the debate over vulnerability disclosure and use, efforts to regulate encryption and mandate software security, the evolving norms of state-sponsored hacking, AI policy’s impact on cybersecurity, post-quantum encryption, and conflicts over digital sovereignty. Finally, we’ll cover how you can engage on these debates. If you've ever found yourself yelling at a Congressional hearing on C-SPAN or ignoring it entirely, this talk will help you understand how the levers of cyber policy work - and how you can hack them, too.
SpeakerBio: Heather West, VenableHeather West is a policy and tech translator, product consultant, and long-term digital strategist guiding the intersection of emerging technologies, culture, governments, and policy. Equipped with degrees in both computer and cognitive science, Heather focuses on data governance, data security, artificial intelligence (AI), and privacy in the digital age. She is a subject matter authority who has written extensively about AI and other data driven topics for over a decade. She is also a member of the Washington Post's The Network, "a group of high-level digital security experts" selected to weigh in on pressing cybersecurity issues.
- ics Calendar file
Contestants will access a virtual environment with dynamic challenges that need to be exploited and contested. Individuals gain points for each system they are able to plant and maintain their flag on.
- ics Calendar file
Redteam Rumble was piloted with a single competition at DEFCON 32 with great success, and we're thrilled to bring it back for DefCon 33! This event is designed with more advanced competitors in mind, and is not for the faint of heart!
Teams will defend their ""Castle,"" a virtual environment comprising several systems and services (both Windows and Linux systems may be included). Each castle has exposed services and exploitable vulnerabilities, along with a few hidden extras.
This event is a free-for-all between 4 teams competing against each other to gain points by controlling services and flags within their own, and each opponents, infrastructure. That means your team will have to balance defending your own systems, while simultaneously hunting for vulnerabilities that can be exploited to control other teams' systems.
Each event will consist of 4 teams competing in a free-for-all for 2 hours. Pre-registration is required.
- ics Calendar file
Strategic Operations will feature two teams going head to head in a classic offense vs defense battle. The defensive team gains points by successfully providing mission critical services during a short scoring window, while offensive teams will gain points by performing targeted service interruptions and data manipulation.
Each event will consist of 2 teams competing in an attacker vs defender battle for anywhere from 30 - 90 minutes. Pre-registration is reccomended, but not required.
One of our goals with Strategic Operations is to provide a fun and engaging experience for attendees that discover us on the competition floor, without requiring prior registration. We will do our best to accomodate walk in participants when possible!
- ics Calendar file
No spoilers! Join us for a thrilling premier of a DoD-designed wargame about undersea threats and cyber planning.
SpeakerBio: Jared MacDonald, NUWC
- ics Calendar file
Cyberjūtsu is a new way to teach cybersecurity inspired from martial arts trainings. It is an educational way which allows everyone (novice to expert) to practice together and improve themselves in cybersecurity through confrontation. It follows budō (judo, jujitsu, karate...) principles and ethical code. The goal is to reach "maximum-efficient use of computer" in a "mutual benefit" of a human confrontation. It's a digital martial art fight e-sport using linux shell.
Speakers:Alexandre Cabrol-Perales,Alaric BeckerPresident of WOCSA France, Cyberjutsu Project Leader for WOCSA Head of Managed Detection and Response Services at Sopra Steria Cybersecurity External Professor at Cybersecurity Master (SSIR) for Science University of Toulouse, France 1st dan Judo Jujitsu
SpeakerBio: Alaric Becker, SOC Analyst and Threat Hunter at Sopra SteriaWOCS'HACK Project Leader for WOCSA France. Detection Analyst and Threat Hunter at Sopra Steria Cybersecurity. 3rd dan Judo Jujitsu
- ics Calendar file
Cyberjūtsu is a new way to teach cybersecurity inspired from martial arts trainings. It is an educational way which allows everyone (novice to expert) to practice together and improve themselves in cybersecurity through confrontation. It follows budō (judo, jujitsu, karate...) principles and ethical code. The goal is to reach "maximum-efficient use of computer" in a "mutual benefit" of a human confrontation. It's a digital martial art fight e-sport using linux shell.
- ics Calendar file
Thinking about a career in offensive security? Join this interactive fireside chat with professionals working on the front lines of red teaming, penetration testing, exploit development, and adversary emulation. Panelists will share their personal journeys, advice on breaking into the field, and reflections on what it takes to thrive in offensive security. Whether you're just starting out or looking to pivot your career, bring your questions and curiosity—this is your chance to learn directly from those who've made hacking their day job.
Speakers:Lorenzo White,Jamal Theodore,Wesley Snell
- ics Calendar file
Latin America faces a perfect storm of cyber threats—sophisticated criminal networks, underfunded defenses, and systemic vulnerabilities. Yet, within this chaos lies an untold narrative of adaptation, recursion, and community-driven resilience.
SpeakerBio: Giovanni Cruz Forero, COO at 7 Way SecurityProfessional in Cybersecurity with 20 years of experience in the sector, seeks to share knowledge using his experience and knowledge and currently works as COO of 7 Way Security, organizer of BSides Colombia, La Villa and other spaces for building collective knowledge.
Profesional en Ciberseguridad con 17 años de experiencia en el sector, busca compartir conocimiento haciendo uso de su experiencia y conocimiento y en este momento trabaja como CEO de Be Hacker Pro donde plantea estrategias para el fortalecimiento del capital humano con talentos en ciberseguridad, es cofundador de CSIETE y 7 Way Security, organizador de BSides Colombia, HackLab Bogotá y otros espacios de construcción de conocimiento colectivo.
- ics Calendar file
At 6am on Friday, the @cycle_override crew will be hosting the 14th Defcon Bikeride. We'll meet at a local bikeshop, get some rental bicycles, and about 7am will make the ride out to Red Rocks. It's about a 15 mile ride, all downhill on the return journey. So, if you are crazy enough to join us, get some water, and head over to cycleoverride.org for more info. See you at 6am Friday!
- ics Calendar file
Participants fly a simulated DA-62 complete with realistic Garmin instruments on approach into KDAB while encountering randomized GPS-spoof related scenarios. You can successfully complete the scenario by safely landing on your cleared runway. This challenge typically takes about 7 minutes, with a maximum of 20 minutes.
- ics Calendar file
Cyberpunk authors, like Neal Stephenson in Snow Crash, have long envisioned a world run by ruthless mega-corporations, with more power than governments, engaging in threat activity. We now live in such a world. Tech companies wield immense, often invisible power, far beyond what they admit to users. We’ve caught glimpses:
• A cloud provider scanning customer data for offensive content • A rideshare app tracking users after the ride ends • A robotic vacuum that builds maps of your home • A respected security company bricking systems across the globe… accidentally
These aren’t theoretical. They’re the tip of the iceberg. The real capabilities, the ones no one talks about, are far more dangerous.
Governments know it. That’s why some ban certain apps and hardware. Threat actors know it. That’s why they break in. The question is: do you know what’s really possible?
This talk explores the dark potential of modern tech platforms, the things they’re structurally able to do, whether or not they intend to. We’ll walk through scenarios where companies might be tempted to go offensive, where insiders (or outsiders) could gain and weaponize access, and how these powers could be misused at scale.
Because in security, it’s never about what a system claims to do. It’s about what it can do.
Speakers:Tom Cross,Greg ContiTom Cross is an entrepreneur and technology leader with three decades of experience in the hacker community. Tom attended the first DefCon in 1993 and he ran bulletin board systems and listservs in the early 1990’s that served the hacker community in the southeastern United States. He is currently Head of Threat Research at GetReal Security, Principal at Kopidion, and creator of FeedSeer, a news reader for Mastodon. Previously he was CoFounder and CTO of Drawbridge Networks, Director of Security Research at Lancope, and Manager of the IBM Internet Security Systems X-Force Advanced Research team. He has written papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. He has spoken at numerous security conferences, including Black Hat Briefings, Defcon, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides. He has a B.S. in Computer Engineering from the Georgia Institute of Technology. He can be found on Linkedin as https://www.linkedin.com/in/tom-cross-71455/, on Mastodon as https://ioc.exchange/@decius, and on Bluesky as https://bsky.app/profile/decius.bsky.social.
SpeakerBio: Greg Conti, Co-Founder and Principal at KopidionGreg Conti is a hacker, maker, and computer scientist. He is a nine-time DEF CON speaker, a seven-time Black Hat speaker, and has been a Black Hat Trainer for 10 years. He’s taught Adversarial Thinking techniques at West Point, Stanford University bootcamps, NSA/U.S. Cyber Command, and for private clients in the financial and cybersecurity sectors. Greg is Co-Founder and Principal at Kopidion, a cyber security training and professional services firm.
Formerly he served on the West Point faculty for 16 years, where he led their cybersecurity research and education programs. During his U.S. Army and Military Intelligence career he co-created U.S. Cyber Command’s Joint Advanced Cyberwarfare Course, deployed to Iraq as Officer-in-Charge of U.S. Cyber Command’s Expeditionary Cyber Support Element, and was the first Director of the Army Cyber Institute.
Greg is co-author of On Cyber: Towards an Operational Art for Cyber Operations, and approximately 100 articles and papers covering hacking, online privacy, usable security, cyber conflict, and security visualization. Greg holds a B.S. from West Point, an M.S. from Johns Hopkins University, and a Ph.D. from the Georgia Institute of Technology, all in computer science. His work may be found at gregconti.com (https://www.gregconti.com/), kopidion.com (https://www.kopidion.com/) and LinkedIn (https://www.linkedin.com/in/greg-conti-7a8521/).
- ics Calendar file
Come meet Jack, Ray [Redacted], Alethe, and Jayson E. Street. Find some friends from your home town! Learn more about DEF CON Groups and how to get involved!
Speakers:Ray [REDACTED],Jayson E. Street,Jack Rhysider,Alethe DenisJayson E. Street referred to in the past as: a "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series, and described as a "paunchy hacker" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.
He is the Chief Adversarial Officer at Secure Yeti and the author of the "Dissecting the hack: Series" (which is currently required reading at 5 colleges in 3 countries that he knows of). Jayson is also the DEF CON Groups Global Ambassador. He's spoken at DEF CON, DEF CON China, GRRCon, SAINTCON & at several other CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.
He loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once, all others he was supposed to)!
He is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far, but if they are please note he was proud to be chosen as one of Time's persons of the year for 2006.
SpeakerBio: Jack Rhysider, Host at Darknet DiariesHost of the Darknet Diaries
SpeakerBio: Alethe Denis, Red Team at Bishop FoxDEF CON Groups Dept 2nd Lead
- ics Calendar file
DEF CON Groups Dept 2nd Lead
SpeakerBio: Nikita Kronenberg, Director of Content and Coordination at DEF CON Communications, Inc.Nikita works to ensure DEF CON runs as smoothly as one can expect from a hacker convention. In addition to planning a vast array of details prior to DEF CON and thwarting issues while onsite, she has retired from being the Director of Content for the CFP Review Board.
Nikita is not on the social mediaz.
SpeakerBio: zziks, A&E Goon at DEF CONNicole Schwartz (a.k.a. CircuitSwan) speaks about Information Security, DevSecOps, Software Supply Chain Security, Agile, Diversity & Inclusion, and Women in Technology. She is the Senior Security Product Manager at ActiveState, the Chair of the Board for the Diana Initiative 501(c)3, Director of BSides Edmonton Information Security Foundation, and an organizer of SkyTalks village at BSidesLV.
SpeakerBio: Nina Alli, Executive Director at Biohacking VillageNina Alli is a cybersecurity and regulatory strategist whose work bridges medical technology, public policy, and grassroots security research. She has been the Executive Director of the Biohacking Village for the past decade—a pioneering community that explores the intersection of healthcare and cybersecurity through hands-on engagement, open collaboration, and public education.
With over 16 years of experience across biotechnology, biomedical engineering, and security, Nina has focused on modernizing legacy systems in healthcare, enhancing infrastructure, and improving the integration of electronic health records. Her work brings a systems-thinking approach to regulatory cybersecurity, particularly in high-stakes environments where patient care, clinical workflows, and connected devices intersect.
She emphasizes cross-sector collaboration, the advancement of responsible innovation, and building public trust in medical technologies—especially where vulnerabilities in connected systems can have human consequences. Through years of involvement in hacker spaces such as DEF CON, she has worked to bridge the cultural and technical gaps between healthcare institutions and security researchers.
SpeakerBio: amazonv
- ics Calendar file
They say Atlanta is the city too busy to hate, but it also has too much traffic for its widespread hacker fam to get together in a single meetup. So instead, we're meeting up in the desert during DEF CON! The one time of year when intown, northern burbs, south siders, and anyone else connected to DC404's 25+ year legacy can catch up and share stories. Join us and meet your fellow ATL hackers!
- ics Calendar file
Ready to frag like it’s 1999? The DCG Community is going full retro with a Quake III Arena LAN party—Friday and Saturday from 10am to 6pm! We’ve got 20 battle-ready PCs set up for you to drop in, squad up, and face off against fellow DEF CON attendees. No sign-up, no pressure—just fast-paced fun, old-school energy, and scoreboard glory. Form your own teams, dominate the arena, or just jump in for a quick frag between talks.
💥 All skill levels welcome. Come for the chaos, stay for the camaraderie. GG.
Speakers:polomaster,Nitetrain
- ics Calendar file
Join DC805—San Luis Obispo’s DEF CON Group—for a Friday afternoon meetup in the DCG Community at DEF CON 33! Starting at 3:30pm, we’re bringing together SLO locals and friends of the group for chill conversations, hacker camaraderie, and Central Coast vibes. Whether you're from the 805 or just want to meet a solid crew, come hang. No talks, just good people.
Speakers:Hankashyyyk,FozzieDC805 POC
SpeakerBio: FozzieDC805 POC
- ics Calendar file
DCG Santa Cruz is back and under new management! Come meet us, talk nerdy, get some stickers, and learn how we keep the DEFCON ethos going year-round!
- ics Calendar file
Come try your hand at being a DDoS attacker and/or defender in this fun cyberwar simulation. No experience or laptop needed! Sessions run every half hour.
- ics Calendar file
- ics Calendar file
The LaunchAnywhere vulnerability has long been a significant concern in Android security, allowing unprivileged applications to invoke protected activities, even with system-level privileges, and have been actively exploited in the wild in the past.
In response, Google and device vendors have implemented patches, primarily by introducing destination component checks within privileged code before launching Intents. These fixes appeared to have mitigated such risks—at least on the surface. But has the threat truly been eliminated?
In this session, we demonstrate that these defenses remain insufficient. We introduce a new exploitation technique, BadResolve, which bypasses these checks through multiple methods, enabling a zero-permission app to achieve LaunchAnywhere once again. We reveal high-severity vulnerabilities that affect all Android versions, including the latest Android 16 (at time of writing), which have been confirmed and patched by Google. Dead, made alive again— we show how the LaunchAnywhere vulnerability has been reborn. In addition to presenting new exploitation techniques, we tackle the challenge of efficiently and accurately identifying methods in the vast codebases of AOSP and vendor-specific closed-source implementations that could be exploited by BadResolve, using LLM Agents and MCP.
References:
SpeakerBio: Qidan "flanker_hqd" HeQidan He (a.k.a Edward Flanker, CISSP) is the winner of multiple Pwn2Own championships and Pwnie Award. He is now the Director & Chief Security Researcher at Dawn Security Lab, JD.com. He has spoken at conferences like Black Hat, DEFCON, RECON, CanSecWest, MOSEC, HITB, PoC, etc. He is also the committee and judge of GeekPwn&GeekCon.
- ics Calendar file
The DEF CON MUD IS BACK... We tried to do battletech but we realized we needed better documentation.
Like all good plans we put together a new one at the last minute....
Without further delay we announce......Cheeseworld!!! An LPMUD from the 90's, a world of cheese, furbys and code that we have no idea how it's still working. Find ancient bugs, explore Wensleydale, roam the Nacho forest...
Download mudlet and connect to mud.defcon.wtf port 3022 (TLS) or 3000 (telnet)
Find EvilMog in the Contest and Events Area, the prize is usually pretty epic, winners chosen at 2pm Sunday August 10th.
Open now, get DEF CON started early!!!
- ics Calendar file
New to hacking? Start here. The DEF CON Academy is your entry point into the world of hacking and Capture the Flag (CTF) competitions. No experience? No problem. Stop by and you'll start with the basics — Linux commands, web security, binary challenges, and reverse engineering — and build up from there at your own pace. Mentors and real CTF pros will be on-site to help you when you get stuck, explain concepts, and cheer you on. Come sit down for a bit, plug in, enjoy our scheduled talks, and start leveling up your skills in a hands-on, no-pressure environment.
- ics Calendar file
DEF CON hosts many CTF contests, but this one is special for us and our players. It is almost entirely binaries, all original, and designed to test the top teams in the world, no matter what automated assistance they bring with them. It’s an attack-defense contest, which enables even more treachery and creativity from players. Back for a fourth year are LiveCTF head-to-head reversing races, bringing more strategy and excitement to our busy game.
- ics Calendar file
Whether you're a seasoned DEF CON veteran or a curious newcomer, the DEF CON Scavenger Hunt promises to challenge your skills, tickle your wits, and ignite your hacker spirit. Our list is a portal to mystery, mischief, and mayhem. Assemble your team of up to 5 members, interpret the items, and submit your efforts at the booth to our esteemed judges. Go beyond the basics for bonus points. Legends are born here.
The DEF CON Scavenger Hunt is open to everyone, regardless of skill level or experience, no pre-qualifying necessary. We strive to maintain the balance of a low barrier to entry while providing a challenge that many are eager to take on. Casual players should not be overwhelmed by the list, find a handful of items and have fun. If you are looking to win however, you will need to fully immerse yourself in the DEF CON Scavenger Hunt. Let's make some memories together.
Remember that it's not just about fame, glory, or boxes of swag; the true allure is the camaraderie of fellow hackers, the knowledge that you've etched your mark on DEF CON history, and the ultimate badge of honor: bragging rights. Nothing says "I'm a hacker" quite like being triumphant at the DEF CON Scavenger Hunt.
- ics Calendar file
Defcon.run is a beloved tradition at DEF CON, bringing together hackers for a refreshing start to the day. Originally known as the DEF CON 4x5K, the event has evolved into a distributed, community-driven experience featuring fun runs and rucks across Las Vegas. Participants can choose from various routes, ranging from simple 5Ks to more ambitious distances.
For DEF CON 33, the gathering point is "The Spot" by the North Entrance of the Las Vegas Convention Center West Hall. Here, the real wild hares gather before the sun has a chance to burn up this city of sin. The runs kick off at 06:00 Thursday through Sunday! But be there early for hype talks and shenanigans. We also have a whole new Meshtastic setup and website features we're adding. There are other runs swag drops and social meetups planned throughout the day and night as well!
Whether you're a seasoned runner or looking for something different, defcon.run offers a unique way to connect with other hackers and kick off your day. For more details and to sign up, visit defcon.run.
- ics Calendar file
Chaos at a major international airport. Flight info displays flicker with false data. Baggage systems fail. Aircraft controls are compromised. Even the skies are no longer safe. Your mission: investigate the breach, neutralize the threats, and take back control of the airport. The airport depends on you. The clock is ticking!
- ics Calendar file
- ics Calendar file
A dedicated area equipped with the necessary tools, where visitors can experiment with various techniques and concepts under expert guidance.
- ics Calendar file
This panel features several researchers that were central to the TTBR as well as the similar Ohio EVEREST Study and will delve further into the conduct of those studies, and how they may inform election security research today.
Speakers:Debra Bowen, The Honorable,Sandy Clark,Candice Hoke,Matt BlazeDebra Bowen was the elected Secretary of State of California for two terms from 2007 to 2015. Prior to that, from 1992 to 2006, she had been a member of the California Assembly and then the Senate. In 2007, at the beginning of her term as Secretary of State, she commissioned the Top to Bottom Review (TTBR) of voting systems used in California. The review involved top computer security researchers, attorneys, and accessibility experts, and provided the nation with an unprecedented view into the state of voting machines. The TTBR led to critical changes to improve California’s elections and influenced other states to move away from the most insecure voting systems. In parallel she commissioned the Post Election Audit Standards Working Group (PEASWG), a group of experts charged with outlining standards for election auditing. From their report emerged the very first formal description of what came to be known as risk-limiting audits (RLAs), now widely viewed as the “gold standard” of auditing techniques. RLAs make the notions of evidence-based elections and software independence, two of the fundamental pillars of election integrity, an achievable goal.For her “bold leadership and her steadfast resolve to protect the integrity of the vote” she was honored with a 2008 Profile in Courage Award by the John F. Kennedy Presidential Library and Museum.
SpeakerBio: Sandy Clark, DrMatt Blaze is the McDevitt Chair of Computer Science and Law at Georgetown University, where his research focuses on problems at the intersection of technology, public policy, and law. Prior to joining Georgetown, he was a professor of computer science at the University of Pennsylvania, and prior to that, a founding member of the Secure Systems Research Department at AT&T Bell Labs. He holds a PhD in computer science from Princeton, an MS from Columbia, and a BS from the City University of New York. Blaze's scholarship and practical work in high-integrity voting and elections technology dates back more than 25 years. He led teams that examined source code for security vulnerabilities on behalf of the states of California and Ohio for the Top-to-Bottom Review and EVEREST studies. He has testified on election security and other topics before the US Congress over a dozen times, served on various federal and state advisory boards, and has published numerous scholarly research papers on elections and related subjects. He is a founding member of the DEFCON Voting Village, and currently serves as board chair of the Election Integrity Foundation.
- ics Calendar file
As healthcare systems become increasingly digitized, cyber incidents like ransomware attacks and EHR outages are no longer just IT problems—they're potential contributors to patient harm and mortality. This expert panel explores the groundbreaking proposal to adapt disaster-related death certification frameworks to document cyber incidents as secondary causes of death. Bringing together expertise in cybersecurity governance, healthcare economics, investigative journalism, and clinical practice, panelists will examine the policy implications, implementation challenges, and public health benefits of standardizing how we document and track cyber-induced patient harm.
Speakers:Jorge Acevedo Canabal,Scott Shackleford,Joseph DavisDr. Jorge Acevedo Canabal is a physician and cybersecurity researcher focused on digital threats to patient safety. He helped lead Puerto Rico’s post-Maria disaster death certification training and now proposes attributing cyberattacks as a cause of death in modern healthcare.
Joseph has 30+ years of experience in security, privacy, risk, and compliance for Fortune 500 companies. As a Customer Security Officer at Microsoft, he advises US Health and Life Sciences customers on cybersecurity, data privacy, risk management, and information compliance
SpeakerBio: Scott Shackleford
- ics Calendar file
Hospitals and trauma centers face critical delays in triage, patient monitoring, and shift handoffs—leading to avoidable medical errors, increased wait times, and compromised patient safety. What if AI-powered triage, biometrics, and AI-driven simulation labs could change that? This talk explores how biometric AI, smart bedside displays, digital handoff systems, and AI physiology simulations can enhance emergency care, reduce human error, and revolutionize medical training. Key Innovations We’ll Unpack: 1. AI-Facial Recognition: Upon entry to the hospital/facility, AI-powered sensors take a real-time picture of each patient as they walk/check into the ED and sync the biometric picture with their Medical Record Number (MRN) patient chart. 2. AI-Powered Biometric Triage: AI sensors continue to scan patients in the waiting room, analyzing vital signs (HR, respiratory rate, O2 sat, temp), non-verbal distress like bleeding (trauma), pain based on facial droop (Stroke), chest pain or shortness of breath (Heart Attack), syncope, labor/delivery, and grimacing (pain), and factor all these into the Emergency Severity Index (ESI) algorithm for a real-time comprehensive display to triage staff for their review. 3. Digital Handoff Reporting: Automated shift changes summaries ensure that critical patient data like medical and surgical history, labs, vital trends, pending orders, isolation precautions, and risk factors are not lost between clinicians. It also reduces paper waste, redundancy, and inefficiencies like report duration. 4. Digital Smart Room Display (i.e. TV): Like at a nice hotel room, your patient room tv would provide you with a personalized channel with your real-time medical updates (aka tv medical chart), that are approved by your providers, that are synced to your EHR chart and secured with a personalized pin you created during registration. Upon discharge of the hospital, your channel would be deactivated. This would enhance the time from provider-to-patient communication, decrease patient wait times for results, and ensure healthcare treatment transparency. It is optional and on-demand for the patient and family if consent is given by the patient. 5. AI Physiology in Simulation Labs: AI-driven simulated patient models that replicate real-time human physiology, responses to trauma, medication interactions, and disease progression—transforming medical education. 6. Cybersecurity in AI-Driven Emergency Care: Protecting biometric patient data, preventing AI hallucinations and poisoning, and securing AI-driven training systems. By integrating AI-driven biometrics, automating bedside displays and handoff reports, and AI physiology in healthcare, we can prioritize critical patients faster, reduce handoff errors, and accelerate healthcare education. The future of emergency care isn’t just faster, it’s predictive, automated, and cybersecure.
SpeakerBio: Jennifer Schieferle UhlenbrockDr. Jennifer Schieferle Uhlenbrock has 20+ years of healthcare experience. She bridges clinical practice, business, and cybersecurity best practices. A published technical writer and speaker, she translates complex security and patient safety challenges into clear, actionable insights.
- ics Calendar file
Computers are constantly at work—running processes, handling data, and logging everything they do. These digital breadcrumbs, known as telemetry and artifacts, not only help systems run smoothly but also become crucial clues when something goes wrong.
When a machine is compromised, those logs can tell a story: what happened, how it happened, and who (or what) was behind it.
Join us for an introductory presentation on digital forensics, where you’ll learn how cybersecurity professionals analyze these traces to investigate and understand cyber incidents. No prior experience required—just curiosity and an interest in uncovering the truth behind the breach.
SpeakerBio: Sarthak TanejaSarthak Taneja is a detection engineering and threat intelligence professional who started out in the world of penetration testing, giving him a 360-degree view of attack paths—whether the is defending against them or, let’s be real, figuring out how to break in. When he is not decoding the latest threats, you’ll find him jet-setting across the globe, stirring up the security scene by organizing and volunteering at conferences everywhere.
- ics Calendar file
Open-source intelligence in Discord may seem surface level. Some techniques include searching through chat history using search operators similar to Google dorking and reviewing a user’s profile to look for any linked accounts tied to their Discord account. Going beyond this and analyze the servers that a user is a part of, more assumptions and inferences can be made based on those servers. I applied what I saw and experienced with Student Hubs and applied it to cybersecurity within Discord. The information from knowing what cybersecurity servers a person is in informed me of what their experience level was, the type of field they were interested / worked in, and potentially even where they lived.x000D x000D However, you can only reach a certain point by joining servers within Discord. This type of approach can only be done at scale and this presents its own set of problems. Scaling this seemed unlikely to happen until a service known as Spy.pet was publicly disclosed in April 2024. Spy.pet was marketed as a data broker that was inadvertently a very capable OSINT tool that could be used for Discord. Knowing that it would be available for a short time before it got shut down, I was able to access Spy.pet to use and document what capabilities it had. Since then, there have been more data scrapers that have appeared with their own reasons. These include third-parties (malicious or not), academic researchers, and cybercrime groups. I will cover the capabilities and OPSEC failures from some of the data scrapers in the past year as well as how it could possibly be approached in the future. Most importantly, I will go over protections at the user and server level.
SpeakerBio: Zach MalinichZach a.k.a “UberZachAttack” is a PSU alum, works within offensive security, and holds various certifications.
- ics Calendar file
Join us for a self-guided interactive look at GE Applinces and get hands on with some of our most popular home appliances!
And for all Home Assistant enthusiasts!
Check us out and we will help you get started!
Find anything related to security? Contact our PSIRT by visiting our security webpage:
GEAppliances.comn/security
- ics Calendar file
Being a first generation college student comes with unique struggles. We would love to have a discussion group for those who were, are, or are soon to be, in this situation. Our moderator has been through this experience and is ready to help lead and participate in a group discussion with others in similar circumstances
SpeakerBio: Jessie "Ringer" JamiesonJessie Jamieson, aka "Ringer", is a mathematician who loves using math to solve hard problems, but she loves helping others see the beauty and value of math even more! She has been invited to speak at mathematics and cybersecurity events about supply chain and AI-related risk, and has spoken internationally on the importance of data science maturity for cybersecurity effectiveness. Jamieson holds a PhD and a MS in Mathematics from the University of Nebraska - Lincoln, where she was a National Science Foundation Graduate Research Fellow. Jamieson has also held senior research roles at Tenable and the Johns Hopkins University Applied Physics Laboratory. She currently works in a role related to cybersecurity risk quantification. When not doing math, she's usually playing volleyball or video games, playing soccer with her dog, Dax, or traveling to some of her favorite cybersecurity conferences (like DEFCON!).
- ics Calendar file
You’ve made a great connection at a conference. Now what? Join this interactive discussion session to explore how to move from casual networking to landing an interview. Whether you're new to the field, making a career shift, or looking for your next challenge this session will focus on practical ways to build on those hallway chats and coffee meetups. We’ll share tips for effective follow-ups, how to express interest and how to turn a new contact into a warm lead for an interview. Bring your questions and experiences. We’ll crowdsource ideas and build confidence together.
SpeakerBio: Sarah Mackey, Executive Director at Women in Security and PrivacySarah Mackey is executive director of Women in Security and Privacy. She also serves as a career coach supporting individuals through career transitions and helping them discover and secure meaningful careers. With over 20 years experience as a hiring manager, Sarah brings practical and actionable guidance for candidates.
- ics Calendar file
This discussion will focus on questions, advice, guidance and insights regarding Governance, Risk, and Compliance as a career path, or even as a skills enhancement in your own career. No matter if you’re a seasoned GRC professional, or someone just trying to understand how they all play together in the cybersecurity sandbox, come discuss tips, tricks, tools, frameworks, and any other burning questions or issues (even the future of GRC in a world of Large Language Models!
SpeakerBio: Mea CliftMea Clift is a distinguished cybersecurity executive with a multi-decade career rooted in excellence, innovation, and mission-driven leadership. As Principal Executive Advisor for Cyber Risk Engineering at Liberty Mutual, she provides strategic guidance to underwriters and insureds on emerging cyber risks, maturity models, and industry trends—bridging the gap between cybersecurity strategy and enterprise risk.
With deep expertise in governance, risk, and compliance (GRC), Mea is a champion of NIST-based frameworks, Zero Trust principles, and supply chain security. Her background spans critical infrastructure protection, regulatory alignment, and the development of governance structures that embed security across the business. She is widely respected for her ability to translate complex technical risks into clear, compelling language for executives and stakeholders alike.
A 2024 Cyversity Educator of the Year, published author, and active mentor, Mea teaches Fundamentals of GRC and advocates for diversity in cybersecurity through many organizations including Wicys, Cyversity and ISACA. Outside of her professional work, she is a passionate quilt historian and educator living in St. Paul, Minnesota, where she shares her love of textiles and design alongside her three greyhounds.
- ics Calendar file
Network Attached Storage (NAS) devices are indispensable in many corporate and home environments. These devices often live on the network edge, providing convenient remote access to confidential files and internal networks from the public internet. What happens when this goes terribly wrong?
In this presentation, I’ll discuss how I developed a zero-day exploit targeting dozens of Synology NAS products. At the time of discovery, the exploit facilitated unauthenticated root-level remote code execution on millions of NAS devices in the default configuration. My exploitation strategy centered around smuggling different types of delimiters that targeted multiple software components.
In the past, exploitation of the vulnerability’s bug class demanded additional primitives that weren’t available on my targets. While searching for alternative paths, I discovered a novel remote Linux exploitation technique. I’ll be presenting this technique, which can be used in other researchers’ exploit chains in the future. For the first time in public, I’ll also be discussing the details of my Synology vulnerability research, which won a $40,000 prize at the October 2024 Pwn2Own competition.
References:
I referenced these previous Synology offensive publications during my research:
SpeakerBio: Ryan EmmonsRyan Emmons is a Security Researcher on the Emergent Threat Response team at Rapid7. His work centers around n-day analysis of new vulnerabilities and zero-day research, primarily focused on network edge devices. Ryan enjoys attacking hardened targets and finding interesting bugs. He has disclosed vulnerabilities to major vendors like Oracle and Microsoft, and he recently competed at the 2024 Pwn2Own Ireland competition, where he won a $40,000 prize. In addition to vulnerability research, Ryan likes to participate in CTF competitions and compose music.
- ics Calendar file
Make a moment for yourself with this calming and reflective activity. Design your own affirmation card using colorful pens, washi tape, and prompts like “Dear Future Me” or “You're doing enough.” Whether it’s a reminder you need or a message of encouragement, your card is yours to keep. Tuck it in your badge, your bag, or your notebook as a little boost throughout the con.
- ics Calendar file
- ics Calendar file
"Dodging the EDR bullet" Training is an intensive, hands-on course designed to equip cybersecurity professionals with cutting-edge skills in malware evasion techniques. Dive deep into Windows security components, antivirus systems, and EDRs while mastering the full malware lifecycle—from initial access to advanced in-memory evasion and kernel-level persistence. Through a systematic approach to memory management and process manipulation, participants will learn how to bypass modern detection strategies and build stealthy malware components. The course focuses on cultivating a research-driven mindset, enabling attendees to understand and analyze detection strategies provided by the Windows OS and then craft their own techniques to evade them.
By the end of the training, participants will have gained a solid foundation in malware analysis and development, enabling them to craft sophisticated command-and-control (C2) payloads and maintain persistence while remaining undetected.
* All students are expected to sign an NDA with the trainer to avoid unauthorized sharing of training materials *
Speakers:Giorgio "gbyolo" Bernardinetti,Dimitri "GlenX" Di CristofaroGiorgio "gbyolo" Bernardinetti is lead researcher at the System Security division of CNIT. His research activities are geared towards Red Teaming support activities, in particular design and development of advanced evasion techniques in strictly monitored environments, with emphasis on (but not limited to) the Windows OS, both in user-space and kernel-space. He has been a speaker for DEFCON32 Workshops and Red Team Village HacktivityCon 2021.
SpeakerBio: Dimitri "GlenX" Di Cristofaro, Security Consultant and Researcher at SECFORCE LTDDimitri "GlenX" Di Cristofaro is a security consultant and researcher at SECFORCE LTD where he performs Red Teams on a daily basis. The main focus of his research activities is about Red Teaming and in particular on identifying new ways of attacking operating systems and looking for cutting edge techniques to increase stealthiness in strictly monitored environments. He enjoys malware writing and offensive tools development as well as producing electronic music in his free time.
- ics Calendar file
"Dodging the EDR bullet" Training is an intensive, hands-on course designed to equip cybersecurity professionals with cutting-edge skills in malware evasion techniques. Dive deep into Windows security components, antivirus systems, and EDRs while mastering the full malware lifecycle—from initial access to advanced in-memory evasion and kernel-level persistence. Through a systematic approach to memory management and process manipulation, participants will learn how to bypass modern detection strategies and build stealthy malware components. The course focuses on cultivating a research-driven mindset, enabling attendees to understand and analyze detection strategies provided by the Windows OS and then craft their own techniques to evade them.
By the end of the training, participants will have gained a solid foundation in malware analysis and development, enabling them to craft sophisticated command-and-control (C2) payloads and maintain persistence while remaining undetected.
* All students are expected to sign an NDA with the trainer to avoid unauthorized sharing of training materials *
Speakers:Giorgio "gbyolo" Bernardinetti,Dimitri "GlenX" Di CristofaroGiorgio "gbyolo" Bernardinetti is lead researcher at the System Security division of CNIT. His research activities are geared towards Red Teaming support activities, in particular design and development of advanced evasion techniques in strictly monitored environments, with emphasis on (but not limited to) the Windows OS, both in user-space and kernel-space. He has been a speaker for DEFCON32 Workshops and Red Team Village HacktivityCon 2021.
SpeakerBio: Dimitri "GlenX" Di Cristofaro, Security Consultant and Researcher at SECFORCE LTDDimitri "GlenX" Di Cristofaro is a security consultant and researcher at SECFORCE LTD where he performs Red Teams on a daily basis. The main focus of his research activities is about Red Teaming and in particular on identifying new ways of attacking operating systems and looking for cutting edge techniques to increase stealthiness in strictly monitored environments. He enjoys malware writing and offensive tools development as well as producing electronic music in his free time.
- ics Calendar file
Domain fronting has quickly become to go to method for stealthy data exfiltration and beacon callbacks, popularised by C2 frameworks such as Posh and Cobalt Strike. In this talk we will review cloud providers and CDNs attempts to shutdown domain fronting and just how feasible it is in 2025
SpeakerBio: Tom Cope
- ics Calendar file
While there is increasing content on attacking LLMs hitting the Internet (and at DEFCON), much of it is focused on attacking LLMs from more of a penetration-test perspective without putting the attacks into the broader context of a Red Team operation. As with any technology that we encounter in a network during a Red Team exercise, we should be familiar with how to use it to achieve goals like lateral movement or privilege escalation. Like it or not, in the near future that will increasingly include LLM-based applications and agents.
This session aims to close that gap. The speakers will start with some entry-level theory on how LLMs function under the hood. No math experience? No problem. We're going to keep things at a nice, high level with special focus on the core functionality of LLMs that enables attacks.
After addressing the theory, the speakers will shift to real-world attacks on LLMs drawn from our operations. This will take two forms: strategies to break LLMs through direct and indirect prompt injection, and ways to take a successful prompt injection and turn it into progress toward your Red Team objectives like enumeration, lateral movement, privilege escalation, or execution.
With the groundwork laid, the workshop will close with a hands-on, multi-level CTF for participants to try some of the direct and indirect prompt injection strategies discussed in the workshop.
Detailed Agenda: 1. Introductions (2 mins) 2. Theory: a. Neural Networks (10 mins) b. LLMs (10 mins) 3. Attack Strategies (15 mins) a. Direct prompt injection strategies + war stories b. Indirect prompt injection strategies + war stories 4. Hands-on CTF (20 mins) 5. Q&A (remainder)
Speakers:Alex Bernier,Brent HarrellI love breaking applications and AI systems!
SpeakerBio: Brent HarrellBrent is the author of the Red Team Capability Maturity Model and has led and created Red Teams at multiple organizations. He's now on the consulting side of Red Teaming and is one of the initial members of the company's new AI Red Team focused on LLM-based applications. With a background in traditional AD operations, though, much of his focus of late has been on bridging the gap between attacking LLMs directly and using them as part of greater operations.
- ics Calendar file
Come hear Carson and Eric discuss some of the most challenging topics in security operations today. Carson Zimmerman and Eric Lippart, “Doom” and “Gloom,” respectively, have been working in security ops for over a combined 40 years, and have seen a thing or two. They will cut the buzzword bingo and offer frank opinions about how to get SOC right, and how to get it wrong.
This year, we’ll be discussing topics like: * The constant march of incidents and assume breach has transcended cliche– what are you doing to keep yourself and your crew sane? * Where are you investing right now to detect and block with nation state adversaries– what’s working and what hyped methods are a waste of time? * Speaking of cliches, too many alerts, not enough people and time– yes, we need to tune, but what are we doing to win here? Is it sustainable? Should we give up on conventional detection? * Let’s talk about generative AI– where are you seeing SOC actually use it, and where do you think we’re still a ways off? * Return to office- we hear about it in the news, but is it realistic? Does RTO preclude world class talent?
Bring your questions, let’s go!
Speakers:Carson Zimmerman,Eric LippartCarson Zimmerman has been working in and around security operations centers (SOCs) for over 20 years. Carson is a Principal Security Researcher at Microsoft, working to elevate SOCs around the globe through industry-leading security capabilities. He co-authored 11 Strategies of a World-Class Cybersecurity Operations Center, available at mitre.org/11Strategies.
SpeakerBio: Eric LippartEric Lippart has spent over 20 years deeply involved in cyber operations and engineering across the national security and financial services spaces. His early career in cyber started at MITRE, where he spent well over a decade supporting cyber operations and initiatives within the DoD and Intelligence Community before ultimately moving on to support the financial industry. He is a regular presenter at various security conferences, and has enjoyed contributing to numerous books, articles, white papers, and presentations on the topic of cyber operations. Eric is currently the Global Head of Cyber Operations at Manulife/John Hancock.
- ics Calendar file
White House National Security Council Senior Director for Cyber Alexei Bulazel will join AIxCC creator and Dartmouth Fellow Perri Adams in conversation on the AIxCC stage.
Speakers:Alexei Bulazel,Perri Adams
- ics Calendar file
Experience the thrill of flying a drone in our custom-built cage right on the showroom floor. This activity is designed for everyone to enjoy, from kids to adults. Fly mini drones around the cage and see how well you can control these agile little machines. It's a fun, interactive way to learn the basics of drone piloting in a safe environment.
- ics Calendar file
Join our Drone Hacking Workshop and get hands-on experience with hacking into drone microcontrollers. This three-step in-depth activity is designed to teach you about the vulnerabilities and security of autonomous systems. Using sample drones, participants will learn techniques used in government pen tests. This workshop is suitable for all skill levels, from beginners to advanced hackers. Come and test your skills in a real-world scenario and understand the intricacies of drone security.
- ics Calendar file
In the continuously evolving world of browser extensions, security remains a big concern. As the demand of feature-rich extensions increases, priority is given to functionality over robustness, which makes way for vulnerabilities that can be exploited by malicious actors. The danger increases even more for organizations handling sensitive data like banking details, PII, confidential org reports, etc. Damn Vulnerable Browser Extension (DVBE) is an open-source vulnerable browser extension, designed to shed light on the importance of writing secure browser extensions and to educate developers and security professionals about the vulnerabilities and misconfigurations that are found in browser extensions, how they are found, and how they impact business. This built-to-be-vulnerable extension can be used to learn, train, and exploit browser extension-related vulnerabilities.
SpeakerBio: Abhinav KhannaAbhinav is an information security professional with 6+ years of experience. Having worked at organisations like S&P Global and NotSoSecure, his area of expertise lies in web appsec, mobile appsec, API security, and browser extension security. He has spoken at multiple conferences like Black Hat Asia, Black Hat Europe, and Black Hat MEA. In his free time, he likes playing table tennis.
- ics Calendar file
Dyna is a full-spectrum Android security auditing framework designed to automate the OWASP MASTG checklist using both static and dynamic analysis. Built for red teams, appsec engineers, and mobile researchers, Dyna combines Frida, Drozer, PyGhidra, and ADB-based techniques into a modular pipeline that evaluates app permissions, exported components, crypto misuse, insecure storage, IPC abuse, native binary risks, and reverse engineering resilience. It can detect traversal, SQLi, hardcoded secrets, and debuggable builds, while reverse engineering .so files using Ghidra in headless mode. Dyna also features real-time logcat parsing and deep link/URL extraction to trace third-party leaks and misconfigurations. With colored output, structured reports, and an extensible architecture, Dyna turns OWASP MASTG from a checklist into a powerful automated testing workflow.
Speakers:Arjun "T3R4_KAAL" Chaudhary,Ayodele IbidapoArjun is a dedicated and certified cybersecurity professional with extensive experience in web security research, vulnerability assessment and penetration testing (VAPT), and bug bounty programs. His background includes leading VAPT initiatives, conducting comprehensive security risk assessments, and providing remediation guidance to improve the security posture of various organizations. With a Master's degree in Cybersecurity and hands-on experience with tools such as Burp Suite, Wireshark, and Nmap, he brings a thorough understanding of application, infrastructure, and cloud security. As a proactive and self-motivated individual, he is committed to staying at the forefront of cybersecurity advancements. He has developed specialized tools for exploiting and mitigating vulnerabilities and collaborated with cross-functional teams to implement effective security controls. His passion for cybersecurity drives him to continuously learn and adapt to emerging threats and technologies. He is enthusiastic about contributing to innovative security solutions and engaging with the broader security community to address complex cyber threats. He believes that the future of cybersecurity lies in our ability to innovate and adapt, and he is dedicated to making a meaningful impact in this field.
SpeakerBio: Ayodele IbidapoAyodele is a cybersecurity consultant and application penetration tester with over 15 years of experience strengthening enterprise security architecture, risk governance, and secure DevSecOps practices across finance, telecom, and manufacturing sectors. His expertise spans mobile, web, and containerized applications, where he developed taint flow analyzers, automated vulnerability discovery workflows, and built custom static and dynamic analysis tools to uncover complex security flaws. He holds a Master’s in Information Systems Security Management from Concordia University of Edmonton and a B.Eng. from the University of Portsmouth. His research on CVSS v2 environmental scoring was presented at IEEE’s international conference at MIT, and he continues to bridge deep technical testing with strategic design to deliver resilient, risk-informed solutions.
- ics Calendar file
In this interactive exercise, you’ll learn how easy it is nowadays to reverse engineer the apps that are used to configure and interact with IoT devices.
IoT hacking with no multimeter or soldering iron required!
- ics Calendar file
Eventually, a security researcher connects all dots and finds the source: compromised, abandoned AWS S3 buckets. The risk that researchers warned in the past materialized on a truly gigantic scale, 5155 buckets were affected.
Luckily, this incident has never happened. The buckets used in that hypothetical scenario were claimed by a security researcher and taken down by the Cloud provider.
In this talk, we will dissect the anatomy of such an attack. We will show that adversaries equipped with instruments of big data analysis and custom LLM-agents can take these scenarios to the next level by automating and scaling them. We will share statistical insights and 9 concrete stories illustrating potential victim profiles and attack vectors. Finally, we will discuss remediation actions that would eliminate the risk once and for all.
References:
SpeakerBio: Maksim ShudrakMaksim is an offensive security researcher and engineer with more than a decade of experience in red teaming, malware analysis, and exploit development complemented by a PhD in machine code vulnerability detection. He loves searching for complex large-scale issues in modern technologies and outlining their impact.
Maksim is an author of open-source tools for scanning cloud infrastructure, fuzzing, and dynamic malware analysis which he presented at various conferences such as DEF CON, VirusBulletin, and BlackHat Arsenal.
- ics Calendar file
Quantum security is mysterious, expensive, and locked behind corporate and academic walls. But hackers don't wait for permission to learn. What if you could build your own quantum hacking lab, right in your garage?
SpeakerBio: Yann AllainYann is a cybersecurity researcher, hardware hacker, and quantum security enthusiast with a background in electronics. After years of working in hardware security , he transitioned into quantum technologies , focusing on DIY approaches to breaking and securing quantum networks. His work emphasizes open-source learning, hands-on hacking, and making quantum security accessible to all.
- ics Calendar file
Come out and build EFF’s Rayhunter! ($10 materials fee EFF Donation)
- ics Calendar file
Empire 6.0 is the latest evolution of the Command and Control (C2) framework. This major release introduces powerful new capabilities, including Go-based agents for enhanced cross-platform compatibility, a completely overhauled Empire compiler for streamlined payload deployment, and an integrated plugin marketplace in Starkiller. Enhanced module systems, dynamic option handling, Beacon Object File integration, and advanced remote script execution further expand Empire's capabilities. Empire continues to provide cryptographically secure communications and direct integration with the MITRE ATT&CK framework to emulate real-world Advanced Persistent Threat tactics, techniques, and procedures. This demo lab will highlight these significant advancements and demonstrate Empire 6.0's state-of-the-art capabilities.
Speakers:Vincent "Vinnybod" Rose,Jake "Hubble" KrasnovVincent "Vinnybod" Rose is the Lead Developer for Empire and Starkiller. He is a software engineer with a decade of expertise in building highly scalable cloud services, improving developer operations, and automation. Recently, his focus has been on the reliability and stability of the Empire C2 server. Vinnybod has presented at Black Hat and has taught courses at DEF CON on Red Teaming and Offensive PowerShell. He currently maintains a cybersecurity blog focused on offensive security at https://www.bc-security.org/blog/.
SpeakerBio: Jake "Hubble" Krasnov, Red Team Operations Lead and Chief Executive Officer at BC SecurityJake "Hubble" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security, with a distinguished career spanning engineering and cybersecurity. A U.S. Air Force veteran, Jake began his career as an Astronautical Engineer, overseeing rocket modifications, leading test and evaluation efforts for the F-22, and conducting red team operations with the 57th Information Aggressors. He later served as a Senior Manager at Boeing Phantom Works, where he focused on aviation and space defense projects. A seasoned speaker and trainer, Jake has presented at conferences including DEF CON, Black Hat, HackRedCon, HackSpaceCon, and HackMiami.
- ics Calendar file
Hack your first embedded system! Sit down at our provided laptops and be guided through exploiting an IP camera, then learn how you can set up the emulated camera (and other devices) at home with Ludus!
- ics Calendar file
We will present a higher-level “rehosting” approach to the emulation of embedded Linux systems.
While most existing embedded Linux emulation frameworks work in userspace, we try not to touch userspace or modify a firmware image at all. Instead, we take a higher-level and somewhat “hybrid” approach, which involves building patched Linux kernels and using modified or custom QEMU machines. We do this to model the terrain of a system as closely as possible to that which a userspace firmware image expects, allowing userspace to run essentially unimpeded.
This approach involves a considerable amount of reverse-engineering of userspace binaries and libraries, alongside poring over whatever GPL code we can find, in order to write kernel patches, dummy drivers and make QEMU changes “reactively”. Our goal is to end up with a rehosting environment which, from the perspective of userspace, looks almost exactly like the real system.
References:
All the following provided inspiration, although our methodology is different: - Firmguide - Firmadyne - EMUX - Jetset
SpeakerBio: Sigusr PolkeSigusr Polke is the single-use pseudonym of a security researcher, who's spent a lot of time poking at embedded systems over the years.
- ics Calendar file
This workshop will cover the fundamentals of Transport Layer Security (TLS) version 1.3, the latest Encrypted Client Hello (ECH) extension, and its application as a Command and Control (C2) technique to bypass network defenses.
SpeakerBio: Jose PlascenciaJose is an experienced Red Teamer who dabbles in system administration, reverse engineering, and coding with Rust.
- ics Calendar file
EntraGoat is a deliberately vulnerable environment designed to simulate real-world security misconfigurations and attack scenarios in Microsoft Entra ID (formerly Azure Active Directory). Security professionals, researchers, and red teamers can leverage EntraGoat to gain hands-on experience identifying and exploiting identity and access management vulnerabilities, privilege escalation paths, and other security flaws specific to cloud-based Entra ID environments. EntraGoat is tailored specifically to help security practitioners understand and mitigate the risks associated with cloud identity infrastructures. The project provides a CTF-style learning experience, covering a range of misconfigurations, insecure policies, token abuses, and attack paths commonly exploited in real-world Entra ID breaches. By using EntraGoat, security teams can enhance their skills in Entra ID security, validate detection and response capabilities, and develop effective hardening strategies.
Speakers:Tomer Nahum,Jonathan ElkabasTomer is a security researcher at Semperis, where he works to find new attacks and how to defend against them in on-prem identity stacks such as Active Directory, as well as cloud identity systems. He was awarded Most Valuable Researcher (MVR) in 2023 by Microsoft Security Response Center (MSRC).
SpeakerBio: Jonathan ElkabasJonathan is a security researcher at Semperis, specializing in Entra ID and Active Directory security. With expertise in identity-based threats, he focuses on analyzing attack techniques, developing detection strategies, and enhancing defenses against evolving cyber threats. He actively contributes to the security community through research, threat intelligence sharing, and speaking engagements.
- ics Calendar file
Win bug bounty prize by escaping a game sandbox environment
- ics Calendar file
Google's Privacy Sandbox initiative aims to provide privacy-preserving alternatives to third-party cookies by introducing new web APIs. This talk will examine potential client-side deanonymization attacks that can compromise user privacy by exploiting vulnerabilities and misconfigurations within these APIs.
I will explore the Attribution Reporting API, detailing how debugging reports can bypass privacy mechanisms like Referrer-Policy, potentially exposing sensitive user information. I will also explain how destination hijacking, in conjunction with a side-channel attack using storage limit oracles, can be used to reconstruct browsing history, demonstrating a more complex deanonymization technique.
Additionally, I will cover vulnerabilities in the Shared Storage API, illustrating how insecure cross-site worklet code can leak data stored within Shared Storage, despite the API being deliberately designed to prevent direct data access. Real-world examples and potential attack scenarios will be discussed to highlight the practical implications of these vulnerabilities.
References:
SpeakerBio: Eugene "spaceraccoon" LimEugene Lim is a security researcher and white hat hacker. From Amazon to Zoom, he has helped secure applications from a range of vulnerabilities. His work has been featured at top conferences such as Black Hat, DEF CON, and industry publications like WIRED and The Register.
- ics Calendar file
El ciberengaño es un tipo de protección valiosa para detectar, interrumpir e influir en los adversarios dentro de una red. Sin embargo, definir planes de ciberengaño viables presenta desafíos importantes. Esta sesión proporciona una metodología estructurada para acotar esta brecha, permitiendo el diseño e implementación de actividades eficaces sobre entornos de producción.x000D x000D La presentación abarcará la siguiente metodología dividida en cuatro fases:x000D 1- Extracción de comportamientos: Comenzaremos examinando escenarios de ciberataques e informes de amenazas persistentes avanzadas (APT) para entender el tipo de extracción de TTP relevantes para el ciberengaño.x000D 2- Selección de criterios: Se debatirán los criterios que guiarán a la aplicación de las actividades de ciberengaño, centrándose en objetivos como la interrupción, el estímulo, la detección o la recopilación de información. Se hará hincapié en la importancia de establecer objetivos claros para aumentar la eficacia de las estrategias de engaño.x000D 3- TTP vs actividades de engaño: Aquí se explorarán distintos tipos de actividades para asignar las TTP extraídas y entender el papel de un Honeypot y sus alternativas. Se aprenderá a diseñar técnicas de engaño que se dirijan a vulnerabilidades específicas según criterios predefinidos.x000D 4- Diseño narrativo: Exploraremos el papel de la narrativa en el engaño, haciendo hincapié en la integración, la credibilidad y la interpretación. Buscaremos dejar claro el proceso para crear historias convincentes que contextualicen las actividades de engaño y respalden la estrategia general. Se compartirán ejemplos prácticos y casos reales cada una de las fases de la metodología. x000D x000D Los asistentes obtendrán información sobre los retos y las mejores prácticas de la implementación de estrategias de ciberengaño, incluyendo aplicaciones en el mundo real, errores comunes y tendencias futuras. x000D x000D Al final de la sesión, los asistentes tendrán una comprensión estructurada de una operación de ciberengaño.x000D x000D Esta presentación está basada y derivada de la experiencia obtenida sobre servicios para organizaciones, entrenamientos para comunidades (Ekoparty 2022 / 2023 / 2024), congresos académicos regionales (JAIIO 2024 / Argencon 2024)x000D x000D Además, de congresos reconocidos en ciberseguridad, entre los que se encuentran: x000D - Blackhat Arsenal USA 2024_x000D_ https://www.blackhat.com/us-24/arsenal/schedule/#dolos-t-deceptive-operations-lure-observe-and-secure-tool-38673_x000D_ x000D - RSA Conference 2025_x000D_ https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727157670597001cJuG_x000D_ x000D - FIRST Conference 2025_x000D_ https://www.first.org/conference/2025/program#pFrom-TTPs-to-Deception-Crafting-Strategies_x000D_ x000D - Blackhat Arsenal USA 2025_x000D_ https://www.blackhat.com/us-25/arsenal/schedule/index.html#buda-behavioral-user-driven-deceptive-activities-framework-45178_x000D_ x000D Gracias por el tiempo y la oportunidad de compartir
Speakers:Diego Staino,Fede PachecoCybersecurity professional with 14+ years of experience as Security and IT consultant. Certified Incident Handler (ECIH) with a degree in Information Security and Communications. Currently works as R&D+i Manager at BASE4 Security, where he leads the company's research and development initiatives.
SpeakerBio: Fede Pacheco, Cybersecurity Services Director, BASE4 SecurityCybersecurity professional with a background in electronic engineering and several industry-recognized certifications. 20+ years of teaching experience at the most prestigious universities in Argentina. 4 published books and +15 peer-reviewed research papers. Has worked in the public and private sectors, including regional roles in global companies.
- ics Calendar file
Vegas can be lame if you're under 21. We have board games, card games, and movies in a chill hang envinronment.
- ics Calendar file
Reverse engineering is the process of uncovering the principles, architecture, and internal structure of a piece of software or hardware. It can be used for various purposes, such as improving compatibility, enhancing security, understanding program behaviour, and even vulnerability research. However, reverse engineering can also be challenging, especially when dealing with complex and modern Windows binaries.
That’s why you need Ghidra, a powerful and open-source software reverse engineering framework developed by the National Security Agency (NSA). Ghidra can help you perform in-depth analysis of Windows binaries, using its rich set of features and tools. Whether you want to reverse engineer malware, understand software internals, or find vulnerabilities, Ghidra can handle it and this course will guide your steps.
In this course, you will learn how to use Ghidra effectively to reverse engineer Windows binaries. While Ghidra is at the heart of our curriculum, we go far beyond a simple user manual. This course is designed to help you master Windows reverse engineering techniques by using Ghidra as your primary tool. You will start with the basics of Ghidra, such as creating projects, importing and analyzing binaries, and using Ghidra’s native tools. You will then learn how to customize Ghidra to suit your needs, such as building custom data types and configuring optimal analysis. From there, you will complete progressive labs that will teach you to apply both static and dynamic analysis techniques to dive deep into Windows application behavior using Ghidra’s Windows-specific features and scripts.
Practical Exercises: - Reverse Engineering Windows Malware - Learn to statically analyze a Windows malware sample and identify its malicious behavior. - Dynamically Debugging a Windows RPC Server - Gain insight to into Windows RPC and learn how to dynamically inspect a Windows servers with Ghidra’s Debugger - Patch Diffing and Root Cause Analysis of a Windows CVE - Learn how to use Ghidra’s Patch Diffing to compare two versions of a Windows binary and identify the changes made to fix a vulnerability and find its root cause.
SpeakerBio: John McIntosh, Security Researcher and Lead Instructor at @clearseclabsJohn McIntosh @clearbluejar is a security researcher and lead instructor @clearseclabs, a company that offers hands-on training and consulting for reverse engineering and offensive security. He is passionate about learning and sharing knowledge on topics such as binary analysis, patch diffing, and vulnerability discovery. He has created several open-source security tools and courses, which are available on his GitHub page. He regularly blogs about his research projects and experiments on his [website] (https://clearbluejar.github.io), where you can find detailed write-ups on reversing recent CVEs and building RE tooling with Ghidra. With over a decade of offensive security experience, speaking and teaching at security conferences worldwide, he is always eager to learn new things and collaborate with other security enthusiasts.
- ics Calendar file
Reverse engineering is the process of uncovering the principles, architecture, and internal structure of a piece of software or hardware. It can be used for various purposes, such as improving compatibility, enhancing security, understanding program behaviour, and even vulnerability research. However, reverse engineering can also be challenging, especially when dealing with complex and modern Windows binaries.
That’s why you need Ghidra, a powerful and open-source software reverse engineering framework developed by the National Security Agency (NSA). Ghidra can help you perform in-depth analysis of Windows binaries, using its rich set of features and tools. Whether you want to reverse engineer malware, understand software internals, or find vulnerabilities, Ghidra can handle it and this course will guide your steps.
In this course, you will learn how to use Ghidra effectively to reverse engineer Windows binaries. While Ghidra is at the heart of our curriculum, we go far beyond a simple user manual. This course is designed to help you master Windows reverse engineering techniques by using Ghidra as your primary tool. You will start with the basics of Ghidra, such as creating projects, importing and analyzing binaries, and using Ghidra’s native tools. You will then learn how to customize Ghidra to suit your needs, such as building custom data types and configuring optimal analysis. From there, you will complete progressive labs that will teach you to apply both static and dynamic analysis techniques to dive deep into Windows application behavior using Ghidra’s Windows-specific features and scripts.
Practical Exercises: - Reverse Engineering Windows Malware - Learn to statically analyze a Windows malware sample and identify its malicious behavior. - Dynamically Debugging a Windows RPC Server - Gain insight to into Windows RPC and learn how to dynamically inspect a Windows servers with Ghidra’s Debugger - Patch Diffing and Root Cause Analysis of a Windows CVE - Learn how to use Ghidra’s Patch Diffing to compare two versions of a Windows binary and identify the changes made to fix a vulnerability and find its root cause.
SpeakerBio: John McIntosh, Security Researcher and Lead Instructor at @clearseclabsJohn McIntosh @clearbluejar is a security researcher and lead instructor @clearseclabs, a company that offers hands-on training and consulting for reverse engineering and offensive security. He is passionate about learning and sharing knowledge on topics such as binary analysis, patch diffing, and vulnerability discovery. He has created several open-source security tools and courses, which are available on his GitHub page. He regularly blogs about his research projects and experiments on his [website] (https://clearbluejar.github.io), where you can find detailed write-ups on reversing recent CVEs and building RE tooling with Ghidra. With over a decade of offensive security experience, speaking and teaching at security conferences worldwide, he is always eager to learn new things and collaborate with other security enthusiasts.
- ics Calendar file
Voting is complicated. Vendors attempt to manage this complexity with complex voting systems made of bespoke software and hardware. Testing and certification provide at best some confidence that a voting system is properly designed; they are not capable of providing confidence any particular election outcome produced with that system is correct. In 2007 John Wack and I introduced the notion of software independence to refocus attention on the evidence produced by a voting system, instead of on the correctness of the voting system itself. A voting system is software-independent if "an undetected change or error in its software cannot cause an undetectable change or error in an election outcome.'' Software independence is mandated by the VVSG; all new federally-certified voting systems must now be software independent. In this talk I give some perspective on voting systems, with an emphasis on voting systems for U.S. elections, and on software independence. Some areas for future research are also discussed.
SpeakerBio: Ron Rivest, Massachusetts Institute of TechnologyDr. Ronald Rivest is an Institute Professor at the Massachusetts Institute of Technology (MIT), and a member of MIT's Department of Electrical Engineering and Computer Science and its Computer Science and Artificial Intelligence Laboratory. He is a cryptographer and computer scientist whose work has spanned the fields of algorithms and combinatorics, cryptography, machine learning, and election integrity. Along with Adi Shamir and Len Adleman, Rivest is one of the inventors of the RSA algorithm. He is also the inventor of the symmetric key encryption algorithms RC2, RC4, and RC5, and co-inventor of RC6. (RC stands for "Rivest Cipher".) He also devised the MD2, MD4, MD5 and MD6 cryptographic hash functions. Rivest's more recent research has been election security, based on the principle of software independence: that the security of elections should be founded on physical records, so that hidden changes to software used in voting systems cannot result in undetectable changes to election outcomes. His research in this area includes improving the robustness of mix networks in this application, the 2006 invention of the ThreeBallot paper ballot based end-to-end auditable voting system (which he released into public domain in the interest of promoting democracy), and the development of the Scantegrity security system for optical scan voting systems. He was a member of the Election Assistance Commission's Technical Guidelines Development Committee. He is a Member of the National Academy of Engineering, a Fellow of the ACM, and a Member, American Academy of Arts and Sciences. In 2002, along with colleagues Shamir and Adleman, he was awarded the A. M. Turing Award.
- ics Calendar file
This interactive workshop explores the history and evolution of draining attacks across major blockchains such as Ethereum, Solana, and TON. Participants will witness live demonstrations of various draining techniques, from early ERC-20 approval abuse to sophisticated token spoofing. Learn to recognize, trace, and defend against these exploits while discussing popular laundering methods and current security measures. A final group challenge will involve tracking an attacker's wallet and evaluating how to recover stolen funds.
Speakers:utvecklas,GeorgeUtvecklas is a computer scientist and privacy advocate who has integrated cryptocurrency into online businesses since 2016. Over time, cryptocurrency itself became his primary interest. Outside of work, his research specializes in exploits — whether past, ongoing, or potential.
SpeakerBio: GeorgeGeorge is a cryptocurrency enthusiast who has been actively involved in the space since 2018. With a focus on crypto marketing and security, he has successfully launched multiple projects aimed at improving both user adoption and safety. George is passionate about bridging the gap between complex technologies and mainstream audiences.
- ics Calendar file
- ics Calendar file
Get ready to blow your mind (and maybe even some stack bounds) as we explore the art of buffer overflows! In this beginner-friendly talk, we'll take you on a journey through the basics of buffer overflows. We'll cover what they are and why they're a problem with hands-on examples demonstrating how to create and exploit them. You'll learn the fundamentals of stack-based exploits, including how to write vulnerable code and how to find vulnerabilities in others' code. We'll cover it all in a clear and concise way, so you can get started on your path to learning about memory corruption. And don't worry, we won't leave you hanging, we'll also provide you with practical tips and tricks for defending against these attacks. So, if you're ready to learn more about security and get a solid foundation in buffer overflows, join us for "Exploiting Expectations"!
SpeakerBio: sjzhu, Arizona State University
- ics Calendar file
You like hacking public cloud services? In this workshop we will hack most of the relevant AWS services that can be hacked without prior credentials. Where applicable, there will be multiple and differently misconfigured resources for each service. What you need: Laptop with AWS CLI version 2 installed (UNIX terminal is recommended) Tools: jq, terraform/opentofu, docker, coldsnap, mysql, CloudShovel Your own AWS account to launch attacks from
To maximize the number of hacker resources, participants will get a playbook to follow if they want. The structure of the workshop is: short demo section followed by hands-on hacking and ending with Q&A.
Let's hack some cloud!
SpeakerBio: Eduard Agavriloae
- ics Calendar file
I will demonstrate how it’s possible to approach the Web3 bug bounty ecosystem just by exploiting off-chain bugs and vulnerabilities in the JavaScript ecosystem. This talk will explore the current state of this field through real-world examples I’ve reported on bug bounty platforms, which contributed to my achieving the top 10 global rank on the HackenProof platform.
We'll begin with bugs I discovered in a JavaScript sandbox used by a Web3 social platform and a Web3 website. The first involved a misconfiguration of DOMPurify, where developers attempted to filter links. I’ll show how I exploited this by tricking DOMPurify into treating a malicious javascript: URI as a safe link. The talk will also cover a 0-day vulnerability I found in another sanitization library used within the sandbox.
The final two bypasses involve React's global ""is"" attribute. Although the developers had blocked this attribute due to its XSS potential, I will show how I bypassed the protection by exploiting a prototype pollution vulnerability in a library exposed inside the sandbox. This, combined with specific new gadgets inside React, allowed me to pass the is attribute and achieve XSS.
All of these issues could lead to account takeover and were classified as high severity. I will also discuss the broader impact of XSS vulnerabilities on Web3 platforms, particularly the risk posed when wallets are connected.
SpeakerBio: Bruno "BrunoModificato" HalltariBruno is a security researcher with a background in Web2, specializing in client-side vulnerabilities. he has conducted extensive audits and research on topics such as popular wallets and sandbox environments. He is currently ranked in the top 10 on the HackenProof bug bounty platform worldwide and has reported vulnerabilities through HackerOne to platforms such as Zoom and MetaMask.
- ics Calendar file
Prove your air combat superiority. Only the sharpest contenders will win the limited edition F-35 PCB badge, a symbol of your elite technical skills. Test your wits, and aerospace savvy in this exclusive showdown to earn your wings in the ultimate test of aerospace analytic problem solving. Challenges drop all weekend long.
- ics Calendar file
Entropy is a foundation to most security systems; yet it's often the most opaque and overlooked component. Many cryptographic systems run on unverified or low-assurance randomness, exposing to vulnerabilities that may go unnoticed for a long time. This talk explores how we can use advanced technologies to implement runtime entropy observability, direct from hardware and beyond simple statistical verifications. We will focus on how we can move away from black-box entropy designs to open, transparent and verifiable entropy designs.
SpeakerBio: Carlos Abellan, CEO and Co-founder at QusideCarlos Abellan is CEO and cofounder of Quside. Before spinning off the company in 2017, he was a scientist at ICFO, where he obtained his PhD in photonic and quantum technologies. His research focused on exploiting quantum effects to generate and measure randomness, leading to novel results such as the first photonic integrated quantum entropy source and a new methodology to quantify entropy. He has published over 20 scientific papers and is co-inventor on more than 10 patent families. Originally from Barcelona, he holds a bachelor’s degree in telecommunication engineering from the Polytechnic University of Catalonia (UPC) and a master’s degree in photonics from a consortium of European universities.
- ics Calendar file
Every time the lights go out, the speculation begins—was it cyber? Squirrels? Was it an attack? But often, the real story behind grid disturbances isn’t malicious code—it’s uncontrolled chaos, born from the physical behavior of a rapidly evolving power system.
This session takes a deep dive into that chaos, exploring how subtle interactions in electric grids—like oscillations—can spiral into large-scale instability. These low-frequency oscillations are increasingly common in the bulk electric system, yet are explainable. They emerge from control design, network conditions, and energy physics—not adversarial action, and the lights going off is usually a sign the system has actually acted as it should in protecting itself from damage. Equipment failures are also spectacular, but common. Its tempting to tie big fires to bad cyber, but in reality – the failures are almost always in the planning for the event, or recovery.
We’ll dissect real-world events like the Iberian Peninsula blackout, where what looked like a grid failure may have actually revealed a quiet success: a functional blackstart scenario, where system operators re-energized the grid under extreme stress. But that nuance was lost in the noise, as media and analysts scrambled for cyber scapegoats. We’ll also explore the London transformer fire, a failure in planning for an outage, and technical scrutiny of Chinese-manufactured inverter components with alleged kill switches inserted, illustrating how physical system dynamics—often create the most dramatic disruptions.
This talk fuses power system engineering, ICS cybersecurity, and operational storytelling to reframe how we interpret complex events. It’s a call to replace fear with facts—and to find meaning in the chaos, not just blame.
Dr. Emma M. Stewart, is a respected power systems specialist with expertise in power distribution, critical energy delivery, modeling and simulation, as well as operational cybersecurity. She holds a Ph.D. in Electrical Engineering and an M.Eng. degree in Electrical and Mechanical Engineering. Emma is Chief Scientist, Power Grid at INL currently and leads activities in supply chain consequence analysis for digital assurance in particular for energy storage and system level programs. Throughout her career, Dr. Stewart has made significant contributions to the field of power systems, receiving patents for innovations in power distribution systems and consequence analysis for cyber and physical events. Her responsibilities over her 20 year career have also included providing electric cooperatives with education, training, information sharing, incident support, technology integration, and R&D services in energy integration, resilience and grid planning and microgrid technologies.
- ics Calendar file
Taiwan stands on the frontlines of digital warfare under the sea. This high-profile panel, led by the Deputy Minister of Digital Affairs of Taiwan will feature a gripping discussion on the silent battles waged beneath the sea. From sabotage of undersea infrastructure to the geopolitics of cyber-resilience, panelists will recall the threats and Taiwan's efforts to defend. Don’t miss this rare opportunity to explore the technical and political dimensions of the new global dynamic -- the digital blockade.
Speakers:Jason Vogt,Shin-Ming ChengJason Vogt is an assistant professor in the Strategic and Operational Research Department, Center for Naval Warfare Studies at the United States Naval War College. Professor Vogt is a cyber warfare and wargaming expert. He has participated in the development of multiple wargames at the United States Naval War College. He previously served on active duty as an Army officer.
SpeakerBio: Shin-Ming Cheng, Taiwan Ministry of Digital AffairsProf. Shin-Ming Cheng received his B.S. and Ph.D. degrees in computer science and information engineering from National Taiwan University, Taipei, Taiwan, in 2000 and 2007, respectively. Since 2022, he serves as the Deputy Director-General in Administration of Cyber Security, Ministry of Digital Affairs. He was a Post-Doctoral Research Fellow at the Graduate Institute of Communication Engineering, National Taiwan University, from 2007 to 2012. Since 2012, he has been on the faculty of the Department of Computer Science and Information Engineering, National Taiwan University of Science and Technology, Taipei, where he is currently a professor. Since 2017 to 2022, he has been with the Research Center for Information Technology Innovation, Academia Sinica, Taipei, where he was currently a Joint Appointment Research Fellow.
- ics Calendar file
The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. You can engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, hardware, and software components.
This is ideal for security practitioners seeking to refine their IoT pentesting skills in a controlled, competitive setting.
SpeakerBio: Larry Pesce
- ics Calendar file
The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. You can engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, hardware, and software components.
This is ideal for security practitioners seeking to refine their IoT pentesting skills in a controlled, competitive setting.
SpeakerBio: Larry Pesce
- ics Calendar file
Mr. Moss is an internet security expert and is the founder of Both the Black Hat Briefings and DEF CON Hacking conferences.
SpeakerBio: Paul M. Nakasone, , General, US Army (Ret.)General Paul M. Nakasone, a retired U.S. Army four-star general, serves as the Founding Director of Vanderbilt University's Institute of National Security.
From 2018 to 2024, General Nakasone led U.S. Cyber Command and the National Security Agency, overseeing national cyber defense and global signals intelligence operations. A career military leader with more than three decades of experience, he has commanded at all levels, with deployments to Iraq and Afghanistan, and has held key intelligence and joint staff roles.
A recognized authority on cyber operations and national security, General Nakasone continues to advance dialogue and research on emerging global security challenges, inspiring innovation and leadership in this critical field.
- ics Calendar file
For more than five years, firewall vendors have been under persistent, cyclical struggle against a well-resourced and relentless China-based adversary that has expended considerable resources developing custom exploits and bespoke malware expressly for the purpose of compromising enterprise firewalls in customer environments. In this first-of-its-kind presentation, Andrew Brandt will walk attendees through the complete history of the campaign, detailing the full scope of attacks and the countermeasures one firewall vendor developed to derail the threat actors, including detail into the exploits targeting specific firewalls, and malware deployed inside the firewalls as a result of these attacks.
Fundamental to this presentation is the fact that the adversary behind this campaign has not targeted only one firewall vendor: Most of the large network security providers in the industry have been targeted multiple times, using many of the same tactics and tools. So this serves not merely as a warning to the entire security industry, but as an urgent call to the companies that make up this industry to collectively combat this ongoing problem. Because at the end of the day, we all face the same threat, and we cannot hope to withstand the tempo and volume of these attacks alone. We must work together.
References:
SpeakerBio: Andrew "Spike" BrandtAndrew Brandt is a former investigative journalist who switched careers to work in information security in 2007. He is an experienced malware analyst, network forensicator, and cyberattack untangler, who seeks to prevent cybercriminals from being able to victimize others. He has served as the director of threat research or as a principal researcher at several large cybersecurity companies, and currently serves on the board of World Cyber Health, the parent organization that operates the Malware Village at Defcon and other conferences. As the executive director of Elect More Hackers, he is active in cybersecurity and technology policy, and seeks to recruit likeminded folks to run for elected office. He lives in Boulder, Colorado.
- ics Calendar file
In this challenge, participants are given an encrypted firmware image for a D-Link access poitn alone with its publicly available GPL release.
The objective is to decrypt the firmware using clues from open source files.
This is a realistic test of practical reverse engineering and firmware analysis skills, with a focus on identifying overlooked assumptions in standard tooling.
- ics Calendar file
It's no secret that embedded devices are rife with security bugs just waiting to be found. However, vendors increasingly encrypt their firmware to prevent analysis by researchers, professionals, and inquisitive minds. In this talk, we examine common encryption techniques in real-world devices and how to crack the code—with or without hardware.
SpeakerBio: Craig Heffner, Senior Staff Enigneer at NetRise
- ics Calendar file
AppSec Village is proud to present our DEF CON Contest in partnership with SecDim.
Unlike a typical CTF, this contest rewards the players who fix security vulnerabilities. You can choose between secure coding challenges or competing against other players in an Attack & Defence AppSec challenge, where you need to secure your app before being given a chance to hack other players’ apps😈. You can also develop your own AppSec challenge by following the challenge contribution guidelines. All approved challenges will be hosted during AppSec Village @ DEF CON.
There are two categories of winners: - The player with the highest total points by the end of the event (August 10 at noon PDT) - The best-contributed challenge submission
The Award Ceremony will be held at 12:45 PM PDT in the AppSec Village on August 10.
- ics Calendar file
Interested in malware analysis, reverse engineering, or offensive security? You know setting up a dedicated Windows analysis virtual machine is crucial, but manually installing and configuring countless tools is incredibly time-consuming and complex. Attend this 30-minute demo to discover FLARE-VM, the powerful open-source solution from Mandiant (now part of Google Cloud) that automates this entire process. See firsthand how FLARE-VM drastically simplifies the creation of a comprehensive analysis VM packed with essential reversing and malware analysis tools. Learn why having a ready-to-go analysis environment is indispensable for so many technical cybersecurity roles and how FLARE-VM jump-starts your build!
Speakers:Joshua "jstrosch" Stroschein,Elliot ChernofskyJoshua is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. He is an accomplished trainer, providing training at places such as Ring Zero, Black Hat, DEF CON, ToorCon, Hack In The Box, SuriCon, and other public and private venues. He is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and other security related topics.
SpeakerBio: Elliot ChernofskyElliot is a senior reverse engineer on Mandiant's FLARE team. Prior to joining the team, he worked as a software reverse engineer and vulnerability researcher for the Department of Defense. He received his master’s in computer science from Georgia Tech and a bachelor’s in electrical engineering from the University of South Florida. Outside of work he enjoys hiking, ping pong, and searching for the strongest coffee on the planet.
- ics Calendar file
Traditional RFID badge cloning methods require you to be within 3 feet of your target. So how can you conduct a physical penetration test and clone a badge without interacting with a person? Companies have increasingly adopted a hybrid work environment, allowing employees to work remotely, which has decreased the amount of foot traffic in and out of a building at any given time. This session discusses two accessible, entry-level hardware designs you can build in a day and deploy in the field, along with the tried-and-true social engineering techniques that can increase your chances of remotely cloning an RFID badge.
Langston and Dan discuss their Red Team adventures using implant devices, a Flipper Zero and an iCopy-X. As a bonus the two will explain how to perform a stealthy HID iClass SE/SEOS downgrade and legacy attack! This presentation is supplemented with files and instructions that are available for download in order to build your own standalone gooseneck reader, wall implant and clipboard cloning devices!
Speakers:Langston Clement,Dan GogaLangston grew up reading stories about the 90’s hacker escapades, and after years of observing the scene, he jumped into the cybersecurity field and never looked back. With over fifteen (15) years of public and private sector experience in cybersecurity and ethical hacking, he aims to provide organizations with valuable and actionable information to help improve their security posture. Langston’s specializations focus on modern-day social engineering techniques, wireless and RFID attacks, vulnerability analysis, and physical penetration testing.
SpeakerBio: Dan GogaDan Goga serves as a Principal Consultant with NRI focused on conducting penetration testing and vulnerability assessments. Dan Goga has eight years of information security experience in the public, private, and academic sectors. Dan has extensive knowledge and experience with RFID hacking, phishing techniques, social engineering techniques, and penetration testing.
- ics Calendar file
BIC works hard to give more bad days to bad actors. Luckily, threat actors move to a certain rhythm, and following it can be just what you need to give them more blues. This session will demonstrate Domain Intelligence Analysis, a newly discussed concept from our investigations team that equips the audience to efficiently use DNS artifacts to protect their organization. Whether preventing a potential threat or responding to an existing one, DNS can support specific actions that make achieving these goals easier.
Domain Intelligence Analysis informs incident response efforts and can shape detection engineering to identify and investigate threats earlier—when context is more valuable. These techniques will be supported with examples of domain and infrastructure discoveries made by our research team, some of which were featured in the 2025 Trends in Malicious Infrastructure report, created with support from two Black practitioners. These examples show how quickly domains can be discovered before they become public IOCs.
Join this presentation to identify relevant IOCs faster and enable more informed, timely investigations into cybercrime.
SpeakerBio: Malachi WalkerMalachi Walker, DomainTools Security Advisor, has experience in information security, from DNS to crime and conflict in cyberspace to cybersecurity governance and cybersecurity program and design. At DomainTools, he applies this background to help organizations understand the threat landscape, especially in the area of malicious online infrastructure through advocacy of the company’s growing portfolio of investigative and proactive cyber defense offerings. Prior to DomainTools, he worked in FTI Consulting’s Cybersecurity practice and led product and brand protection efforts at WhiteHawk Inc. Malachi earned his Master’s with a concentration in Cybersecurity Management at Virginia Polytechnic Institute and State University.
- ics Calendar file
The Ham Radio Village is excited to return to DEF CON 33, offering you the opportunity "Access Everything" by gaining you access to the airwaves though free amateur radio license exams! Ham radio has a long history with ham radio operators being considered the original electronic hackers, innovating long before computers, integrated circuits, or even transistors were invented. The Ham Radio Village keeps this spirit alive by providing free ham radio license exams at DEF CON.
In today's world, wireless communication is essential. A fundamental understanding of radio technology is more important than ever. Earning your amateur radio license opens the door to the world of amateur radio, providing you with valuable knowledge of radio frequency (RF) technology. This knowledge can be applied to a wide range of other RF-related topics, including RFID credentials, Wi-Fi, and other wireless communication systems.
Registration is required and can be completed anytime before taking the exam.
Exams are drop-in and you can show up ant anytime during the testing window until 45 minutes before the end of the exam session (to allow ample time for testing, grading, and paperwork).
One registration covers you for the whole weekend -- no need to pick a specific day.
- ics Calendar file
We know DEF CON and Vegas can be a lot. If you're a friend of Bill W who's looking for a meeting or just a place to collect yourself, DEF CON 33 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in W301.
- ics Calendar file
We know DEF CON and Vegas can be a lot. If you're a friend of Bill W who's looking for a meeting or just a place to collect yourself, DEF CON 33 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in W301.
- ics Calendar file
Create a custom bracelet to wear or trade, each featuring a special bead with a hidden message or symbol of empowerment. This tactile, low-key activity is perfect for starting conversations and forming connections across the community. No crafting experience needed, just good vibes and open hands. Join us during this hour for a WISP bead to add to your bracelet!
- ics Calendar file
Purple teaming is no longer just about red meets blue, it is about shared intelligence, continuous collaboration, and realistic adversary emulation. In this panel, we explore how modern security teams are moving from siloed operations to unified strategies that reflect how real attackers operate. By rethinking purple teaming as a proactive, intelligence-driven discipline, organizations can uncover detection gaps, improve response times, and drive measurable improvements in their defenses. Join us as we unpack how aligning offensive and defensive teams unlocks the full potential of purple teaming and leads to lasting security impact.
Speakers:Adam Pennington,Sydney Marrone,Lauren Proehl,NikhilAdam Pennington leads ATT&CK at The MITRE Corporation and collected much of the intelligence leveraged in creating ATT&CK’s initial techniques. He has spent much of his 15 years with MITRE studying and preaching the use of deception for intelligence gathering. Prior to joining MITRE, Adam was a researcher at Carnegie Mellon's Parallel Data Lab and earned his BS and MS degrees in Computer Science and Electrical and Computer Engineering from Carnegie Mellon University. Adam has presented and published in several venues including FIRST CTI, USENIX Security, DEF CON, and ACM Transactions on Information and System Security.
SpeakerBio: Sydney Marrone, Threat hunter at SplunkSydney is a threat hunter, co-author of the PEAK Threat Hunting Framework, and co-founder of THOR Collective. A proud thrunter, she is dedicated to advancing the craft of threat hunting through hands-on research, open-source collaboration, and community-driven initiatives like HEARTH (Hunting Exchange And Research Threat Hub). When not hunting threats, she’s crafting content for THOR Collective Dispatch, lifting weights, and keeping the hacker spirit alive.
SpeakerBio: Lauren Proehl, Global Head of Detection and Response at Marsh McLennan, Co-Founder at THOR CollectiveLauren Proehl is the Global Head of Detection and Response at Marsh McLennan. She is an experienced incident responder and threat hunter who has helped identify and mitigate cyber adversaries in Fortune 500 networks. After leading investigations ranging from data breaches to targeted attacks, she now works to define some part of the limitless unknowns in cyberspace and make cybersecurity less abstract, and more tangible. Lauren sits on the CFP board for BSides Kansas City, heads up SecKC parties, and tries to escape computers by running long distances in the woods.
SpeakerBio: Nikhil, Founder at Altered SecurityNikhil’s areas of interest include red teaming, Azure and active directory security, attack research, defense strategies and post exploitation research. He has 15+ years of experience in red teaming.
He specializes in assessing security risks in secure environments that require novel attack vectors and "out of the box" approach. He has worked extensively on Azure, Active Directory attacks, defense and bypassing detection mechanisms. Nikhil has held trainings and bootcamps for various corporate clients (in US, Europe and SE Asia), and at the world's top information security conferences.
He has spoken/trained at conferences like DEF CON, BlackHat, BruCON and more.
Nikhil is the founder of Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/
- ics Calendar file
What started as a weekend gaming session and a friendly dare evolved into discovering critical vulnerabilities affecting OpenVPN endpoints on a global scale.x000D This talk demonstrates a comprehensive reconnaissance methodology that combines traditional OSINT techniques with modern cloud-based intelligence gathering to map and exploit critical infrastructure at scale.x000D x000D The presentation follows a complete attack chain that showcases advanced reconnaissance techniques:x000D x000D Phase 1: Intelligence Discovery & Infrastructure Mapping_x000D_ 1. VirusTotal RetroHunt OSINT: Writing custom YARA signatures to discover 50+ vulnerable drivers across the internet, demonstrating how one vulnerability discovery can reveal widespread systemic issues_x000D_ 2. Supply Chain Intelligence: OSINT techniques to identify that OpenVPN (the world's most popular open-source VPN) was the common denominator, affecting thousands of companies and numerous endpoints_x000D_ 3. Target Profiling: Understanding OpenVPN's multi-process architecture, plugin mechanisms, and Windows internals through open-source research_x000D_ x000D Phase 2: Remote Reconnaissance & Credential Harvesting_x000D_ 1. Network Enumeration: SMB enumeration, null session exploitation, and remote named pipe discovery_x000D_ 2. Credential Intelligence: Capturing NTLMv2 hashes through network reconnaissance and social engineering techniques_x000D_ 3. Cloud-Powered Cracking: Leveraging cloud GPU infrastructure (VAST.AI + Hashcat) to crack enterprise credentials at scale, demonstrating how modern attackers use accessible cloud resources_x000D_ x000D Phase 3: Remote-to-Local Attack Chain_x000D_ 1. Remote Code Execution: Using UNC paths and OpenVPN's plugin mechanism to execute code remotely_x000D_ 2. Local Privilege Escalation: "Open Potato" attack - exploiting named pipe hijacking and Windows impersonation for LPE_x000D_ 3. Security Product Bypass: Bring Your Own Vulnerable Driver (BYOVD) techniques to achieve kernel code execution and bypass security solutions_x000D_ x000D Reconnaissance Applications:x000D The methodologies demonstrated can be repurposed for legitimate security activities:x000D 1. Red Team Operations: Comprehensive target profiling and credential harvesting techniques_x000D_ 2. Bug Bounty Research: Systematic vulnerability discovery across software ecosystems x000D 3. Threat Intelligence: Understanding how threat actors chain reconnaissance techniques_x000D_ 4. Infrastructure Assessment: Mapping organizational VPN deployments and security postures_x000D_ x000D The talk includes live demonstrations of:x000D - Custom YARA signature development for vulnerability hunting_x000D_ - Cloud-based credential cracking workflows x000D - Remote service enumeration and exploitation_x000D_ - Building comprehensive target profiles through passive reconnaissance_x000D_ - Security product evasion techniques applicable to red team scenarios_x000D_ x000D Attendees will learn practical reconnaissance methodologies that can be immediately applied to their own security research, with emphasis on the intelligence gathering processes that enable sophisticated attack chains.
SpeakerBio: Vladimir TokarevVladimir Tokarev is a seasoned senior security researcher, specializing in IoT/OT, Windows, and Linux vulnerabilities research. With extensive experience in cybersecurity, Vladimir has demonstrated a keen ability to identify and address critical security issues in various systems.x000D In 2023, Vladimir presented his research titled "CoDe16: 16 Zero-Day Vulnerabilities Affecting CODESYS Framework, Leading to Remote Code Execution on Millions of Industrial Devices Across Industries" at Black Hat. This comprehensive study focused on vulnerabilities within the widely used CODESYS framework, revealing potential risks to industrial devices across different sectors. Vladimir's meticulous analysis uncovered a total of 31 new vulnerabilities, highlighting the importance of proactive security measures in OT environments.x000D In addition to his research on CODESYS, Vladimir has contributed to enhancing security in other critical systems. He discovered two new vulnerabilities in the Windows Driver of Foxboro DCS Control Core Services and one new vulnerability in SFPMONITOR.SYS, a component used by SonicWall products. Furthermore, Vladimir has identified vulnerabilities in TP-Link products.x000D twitter: @G1ND1L4
- ics Calendar file
Leaders and program managers from the Advanced Research Projects Agency for Health (ARPA-H) discuss how the agency’s programs are using AI to advance better health outcomes, from securing patient data to discovering new cures and improving health care access.
Speakers:Jennifer Roberts,Andy Kilianski,Ross Uhrich,Andrew CarneyAndrew Carney, Program Manager, AI Cyber Challenge, DARPA and Program Manager, Resilient Systems, Advanced Research Projects Agency - Health (ARPA-H)
Andrew Carney is program manager for the DARPA AI Cyber Challenge (AIxCC) and a program manager at the Advanced Research Projects Agency for Health (ARPA-H) where he leads programs and projects to improve health cybersecurity.
Carney was previously a technical advisor and contractor for the Defense Advanced Research Projects Agency (DARPA). At DARPA, he supported research efforts focused on reverse engineering, program analysis, human-machine teaming, and automated program repair. Carney has over 15 years of experience in software and hardware vulnerability research, technical education and training, and Capture the Flag (CTF) competitions. He holds a master’s degree in computer science from The Johns Hopkins University.
- ics Calendar file
This year at Rapid7’s hands-on hardware hacking lab, you’ll dive in deep to gain root access on an IoT.
Using tools like Flashrom and Hexedit, we’ll guid you through dumping SPI flash, modifying firmware dump to force single user mode, and using UART to interact with the target.
Then we’ll rebuild the environment, load drivers, and regain full acess – finishing with modifying the “CORRECT” root password file to take complete control.
- ics Calendar file
This hands-on workshop teaches you how to track current threat actor activity, build emulation plans from real-world intelligence, and test them safely to improve your organization’s defenses. You'll learn how to gather and interpret TTPs using open-source tools like VirusTotal, ANY.RUN, and MalwareBazaar, then turn that into executable emulation using tools like CALDERA or Atomic Red Team. We’ll finish by analyzing your test results and identifying where your detections and policies may fall short.
SpeakerBio: Roxey Davis, Cybersecurity Storyteller | COO, Women's Society of Cyberjutsu | GRC Security Analyst | Threat Intel Enthusiast & Inclusive Defense AdvocateRoxey Davis is a passionate cybersecurity leader, storyteller, and advocate for inclusive defense. With a background in Security Operations, Threat Intelligence, and Governance, Risk, and Compliance (GRC), they specialize in turning complex threats into collaborative learning opportunities for all skill levels. Currently serving as a GRC Security Analyst and the Chief Operating Officer of the Women's Society of Cyberjutsu, Roxey helps create spaces where underrepresented voices can lead, learn, and thrive.
Their work bridges technical expertise with empathy-driven strategy, focusing on threat-informed defense, insider risk, and building communities where defenders support each other like a well-formed pack. Whether coordinating purple team exercises, launching mentorship programs, or gamifying security awareness, Roxey believes cybersecurity isn’t just about tools — it’s about people, purpose, and preparing before the full moon rises. They’ve spoken at BsidesNOLA and are known for their creative, interactive sessions that blend storytelling, threat models, and the occasional supernatural metaphor.
- ics Calendar file
- ics Calendar file
Gaining initial access to an intranet is one of the most challenging parts of red teaming. If an attack chain is intercepted by an incident response team, the entire operation must be restarted. In this talk, we introduce a technique for gaining initial access to an intranet that does not involve phishing, exploiting public-facing applications, or having a valid account. Instead, we leverage the use of stateless tunnels, such as GRE and VxLAN, which are widely used by companies like Cloudflare and Amazon. This technique affects not only Cloudflare's customers but also other companies.
Additionally, we will share evasion techniques that take advantage of company intranets that do not implement source IP filtering, preventing IR teams from intercepting the full attack chain. Red teamers could confidently perform password spraying within an internal network without worrying about losing a compromised foothold. Also, we will reveal a nightmare of VxLAN in Linux Kernel and RouterOS. This affects many companies, including ISPs. This feature is enabled by default and allows anyone to hijack the entire tunnel, granting intranet access, even if the VxLAN is configured on a private IP interface through an encrypted tunnel. What's worse, RouterOS users cannot disable this feature. This problem can be triggered simply by following the basic VxLAN official tutorial. Furthermore, if the tunnel runs routing protocols like BGP or OSPF, it can lead to the hijacking of internal IPs, which could result in domain compromises. We will demonstrate the attack vectors that red teamers can exploit after hijacking a tunnel or compromising a router by manipulating the routing protocols.
Lastly, we will conclude the presentation by showing how companies can mitigate these vulnerabilities. Red teamers can use these techniques and tools to scan targets and access company intranets. This approach opens new avenues for further research.
References:
I have seen discussions about source IP address spoofing with stateless tunnels, similar to research on CVE-2020-10136 which uses IPIP tunnels. However, this research omits the possibility of using stateless tunnels for initial access. The PoC only provides methods to launch DoS attacks such as UDP flooding, TCP SYN attacks, and ARP spoofing, which do not require a response. Notably, there is no method to find a stateless tunnel in previous research, making real-world attacks impractical.
SpeakerBio: Shu-Hao, Tung 123ojpShu Hao, Tung (123ojp), a Threat Researcher at Trend Micro, specializing in Red Teaming. He mainly focuses on web, networking, and infrastructure vulnerabilities. He owns an ASN and is a bug hunter who has reported high-risk vulnerabilities via Bugcrowd.
- ics Calendar file
This talk presents a streamlined approach to Dynamic Application Security Testing (DAST) in the Secure Software Development Life Cycle (SSDLC). By integrating DAST directly into existing Selenium-based web tests and using ZAProxy, the traditional complex setup - such as URL parsing and authentication - is avoided. The proposed method leverages functional test coverage to better isolate vulnerabilities and simplifies setup by configuring the proxy in browser features. This integration provides earlier security feedback and increases the efficiency of vulnerability detection compared to traditional spider-based testing, proving it to be a more practical and effective alternative.
SpeakerBio: Sara Martinez GinerSara has enjoyed testing and automation for more than 10 years, ensuring high quality products in industries such as Telecommunications, Geolocation, Big Data, and Power Electronics. In 2019, she shifted her focus to cybersecurity testing, applying her knowledge of quality assurance to testing security software products. Since then, Sara has continued to hone her skills and integrate cybersecurity into every aspect of her work and research.
- ics Calendar file
In this workshop, participants will build and deploy a USB-based intrusion framework: crafting a malicious USB payload, developing a lightweight information-stealing stager, and using the resulting data to deploy a Mythic C2 beacon. The session also covers provisioning and configuring an AWS-hosted command-and-control environment. Attendees will leave with hands-on experience in both the offensive implant and its supporting cloud infrastructure.
SpeakerBio: Will McGrawWill McGraw is a security professional with a background that spans help desk support, security and compliance consulting, and hands-on offensive security. Currently working as a pentester, he focuses on creative attack paths to achieve initial access and persistence in client environments. With over four years in the industry, they bring practical experience and a hacker’s mindset to their research.
- ics Calendar file
This talk is an overview of the role of technology in modern US elections, how that technology can fail, and the various safeguards and countermeasures against compromise that can (or should) be employed to keep elections secure.
SpeakerBio: Matt Blaze, Georgetown University; Chairman, Election Integrity FoundationMatt Blaze is the McDevitt Chair of Computer Science and Law at Georgetown University, where his research focuses on problems at the intersection of technology, public policy, and law. Prior to joining Georgetown, he was a professor of computer science at the University of Pennsylvania, and prior to that, a founding member of the Secure Systems Research Department at AT&T Bell Labs. He holds a PhD in computer science from Princeton, an MS from Columbia, and a BS from the City University of New York. Blaze's scholarship and practical work in high-integrity voting and elections technology dates back more than 25 years. He led teams that examined source code for security vulnerabilities on behalf of the states of California and Ohio for the Top-to-Bottom Review and EVEREST studies. He has testified on election security and other topics before the US Congress over a dozen times, served on various federal and state advisory boards, and has published numerous scholarly research papers on elections and related subjects. He is a founding member of the DEFCON Voting Village, and currently serves as board chair of the Election Integrity Foundation.
- ics Calendar file
Intro basics about concepts in game hacking and security principles within video games.
SpeakerBio: Julian "Julez" Dunning, Security Founder & LeaderJulian has a storied career in cybersecurity, initially focusing on offensive security. He has developed several popular open-source security tools, including statistics-based password-cracking methods. Julian also co-founded Truffle Security, creators of the widely used open-source tool TruffleHog. Recently, he established a new DEFCON village called GameHacking.GG promotes interest and awareness in-game security.
- ics Calendar file
Learn the basics of game hacking by playing a game that teaches you to hack the game itself to progress through levels.
- ics Calendar file
Imagine your home modem as a loaded gun aimed at global security. Our research exposes critical vulnerabilities in ISP-supplied modems—ADSL, fiber, cable, 5G—that inherently threaten power grids, water systems, and ATMs. Over 35 severe flaws have been identified, rooted in outdated IoT SDKs, affecting millions globally. These issues allow attackers to manipulate essential services without direct hijacking.
Despite the severity of these vulnerabilities, manufacturers and ISPs consistently refuse to address them, leaving these devices as perpetual threats. We provide essential tools for detection and defense against such negligence.
In this session, you'll learn how to identify these inherent weaknesses that compromise infrastructures through device flaws. Gain practical skills in vulnerability hunting and crafting defenses, while navigating the landscape of responsible disclosure amidst industry inertia.
Join us to confront a crisis long ignored. When hackers exploit these systemic failures, it's not just personal data at risk—it's the stability of our world's crucial infrastructure.
References:
SpeakerBio: Chiao-Lin "Steven Meow" Yu, Senior Red Team Cyber Threat Researcher at Trend Micro TaiwanChiao-Lin Yu (Steven Meow) currently serves as a Senior Red Team Cyber Threat Researcher at Trend Micro Taiwan. He holds numerous professional certifications including OSCE³, OSEP, OSWE, OSED, OSCP, CRTP, CARTP, CESP-ADCS, LPT, CPENT, GCP ACE. Steven has previously presented at events such as HITCON Training 2025, Security BSides Tokyo 2023, and CYBERSEC 2024, 2025. He has disclosed 30+ CVE vulnerabilities in major companies like VMware, D-Link, and Zyxel. His expertise spans Red Team exercises, Web security, IoT security and Meow Meow security.
- ics Calendar file
A panel of cyber policy and other experts will discuss the results of the inaugural Policy @ DEF CON Cyber Contingencies Survey.
The moderator will ask a series of questions based on the results of the survey to facilitate a discussion on current and emerging threats, their likelihood, and potential impacts.
Speakers:Christopher Painter,Matt Blaze,Matt Wein,Winnona DeSombre BernsenChristopher Painter is a globally recognized leader on cyber policy, cyber diplomacy, cybersecurity and combatting cybercrime. He has been at the vanguard of cyber issues for over 30 years, first as a federal prosecutor handling some of the most high-profile cyber cases in the U.S., then as a senior official at the U.S. Department of Justice, the FBI, the White House National Security Council and, finally, as the world’s first cyber diplomat at the U.S. Department of State. Among many other things, Chris is a founder of The Cyber Policy Group, has served as the President of the Global Forum on Cyber Expertise Foundation, serves on the board of the Center for Internet Security and the Public Sector Advisory Board for Palo Alto Networks and was a commissioner on the Global Commission for the Stability of Cyberspace. He is a frequent speaker on cyber issues, frequently is interviewed and quoted in the media and has testified on numerous occasions to U.S. Congressional committees. He has received a number of awards and honors including Japan’s Order of the Rising Sun, Estonia's Order of Terra Mariana, RSA Security Conference's Public Policy Award, the Attorney General’s Award for Exceptional Service and was named the Bartles World Affairs Fellow at Cornell University. He received his B.A. from Cornell University and J.D. from Stanford Law School.
SpeakerBio: Matt Blaze, Georgetown University; Chairman, Election Integrity FoundationMatt Blaze is the McDevitt Chair of Computer Science and Law at Georgetown University, where his research focuses on problems at the intersection of technology, public policy, and law. Prior to joining Georgetown, he was a professor of computer science at the University of Pennsylvania, and prior to that, a founding member of the Secure Systems Research Department at AT&T Bell Labs. He holds a PhD in computer science from Princeton, an MS from Columbia, and a BS from the City University of New York. Blaze's scholarship and practical work in high-integrity voting and elections technology dates back more than 25 years. He led teams that examined source code for security vulnerabilities on behalf of the states of California and Ohio for the Top-to-Bottom Review and EVEREST studies. He has testified on election security and other topics before the US Congress over a dozen times, served on various federal and state advisory boards, and has published numerous scholarly research papers on elections and related subjects. He is a founding member of the DEFCON Voting Village, and currently serves as board chair of the Election Integrity Foundation.
SpeakerBio: Matt Wein, Founder at Wein Strategy LabMatthew Wein is the founder of Wein Strategy Lab, an independent consulting firm focused on cybersecurity and homeland security issues. He previously served as a Professional Staff Member for the U.S. House Committee on Homeland Security, as an official at the Department of Homeland Security, and in Deloitte's Cyber Risk practice. He also writes the Secure Stakes newsletter that focuses on sports gambling's impact on Homeland Security.
SpeakerBio: Winnona DeSombre BernsenWinnona DeSombre Bernsen is founder of the offensive security conference DistrictCon, held in Washington DC, and nonresident fellow at the Atlantic council. She was formerly a security engineer at Google’s Threat Analysis Group, tracking targeted threats against Google users. Her most recent paper, Crash (exploit) and burn, focuses on comparing the supply and acquisition pipelines of zero day exploits for the US and China.
- ics Calendar file
- ics Calendar file
Capture the Flag competitions offer one of the fastest, most practical ways to break into cybersecurity. These puzzle-style challenges teach real-world skills like reverse engineering, exploitation, and digital forensics through hands-on experience. This talk introduces the structure of CTFs, how to get started, and why they are valuable for both beginners and seasoned professionals. Students, developers, and tech enthusiasts alike can use CTFs to build skills and demonstrate talent. No experience is necessary, just curiosity and a desire to learn by doing.
SpeakerBio: x3ero0, Arizona State University
- ics Calendar file
This workshop gives students a hands-on introduction to using the Ghidra disassembler to navigate and analyze malware. This will be immersive learning with no slides: concepts, strategies, and techniques will be illustrated within the user interface of Ghidra and other supporting tools. A malware sample will serve as the “case study.
SpeakerBio: Wesley McGrewDr. Wesley McGrew is a house music DJ that also directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and malware analysis at DEF CON and Black Hat USA and teaches self-designed courses on software reverse engineering and assembly language programming. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.
- ics Calendar file
Red teams often struggle with interactive C2 in monitored networks. Low-and-slow channels are stealthy but insufficient for high-bandwidth tasks like SOCKS proxying, pivoting, or hidden VNC. Our research solves this by using real-time collaboration protocols—specifically, whitelisted media servers from services like Zoom—to create short-term, high-speed C2 channels that blend into normal enterprise traffic.
We introduce TURNt, an open-source tool that automates covert traffic routing via commonly trusted TURN servers. Since many enterprises whitelist these conferencing IPs and exempt them from TLS inspection, TURNt sessions look just like a legitimate Zoom meeting. Operators can maintain a persistent, stealthy channel while periodically activating higher-bandwidth interactivity for time-sensitive operations.
This talk will show how to set up these “ghost calls,” discuss the trade-offs and detection challenges, and explore defensive countermeasures. Attendees will learn how to integrate short-term, real-time C2 into existing red team workflows—and how to identify and mitigate this emerging threat.
References:
Adam Crosser is a Staff Security Engineer at Praetorian, specializing in offensive security research and tooling development. He began his career in red team operations, honing his skills in adversary simulation and advanced attack techniques. Now part of the Praetorian Labs team, Adam focuses on vulnerability research, exploit development, and building custom offensive security capabilities to support red team engagements—pushing the boundaries of adversary tradecraft.
- ics Calendar file
Catastrophic hardware failures. From an aging I/O device to cosmic ray bit flips, memory degradation to CPU fires. When an unrecoverable hardware error is detected, the common platform response is to generate a Machine Check Exception, and shut down before the problem gets worse.
In this talk, we'll see what happens when we circumvent all the traditional fail safes. What happens when, instead of exceptionally rare failures from natural causes, we deliberately create these fatal events from software. When instead of a platform shutdown, we force the system to limp along, damaged but alive. We'll show how carefully injecting these signals during privileged CPU operations can disrupt secure transitions, how those disruptions progress to cascading system failures, and how to ride the chaos to gain hardware privilege escalation. Finally, we'll see how to undo the damage, recover from the unrecoverable, and let the system continue as if nothing happened - now with a foothold in privileged space, all through hardware failure events synthesized through software-only attacks.
We'll conclude by showing how to use this vector to reveal all-new hardware vulnerabilities, and walk through a brave new world of machine check research opportunities - for both attackers and defenders - across technologies and architectures.
SpeakerBio: Christopher "xoreaxeaxeax" DomasChristopher Domas (@xoreaxeaxeax) is a security researcher primarily focused on firmware, hardware, and low level processor exploitation. He is best known for releasing impractical solutions to non-existent problems, including the world's first single instruction C compiler (M/o/Vfuscator), toolchains for generating images in program control flow graphs (REpsych), and Turing-machines in the vi text editor. His more relevant work includes the sandsifter processor fuzzer, rosenbridge backdoor, the binary visualization tool ..cantor.dust.., and the memory sinkhole privilege escalation exploit.
- ics Calendar file
Since our release of the fault-injection attack on the Trezor millions of dollars have been recovered from crypto-wallets - using a simple glitcing attack! However, for a lot of people this is still black magic, and a lot of folks still assume you need expensive equipment to perform the attack. In this demo we will show you how you can hack into the STM32F4 read-out protection - as used in the Trezor attack - with just a couple of dollars of equipment!
Speakers:Fabian "LiveOverflow" Faessler,Moritz "momo" Frenzel,Thomas "stacksmashing" Roth
- ics Calendar file
Join Jayson E. Street for his annual whirlwind tour through the global DEF CON Groups (DCGs) ecosystem. From Beirut basements to Bogotá rooftops, discover how hackers worldwide are building community, sharing knowledge, and causing good trouble. This kickoff tradition blends heartfelt stories, global updates, and a rallying cry for connection—because DEF CON isn't just a conference, it's a movement.
SpeakerBio: Jayson E. Street, Chief Adversarial Officer at Secure YetiJayson E. Street referred to in the past as: a "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series, and described as a "paunchy hacker" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.
He is the Chief Adversarial Officer at Secure Yeti and the author of the "Dissecting the hack: Series" (which is currently required reading at 5 colleges in 3 countries that he knows of). Jayson is also the DEF CON Groups Global Ambassador. He's spoken at DEF CON, DEF CON China, GRRCon, SAINTCON & at several other CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.
He loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once, all others he was supposed to)!
He is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far, but if they are please note he was proud to be chosen as one of Time's persons of the year for 2006.
- ics Calendar file
Glytch is a post-exploitation tool serving as a command-and-control and data exfiltration service. It creates a covert channel through Twitch live streaming platform and lets attackers execute OS commands or exfiltrate data of any kind from the target computer, regardless of whether the computers are connected over a LAN or WAN.
Speakers:Anıl Çelik,Emre OdamanAnil graduated as a computer engineer and is currently an MSc student in information security engineering. He has 5+ years of professional experience and is working as a cyber security engineer at HAVELSAN, primarily focused on red team engagements and purple teaming. He holds 5+ CVEs and has OSCP and OSWP certifications.
SpeakerBio: Emre OdamanGraduated as a Computer Engineer and working as a Cyber Security Engineer at HAVELSAN for the past 3 years, which is a major defense industry company in Türkiye. His main areas of interest are red teaming, network security, OT, IoT & hardware security.
- ics Calendar file
Glytch is a post-exploitation tool serving as a Command-and-Control (C2) & Data Exfiltration service.
It creates a covert channel through Twitch live streaming platform and lets attacker to execute an OS command or exfiltrate a data of any kind from the target computer (does not matter whether the computers are connected over a LAN or WAN).
We have submitted our tool for Demo Labs already and we are planning to share it's development phase, ideas and challenges that we've faced.
https://github.com/ccelikanil/GlytchC2
Speakers:Anıl Çelik,Emre OdamanAnil graduated as a computer engineer and is currently an MSc student in information security engineering. He has 5+ years of professional experience and is working as a cyber security engineer at HAVELSAN, primarily focused on red team engagements and purple teaming. He holds 5+ CVEs and has OSCP and OSWP certifications.
SpeakerBio: Emre OdamanGraduated as a Computer Engineer and working as a Cyber Security Engineer at HAVELSAN for the past 3 years, which is a major defense industry company in Türkiye. His main areas of interest are red teaming, network security, OT, IoT & hardware security.
- ics Calendar file
AGo malware is showing up more often, especially in IoT environments. Its flexibility and ease of cross-compilation make it attractive to attackers, but it also makes life harder for analysts and defenders. Go binaries are large, statically compiled, and structured in ways that traditional tools are not designed to handle. The runtime is unfamiliar, and things like string extraction, function identification, and behavior analysis can quickly become frustrating. This talk looks at why Go malware is hard to analyze and why some detection tools struggle to keep up. We will walk through practical tips and tools to make reversing Go malware more manageable, including how to recover types, strings, and function information. To tie everything together, we will look at a recent real-world example: Pumabot, a Go-based botnet targeting IoT surveillance devices. We will dig into how it works, what it targets, and what artifacts it leaves behind. By the end of the session, you will have a better understanding of how attackers are using Go in the wild and how to be better prepared for the next time it shows up in your analysis queue.
Speakers:Asher Davila,Chris NavarretePassionate about binary analysis, binary exploitation, reverse engineering, hardware hacking, retro computing, and music.
SpeakerBio: Chris Navarrete, Senior Principal Security Researcher - CDSS Advanced Threat Prevention (ATP) at Palo Alto NetworksChris Navarrete is a Senior Principal Security Researcher within the Advanced Threat Prevention team at Palo Alto Networks. His work centers on cutting-edge research in cybersecurity, particularly in threat detection and malware analysis. Previously, he served as an adjunct professor of computer science at San Jose State University, teaching Software Security Technologies. He holds a Master of Science in software engineering with a specialization in cybersecurity from San Jose State University. Chris has presented at major industry conferences, including Black Hat Asia, the Computer Antivirus Research Organization (CARO), the Cyber Threat Alliance's Threat Intelligence Practitioners (TIPS) conference, and Black Hat Arsenal, where he introduced and released BLACKPHENIX — a framework designed to automate malware analysis workflows.
- ics Calendar file
- ics Calendar file
Banking Trojans targeting Windows systems have been affecting users in Latin America for many years, with their peculiarities in the tactics, techniques and procedures used by the criminals responsible for their development. However, it was not until the early 2020s that massive campaigns began to be detected with targets outside their usual region of operation, with special emphasis on Spain and Portugal. Since then, these campaigns have not ceased and several malware families have evolved to try to be more effective, with several different criminal groups collaborating in several of these campaigns and sharing their infrastructure. Through all this years many researchers at both sides of the Atlantic ocean have worked together to gather intel that could help to take down these cybercriminal organizations with some important achievements. The goal for this presentation is to analyze the reasons why the criminals behind these threats have been successful despite the increase in online banking security measures, while revealing the latest results obtained after analyzing the most recent campaigns of these threats. We will provide several examples of campaigns used by these malware families and how they are trying to adapt to keep being successful in obtaining new victims.
SpeakerBio: Josep Albors
- ics Calendar file
This Pac-Man themed set of challenges takes Players on a journey through learning and demonstrating hacker and information security skills to earn points. With multiple subject-matter specific challenge groups and tracks, this hacker challenge game has something for everyone. Players will only be able to turn in scavenger hunt items during Contest Area Operating Hours.
- ics Calendar file
Hack the Bots is a live-action hardware hacking competition where four teams face off using robotic platforms like the Tengu Marauder. The Tengu Marauder is an open source hacking bot platform that has presented at DEFCON32 and Blackhat USA. Each bot is operated by a two-person crew: one pilot to drive and engage in kinetic tactics, and one hacker to launch wireless, IoT, or hardware-based exploits. The mission? Reach the "King of the Hill" zone, capture the flag, and hold it against other attackers. Teams must bypass IoT-controlled barriers, dodge spinning and piston-powered obstacles, and survive attacks from rival robots. This session blends robotics, wireless warfare, and hands-on hacking in a physical capture-the-flag arena. No prior robotics experience is required, but a basic understanding of wireless or hardware attacks will give teams an edge. Bring your skills. Break their bots. Win the hill.
SpeakerBio: lexicon121
- ics Calendar file
In the fast-paced world of cybersecurity, time is of the essence. As vulnerabilities are discovered and threats evolve, the clock is always ticking, and staying ahead of exploits can feel like a race against time. Enter CVEpwn – an automation tool designed to streamline the search for CVE exploits across multiple platforms like GitHub, ExploitDB, and CXSecurity.
In this talk, we'll dive into the process of automating CVE exploit searches, demonstrating how CVEpwn cuts down on manual effort, accelerates response times, and enables faster vulnerability mitigation. By automating the search for CVE exploits using multiple platforms and APIs, this tool allows you to focus on what really matters: patching vulnerabilities before they get exploited.
SpeakerBio: Jordan BonaguraJordan Bonagura is a senior security consultant for Secure Ideas. With more than 20 years of experience in information security, Jordan is passionate about helping companies and clients protect their data and applications from threats and vulnerabilities. As a principal security researcher, he led teams conducting vulnerability management, risk assessments, penetration tests, and boundary-setting to comply with standards for companies in different segments.
Jordan contributed to significant projects, such as developing an integrated GNSS positioning system and an encryption communication protocol between ground and satellite at the Brazilian National Institute of Space Research. He also had the opportunity to speak at some of the most important security conferences around the globe, be a college professor and course coordinator, and consult for the Brazilian police in crime solving.
- ics Calendar file
The Pall Mall Process is a multilateral initiative led by the UK and France to address the proliferation and misuse of commercial cyber intrusion capabilities (CCICs) - but what that means in practice is that they’re writing rules for hackers, security researchers, and the companies that employ them. The process recently concluded a Code of Practice for States, and is turning to the question of: what responsibility does the hacking and cybersecurity industry bear?
Join the Hacking Policy Council (a coalition of offensive security practitioners, platforms, and vendors) and representatives of governments convening the Pall Mall Process to discuss what a Code of Practice for Industry could look like, and how to ensure that it protects good faith hackers and researchers. We’re tackling big questions: Should companies share zero-days with governments, and when? What makes a bug bounty “good faith”? How do we keep research ethical without strangling it with red tape?
We will give hackers a behind-the-scenes look at the policy debates shaping global cybersecurity norms, share our thinking, and invite critique, chaos, or consensus from the DEF CON community. Whether you’re a red teamer, researcher, builder, or breaker - join the policy hackers to share how you think we should make (or break) this code.
Speakers:Heather West,Annie Plews,Philippe Ribiere,Trey FordHeather West is a policy and tech translator, product consultant, and long-term digital strategist guiding the intersection of emerging technologies, culture, governments, and policy. Equipped with degrees in both computer and cognitive science, Heather focuses on data governance, data security, artificial intelligence (AI), and privacy in the digital age. She is a subject matter authority who has written extensively about AI and other data driven topics for over a decade. She is also a member of the Washington Post's The Network, "a group of high-level digital security experts" selected to weigh in on pressing cybersecurity issues.
SpeakerBio: Annie PlewsAnnie is currently based at British Embassy Washington, heading up the cyber policy team on behalf of the Foreign, Commonwealth and Development Office of the UK Government. In this role she represents UK Government policy priorities on cyber and telecoms to the US Government and wider DC-based industry and academic communities. Prior to this role, Annie has worked for close to a decade in other UK Government departments focused on cyber and national security. She has covered a wide variety of operational national security topics.
SpeakerBio: Philippe RibiereAttaché for Science and Technology, Emerging Technology, French Embassy
SpeakerBio: Trey Ford, BugcrowdTrey Ford is a seasoned strategic advisor and security thought leader with over 25 years of experience in offensive and defensive disciplines (incident response, application, network, cloud, and platform security). Trey has held key leadership roles at Deepwatch, Vista Equity Partners, Salesforce, Black Hat, and more. He has also been a valued member of Bugcrowd's advisory board for over a decade.
Trey is passionate about working with enterprise leaders, corporate directors, and investors to help teams strengthen their technology and execution strategy. He believes in a hands-on approach to building, breaking, and deconstructing security problems.
Trey has a Master of Science from the University of Texas at Austin and executive education at Harvard Business School. Hailing from Austin, he is a husband, father, and an instrument rated private pilot.
- ics Calendar file
Tired of legacy ICS systems? Attend this training to hack the next generation of Industrial Control Systems! No more Modbus, no more standard PLC, no more Purdue model!
This training is designed to show what the future might look like for Industrial Control Systems, and how it will impact cybersecurity.
We’ll bring a realistic ICS setup that features all the fancy current and future trends: SD-WAN and Zero Trust, OPC-UA, MQTT, Edge device and soft-PLCs to control a small-scale industrial process simulation.
The first day will be dedicated to introducing the new cybersecurity challenges faced by modern Industrial Control Systems, and doing hands-on exercises on AWS pentesting, soft-PLC exploitation
On the second day we’ll reflect on the updated threat models and then we’ll spend the full day working on a realistic Capture-the-Flag exercise, where we’ll have to go from 0 to impacting a small industrial setup. The CTF will be guided, with answers given on a regular basis, so that all attendees can capture all the flags. We’ll end this exciting day with the takeaways of the exercise, and what could be done to prevent & detect the attacks we performed.
SpeakerBio: Arnaud Soullié, Senior Manager at WavestoneArnaud Soullié is a Senior Manager at Wavestone, a global consulting company. For 15 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He has spoken at numerous security conferences on ICS topics, including: BlackHat Europe, BruCon, 4SICS, BSides Las Vegas, and DEFCON. He is also the creator of the DYODE project, an open source data diode aimed at ICS. He has taught ICS cybersecurity trainings since 2015.
- ics Calendar file
Tired of legacy ICS systems? Attend this training to hack the next generation of Industrial Control Systems! No more Modbus, no more standard PLC, no more Purdue model!
This training is designed to show what the future might look like for Industrial Control Systems, and how it will impact cybersecurity.
We’ll bring a realistic ICS setup that features all the fancy current and future trends: SD-WAN and Zero Trust, OPC-UA, MQTT, Edge device and soft-PLCs to control a small-scale industrial process simulation.
The first day will be dedicated to introducing the new cybersecurity challenges faced by modern Industrial Control Systems, and doing hands-on exercises on AWS pentesting, soft-PLC exploitation
On the second day we’ll reflect on the updated threat models and then we’ll spend the full day working on a realistic Capture-the-Flag exercise, where we’ll have to go from 0 to impacting a small industrial setup. The CTF will be guided, with answers given on a regular basis, so that all attendees can capture all the flags. We’ll end this exciting day with the takeaways of the exercise, and what could be done to prevent & detect the attacks we performed.
SpeakerBio: Arnaud Soullié, Senior Manager at WavestoneArnaud Soullié is a Senior Manager at Wavestone, a global consulting company. For 15 years, he has been performing security assessments and pentests on all types of targets. He started specializing in ICS cybersecurity 10 years ago. He has spoken at numerous security conferences on ICS topics, including: BlackHat Europe, BruCon, 4SICS, BSides Las Vegas, and DEFCON. He is also the creator of the DYODE project, an open source data diode aimed at ICS. He has taught ICS cybersecurity trainings since 2015.
- ics Calendar file
Have you ever wondered what would happen if you took ostensibly smart people, put them up on a stage, maybe provided a beer or two and started asking really tough technical questions like what port Telnet runs on? Well wonder no more! Back to start its 31st year at Defcon, Hacker Jeopardy will have you laughing, groaning and wondering where all the brain cells have gone. Some come share an evening of chanting DFIU followed immediately by someone FIU. This is a mature show, 18+.
None
No
- ics Calendar file
Two great things that go great together! Join the fun as your fellow hackers make their way through songs from every era and style. Everyone has a voice and this is your opportunity to show it off! Everyone is encourage to participate in a DEF CON tradition from all folks and skill levels.
- ics Calendar file
Rotating real production games to hack in a player vs player competition to create real hacks to win various games. Teams or individuals can win Gold Silver or Bronze or just have fun playing the games
- ics Calendar file
In this talk, I reveal the discovery of a novel RTOS running on automotive head units, uncovered through hardware hacking and reverse engineering. This RTOS, found in thousands of vehicles, exhibits numerous bugs and intriguing functionalities. I demonstrate how a crafted PNG file was used as a backdoor to compromise the system, highlighting both the innovative features and critical vulnerabilities present in current automotive technologies.
SpeakerBio: Danilo Erazo
- ics Calendar file
Saflok locks are present in many hotels and apartments across North America. These locks rely on poorly-secured offline authentication mechanisms, leaving them vulnerable to attackers with basic knowledge about how the system operates. Following up on the initial "Unsaflok" presentation at DEF CON 32 by Lennert Wouters and Ian Carroll, this talk will touch on areas of the system not discussed in the original presentation, such as the handheld programmer, lock programming interface, clarity about the bit fields and unencrypted data in credentials, for yet another example of why you don't rely on security-through-obscurity for security products.
Speakers:Noah Holland,Josh StiebelNoah Holland is a Cybersecurity Undergraduate at Michigan Tech. He is the president of the MTU Linux User's Group and MTU RedTeam, specializing in Access Control & Physical Security.
SpeakerBio: Josh StiebelJosh Stiebel recently graduated with a CS degree from Michigan Tech. He helps run the access control village at various conventions. He is currently walking from Mexico to Canada on the PCT.
- ics Calendar file
With the ever-increasing popularity of Kubernetes, whether Red or Blue Team should know how hackers approach hacking Kubernetes environments. Many are scared off by the complexity of Kubernetes, which often leads to significant flaws in Kubernetes security.
This workshop will focus on the most common misconfigurations, how to exploit and secure them. Each workshop participant will get access to a Kubernetes cluster and an attack server from which the attacks can be executed.
Each section of the workshop starts with an introduction to the topic by the trainer. Afterwards, various scenarios and configurations seen in the wild by the trainer are shown and discussed. Last but not least, the participants can perform CTF style tasks and gain hands-on experience with Kubernetes Security before the next topic is introduced. At the end of the workshop, participants will be able to recognize, assess and mitigate certain Kubernetes security misconfigurations. They will have gained practical experience and will be aware of potential security risks that can occur in a Kubernetes environment.
Specific topics covered: - Kubernetes Core Components - Role Based Access - Admission Control
Software Requirements: A working SSH client
SpeakerBio: Benjamin KoltermannBenjamin Koltermann is CEO and Security Architect for Cloud and Kubernetes environments at KolTEQ. He works on various projects for large regulated organizations, enabling them to securely manage the transformation to the cloud and Kubernetes. He spends his free time playing CTF for FluxFingers and Sauercloud.
He is also a Co-Author of the Kubernetes DEFCON CTF since 2024.
- ics Calendar file
This course is a 100% hands-on deep dive into the OWASP Security Testing Guide and relevant items of the OWASP Application Security Verification Standard (ASVS), so this course covers and goes beyond the OWASP Top Ten.
Long are the days since web servers were run by perl scripts apps written in Delphi. What is common between Walmart, eBay, PayPal, Microsoft, LinkedIn, Google and Netflix? They all use Node.js: JavaScript on the server.
Modern Web apps share traditional attack vectors and also introduce new opportunities to threat actors. This course will teach you how to review modern web apps, showcasing Node.js but using techniques that will also work against any other web app platform. Ideal for Penetration Testers, Web app Developers as well as everybody interested in JavaScript/Node.js and Modern app stack security.
Get a FREE taste for this training, including access to video recording, slides and vulnerable apps to play with:
1 hour workshop - https://7asecurity.com/free-workshop-web-apps
All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support, lifetime access, step-by-step video recordings and interesting apps to practice, including all future updates for free.
Speakers:Abraham Aranguren,Anirudh Anand,Ashwin ShenoiAfter 17 years in itsec and 24 in IT, Abraham Aranguren is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Co-Author of the Mobile, Web and Desktop (Electron) app 7ASecurity courses. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications.
SpeakerBio: Anirudh AnandAnirudh Anand is a security researcher with a primary focus on Web and Mobile Application Security. He is currently working as a Principal Security Engineer at CRED and also Security Trainer at 7asecurity. He has been submitting bugs and contributing to security tools for over 9 years. In his free time, he participates in CTF competitions along with Team bi0s (#1 security team in India according to CTFtime). His bounties involve vulnerabilities in Google, Microsoft, LinkedIn, Zendesk, Sendgrid, Gitlab, Gratipay and Flipboard.
Anirudh is an open source enthusiast and has contributed to several OWASP projects with notable contributions being in OWTF and Hackademic Challenges Project. He has presented/trained in a multitude of conferences including BlackHat US 2020, OWASP NZ 2021, HackFest CA 2021, c0c0n 2019, BlackHat Arsenal 2019, BlackHat Europe Arsenal 2018, HITB Dubai 2018, Offzone Moscow 2018, Ground Zero Summit Delhi 2015 and Xorconf 2015.
SpeakerBio: Ashwin ShenoiAshwin Shenoi is an avid application security enthusiast who currently works as a Senior Security Engineer at CRED and likes to break into applications and automate stuff. He is part of team bi0s, the top ranked CTF team according to CTFTime. He heads the Web Security team at team bi0s and is also the core challenge setter and organiser of the various editions of InCTF and the other CTFs organised by team bi0s. He has also presented talks in various security meet-ups and conferences including BlackHat Asia and BlackHat USA. He does a fair share of breaking into open source applications services and has also been awarded several CVEs for the same.
- ics Calendar file
This course is a 100% hands-on deep dive into the OWASP Security Testing Guide and relevant items of the OWASP Application Security Verification Standard (ASVS), so this course covers and goes beyond the OWASP Top Ten.
Long are the days since web servers were run by perl scripts apps written in Delphi. What is common between Walmart, eBay, PayPal, Microsoft, LinkedIn, Google and Netflix? They all use Node.js: JavaScript on the server.
Modern Web apps share traditional attack vectors and also introduce new opportunities to threat actors. This course will teach you how to review modern web apps, showcasing Node.js but using techniques that will also work against any other web app platform. Ideal for Penetration Testers, Web app Developers as well as everybody interested in JavaScript/Node.js and Modern app stack security.
Get a FREE taste for this training, including access to video recording, slides and vulnerable apps to play with:
1 hour workshop - https://7asecurity.com/free-workshop-web-apps
All action, no fluff, improve your security analysis workflow and immediately apply these gained skills in your workplace, packed with exercises, extra mile challenges and CTF, self-paced and suitable for all skill levels, with continued education via unlimited email support, lifetime access, step-by-step video recordings and interesting apps to practice, including all future updates for free.
Speakers:Abraham Aranguren,Anirudh Anand,Ashwin ShenoiAfter 17 years in itsec and 24 in IT, Abraham Aranguren is now the CEO of 7ASecurity (7asecurity.com), a company specializing in penetration testing of web/mobile apps, infrastructure, code reviews and training. Co-Author of the Mobile, Web and Desktop (Electron) app 7ASecurity courses. Security Trainer at Blackhat USA, HITB, OWASP Global AppSec and many other events. OWASP OWTF project leader, an OWASP flagship project (owtf.org), Major degree and Diploma in Computer Science, some certs: CISSP, OSCP, GWEB, OSWP, CPTS, CEH, MCSE:Security, MCSA:Security, Security+. As a shell scripting fan trained by unix dinosaurs, Abraham wears a proud manly beard. He writes on Twitter as @7asecurity @7a_ @owtfp or https://7asecurity.com/blog. Multiple presentations, pentest reports and recordings can be found at https://7asecurity.com/publications.
SpeakerBio: Anirudh AnandAnirudh Anand is a security researcher with a primary focus on Web and Mobile Application Security. He is currently working as a Principal Security Engineer at CRED and also Security Trainer at 7asecurity. He has been submitting bugs and contributing to security tools for over 9 years. In his free time, he participates in CTF competitions along with Team bi0s (#1 security team in India according to CTFtime). His bounties involve vulnerabilities in Google, Microsoft, LinkedIn, Zendesk, Sendgrid, Gitlab, Gratipay and Flipboard.
Anirudh is an open source enthusiast and has contributed to several OWASP projects with notable contributions being in OWTF and Hackademic Challenges Project. He has presented/trained in a multitude of conferences including BlackHat US 2020, OWASP NZ 2021, HackFest CA 2021, c0c0n 2019, BlackHat Arsenal 2019, BlackHat Europe Arsenal 2018, HITB Dubai 2018, Offzone Moscow 2018, Ground Zero Summit Delhi 2015 and Xorconf 2015.
SpeakerBio: Ashwin ShenoiAshwin Shenoi is an avid application security enthusiast who currently works as a Senior Security Engineer at CRED and likes to break into applications and automate stuff. He is part of team bi0s, the top ranked CTF team according to CTFTime. He heads the Web Security team at team bi0s and is also the core challenge setter and organiser of the various editions of InCTF and the other CTFs organised by team bi0s. He has also presented talks in various security meet-ups and conferences including BlackHat Asia and BlackHat USA. He does a fair share of breaking into open source applications services and has also been awarded several CVEs for the same.
- ics Calendar file
This talk provides a deep dive into Edge Side Includes (ESI) Injection, focusing on real-world findings and advanced exploitation techniques discovered during extensive testing on a private bug bounty program. While often associated with caching servers, ESI can become a potent vulnerability when user input is improperly handled. I will begin by demonstrating how to identify and confirm ESI injection points, even when standard ESI tags are initially blocked by Web Application Firewalls (WAFs). Attendees will learn how leveraging ESI can allow attackers to bypass the httponly cookie flag. I will detail how this leads directly to high-impact account takeover scenarios that are typically impossible with client-side Cross-Site Scripting (XSS) alone.
The presentation will reveal advanced techniques to overcome challenging scenarios. This includes exploiting ESI in endpoints with a Content-Type of application/json. I will also cover a unique case of exploiting ESI via a proxy endpoint by chaining it with an XSS vulnerability found on a whitelisted third-party domain.
Finally, I will share insights into navigating the realities of bug bounty hunting, including identifying and exploiting re-introduced vulnerabilities, developing persistent bypasses against evolving WAF rules, and the critical role of collaboration in uncovering complex attack vectors.
This is a highly technical talk aimed at attendees familiar with web vulnerabilities (like XSS) and concepts related to caching or CDNs. Basic knowledge of ESI syntax is helpful but not strictly required.
SpeakerBio: Robert "nytr0gen" Vulpe, Senior Security Engineer at UiPathRobert Vulpe, also known as nytr0gen, is a Senior Security Engineer at UiPath. He is renowned for his expertise in cybersecurity, particularly in assessing product security through various penetration testing methodologies. With over 300 pentest assessments under his belt, Robert has identified and reported over 1500 security vulnerabilities in high-profile companies such as Amazon, PayPal, Goldman Sachs, and Epic Games.
His meticulous approach to security is evident in his detailed and professional reports. He is listed among PayPal's Top 10 Hackers and was selected for the prestigious Forbes 30 under 30 list for his outstanding achievements in cybersecurity. With more than 8 years of experience in source-code review, he possesses a keen eye for identifying code-level security flaws.
- ics Calendar file
As part of their training and certifications, most professional mariners memorize the ‘nautical rules of the road’. The International Regulations for Preventing Collisions at Sea (COLREGs), form the foundation of maritime safety by establishing predictable behaviors and shared responsibilities between vessels. This a system with built-in protection and fall-back plans, tried and tested over a long history. But for hackers or cyber defenders—who might not know starboard from Starbucks— understanding these norms may mean the difference between big effect or no effect. Our talk focuses on one memorable guideline that ship drivers often fall back on: Don’t Turn To Port (unless you’re absolutely sure it’s safe). There is plenty of good research out there about how cyber-physical systems such as rudder angle controllers can be manipulated on manned and unmanned systems. There is good writing on the threats unique to maritime choke points. But agnostic to the location, why would cyber manipulation of a rudder to induce a port turn be worse than a starboard one? Our talk will touch briefly on how the rules influence legal liability for collisions at sea, and conclude with encouragement for people to learn the rules of the road and further their own journey in understanding the maritime profession.
Speakers:Amp,DataAMP spent 10 years driving ships around the globe—now captains a CTF team instead. With an undergrad in electrical engineering and working on a master’s in info systems engineering, AMP made the jump from maritime grit to digital ops, bringing salty sea stories and a screwdriver to every hacking challenge. They’ve co-hosted episodes of Sea Control (CIMSEC) and The Yoke Report, poking at the strange edges of maritime security, cyber policy, and why everything breaks at 2 AM. Into hardware hacking, retro gaming, and running text-based RPGs.
SpeakerBio: Data, Director of Cyber & Technologydata is a retired Air Force Cyber Warfare Officer with over 20 years of operational experience. He's a CNODP and RIOT grad with a Comp Sci BS from the USAF Academy and a Master's in Cyber Ops from the Air Force Institute of Technology. He's been certified in all 3 NSA Red Team work roles, all 3 offensive SIGINT work roles, qualified in all 6 Cybercom offensive work roles and personally engaged real-world, nation-state-level actors, malware and targets in air, land, sea, space & cyberspace both offensively and defensively. And he's done so with the US, UK, Canada, Australia and New Zealand. He also helped make those cool starship badges you've seen around DEFCON.
- ics Calendar file
Rebooted this year, enjoy a traditional fox hunt tracking down the hidden transmitters.
Up for more of a challenge? Attempt to solve the hidden puzzle within the fox hunt to win the ultimate prize!
--
The last surviving fragments of Project ACCESS, a defunct open comms initiative, have resurfaced. The faceless OmniCorp thought they had erased it from the spectrum, but rogue operatives are pushing back. Disguised among the DEF CON crowd, Foxes are carrying the pieces needed to reboot the system.
They’re broadcasting open signals across the con space. Your job? Track them down, follow the trail, and recover the payloads. Some Foxes are stationary. Others are on the move. All of them have something you need—but they won’t just hand it over. You’ll have to answer DEF CON trivia, solve puzzles, or earn their trust in creative ways.
This isn’t a gear-only hunt. Whether you’re rocking SDRs, handheld radios, or just tuned into the right frequency, you’ve got a shot. It’s part signal chase, part real-world goose chase, and 100% hacker weirdness.
Expect: - Live human Foxes broadcasting short-range signals - Some Foxes roaming the con floor hunt them down, respectfully - DEF CON history questions, crypto puzzles, and maybe a social engineering twist or two - Physical items or clues exchanged when you succeed - No encryption. No gatekeeping. Just old school radio and clever chaos.
Think you can track the signal, crack the code, and restore the last breath of open access?
Then grab your gear, tune in, and start hunting.
RF Fox Hunt(s): To participate in the RF fox hunt(s), you will need a radio or scanner that can receive signals in the 2m and/or 70cm Amateur Radio Bands (144.000 MHz - 148.000 MHz, 420.000 MHz - 450.000 MHz).
Something to read NFC cards.
There is no pre-qualifier to the Ham Radio Fox Hunt.
- ics Calendar file
HHB goes over hard hats, construction, and all the hackery things people have done with them
Speakers:MrBill,M0nkeyDrag0n,Hydrox,CoD_SegfaultMrBill started Wardriving in 2003 after attending DC11 and started contributing to Wigle in 2007. He took a break for about a decade (kids) and started up again in 2017 in earnest, and later founded the HardHatBrigade WiGLE group. He passed D4rkM4tter in the global rankings around 2022 and continues to trail @CoD_Segfault in their race to 1 Million WiGLE points. He is often seen at security conferences with a hard hat, mostly with some sort of wardriving functionality. Join him and the rest of the HHB crew in the 24 Hour wardriving event in October.
SpeakerBio: M0nkeyDrag0n, Organizer at Hard Hat BrigadeM0nkeydrag0n plays a blue teamer by day and a Hard Hat Bridage member in the after hours. Having spent a decade in IT support before shifting to his current role, m0nkeydrag0n has spent the last few years growing professionally as a cyber security engineer and endeavors to share tactics, approaches and stories with those looking to make that shift into security as well…or any pivot for that matter!
Lately, rediscovering R/C vehicles as allowed him to take flight, if only by FPV. But playing with RF is always fun, whether it’s trying to catch folks on WiGLE, designing cases for wardriving kits, earning his ham tech cert or just enjoying motorcycles for a long ride…and internet points!
Come wardrive with the Hard Hat Brigade!
SpeakerBio: Hydrox, Organizer at Hard Hat BrigadeCoD_Segfault first went wardriving around 2004, but really kicked up the game in 2021 when joining HardHatBrigade on WiGLE. By 2023, his focus shifted to smaller and more portable wardriving solutions suitable for walking and bike riding. Notable works include ultra small ESP32 wardrivers based on the wardriver.uk project and creation of the BW16-Open-AT project to improve network identification and remove reliance on the closed-source AT firmware.
- ics Calendar file
Every day our lives become more connected to consumer hardware. Every day the approved uses of that hardware are reduced, while the real capabilities expand. Come discover hardware hacking tricks and tips regain some of that capacity, and make your own use for things! We have interactive demos to help you learn new skills. We have challenges to compete against fellow attendees. We have some tools to help with your fever dream modifications. Come share what you know and learn something new.
- ics Calendar file
Curious about hacking chips using fault-injection? Take your first steps in our (free) glitching workshops! We provide you with hardware & guidance to conduct your first fault-injection attacks, all you need is a laptop running Python & OpenOCD: Reproduce the nRF52 "AirTag" glitch or learn how to glitch one of the chips used in crypto-wallets to store millions of dollars.
- ics Calendar file
Don’t know how to make a network cable and want to learn? Has it been years? Or do you think you’re a pro? Come see if you can… make the best cable at con by cut/wire/crimp.
- ics Calendar file
This comprehensive course is designed for developers and cybersecurity professionals seeking to harness the power of Generative AI and Large Language Models (LLMs) to enhance software security and development practices. Participants will gain a deep understanding of LLM functionality, strengths, and weaknesses, and learn to craft effective prompts for diverse use cases. The curriculum covers essential topics such as embeddings, vector stores, and Langchain, offering insights into document loading, code analysis, and custom tool creation using Agent Executors.
Course highlights:
Seth Law is the Founder and Principal Consultant of Redpoint Security (redpointsecurity.com). Over the last 20 years, Seth has worked within multiple security disciplines, including application development, cloud architecture, and network protection, both as a manager and individual contributor. Seth has honed his security skills using offensive and defensive techniques, including tool development and security research. His understanding of the software development lifecycle and ability to equate security issues to development tasks has allowed him to speak at conferences ranging from Blackhat and DEF CON to local security meetups. In his spare time, Seth revels in deep-level analysis of programming languages and inherent flaws, develops the iOS version of HackerTracker, and co-hosts the Absolute AppSec podcast with Ken Johnson.
Seth utilizes LLMs heavily in his work and has a wealth of real world applicable skills to share in applying LLMs to the application security domain.
SpeakerBio: Ken "cktricky" Johnson, Co-Founder and CTO at DryRun SecurityKen Johnson, has been hacking web applications professionally for 16 years. Ken is both a breaker and builder and is the CTO & Co-Founder of DryRun Security. Previously, Ken was a Director with GitHub's Product Security Engineering team and has held both technical and leadership roles both within the consulting world as well as a corporate defender. Previously, Ken has spoken about varying AppSec topics at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, OWASP Global events, DevOpsDays DC, LASCON, RubyNation, and numerous other events. Ken's current passion project is the Absolute AppSec podcast with Seth Law and the practical secure code review course they offer thru DEF CON and other training venues.
Ken utilizes LLMs heavily in his work and has a wealth of real world applicable skills to share in applying LLMs to the application security domain.
- ics Calendar file
This comprehensive course is designed for developers and cybersecurity professionals seeking to harness the power of Generative AI and Large Language Models (LLMs) to enhance software security and development practices. Participants will gain a deep understanding of LLM functionality, strengths, and weaknesses, and learn to craft effective prompts for diverse use cases. The curriculum covers essential topics such as embeddings, vector stores, and Langchain, offering insights into document loading, code analysis, and custom tool creation using Agent Executors.
Course highlights:
Seth Law is the Founder and Principal Consultant of Redpoint Security (redpointsecurity.com). Over the last 20 years, Seth has worked within multiple security disciplines, including application development, cloud architecture, and network protection, both as a manager and individual contributor. Seth has honed his security skills using offensive and defensive techniques, including tool development and security research. His understanding of the software development lifecycle and ability to equate security issues to development tasks has allowed him to speak at conferences ranging from Blackhat and DEF CON to local security meetups. In his spare time, Seth revels in deep-level analysis of programming languages and inherent flaws, develops the iOS version of HackerTracker, and co-hosts the Absolute AppSec podcast with Ken Johnson.
Seth utilizes LLMs heavily in his work and has a wealth of real world applicable skills to share in applying LLMs to the application security domain.
SpeakerBio: Ken "cktricky" Johnson, Co-Founder and CTO at DryRun SecurityKen Johnson, has been hacking web applications professionally for 16 years. Ken is both a breaker and builder and is the CTO & Co-Founder of DryRun Security. Previously, Ken was a Director with GitHub's Product Security Engineering team and has held both technical and leadership roles both within the consulting world as well as a corporate defender. Previously, Ken has spoken about varying AppSec topics at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, OWASP Global events, DevOpsDays DC, LASCON, RubyNation, and numerous other events. Ken's current passion project is the Absolute AppSec podcast with Seth Law and the practical secure code review course they offer thru DEF CON and other training venues.
Ken utilizes LLMs heavily in his work and has a wealth of real world applicable skills to share in applying LLMs to the application security domain.
- ics Calendar file
Have I Been Ransomed? is a specialized security service, akin to Have I Been Pwned, designed to detect personal data exposure specifically from ransomware leaks. As ransomware attacks increasingly involve data theft and public dumping, individuals need a way to check if their personally identifiable information has been compromised. Our platform goes beyond standard database checks by processing a wide array of leaked file types, including PDFs, documents, and text files. We employ advanced optical character recognition coupled with sophisticated large language models to meticulously scan unstructured data and extract sensitive identifiers such as national ID cards, driver’s licenses, and social security numbers. Have I Been Ransomed? provides critical awareness, empowering users to discover if their sensitive information has been exposed in a ransomware incident and enabling them to take proactive steps against potential identity theft and fraud.
SpeakerBio: Juanma "M4C" TejadaJuanma is a telecommunications engineer with a profound passion for drone technology and the complexities of hacking. His journey into the cybersecurity realm began unconventionally. Initial explorations through various online forums, driven by early curiosities, unexpectedly ignited a deep interest in the mechanics of data leaks, system breaches, and the evolving tactics of ransomware groups. This non-traditional path provided firsthand exposure to the cyber underground, equipping him with practical, real-world insights into attacker motivations and methodologies. This unique background grants him a grounded perspective, making him well-qualified to discuss the practical applications and implications within the current cybersecurity landscape.
- ics Calendar file
"Hack it if you can" Challenge: HavocAI is challenging hackers at DEF CON 33 to find vulnerabilities and exploits in their "Rampage" Autonomous Surface Vessel software and hardware, offering a $5,000 prize for the best cyber minds who demonstrate exploits. This initiative aims to strengthen the security of autonomous vessels for national security purposes. Pre-registration and US citizenship (with passport) are required to participate.
SpeakerBio: Daniel Morrisey, HavocAI
- ics Calendar file
A place for people with disabilities to hear talks aimed at hacking disabilities / gear / specific topics on security and safety. To have a place to recharge assistance devices, get assistance with disability issues, to have a safe space to retreat should things get to be too much, to form community bonds with other hackers with disabilities and to be an educational outreach and support system showing that just because you have a disability you can still be a hacker and part of the community. Also a break area for service animals, and people with sensory issues.
- ics Calendar file
- ics Calendar file
This presentation will describe the history and significance of the California Top to Bottom Review (TTBR), the landmark study of voting systems whose report disclosed many serious security vulnerabilities in the systems used in California and led to changes in the systems certified for use in that state. The talk will also cover that study’s lesser-known but equally important cousin, the Post Election Audit standards Working Group, whose report gave rise to the fundamental concept of risk limiting audits (RLAs).
SpeakerBio: Debra Bowen, The HonorableDebra Bowen was the elected Secretary of State of California for two terms from 2007 to 2015. Prior to that, from 1992 to 2006, she had been a member of the California Assembly and then the Senate. In 2007, at the beginning of her term as Secretary of State, she commissioned the Top to Bottom Review (TTBR) of voting systems used in California. The review involved top computer security researchers, attorneys, and accessibility experts, and provided the nation with an unprecedented view into the state of voting machines. The TTBR led to critical changes to improve California’s elections and influenced other states to move away from the most insecure voting systems. In parallel she commissioned the Post Election Audit Standards Working Group (PEASWG), a group of experts charged with outlining standards for election auditing. From their report emerged the very first formal description of what came to be known as risk-limiting audits (RLAs), now widely viewed as the “gold standard” of auditing techniques. RLAs make the notions of evidence-based elections and software independence, two of the fundamental pillars of election integrity, an achievable goal.For her “bold leadership and her steadfast resolve to protect the integrity of the vote” she was honored with a 2008 Profile in Courage Award by the John F. Kennedy Presidential Library and Museum.
- ics Calendar file
Bring your best and brightest costume, clothing, displays, and toys to show off and earn the adoration of the masses.
- ics Calendar file
This thought-provoking session dives into the dual-edged role of artificial intelligence in the phishing ecosystem. On one side, AI is enabling attackers to craft more convincing and scalable phishing campaigns, making detection increasingly difficult. On the other, it's empowering defenders with smarter tools for real-time detection, adaptive filtering, and behavioral analysis. Attendees will gain insight into how AI is transforming both offensive and defensive strategies—and what that means for the future of cybersecurity.
SpeakerBio: Levone CampbellLevone is a recognized cybersecurity expert specializing in the intersection of artificial intelligence and social engineering attacks. With over 18 years of experience in threat intelligence and defensive strategy development, Levone has advised Fortune 500 companies and government agencies.
- ics Calendar file
Many automotive dealers in the USA utilize centralized platforms for everything from sales to service to marketing. The interconnectivity of various systems makes things easy to manage, but also exposes certain risks should any of these systems have a vulnerability. API flaws were discovered in a top automaker's dealer platform that enabled the creation of a national admin account. With that level of access, being able to remotely take over your car was only the tip of the iceberg…
SpeakerBio: Eaton Zveare, Senior Security Research Engineer at Traceable by HarnessEaton is a senior security research engineer at Traceable by Harness. As a member of the ASPEN Labs team, he has contributed to the security of some of the world's largest organizations by finding and responsibly disclosing many critical vulnerabilities. He is best known for his high-profile security disclosures in the automotive space: 1, 2, 3.
- ics Calendar file
In this talk I'll describe our investigation of ad-hoc, proprietary EMV features from Apple, Google, Samsung and Square and show that companies independently retrofitting and over-loading the core EMV specification has led to a range of security problems. Along the way I'll show how we managed to do unauthenticated, over-the-limit, offline payments for Mastercard and ultimately take 25000 from an EMV terminal with no payment card at all. On the defense side I'll discuss how formal modeling can make EMV payments safer and I'll describe our distance bounding amendment to the ISO 14443 standard that could make all EMV payments safer.
SpeakerBio: Tom Chothia, Professor in Cyber Security at School of Computer Science, University of BirminghamTom Chothia is a Professor of Cyber Security at the University of Birmingham, UK. His research involves the development of new mathematical analysis techniques, and the application of these techniques to real world cyber security problems. His past work on the security of EMV, ApplePay, banking apps, pacemakers and video game cheats have all received widespread media coverage.
- ics Calendar file
in this talk we review how amateur radio were used in the relief effort in NYC Sept 11.
What do you do when major Communications are disrupted and how amateur radio came to the rescue. We will talk about all the technology that was user to support the relief effort. Staffing requirements and jobs that Ham Radio operators did, challenges and solution for working a Major disaster will be covered. Lessons learned and opportunities for you to become involved in emergency communications.
- ics Calendar file
Join us to explore Reddit's defense strategy to handle massive traffic and sophisticated abuse. We'll delve into how Reddit tackles this challenge, from traffic analysis to innovative resiliency techniques, all while understanding why a tailored, in-house approach is vital for such a high-scale platform.
Speakers:Spencer "securimancer" Koch,Pratik Lotia
- ics Calendar file
The current bug bounty ecosystem thrives on collaboration between security researchers and organizations, yet it fundamentally hinges on mutual trust. Researchers are required to disclose detailed information about vulnerabilities, often exposing sensitive exploit data, while organizations must trust the accuracy and integrity of these disclosures. This trust-dependent model poses significant risks, including potential misuse of exploit information and uncertainties in reward allocations.
This presentation introduces innovative applications of zero-knowledge proofs through zkVMS (Zero-Knowledge Virtual Machines) and zkTLS (Zero-Knowledge Transport Layer Security) to revolutionize bug bounty programs. With zkVMS, researchers can cryptographically prove the existence of software vulnerabilities without revealing the exploit code or any sensitive details. Similarly, zkTLS enables the cryptographic verification of network interactions—such as HTTP requests leading to SQL injections—without disclosing the actual payloads involved.
We will delve into how these technologies eliminate the need for trust by allowing proof of vulnerabilities in a manner that protects both the researchers’ methods and the organizations’ assets. The session includes a live demonstration showcasing the practical implementation of trustless bug bounties using zkVMS and zkTLS. Attendees will gain insights into the technical mechanisms underpinning these tools and their profound implications for the future of secure, trustless collaboration in cybersecurity.
Join us to explore how zero-knowledge technologies are paving the way towards a new paradigm in vulnerability disclosure—one that enhances security while preserving confidentiality and integrity for all parties involved.
SpeakerBio: Anto Joseph, Principal Security Engineer at Eigen LabsAnto Joseph works as a Principal Security Engineer at Eigen Labs. He enjoys researching distributed systems,DeFi protocols,Android and ML systems.He is involved in developing and advocating security in blockchains & DeFi. Previously, he has worked at Coinbase, Tinder, Intel, Citrix and E&Y in multiple information security roles.He has been a presenter and trainer at various security conferences including BH USA, Defcon, BruCon, HackInParis, HITB Amsterdam, HackLu, Hacktivity, PHdays, X33fCon, NullCon, c0c0n and more. He is an active contributor to many open-source projects and some of his work is available at https://github.com/antojoseph
- ics Calendar file
Some people think the days of critical HTTP request smuggling attacks on hardened targets have passed. Unfortunately, this is an illusion propped up by wafer-thin mitigations that collapse as soon as you apply a little creativity.
In this session, I'll introduce multiple new classes of desync attack, enabling mass compromise of user credentials across hundreds of targets including tech giants, SaaS providers, and CDNs, with one unplanned collaboration yielding over $100,000 in bug bounties in two weeks.
I'll also share the research methodology and open-source toolkit that made this possible, replacing outdated probes with focused analysis that reveals each target's unique weak spots. This strategy creates an avalanche of desync research leads, yielding results ranging from entire new attack classes, down to exotic implementation flaws that dump server memory heartbleed-style. You'll witness attacks meticulously crafted from theoretical foundations alongside accidental exploits with a root cause so incomprehensible, the developers ended up even more confused than me.
You'll leave this talk equipped with everything you need to join me in the desync research endgame: the mission to kill HTTP/1.
References:
SpeakerBio: James "albinowax" KettleJames 'albinowax' Kettle is the Director of Research at PortSwigger, the makers of Burp Suite. He's best-known for pioneering novel web attack techniques, and publishing them at major conferences like DEF CON and Black Hat USA, at which he's presented for eight consecutive years. His most impactful research is HTTP Desync Attacks, which popularised HTTP Request Smuggling. Other popular attack techniques that can be traced back to his research include web cache poisoning, the single-packet attack, server-side template injection, and password reset poisoning.
He also loves exploring innovative tool concepts for security professionals, many of which have since become industry standard. Examples include introducing OAST via Burp Collaborator, bulk parameter discovery via Param Miner, billion-request attacks with Turbo Intruder, and human-style scanning with Backslash Powered Scanner. He's also the designer behind many of the topics and labs that make up the Web Security Academy.
- ics Calendar file
As the lines between IT and operational technology continue to blur, our Naval fleet faces a growing attack surface from propulsion and power to weapons and control systems. Enter MOSAICS Block 1, a Department of Defense framework for operational technology security to ensure real-time monitoring, safe active asset discovery, and behavioral threat detection tailored for mission-critical ICS. In this session, we will walk through how MOSAICS is being applied to Naval mission systems, highlighting Department of the Navy use cases. We will break down the reference architecture and offer candid insights on adapting this framework to protect legacy systems at sea without compromising lethality. This talk is for ICS defenders, red teamers, and cyber policy leaders who want a front-row view into how the Department of the Navy is operationalizing OT security at scale.
SpeakerBio: Michael FrankMr. Michael Frank is currently serving as the Deputy Chief Technology Officer for the Department of the Navy, responsible for identifying and assessing emerging technology. Prior to this role, Mr. Frank was a Principal with the Boston Consulting Group, helping public and private organizations solve technology related problems. Mr. Frank is also an Officer in the Marine Reserves, currently leading the Cybersecurity portfolio for the Marine Innovation Unit. He has served as the Red Cell lead for Exercise Cyber Yankee for the last five years. Mr. Frank holds an MS in Information Security from Carnegie Mellon University, an MBA from the Darden School of Business, and a BA in Accounting from Washington and Jefferson College.
- ics Calendar file
Zero Trust is a powerful concept—but when applied to certified avionics, it can become a safety hazard masquerading as a security control. This talk confronts the policy disconnect between modern cybersecurity mandates and the engineering realities of aircraft systems. We’ll explore how compliance-driven frameworks like NIST SP 800-207, when misapplied, introduce latency, complexity, and certification friction into environments where failure modes are measured in lives, not log files. Through real-world case studies, including GPS spoofing incidents and the F-35B ejection, we’ll examine how policies intended to improve resilience can degrade mission assurance. Attendees will leave with a better understanding of where Zero Trust principles can improve aerospace security and where policy must adapt to the constraints of safety-critical design. If your compliance checklist doesn’t include cognitive load, deterministic timing, or the cost of recertification, this talk is your turbulence warning.
SpeakerBio: Michael Crouse, Aircraft Embedded Systems Cybersecurity ExpertMichael Crouse is a CFII-rated instructor pilot, avionics tinkerer, and cybersecurity strategist specializing in safety-critical systems. With nearly two decades of experience securing U.S. Air Force aircraft, he’s designed, assessed, and defended everything from bomber avionics to anti-tamper and ground systems. He’s served as a lead embedded engineer, ISSM, systems integrator, and unwilling participant in far too many working groups that could’ve been emails. He’s built homebrew avionics, run RF threat detection from a hangar, and developed cyber controls that fail gracefully—even when the rest of the mission doesn’t. His certifications include CISSP, CEH, CFI, and Amateur Radio General Class (because some “wireless” attack surfaces still ride HF). He holds an M.S. in Cybersecurity (completed in just three weeks, because why not). He brings the mindset of a pilot, the discipline of a systems engineer, and the deep disappointment of someone who’s watched Zero Trust get bolted onto safety-critical systems with all the subtlety of a cargo door falling off at cruise.
- ics Calendar file
Our human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.
A badge is required for each human age 8 and older.
You are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don't know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.
Linecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
Online badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
Please help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
You will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash -- it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site -- they will not be mailed or shipped.
We can scan the QR code either from your phone's display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.
If you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 before July 18, and $84 on and after July 18.
Online purchases are provided a receipt via email when the purchase is made.
Online purchase -- often referred to as pre-registration -- does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.
Badges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.
There are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.
We are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt on plain paper.
If you've purchased a DEF CON badge as part of your Black Hat registration, you're in luck - you will be able to pick up your DEF CON badge at Black Hat on Thursday. Please bring your Black Hat badge and watch for emails from Black Hat about where exactly the badge pickup will be. There will be DEF CON goons at Mandalay at the pickup desk to help out and answer questions.
Please note that DEF CON is not able to access or verify Black Hat registration or attendee info. DEF CON's preregistration list is not the same as Black Hat's. For help, ask at Black Hat registration or the concierge area.
Want to buy multiple badges? No problem! We're happy to sell you however many badges you want to pay for.
If you lose your badge, there is unfortunately no way for us to replace it. You'll have to buy a replacement at full price. Please don't lose your badge. :(
If you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
If you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.
- ics Calendar file
This talk details a comprehensive reverse engineering analysis of stored-value laundry cards, prevalent in facilities worldwide. The widespread adoption of localised contactless payment solutions, attributed to their convenience, necessitates understanding their internal operations. This analysis explores the mechanisms behind value storage and modification within these cards. During this investigation, a data structure was identified that presented a significant vulnerability. The implications of this vulnerability raise serious concerns, which extend beyond laundry facilities, potentially impacting the security of similar contactless systems globally.
Speakers:Aidan Nakache,EquipAidan is a 16-year-old cybersecurity researcher and hardware hacker with a focus on RFID, reverse-engineering, and access-control systems. He developed the Metroflip app for the Flipper Zero, enabling metro-card interaction, and has also cloned AirTags onto microcontroller boards using BLE and reverse-engineering techniques. Aidan competes in CTFs, earning second place at Bsides Las Vegas, and shares his open-source work on GitHub (luu176) to connect with like-minded peers.
SpeakerBio: EquipEquip is an access control researcher based in Britain, with a focus on RFID systems. Known for his hands-on approach, he’s often found experimenting with RF tech and spreading the good word. Equip is an active contributor in RFID-focused Discord communities, where he regularly helps others troubleshoot and learn. He shares his RFID projects and discoveries on GitHub & Gists, making his work accessible for others in the field.
- ics Calendar file
This workshop will provide an in-depth, practical demonstration of how real-world Red Team operations are conducted, focusing on the physical aspect of intrusion. We will walk through the entire lifecycle of an engagement, from intelligence gathering and planning to execution and exfiltration.
Unlike operations in other regions, this case study is set in a Brazilian environment, where high crime rates, armed security, and unpredictable urban risks add a unique layer of complexity to physical Red Team engagements. Security personnel in Brazil often rely on physical force and firearms rather than solely procedural measures, making adversarial simulation far more challenging and dangerous.
This session aims to expose security professionals to the often-overlooked risks posed by hybrid attacks and demonstrate why organizations—especially in high-risk regions—must integrate physical security, cybersecurity, and situational awareness to build a comprehensive defense strategy against evolving threats.
Due to high crime rates and frequent security threats, Brazilian companies must adopt stricter policies and proactive security measures to mitigate risks. The increasing sophistication of both criminal organizations and Red Team adversaries forces companies to rethink their physical and cybersecurity defenses, imposing more restrictive controls, robust employee training, and continuous security assessments to ensure resilience against real-world hybrid threats.
Participants will gain insights into advanced Red Team techniques used to bypass security controls, leveraging real-world tactics such as social engineering, badge cloning, physical intrusion, and covert device placement, all while considering the unique security landscape of Brazil. Through a detailed case study, we will showcase how an operation successfully led to the extraction of a sensitive financial document and the installation of a rogue device—in an environment where the risk of exposure carries real-world consequences beyond mere detection.
SpeakerBio: Jonathan CoradiJonathan Coradi works as a RedTeam Operator at Hakai Security and has over 7 years of experience in cybersecurity, working as an Offsec Leader in several companies in the industrial, financial and banking sectors in Brazil, focusing on penetration testing, Red Team operations, and physical operations. He also works as a BugHunter, ranking Top 1 on the Bug Bounty platform BugHunt, in addition to finding vulnerabilities in Microsoft, Uber, Mercado Livre, among others.
- ics Calendar file
I’ll break down five practical persistence mechanisms that allow adversaries to remain resident in virtualized environments (even through reboots, patching cycles, and partial remediation efforts). These include:
• Payload injection via local.sh and profile.local • Malicious services in /etc/init.d • Symlink hijacking of trusted binaries (like esxcli) • Custom VIB (vSphere Installation Bundle) creation and implantation
While some of these techniques have been observed in malware families like BadVIBes, VIRTUALPITA, and VIRTUALPIE, a couple others represent novel techniques we’ve weaponized in our lab environments but remain largely unobserved in the wild. Every approach is designed to leverage Living-off-the-Land (LOTL) native binaries and config paths, turning ESXi’s minimalism into an attacker’s advantage.
This talk will walk through each method with technical depth, LOTL payload examples, and visual demonstrations. I’ll also explore follow-on actions post-compromise such as ESXi firewall manipulation/DNS reconfiguration to facilitate stable C2 channels. If you're responsible for red team ops, adversary emulation, or just curious how attackers achieve deep infrastructure persistence, this session will show you a few different ways to persist beneath the hypervisor.
Speakers:JC (Crashwire),NathanJC is a Cyber Threat Analyst at a cybersecurity startup and a former U.S. Air Force Special Warfare operator. He focuses in studying and modeling adversary tradecraft, internal network and hypervisor exploitation, and researching stealthy persistence techniques. A regular CTF competitor and recent contributor to the MITRE ATT&CK v17 framework, he brings a mission-focused approach to red team research and offensive security
SpeakerBio: Nathan
- ics Calendar file
- ics Calendar file
- ics Calendar file
Last year, both of us (Eliraz and Alon) participated DEF CON, and the Cloud Village was our favorite. One of the topics that was well covered in last's year conference was the threat of Azure Managed Identities abuse. While many offensive aspects related to it were covered as part of DEFCON, and different articles and talks over the past year, the defensive aspects of it remained uncovered. This year we want to visit the cloud village again, this time sharing our research of the last 4 months, in which we will fill in this significant defensive gap to complement last year's talks, by focusing on proactive threat-hunting techniques to identify and address Azure MI abuse. By examining common attack vectors and presenting advanced detection strategies, we aim to bridge the visibility gap and equip security teams with practical tools for forensic investigation and real-time monitoring using diverse Microsoft log sources.
We aim to empower participants with advanced strategies for leveraging Microsoft log sources, providing practical knowledge and detailed examples that span both real-time monitoring and forensic investigation. This talk is grounded in comprehensive research we’ve conducted over the past few months, during which we simulated various MI abuse scenarios and analyzed relevant logs and detection opportunities across dozens of enterprise environments. We’ve already released the first 2 parts of our research series, the first part in which we explore the blast radius of a compromised Managed Identity and the significance of NHIs (Non-Human Identities) in the broader cloud threat landscape, and the second one in which we covered threat hunting, investigation techniques, and forensic analysis of such incidents. In this talk, we will cover this and more! Attendees will leave this session equipped with key takeaways that will help them immediately recognize and respond to incidents involving compromised Managed Identities. They’ll learn how to quickly determine if an MI was involved, assess its blast radius, correlate activity across five or more Azure log sources, and use Azure-specific forensic artifacts to speed up containment and remediation. And this isn’t just for incident response teams - SOC analysts and detection engineers will gain tools and techniques for building targeted detections that bring MI-based threats into visibility. Offensive security professionals will benefit too, gaining a clearer understanding of how MIs can be abused to move laterally across Azure subscriptions, Entra ID, Microsoft 365, and even hybrid environments.
Links to our published research docs: 1. Part 1 - Azure Managed Identities internals and blast radius - https://www.hunters.security/en/blog/abusing-azure-managed-identities-nhi-attack-paths 2. Part 2 - Azure Defense - detection, hunting, and DFIR - https://www.hunters.security/en/blog/azure-managed-identity-threat-hunting-detection-methods
Speakers:Alon Klayman,Eliraz LeviAlon is a seasoned Security Researcher with nearly a decade of expertise in cybersecurity and IT, specializing in cloud security, threat research, incident response, and threat hunting. With a strong focus on Azure attacks, he authored The Human-Friendly Guide: Incident Response & Threat Hunting in Azure Cloud. Currently serving as the Security Research Tech Lead at Hunters’ Team AXON, Alon has also held key roles as a DFIR Team Leader, pentester, and cybersecurity consultant. His extensive credentials include certifications such as GCFA, GNFA, CARTP, CESP, and CRTP
SpeakerBio: Eliraz LeviEliraz is a Security researcher, with 16 years of experience. Eliraz’s core expertise includes detection engineering, IR, and forensics. He’s worked on large-scale incidents, including ransom, data theft, and financial frauds. Furthermore, he’s collaborated with global enterprises on reinforcing security infrastructure, tuning hunting operations, and mentoring SOC analysts.
- ics Calendar file
Illumicon is all about Hackers lighting the Way! Throughout the day attendees will be able control the hands on displays with someone knowledgeable in the field nearby to answer any questions. The displays will include 2 professional laser displays controlled either by either analog or digital and several led fixtures all just waiting for attendees to make them shine. Knowledgeable people will be there to answer questions whether it is hardware, software, sourcing or design. We are here to get you on your way to letting your Blink Flag Fly!!
- ics Calendar file
Jump into our lightning improv session - 30 minutes of quick-fire skits to keep your social-engineer reflexes razor-sharp!
- ics Calendar file
Ready to think on your feet? Join Bryan and Kevin with our bite-sized improv showdown - jump in with activities that sharpen your social engineering chops (or just kick back and enjoy the laughs).
- ics Calendar file
Ever wonder what happens behind the scenes when a company gets hacked? Restoring systems, containing the damage, and keeping attackers out for good doesn't happen by magic — it takes skilled professionals to guide the process.
Enter the Incident Responder: part digital detective, part crisis manager. Their job is to figure out what went wrong, kick out the bad actors, and make sure it doesn’t happen again.
Join us for a beginner-friendly presentation on the essential role of Incident Responders in cybersecurity.
SpeakerBio: Joshua MorganJoshua Morgan is an information security enthusiast and practitioner in the Blue Team realm who enjoys mentoring newcomers to the industry, collaborating with others in the industry, and teaching the importance of securing all aspects of life through his work as an instructor at a local university for a Masters-level information security course.
Joshua has presented at DEF CON and BSides events and is active in the security community, working with the both Packet Hacking Village and Blue Team Village at DEF CON.
- ics Calendar file
Bootkits and Rootkits represent some of the most complex and stealthy forms of malware, capable of achieving full system control before and after the OS is loaded. While often discussed in theory, their actual construction, interaction, and execution flow remain mostly hidden from public view. This talk sheds light on how these implants are built and how their components interact across boot stages and kernel space.
We'll explore the internals of a fully functional UEFI Bootkit and Kernel-mode Rootkit, examining their modular design, runtime interactions, and the mechanisms used to hook critical parts of the Windows boot chain. Attendees will see how these implants operate across pre-boot and post-boot phases, including early internet connectivity from firmware, dynamic payload delivery, runtime service hooking, deep kernel control, and advanced capabilities like hiding files, processes, and network activity, blocking traffic, capturing keystrokes, and maintaining command and control directly from kernel space.
Everything shown on stage will be yours to explore: a complete Bootkit and Rootkit framework, fully customizable and ready to simulate real threats, test defenses, or build something even stealthier.
References:
Alejandro Vázquez Vázquez is a security researcher and Red Team Operator with deep expertise in Windows Internals, malware development, and advanced threat emulation. He is one of the few professionals who has publicly presented live bootkit and rootkit development, including real-world demos and open-source examples such as Abyss and Benthic.
He has been behind some of the most hands-on offensive projects out there: crafting custom malware for Red Team ops, deploying stealthy UEFI implants for long-term persistence, developing real OT honeypots to lure attackers targeting critical infrastructure, building AI-powered frameworks that automate and scale pentest workflows, and designing platforms to hunt and profile ransomware groups.
By day, he conducts offensive security operations while also serving as an instructor in several master's degrees, teaching malware analysis, exploit development, bootkits, and rootkits to the next generation of cybersecurity professionals. By night, he writes implants that play nice with modern security mechanisms. From pre-boot to the kernel, if it runs low enough, he wants to control it. And if it's undocumented, even better.
He doesn't just give talks. He builds the tools, shares the code, and gives you the full presentation, so you can run it yourself and teach others.
SpeakerBio: Maria "drkrysSrng" San JoseMaria is a cybersecurity specialist working for the Guardia Civil, Spain's national military police force. She has served in some of the most specialized cyber units within the organization, including the Cyberterrorism Group and, currently, the Cybercrime Department of the Central Operative Unit (UCO), where she focuses on cybercrime investigations and threat intelligence.
Before joining the Guardia Civil, Maria built a strong foundation as a software engineer, contributing to flight simulation systems for major air navigation entities such as ENAIRE (AENA) and ROMATSA (Romania).
Outside her official duties, she is passionate about malware analysis and reverse engineering, dedicating personal time to studying advanced threats and attack techniques. Her combined experience in software development and threat investigation gives her a unique, well-rounded perspective on both offensive and defensive security.
- ics Calendar file
In this tactic section the attendees will get to experiment with highly custom initial access payloads and the controls they are meant to bypass on MacOS. Attendees will be able to pick the tactics they want to run based on their experience. We plan on setting up the following tactics
Beginner: Create a simple pkg w/ pre and post install scripts. Creating an Application Bundle w/ installer guide to get around Gatekeeper. Creating a simple Configuration Profile to Disable Gatekeeper
Intermediate: Using an Application bundle to register and abuse existing URI handlers Abusing xcode URI handler to gain code execution Creating a pkg to over-write managed preferences and install a malicious browser extension
Advanced: Compiling and embedding Mythic poseidon implant as a Shared Library to get around EDRs Creating a MacOS VM to receive MDM config from a DEP enrolled device.
Speakers:Adwiteeya Agrawal,Jianqiang (Stark) LiAdwiteeya Agrawal currently works as an Offensive Security Engineer for a tech company in California. Adwiteeya has worked on several internal Red Teams and currently focuses on MacOS Security, Cloud Security and Purple Teaming. Adwiteeya graduated from Carnegie Mellon University with a Masters in Information Security and is passionate about all things security.
SpeakerBio: Jianqiang (Stark) LiStark is working @Snap as a red teamer.
- ics Calendar file
Mobile Device Management (MDM) apps route all traffic through managed VPNs, blocking traditional API interception methods. This creates major blind spots during security testing of high-privilege mobile apps.
KnoxSpy is a purpose-built tool that overcomes this limitation using dynamic instrumentation with Frida. It hooks into the target app’s network libraries to intercept traffic before it enters the MDM tunnel and after it exits, enabling real-time inspection and modification of API calls.
KnoxSpy allows security professionals to test APIs without breaking the MDM tunnel or modifying device policies. Requests can also be modified and reinjected seamlessly through the app’s own network stack.
Used successfully in multiple real-world assessments, KnoxSpy has helped uncover critical vulnerabilities in MDM-protected apps. A live demo will showcase how KnoxSpy enables deeper visibility into secured environments.
SpeakerBio: Subho Halder, CEO & Co-Founder at AppknoxSubho Halder is the CEO and Co-founder of Appknox, a leading mobile application security platform trusted by 500+ global enterprises. A security researcher turned product leader, he previously worked with Hewlett-Packard and has been listed in Facebook, Google, and Twitter’s Hall of Fame for responsible vulnerability disclosures. Subho specializes in mobile app security, reverse engineering, and kernel exploitation. He has presented at Black Hat and OWASP amongst other industry leading events. At DEFCON, he’s bringing his deep expertise to explore what it takes to test apps on enterprise-locked devices, without breaking policy.
--
Subho Halder is the Co-founder and CEO of Appknox, where he leads advanced research in mobile application security.
He’s spent over a decade deep in offensive security, with a focus on mobile kernel exploitation, runtime evasion, and real-world bypasses for things like RASP and root detection. Subho has shared his work at top conferences including Black Hat, Nullcon, OWASP Global AppSec, and Syscan, often blending hardcore technical research with practical attack demos.
At Appknox, Subho has helped protect more than 500 enterprise apps by embedding mobile security into CI/CD workflows and using real-device testing over emulators. His work has been instrumental in helping organizations in fintech, retail, and aviation catch what traditional tools miss.
By day, he runs a fast-growing SaaS security company. By night, he’s still reverse engineering mobile stacks and building tools that push the boundaries of what’s possible in appsec.
- ics Calendar file
Operational relay box (ORB) networks are used by hackers to obscure their true origin, effectively turning a network of computers into their own private TOR network. This talk is an inside look at a relay network we believe to be based in the People’s Republic of China based entirely on public data we stumbled upon. It will contain an unprecedented level of detail into the specific tools, networks, and development techniques used to create and operate an ORB network.
If you’re a cloud provider trying to stop this type of abuse, a defender trying to understand how to detect when a relay is being used, or a wanna-be attacker, this is the talk for you. We name the cloud providers, data storage systems, software tools, domain names, email addresses, and passwords that they use to create, maintain, and operate their network.
References:
Speakers:Michael "mtu" Torres,Zane "earl" Hoffmanmtu, otherwise known as Michael Torres, is a security engineer focused on detecting bad things at scale. Michael is also a Staff Sergeant in the United States Marine Corps Reserve, where he has been responsible for planning and conducting both offensive and defensive cyber operations. He likes to learn new stuff, then share it to benefit others, and is an active volunteer for VetSec (veteransec.org), a charity focused on helping military veterans have successful careers in cybersecurity.
SpeakerBio: Zane "earl" HoffmanEarf, also known as Zane, is a DevOps Engineer that does vulnerability research in his free time. Zane recently left active duty as a U.S. Marine, where he did vulnerability research and tool development full time. He is also a certified airplane seamstress, qualified to operate industrial sewing machines to maintain aircraft equipment. He likes to hike, climb rocks, and tear apart devices with his hot air gun, soldering machine, and funny looking glasses.
- ics Calendar file
In this rapid-fire, hands-on tactic, you'll go from zero to hacking your first API in 20 minutes! Find and exploit common REST API vulnerabilities in real-time. No prior hacking experience? No problem! APIs are a great first vector to begin your hacking journey. This workshop is designed for beginners who want quick, practical insights—and some fun along the way.
SpeakerBio: Corey BallCorey Ball is the founder and CEO of hAPI Labs, where he provides penetration testing services. He is the author of Hacking APIs, founder of APIsec University, and has over fifteen years of experience working in IT and cybersecurity. Corey holds the OSCP, CCISO, CISSP, and several other industry certifications.
- ics Calendar file
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
SpeakerBio: TOOOL
- ics Calendar file
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
SpeakerBio: TOOOL
- ics Calendar file
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
SpeakerBio: TOOOL
- ics Calendar file
- ics Calendar file
The OWASP Amass Project has become a foundational toolset for security researchers, bug bounty hunters, red teamers, and defenders who rely on automated reconnaissance and external asset discovery to map attack surfaces. With the release of Amass v5.0, the project has undergone a major architectural transformation centered around the Open Asset Model (OAM)—a structured property graph that defines how Internet-facing assets and their relationships are stored, analyzed, and queried.
This two-hour hands-on workshop, led by Jeff Foley, the project’s founder and long-time maintainer, offers attendees a first look at Amass v5.0’s new intelligence collection engine, which seamlessly populates the Open Asset Model database during enumeration operations. The session will walk through how Amass collects and organizes OSINT from various sources—including DNS records, WHOIS/RDAP data, TLS certificates, and more—and models the results as a dynamic graph of properties and relationships between discovered assets.
Participants will learn to use core Amass tools such as:
amass enum – for deep, recursive asset discovery using passive and active techniques
amass subs – for quick subdomain discovery from the Open Asset Model database
amass viz – to render interactive visualizations of asset relationships in the Open Asset Model
In addition to these staples, the workshop will introduce the new assoc tool, a powerful query interface designed to unlock the true potential of the Open Asset Model database. Built around a custom Triples query language, the assoc tool enables users to describe paths—called association walks—through the asset graph, surfacing linked insights across related properties (e.g., domains associated with a network, IPs linked to DNS records, etc.). The language is inspired by RDF-style triples but optimized for simplicity and clarity in cybersecurity investigations.
Amass v5.0 also ships with completely refactored documentation, providing diagrams to help users understand the data types, their fields, and their associations within the OAM. This new documentation dramatically lowers the learning curve for users new to the Amass Project, making it easier to build mental models of how different types of Internet assets are discovered and interrelated.
This workshop will include a live walkthrough of setting up and running Amass v5.0, from enumeration to advanced queries. Participants will leave with hands-on experience using the full Amass suite, understanding how the Open Asset Model works under the hood, and writing association walk queries using Triples.
What to Expect:
Real-world reconnaissance examples using Amass against publicly available targets
Query design exercises with assoc to extract actionable intelligence
Tips for integrating Amass data into your own tooling and pipelines
Visual mapping of organizational assets using OAM and viz
Level: Intermediate Some experience with OSINT tools, command-line interfaces, or network security is recommended but not required. The workshop is designed to be self-contained and accessible.
Attendees are encouraged to bring a laptop and follow along. Project contributors will be present throughout the session to provide hands-on support, answer questions, and help troubleshoot issues in real time, making this a highly interactive experience.
By the end of the session, participants will walk away with practical skills in reconnaissance, data extraction from structured asset models, and a solid understanding of how Amass v5.0 is redefining modern Internet-wide discovery.
Join us at DEF CON to explore the future of OSINT automation and asset intelligence with OWASP Amass!
SpeakerBio: Jeff "caffix" Foley, Founder & Project Leader, OWASP AMASS at OWASPJeff Foley has over 20 years of experience in information security, focusing on research & development, security assessment, and attack surface management. During the last eight years, Jeff identified a lack of situational awareness in traditional information security programs and shifted his attention to this vital function. He is now the Project Leader for Amass, an OWASP Foundation Flagship Project that provides the community with guidance and tooling for in-depth attack surface mapping and asset discovery. Jeff has assisted various companies with attack surface management and has been invited to speak at conferences. In past lives, Jeff was the Vice President of Research at ZeroFox, focused on proactive cybersecurity outside the traditional corporate perimeter. He also served as the Global Head of Attack Surface Management at Citi, one of the largest global banks, and started their first program addressing exposure management. Jeff began his career serving the United States Air Force Research Laboratory as a contractor specializing in cyber warfare research and development. He concluded his government contracting at Northrop Grumman Corporation, where he performed the roles of Subject Matter Expert for Offensive Cyber Warfare Research & Development and Director of Penetration Testing. In these roles, he also developed a penetration testing training curriculum for the Northrop Grumman Cyber Academy and taught trainers to utilize the material across this international organization. During his time in this profession, Jeff has taught at various academic institutions on offensive security, cloud security, and attack surface management.
- ics Calendar file
The rapid advancement of deepfake technology, powered by generative adversarial networks (GANs), has revolutionized creative industries but poses significant challenges to global financial security through identity fraud. This study examines the legal and regulatory frameworks addressing deepfake-enabled financial crimes in the UK, EU, and Asia, highlighting the growing sophistication of such fraud, exemplified by a 2024 case in Hong Kong where cybercriminals used deepfake video conferencing to defraud a multinational company of $25 million. Employing a comparative legal analysis and case study approach, this research evaluates the effectiveness of existing regulations, identifies enforcement challenges, and analyzes real-world cases to expose legal gaps. Findings reveal that while China has implemented specific deepfake regulations, the UK, EU, and Hong Kong rely on broader fraud and data protection laws, lacking targeted provisions. These inconsistencies hinder prosecution and cross-jurisdictional cooperation. The study proposes balanced regulatory strategies to combat deepfake-enabled financial fraud while fostering AI innovation, offering critical insights for policymakers, legal practitioners, and financial institutions navigating this evolving threat landscape.
Speakers:Noel Wong,KC WongNoel is a Postgardute student of Master Degree in UCL, major in CyberCrime
SpeakerBio: KC Wong, Hardware Ninjahardware.ninja is an independent security researcher. He focuses on hardware security researches, penetration test, incidents response and digital forensics analysis. He was the first and the only Asian leading a group of white-hat hackers to hold an in-depth, hands-on hardware hacking village in BLACK HAT and DEFCON. He is also a frequent speaker and trainer in different top-notch security and forensics conferences including SANS, HTCIA, DFRWS, GCC, CodeBlue, HITB, SINCON, AVTokyo and HITCON.
- ics Calendar file
SeVa has three primary independent modules: 1) Connector - To connect with a secret source and fetch the details, support major secret scanners 2) Enhancer - This module identifies the secret type and what additional information is required to make a decision on validation as defined above. It also fetches the complimentary information from affected area 3) Validator - This engine validates the secrets and makes the decision on secret validity and provides the output in multiple formats
SeVA provides a fast and noninvasive way to verify credentials with non-intrusive API calls without secrets leaving organization infrastructure. It can be adopted as easily as writing a GitHub Action workflow.
Speakers:Leon Denard,Pramod RanaLeon Denard is a red teamer and application security engineer at Netskope, where he focuses on secret validation, offensive tooling, and helping teams identify security gaps before attackers do. He has led red team operations across finance, cloud, and enterprise environments, combining deep technical work with a strong understanding of secure development practices.
He has hands-on experience with phishing campaigns, password cracking, detection evasion, and building tools to automate repetitive tasks. He is a DEFCON "Crack Me If You Can" champion, GPEN certified, and shares his work at github.com/ltdenard, where he builds and publishes tools.
SpeakerBio: Pramod RanaHe has presented at BlackHat, Defcon, nullcon, OWASPGlobalAppSec, HackMiami, HackInParis and Insomnihack before.
He is leading the application security team in Netskope with primary focus on integrating security controls in the development process and providing security-testing-as-a-service to engineering teams.
- ics Calendar file
Forget the noise.
Get to JustHacking.com!
2 Mini-Workshops
Only 15 Minutes Each
Talk to Your “Things” with MQTT
Learn device comms in a virtual smarthome
Router Ruh Roh!
Find clues of an attack in OpenWRT firmware
No Schedule! Just sit down & start learning!
- ics Calendar file
Join IoT Village while we party like its 2015 to celebrate 10 years of IoT Village! Join us from 9-midnight for live music, refreshments, and lots of fun.
Did we mention birthday cake?
- ics Calendar file
(DCNextGen is for youth 8-18 attending DEF CON) Ray [REDACTED], Jack Rhysider, and many special surprise guests Meet and Greet. Here is your chance to chat with some real 1337 hackers and ask them about their cool hacker stories and even learn about content creation.
Speakers:Ray [REDACTED],Jack RhysiderHost of the Darknet Diaries
- ics Calendar file
This talk presents a deep dive into a real-world case where KeePass — a widely trusted open-source password manager — was weaponized and used as part of a malware delivery campaign. The attackers distributed a trojanized version of KeePass through Bing malicious advertisements, leveraging fake download pages to lure unsuspecting victims searching for the software. The modified binary retained full KeePass functionality, making it nearly indistinguishable from the legitimate version. Behind the scenes, it acted as a stealthy loader, ultimately deploying a Cobalt Strike BEACON to establish persistent access.
SpeakerBio: Juho Jauhiainen
- ics Calendar file
Over the past decade and a half, the tactics of threat actors have quietly but fundamentally transformed. What began as slow, targeted intelligence gathering has evolved into automated, scalable exploitation of exposed assets—often before defenders even notice. In this keynote, we’ll trace the journey of threat actor innovation, highlighting shifts in recon methods, asset targeting, and speed of attack. We’ll dissect common attack surface mistakes that open the door for breaches, especially in the last couple of years, and challenge assumptions around visibility and control. The attack surface is always in motion—are you keeping up?
SpeakerBio: Muslim KoserMuslim has over 25 years of Information Security Experience with a core focus on Cyber Threat Intelligence, Cyber Risk Management, and Cybersecurity consulting. Before Volon & Fortinet, he worked at FireEye Inc. where he headed one of their Cyber Threat Intelligence Research team. Muslim set up the Cyber Threat Research team for iSIGHT Partners in India, which was one of the first teams to work in this domain.x000D x000D Muslim has also been a member of the Honeynet Project as well as the Indian Honeynet Chapter and involved in Detux Sandbox, which was one of the first online Linux sandbox services. As part of the Honeynet project, Muslim was also involved in the design of the open-source spam Honeypot SHIVA.x000D x000D Previously, Muslim was based in Malaysia, where he led the information security consulting practice for Network Security Solutions. Muslim is also credited with involvement in establishing national-level CERTs and consulting for various corporate CSIRTs.
- ics Calendar file
Attacking AI is a one of a kind session releasing case studies, tactics, and methodology from Arcanum’s AI assessments in 2024 and 2025. While most AI assessment material focuses on academic AI red team content, “Attacking AI” is focused on the task of assessing AI enabled systems. Join Jason as he discusses his seven point methodology to assessing these systems and releases Arcanum’s prompt injection taxonomy and other resources for aspiring testers.
SpeakerBio: Jason "jhaddix" Haddix, Field CISO at flare.ioJason has had a distinguished 20-year career in cybersecurity, previously serving as CISO of Buddobot, CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin.
He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis.
Jason is a hacker, bug hunter, and is currently ranked 57th all-time on Bugcrowd's bug bounty leaderboards. Currently, he specializes in recon, web application analysis, and emerging technologies.
Jason has also authored many talks for world-renowned conferences like DEF CON, Bsides, Black Hat, RSA, OWASP, Nullcon, SANS, IANS, BruCon, ToorCon, and many more.
Jason Haddix AKA jhaddix is the CEO and “Hacker in Charge” at Arcanum Information Security. Arcanum is a world class assessment and training company.Jason has had a distinguished 20-year career in cybersecurity previously serving as CISO of Buddobot, CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason is a hacker, bug hunter and currently ranked 57st all-time on Bugcrowd’s bug bounty leaderboards. Currently, he specializes in recon, web application analysis, and emerging technologies. Jason has also authored many talks on offensive security methodology, including speaking at cons such as DEFCON, Besides, BlackHat, RSA, OWASP, Nullcon, SANS, IANS, BruCon, Toorcon and many more.
- ics Calendar file
Defeat the Keysight CTF challenge for a change to win a Riscuberry IoT hacking training kit that comes with a picoscope, a bus pirate, and much more!
See one of the Keysight staff for details.
- ics Calendar file
Killnet built its reputation as a decentralized Russian hacktivist force - loud, chaotic, and conveniently aligned with Kremlin objectives. But under the surface, it was something else entirely: a centralized operation controlled by a small group, using noise and hate as cover.
This is the inside story of how a team of just nine people delivered a kill shot to destroy this illusion.
Through targeted investigation and direct engagement, we exposed Killnet’s critical weakness: a financial link to Solaris, at that time, one of Russia’s largest dark web drug markets. By publicly tying their operations to organized cybercrime - we disrupted their narrative, broke internal trust, and triggered full collapse. The result? Loss of state support, severed financial channels, and a rapid implosion of the group’s infrastructure.
We’ll walk through how we tracked Killnet’s leadership, exposed its frontman “KillMilk,” and uncovered the criminal network behind the public facade. Along the way, you’ll get a firsthand look at the real tactics - OSINT, infiltration, pressure points - that brought down one of the most visible cyber collectives.
This isn’t just a postmortem. It’s a case study in strategic disruption, showing how small teams can go head-to-head with well-funded adversaries - and win.
References:
SpeakerBio: Alex HoldenAlex Holden is the founder and CISO of Hold Security, LLC. Under his leadership, Hold Security played a pivotal role in information security and threat intelligence, becoming one of the most recognizable names in its field. Mr. Holden researches minds and techniques of cyber criminals and helps our society to build better defenses against cyber-attacks.
- ics Calendar file
On Friday through Sunday, we have a non-competitive learning run, where you can go through the Kubernetes CTF scenario from a previous year. It has an available "cheat sheet" that shows you how to run through, start to finish! You can do this without the "cheat sheet" if you want a puzzle.
Each team/individual gets a Kubernetes cluster that contains a set of flags.
This is open to up to 30 teams and is available from Friday 12pm to Sunday 12pm Pacific.
We will support DEF CON players in the contest area during the following times: - Friday: 12:00-17:00 - Saturday: 10:00-17:00 - Sunday: 10:00-12:00
- ics Calendar file
Kubernetes is the de facto operating system of the cloud, and more and more organizations are running their workloads on Kubernetes. While Kubernetes offers many benefits, new users may introduce security risks like cluster misconfiguration, leaked credentials, cryptojacking, container escapes, and vulnerable clusters.
This workshop will teach you the fundamentals of Kubernetes security, from protecting your cluster to securing your workloads. You'll learn about RBAC, OPA, Security Contexts, Network Policies, and other security features. You'll also learn how to exploit workloads running on a Kubernetes environment using Living Off the Land (LotL) techniques like exploiting Insecure APIs, Secrets Theft, Container Escape and Pod Privilege Escalation, similar to the ones used by real-world threat actors.
This workshop is designed for both beginners and advanced students. By the end of the workshop, you'll have a deep understanding of Kubernetes security and the skills to protect your clusters and workloads
Outline: 1. A quick, 20-minute introduction to Kubernetes - https://github.com/Alevsk/dvka/blob/master/workshop/resources/Kubernetes%20Security_%20Attacking%20And%20Defending%20Modern%20Infrastructure.pdf 2. All labs in the beginner section - https://github.com/Alevsk/dvka/blob/master/workshop/README.md#-beginner 3. Challenge 1: Hack The NFT Museum - https://github.com/Alevsk/dvka/tree/master/challenge-1
SpeakerBio: Lenin Alevski, Security Engineer at GoogleLenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog https://www.alevsk.com.
- ics Calendar file
Damos inicio a La Villa con una charla especial sobre 0din, el GenAI Bug Bounty Program de Mozilla.
SpeakerBio: Marco Figueroa, GenAI Bug Bounty Programs Manager @ Mozilla | 0DinMarco Figueroa is the GenAI Bug-Bounty Programs Manager at Mozilla’s 0DIN program, the industry’s first dedicated LLM bug-bounty platform. He leads the global researcher community that dissects guardrails across ChatGPT, Claude, Gemini and open-source LLMs. Marco’s research has repeatedly shown how hex-encoded and other obfuscated prompts can coerce GPT-4o into writing working exploit code, a technique covered by The Register and Bitdefender’s Hot-for-Security column. He also uncovered the extent of OpenAI’s container file system exposure, demonstrating live upload-and-execute paths inside ChatGPT’s Debian sandbox, as reported in Dark Reading.
- ics Calendar file
Cuando cae la noche, La Villa sigue viva. Te invitamos al After Hours del sábado, un evento relajado de networking para conectar con speakers, organizadores, hackers y entusiastas en un ambiente informal. Comparte ideas, proyectos o simplemente disfruta de una buena charla con la comunidad. ¡Trae tu energía, tus stickers y tus ganas de convivir fuera del horario técnico!
- ics Calendar file
This demo will showcase a budget-friendly DIY laser fault injection rig, originally designed for the RP2350 Hacking Challenge. We will cover the mechanical preparation of QFN-packaged ICs, infrared die imaging, and the driving of high-power laser diodes to induce faults.
SpeakerBio: Kévin Courdesses
- ics Calendar file
- ics Calendar file
Latin America has a distinct cyber threat landscape, presenting a fragmented and heterogeneous IT infrastructure with often outdated systems, limited cyber maturity, and budget constraints converge, making it an ideal playground for cyberattacks.x000D x000D While ransomware is a global concern, in LATAM, threat actors enjoy extended dwell times, silently navigating networks, studying victim environments, and maximizing damage before encryption is deployed. This not only increases the success rate of the attacks but also enables operators to maintain persistence or monetize access by reselling it. The monetization of unauthorized access has become a growing market in Latin America, often just as profitable as ransomware deployment itself.x000D x000D The ransomware ecosystem has expanded significantly with business models like Ransomware-as-a-Service (RaaS). From Latin America, a region where the primary motivation for cyberattacks is financial, it's possible to see a different perspective on this ecosystem.x000D x000D This talk dives deep into the evolving ransomware threat landscape across LATAM, where attackers benefit from its unique landscape. We'll explore the TTPs of the most active ransomware families in the region, RaaS operations, prolonged Intrusions, and regional adaptations. Through technical analysis and regional case studies, we’ll highlight how ransomware operators are adapting to exploit legacy infrastructure, regional geopolitics, and socioeconomic realities.x000D x000D The topics covered will include:x000D *Brief overview of the LATAM ransomware threat landscape.x000D *Most active ransomware and RaaS families targeting LATAM, interesting and relevant case studies.x000D *Analysis of common TTPs and attacker behavior in LATAM ransomware intrusions.x000D *Socio Economic and geopolitical factors that influence attacker operations in the region.x000D *Monetization strategies beyond encryption: access resale, data exfiltration, and extortion trends.
SpeakerBio: Isabel Manjarrez, Threat Researcher[EN] With more than seven years of experience in the cybersecurity field, Isabel currently works as a security researcher for Kaspersky's Global Research and Analysis Team (GReAT). Based in Mexico, Isabel is responsible for investigating the most active threat actors in Latin America, tracking their movements and analysing the new techniques they implement. Isabel is also a speaker at international conferences and meetups. Her interests include threat intelligence, malware analysis, satellite communications, electronics and music.x000D ---x000D [ES] Con más de 7 años de experiencia en ciberseguridad, Isabel trabaja actualmente como investigadora de seguridad en el Equipo Global de Investigación y Análisis (GReAT) de Kaspersky.x000D Basada en México, Isabel se encarga de investigar a los actores de amenazas más activos en Latinoamérica, rastrear sus movimientos y analizar las nuevas técnicas que implementan. También participa como ponente en conferencias y reuniones internacionales.x000D Sus intereses incluyen la inteligencia de amenazas, el análisis de malware, las comunicaciones satelitales, la electrónica y la música.x000D
- ics Calendar file
Este panel celebra y visibiliza el talento, las trayectorias y los desafíos de mujeres latinoamericanas en el mundo de la ciberseguridad. A través de experiencias personales y profesionales, las panelistas compartirán cómo han construido su camino en la industria, los retos que han enfrentado y las oportunidades para fomentar una comunidad más diversa, inclusiva y representativa en el ámbito de la seguridad digital.
Speakers:Cybelle Oliveira,Christiane Borges,Isabel ManjarrezCybelle Oliveira is a Cyber Threat Intelligence researcher and a Master’s student in Cyber Intelligence. She teaches in a postgraduate CTI specialization program in Brazil and is the co-founder of La Villa Hacker — the first DEF CON village dedicated to the Portuguese and Spanish-speaking community.
Cybelle has spoken at some of the world’s leading security conferences, including DEF CON, BSides Las Vegas/São Paulo/Rio de Janeiro, 8.8 Chile, Cryptorave, Radical Networks, Mozilla Festival, and many others. Her work often explores the intersection of cyber threats, geopolitics, and underreported regions, with a particular interest in the strange, obscure, and catastrophically messy corners of cybersecurity.
Cybelle Oliveira es Consultora de Ciberseguridad, postgraduada en Cyber Threat Intelligence y estudiante de Máster en Ciberinteligencia en el Campus Internacional de Ciberseguridad de la Universidad de Murcia, España. Ha estado involucrada en activismo de privacidad y seguridad durante más de 10 años y ha presentado charlas en eventos por todo el mundo, como BSides LV, BSides SP, Girls Hack Village (DefCon), 8.8 Chile, Internet Freedom Festival, Radical Networks, Mozilla Festival, Roadsec, Cryptorave, entre otros. Cybelle forma parte de la comunidad Mozilla y es directora de la organización Casa Hacker.
SpeakerBio: Christiane Borges[EN] With more than seven years of experience in the cybersecurity field, Isabel currently works as a security researcher for Kaspersky's Global Research and Analysis Team (GReAT). Based in Mexico, Isabel is responsible for investigating the most active threat actors in Latin America, tracking their movements and analysing the new techniques they implement. Isabel is also a speaker at international conferences and meetups. Her interests include threat intelligence, malware analysis, satellite communications, electronics and music.x000D ---x000D [ES] Con más de 7 años de experiencia en ciberseguridad, Isabel trabaja actualmente como investigadora de seguridad en el Equipo Global de Investigación y Análisis (GReAT) de Kaspersky.x000D Basada en México, Isabel se encarga de investigar a los actores de amenazas más activos en Latinoamérica, rastrear sus movimientos y analizar las nuevas técnicas que implementan. También participa como ponente en conferencias y reuniones internacionales.x000D Sus intereses incluyen la inteligencia de amenazas, el análisis de malware, las comunicaciones satelitales, la electrónica y la música.x000D
- ics Calendar file
If you're a lawyer (recently unfrozen or otherwise), a judge or a law student please make a note to join Jeff McNamara for a friendly get-together, drinks, and conversation.
- ics Calendar file
What if you bypass SSIDs, association handshakes, IP, and every "normal" layer of Wi-Fi, and just sling raw 802.11 frames? With Scapy and two USB WiFi adapters, I'll demonstrate four bite-sized hacks that treat Wi-Fi as a blank RF pipe. No access point required.
Raw 802.11 File Drop: A wink to the fruit company's file-beam trick. Hurl a PDF into the airwaves and catch it on a friend's laptop. No pairing or IP required.
Walkie-talkie: Embed a PCM audio stream in raw broadcast frames. No association needed.
Meshtastic-over-Wi-Fi: Repackage the popular LoRa mesh-chat protocol into 802.11 frames for hop-to-hop messaging at Wi-Fi speeds.
WiFiFS: A FUSE filesystem mapping RF traffic to files. You can cat, cp, or grep packets as they fly by.
Each script is short enough to skim while your espresso shot pulls, light on dependencies, and leaves ordinary clients blissfully unaware of the mischief on channel 6. You'll walk away with working code, a new mental model of 802.11 as raw clay, and plenty of inspiration to craft your own oddball protocols. No access points, just DIY frame-level fun.
SpeakerBio: Allan Riordan BollAllan wrangles cloud infrastructure by day, and radio waves by night. An early SDR devotee from the sub-$20 RTL-SDR era, he can often be found between a hex editor and an FFT waterfall, tinkering with the invisible.
- ics Calendar file
Learning Nix can be off-putting, as many introductions dive into complex terminology and academic concepts, missing the chance to simplify Nix's advantages. Having given talks both internally and externally, I've shifted to showcasing fun, practical examples first, leaving the nuances for later. Join me to see some straightforward examples of what Nix can offer and why it might be worth adopting.
SpeakerBio: Farid Zakaria, Principal Engineer at ConfluentI am a software engineer, father, and wishful surfer. I currently work at Confluent on developer productivity and recently defended a Ph.D. in computer science at the University of California Santa Cruz. More relevant to Nix, I am a NixOS enthusiast, which has led me to rethink basic Linux primitives.
- ics Calendar file
The OWASP Amass Project has long been a staple in the open-source reconnaissance ecosystem, enabling security researchers, red teamers, and defenders to map attack surfaces through passive and active discovery techniques. Traditionally, tools like Amass have relied on DNS, certificate transparency logs, web scraping, and other data sources to infer the digital footprint of an organization. However, this approach often begins with known domains and struggles to comprehensively uncover the broader infrastructure—especially when initial input is minimal or obfuscated.x000D x000D This talk introduces a major advancement in the Amass discovery model: leveraging legal entity information as a pivot point for infrastructure enumeration. By incorporating corporate legal names, the project now enables users to query the Registration Data Access Protocol (RDAP) for associated IP address ranges directly linked to specific organizations. This evolution allows for a powerful “outside-in" discovery strategy—one that begins with an organization’s registered presence in global ICANN records and regional internet registries (RIRs).x000D x000D We will walk through how this process functions end-to-end within Amass, including:x000D x000D How legal entity names are normalized, enriched, and used to perform RDAP queries across multiple registries.x000D x000D How this approach facilitates infrastructure discovery even when no initial domain names or IPs are known.x000D x000D Ways in which the newly discovered CIDRs and netblocks are fed into the broader Amass enumeration engine for DNS sweeps, and passive data correlation.x000D x000D Importantly, this capability allows researchers to identify internet-connected assets that might otherwise be missed through traditional means—especially helpful for uncovering legacy infrastructure, misconfigured services, and shadow IT. It also helps bypass the inefficiency of wide-scale internet scanning by using authoritative registry data as a precise targeting mechanism.x000D x000D This talk will include practical demonstrations of the feature in action, guidance on using it effectively in both red and blue team workflows, and a look at where the project is heading next—including potential integrations with open corporate registries, LEI databases, and expanded RDAP coverage.x000D x000D Takeaways for Recon Village Attendees:x000D x000D Learn how legal entity metadata can be leveraged to scale reconnaissance beyond domains and WHOIS lookups.x000D x000D Gain an understanding of how RDAP reveals registered network ownership and how Amass now uses this for bottom-up discovery.x000D x000D See live examples of uncovering unknown IP ranges and infrastructure linked to an organization—without scanning the full IPv4 space.x000D x000D Understand the implications of this technique for external asset management, third-party risk analysis, and adversarial recon.x000D x000D By advancing outside-in discovery with deeper legal and registration context, Amass continues to push the boundaries of OSINT tooling—bridging the gap between traditional internet reconnaissance and more strategic, organizationally-aware approaches to mapping the modern attack surface.
SpeakerBio: Jeff "caffix" Foley, Founder & Project Leader, OWASP AMASS at OWASPJeff Foley has over 20 years of experience in information security, focusing on research & development, security assessment, and attack surface management. During the last eight years, Jeff identified a lack of situational awareness in traditional information security programs and shifted his attention to this vital function. He is now the Project Leader for Amass, an OWASP Foundation Flagship Project that provides the community with guidance and tooling for in-depth attack surface mapping and asset discovery. Jeff has assisted various companies with attack surface management and has been invited to speak at conferences. In past lives, Jeff was the Vice President of Research at ZeroFox, focused on proactive cybersecurity outside the traditional corporate perimeter. He also served as the Global Head of Attack Surface Management at Citi, one of the largest global banks, and started their first program addressing exposure management. Jeff began his career serving the United States Air Force Research Laboratory as a contractor specializing in cyber warfare research and development. He concluded his government contracting at Northrop Grumman Corporation, where he performed the roles of Subject Matter Expert for Offensive Cyber Warfare Research & Development and Director of Penetration Testing. In these roles, he also developed a penetration testing training curriculum for the Northrop Grumman Cyber Academy and taught trainers to utilize the material across this international organization. During his time in this profession, Jeff has taught at various academic institutions on offensive security, cloud security, and attack surface management.
- ics Calendar file
“Why can’t we just drone strike the ransomware operators in Russia?” “Can’t you just hack the threat actor’s servers and get our data back?” “If we don’t know about the fraud, we’re not legally responsible for it, right?” - Real Stroz Friedberg Client Questions, including one from CEO of a Fortune500 company
John and Heidi will lead an interactive, dynamic, and entertaining incident response tabletop session based on their years of experience and working on hundreds of incident responses together. They will walk through the details of a typical ransomware attack, while highlighting the legal frameworks and decision points that arise throughout the lifecycle of the investigation. From payment to OFAC-listed threat actors, to SEC disclosure rules, to that pesky CFAA, participants will be asked to engage at each inject. Participants will gain a deeper appreciation for the multitude of tradeoffs and difficult decisions business, technical, and legal stakeholders must make during an incident while operating within various legal and regulatory frameworks. Together, the presenters and participants will explore the potential ethical and policy positions that could alter or enhance the way incident response is handled in the future.
Speakers:Heidi Wachs,John W. Ailes, VI,Nathan SalminenHeidi L. Wachs is Managing Director, Engagement Management, and head of the Washington, D.C. office of Stroz Friedberg, where she helps clients prepare for and respond to data breach and cybersecurity incidents and develop and implement data privacy and information security programs. Ms. Wachs oversees complex investigations involving the collection, use, and sharing of data and personal information, in particular through the use of APIs, scraping, hacking, cookies, and other third-party web page integrations. Ms. Wachs' experience includes serving as a technical analyst and Chief Privacy Officer for a leading national research university. Ms. Wachs earned her B.A. in Journalism from Lehigh University and her J.D. from the Benjamin N. Cardozo School of Law. She is admitted to the bars of the District of Columbia and the United States Supreme Court.
SpeakerBio: John W. Ailes, VI, Stroz FriedbergJohn W. Ailes, VI is a DFIR Manager at Stroz Friedberg, where he leads and supports technical investigations into economically motivated cybercrime, state sponsored intrusion, and other forms of complex digital investigation. Mr. Ailes holds GIAC Certified Forensic Analyst, GIAC Certified Forensic Examiner, and GIAC Certified Reverse Engineering Malware certifications from the SANS institute and a B.S. in Cyber Security Engineering from George Mason University.
SpeakerBio: Nathan Salminen, Cybersecurity Lawyer at Hogan LovellsNathan Salminen is a cybersecurity lawyer at Hogan Lovells where he has helped clients prepare for and respond to hundreds of cybersecurity incidents, ranging from everyday business email compromises to massive data breaches and incursions by nation-state threat actors into companies in the financial or energy sectors. Before becoming a lawyer, Nathan worked as a software engineer and manager of technical teams for 13 years and completed the OSCP certification.
- ics Calendar file
The Linux operating system is a gateway to accomplishing numerous tasks in our hacking community; whether it is writing code in dozens of languages for free or using any manner of commands and tools for any task. While Linux is phenomenally powerful for many, it can be intimidating to persons who have not used it. We want to remove the intimidation. In this talk we describe what is Linux, we go over some key elements that we encounter in using it, and we compare some Linux elements with Microsoft Windows.
SpeakerBio: D.J. DavisD.J. Davis started his academic and work life on IBM mainframes and midrange systems in Operations and Development. After a decade of Development, he has worked in Systems Engineering, Network Engineering, WAN Design Enginering, IT Integration, Telecom Sustaining Engineering, and Information Security. D.J. holds a BS and MS in Business, Information Systems. He works in the Washington DC area.
- ics Calendar file
This talk dives into how Artificial Intelligence (AI) combined with Model Context Protocol (MCP) can revolutionize external attack surface testing. Attendees will learn repeatable, low-effort techniques to identify exposed assets, prioritize risks, and automate vulnerability discovery using AI-driven insights.
SpeakerBio: Shane KrauseShane Krause is a 25-year-old cybersecurity professional who broke into offensive security two years ago, fueled by a lifelong passion for technology and problem-solving. As a penetration tester, Shane Krause enjoys identifying vulnerabilities, simulating real-world attacks, and helping organizations strengthen their defenses. Outside of work, Shane Krause is an avid gamer who values connecting with others in the cybersecurity community and sharing knowledge to grow together in the field.
- ics Calendar file
Lex Sleuther is an internal tool developed at CrowdStrike for detecting the script language of an unknown text file based purely on its contents. We derive a novel approach using lexer generators and ridge regression and develop the solution as a compact Rust binary with Python bindings. We compare our solution to the current state of the art and present CrowdStrike’s own findings of relative efficacy in the field. Lex Sleuther has been recently open sourced for everybody to use.
SpeakerBio: Aaron "KNOX" JamesAaron has been the tooling guy for over 13 years, when he first wrote hacks for his favorite games. He still writes hacking tools, but now for security companies.
- ics Calendar file
The LHC Capture The Flag is a beginner-friendly, jeopardy-style competition designed to introduce newcomers to the exciting world of cybersecurity challenges. Participants will explore a diverse range of categories including steganography, radio communications, encryption techniques, and mind-bending puzzles, all structured to build fundamental hacking skills. This hands-on component provides a supportive environment for learning, with some challenges uniquely incorporating physical items that can be accessed in the LHC Community Room. Whether you're curious about cybersecurity or looking to develop your technical problem-solving abilities, this CTF offers an accessible entry point into the fascinating realm of hacking.
- ics Calendar file
First time attending DEF CON? If so stop by for our meet up to meet like minded people who are also coming for the first time by themselves or with friends to meet people to attend talks, villages, workshops, etc with!
- ics Calendar file
Give a talk about whatever you want, as long as it's less than 10 minutes! Or just come and chill in the Nix Vegas space for the Unconference.
- ics Calendar file
Knowing how to use the Linux command line is a critical skill for any good security practitioner. This trainer will have 10+ problems covering some of the most fundamental Linux commands. This trainer is for people new to field and for those who want to hone their Linux command line-fu.
- ics Calendar file
- ics Calendar file
Organizations across industries rely on "locked down" operator workstations to protect critical systems, but how secure are they really? As a penetration tester, I’ve put these defenses to the test across multiple verticals, using only the tools and permissions available to a standard operator account and on that local machine. Time and time again, despite variations in vendor solutions and industry-specific constraints, I found common weaknesses that allowed me to break out, escalate privileges, and compromise the system—often without triggering alerts.
This talk dives into the recurring security flaws that make these workstations vulnerable, from misconfigurations and weak application controls to a commonly overlooked "living off the land" technique. I’ll walk through real-world breakout scenarios, demonstrating how attackers exploit these weaknesses. But it’s not just about breaking out—I'll also cover practical, vendor-agnostic defenses to harden operator workstations against these attacks. Whether you’re a defender, engineer, or just curious, you’ll leave with a better understanding of the risks and how to make the attackers job that much harder.
SpeakerBio: Aaron BoydAaron Boyd is an experienced OT Cybersecurity Generalist with over 10 years experience in conducting penetration testing, vulnerability assessments, and threat hunting within complex OT/ICS infrastructures and applications in many different verticals. He is passionate about ensuring robust protection for critical infrastructure and firmly believes in focusing on real security improvements rather than just checking compliance boxes.
- ics Calendar file
Loong Community is Landing at DEFCON 33! Co-Hosted by Hong Kong & Singapore Crew!
Get ready to explore the cutting edge of hardware hacking & infosec tools at Loong Village in #DEFCON33!
This year, Loong is a powerhouse HK-SG collaboration focused on showcasing the vibrancy and talent of the Asian infosec community with tools all arouund the world! 🇸🇬🤝🇭🇰
Dive into hands-on mini-stations featuring: - 📡 SDR Playground (Signalens Pro, Kraken SDR, HackRF, RTL SDR. RF Explorer H Loop Antenna etc.) - ⌨️ BadUSB (Hak5 Rubber Ducky, USB Ninja, O.MG Cables) - 🔑 RFID/NFC Exploration (Proxmark3 RDV4.01, Flipper Zero, Signalens Pro) - 🌐 Network Pentest Tools (Wifi Pineapple, Cynthia, DualComm Network Tap, ScreenCrab) - 🎫 Exclusive Off-by-One (Singapore) Badges (available for purchase!) - Drone FPV simulator, VR/MR, Neo
- ics Calendar file
If you find something that seems to have been lost, please take that item to the nearest NFO Node. The item will enter the DEF CON Lost & Found system.
If you've lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in room LVCC - L2 - W238. You may also call Lost & Found at +1 (702) 477-5019.
The Lost & Found department plans to be open Thursday - Saturday, during all hours that the conference operates. On Sunday, the Lost & Found department will open with the venue at 08:00, but will close at the beginning of DEF CON 33 Closing Ceremonies (15:00). Shortly thereafter, all remaining lost items will be transferred to the LVCC. If you need to reach LVCC's Lost & Found, you may call LVCC Dispatch at +1 (702) 892-7400.
- ics Calendar file
Magnetic locks have been around for decades but receive relatively little attention from the lock-sport community when compared to other locking mechanisms. This talk will cover the different types of magnetic locking elements, the tools and theory needed to pick them, and how decoding attacks can and have been applied to defeat these locks "in the wild".
SpeakerBio: James Williams
- ics Calendar file
Kit cost $80
- ics Calendar file
- ics Calendar file
Deep dive into Android’s eSIM management APIs and how they can be abused.
Building and analyzing a proof-of-concept malware for silent eSIM installation and location harvesting.
Understanding telecom backend provisioning vulnerabilities enabling malicious profile injection.
Detection techniques, anomaly signals, and defensive engineering against malicious SIM profile abuse.
Live demonstration on extracting call metadata and geolocation from compromised profiles without raising alarms.
SpeakerBio: Ravi Rajput
- ics Calendar file
The Talk shall focus on possible ways malware and C2C can work in 5G Core, such as credential harvestor node sitting on Cloud/Routers, traffic redirectors,DOS on network etc
SpeakerBio: Akib Sayyed, Founder at Matrix ShellAkib Sayyed is the Founder and Chief Security Consultant of Matrix-Shell Technologies, an India-based telecom-security firm he established in 2014. Recognised industry-wide as a 5G and telecom-signalling security specialist, Akib has spent more than a decade helping mobile-network operators, MVNOs and regulators uncover and remediate vulnerabilities across legacy (2G/3G/4G) and next-generation (5G Core, VoLTE/VoNR/VoWi-Fi) networks. His expertise spans protocol penetration testing (SS7, Diameter, GTP), radio-access assessments and security-automation tooling.
Under Akib’s leadership, Matrix-Shell has grown into India’s first NCCS-designated 5G Core security test lab and holds ISO/IEC 17025 accreditation for its methodology and results. A frequent conference speaker and Black Hat trainer, he also co-organises the Telecom Village community, where he shares latest threat-intel and open-source tools with the wider security ecosystem. linkedin.com
Across consulting engagements, Akib is known for delivering:
Driven by a mission to “secure the core,” Akib continues to advise operators on rolling out resilient 5G infrastructure, mentors the next wave of telecom-security engineers and contributes to global standards bodies shaping the future of mobile-network defence.
- ics Calendar file
As part of an infostealer campaign we analyzed malware with ever increasing stages of obfuscation, each with varying techniques and languages. I'll dissect how this malware layered compiled Python, Nuitka, Node.js, WebAssembly, and Rust into a single infection chain for a simple Python-based infostealer. I'll show the techniques I used at each stage to get quick answers to its capabilities.
SpeakerBio: Brian Baskin
- ics Calendar file
En esta platica, abordare en profundidad el funcionamiento de MassLogger, un malware especializado en el robo de credenciales que ha sido utilizado en campañas dirigidas contra instituciones financieras. Mediante el análisis basado en ciberinteligencia desglosaremos su cadena de infección completa: desde el correo de phishing y los archivos comprimidos maliciosos, hasta la ejecución del payload y la exfiltración de información.x000D Se revisarán las tácticas, técnicas y procedimientos (TTPs) empleados, así como los artefactos clave utilizados en las campañas que hemos observado recientemente. Los asistentes aprenderán a identificar estos patrones, realizar el análisis de los artefactos, mapear los ataques con el framework MITRE ATT&CK y como generar estrategias de detección, respuesta y mitigación. Esta sesión brindará herramientas prácticas para enfrentar campañas emergentes como las de MassLogger, que comienzan a expandirse en Latinoamérica.
SpeakerBio: Jesika Juarez, Cyber Threat Intelligence at Financial InstitutionJesika Juarez es una analista con más de cinco años de experiencia en el campo de inteligencia de amenazas, actualmente fungiendo como líder de Cyber Threat Intelligence en una intitución Financiera. Especializada en análisis de malware, investigación forense y técnicas de OSINT (Open Source Intelligence), ha desempeñado un papel crucial en la identificación, análisis y mitigación de amenazas cibernéticas avanzadas. Jesika es egresada de la Facultad de Estudios Superiores Aragón de la carrera de Ingeniería en Computación, la cual cuenta con una certificación de Malware Analysis y Digital Forensics impartidas por Elearnsecurity.
- ics Calendar file
If you're familiar with lockpicking you've probably heard of master wafers, but have you ever heard of master keying by removing entire pin stacks?
This talk will cover master keying on pin-tumbler, disc detainer, and dimple locks. How they're designed, how to reverse master keys from leaked keys (or locks), and the tricks that manufacturers use to make this harder.
SpeakerBio: Max
- ics Calendar file
Five years after Apple radically empowered third-party security developers on macOS with the introduction of Endpoint Security, most developers grasp its fundamentals, but subtle nuances remain, and advanced features are still underutilized. And as the framework continues to evolve, even experienced developers can struggle to keep pace with its rapidly expanding capabilities.
This talk explores critical areas that frequently trip up developers, such as caching behaviors and authorization deadlines, before diving into Endpoint Security’s more advanced features like mute inversions. We'll also cover recently introduced capabilities—including the long-awaited TCC event monitoring which offer unprecedented visibility into permission-related activity often targeted by malware.
Each topic will include practical code examples, demonstrated and validated against sophisticated macOS malware.
Join us to move beyond the basics and unlock the full power of Apple's Endpoint Security framework.
References:
Patrick Wardle is the founder of the Objective-See Foundation, the CEO/Cofounder of DoubleYou, and the author of "The Art of Mac Malware" book series. Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Passionate about macOS security, Patrick spends his days discovering Apple 0days, studying macOS malware, and releasing free open-source security tools to protect Mac users.
- ics Calendar file
Cross-site scripting (XSS) remains a critical threat to web applications. This intensive, hands-on training session moves beyond theory to empower you to transform your web application codebase into a bastion of security, adhering to the rigorous standards pioneered at Google. We will equip you with the practical skills and tools to implement a defense-in-depth strategy, aiming for a future where XSS is a mitigated threat.
n this workshop, you won't just hear about solutions; you'll actively implement them. We will guide you through the step-by-step deployment of Google's most effective runtime protections against XSS—strict Content Security Policy and Trusted Types—drawing from our experience rolling these out across hundreds of products serving billions of users. You'll learn to integrate these with powerful compile-time protections to create a comprehensive security posture.
Speakers:Aaron Shim,Mayra RoblesAaron is a Senior Software Engineer at Google working on product security across all of Google's user facing webapps. Bridging the gap between security and development work, he has worked on product teams at both Google and Microsoft in the past, including Docs, GCP, and Visual Studio. He is extremely passionate about the developer experience and committed to empowering every dev to build the most secure and delightful products.
SpeakerBio: Mayra RoblesMayra Robles is a Software Engineer on Google's Information Security team. She specializes in web security and the protection of agentic systems. As an intern, she focused on making Trusted Types more user-friendly, debuggable, and easier to deploy at scale. Before focusing on security, she completed two internships at Microsoft, where she worked on user-facing features and pioneered workflows for AI-powered productivity interactions in the Edge browser. A native of Ciudad Juarez, Mexico, and a graduate of the University of Texas at El Paso, Mayra now lives in New York City and enjoys the local theater scene.
- ics Calendar file
The Android virtualization technique allows an app to create independent virtual environments running on top of the Android native one, where multiple apps can be executed simultaneously. While the technique has legitimate uses, attackers have identified ways to exploit it. According to the state-of-art, virtualization-based malware is a significant threat: researchers have found 71,303 malicious samples. Defence mechanisms have already been developed to find virtualization-based malware and to detect or prevent virtualization-based repackaging attacks.In this paper, we offer three key contributions. First, we experimentally evaluate the existing defence mechanisms by identifying their limitations and demonstrating how they can be bypassed. Second, we design and develop a new defence mechanism, called Matrioska, that overcomes the limitations of the state-of-art by detecting the intrinsic features of the virtualization technique. Third, we evaluate the effectiveness of Matrioska with respect to the state-of-art against two datasets of apps. Overall, Matrioska achieves a higher accuracy (99% vs. 71%) when searching for virtualization usage and a lower false positive (10 vs. 23) and false negative rate (14 vs. 39) when detecting a virtualization-based repackaging attack.
SpeakerBio: Samuele Doria, Università degli Studi di PadovaSamuele Doria is a PhD student at the University of Padua. He holds a Master’s Degree in Cybersecurity and a Bachelor’s in Computer Engineering.
His research focuses on Android Security, specializing in developing engineering solutions to enhance mobile device security. His work includes the development of tools and methodologies, leveraging static and dynamic analysis techniques. Passionate about technology, security and a CTF player.
- ics Calendar file
- ics Calendar file
In every modern Azure environment, Service Principals drive automation and integration. Yet, to support enterprise solutions in identity governance, cloud security, and DevOps automation, these principals are often endowed with broad Microsoft Graph API permissions—such as RoleManagement.ReadWrite.Directory, Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All, and ServicePrincipalEndpoint.ReadWrite.All. Even Entra ID roles that are not typically classified as “privileged” can be exploited, enabling attackers to modify Service Principal configurations and escalate privileges in unexpected ways. This session reveals groundbreaking research that uncovers how excessive Graph API permissions and the abuse of non‑privileged Entra ID roles create new exploitation pathways in Azure. We will detail common misconfigurations that, when left unmonitored, allow attackers to seize control of Service Principals and manipulate application configurations. In doing so, we introduce Azure AppHunter—a novel open‑source tool that scans Azure environments for Service Principals with dangerous permissions and maps out potential attack vectors. Attendees will gain practical techniques for detecting and mitigating these vulnerabilities, enforce least privilege, and integrate continuous auditing into their security workflows—all essential for securing Azure deployments against emerging threats.
Speakers:Marios Gyftos,Nikos VourdasMarios has been working on the Cyber Security field since 2017, started his career focusing on web application penetration testing but then continued on focusing more on cloud penetration testing including AWS, GCP and Azure. On his free times he enjoys playing basketball and chess.
SpeakerBio: Nikos VourdasNikos Vourdas, also known as nickvourd or NCV, is a Senior Offensive Security Consultant based in the US. With over four years of professional experience, he has actively participated in various global Tiber-EU and iCAST Red Teaming engagements. Regardless of his young age, Nikos has conducted full Red Teaming operations to major clients across retail, banking, shipping, construction industries. He holds OSWE, OSEP, OSCP, OSWP, CRTL and CRTO certifications. Nikos loves contributing to open-source projects and always starts his day at 05:00 AM with a refreshing jog while listening to Chinese rap music.
- ics Calendar file
In this audience participation-heavy session, you can get your PRs to nixpkgs reviewed and maybe even merged... if the build on one of our Threadripper Pro or Ampere systems passes.
Come with PRs in hand and call them out, and we'll review, build, and maybe even merge them on stage.
Rejected name: Whose PR Is It Anyway
- ics Calendar file
The DEF CON Memorial Chamber serves as a sacred space within our community — a place where we pause to honor those hackers whose brilliance and dedication have elevated not just our craft, but the entire security ecosystem. Here we remember figures whose generous spirit and willingness to coordinate security fixes demonstrated that true hacking greatness lies in collaboration. We are here because DEF CON has been the beating heart of the hacker community for over three decades, growing from 100 people in 1993 to the world's largest hacker conference. As Jeff Moss envisioned, DEF CON is what we make of it, this memorial space represents our commitment to ensuring that the legacy of those we've lost continues to inspire future generations of hackers to pursue knowledge, build community, and use their gifts to make the world better.
- ics Calendar file
- ics Calendar file
All merch sales are USD CASH ONLY. No cards will be accepted.
The published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)
Note that the closing hours here are when sales must have ended. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can't predict the length of the line or when doors will be closed.
- ics Calendar file
Inspired by the popular container sidecar pattern, this talk demonstrates a generic, open source NixOS module that brings the same security and isolation to bare metal services. We’ll explore how to declaratively wrap any systemd service, placing it in an isolated network namespace with its own mesh network client (e.g., Tailscale or Netbird). This approach makes services securely accessible on your mesh, fully firewalled from the host—no application changes required. Good fit for folks exploring declarative infrastructure and looking for practical ways to apply modern security patterns to their own servers.
SpeakerBio: Wes PayneSeattlite, Podcaster with Jupiter Broadcasting, Software Developer, and Linux Enthusiast.
- ics Calendar file
This presentation will detail the design and implementation of a Meshtastic-based command and control infrastructure. By leveraging the Meshtastic network for out-of-band communications, operators can achieve secure, decentralized monitoring and management of Linux hosts in hard-to-reach environments. Whether supporting a remote dropbox deployment or a distant ham shack, this solution enables encrypted shell access and configuration changes using a low-cost ($25) LoRa radio over extended ranges. Although not intended for high-bandwidth tasks, it provides an efficient platform for debugging, troubleshooting, and command execution in constrained network conditions. Furthermore, by utilizing the existing Meshtastic mesh, users can often avoid the complexity of building a dedicated network.
SpeakerBio: Eric Escobar, Security Principal Consultant at SophosEric Escobar is a seasoned pentester and a Security Principal Consultant at Sophos. On a daily basis he attempts to compromise large enterprise networks to test their physical, human, network and wireless security. He has successfully compromised companies from all sectors of business including: Healthcare, Pharmaceutical, Entertainment, Amusement Parks, Banking, Finance, Technology, Insurance, Retail, Food Distribution, Government, Education, Transportation, Energy and Industrial Manufacturing.
- ics Calendar file
This presentation will detail the design and implementation of a Meshtastic-based command and control infrastructure. By leveraging the Meshtastic network for out-of-band communications, operators can achieve secure, decentralized monitoring and management of Linux hosts in hard-to-reach environments. Whether supporting a remote dropbox deployment or a distant ham shack, this solution enables encrypted shell access and configuration changes using a low-cost ($25) LoRa radio over extended ranges. Although not intended for high-bandwidth tasks, it provides an efficient platform for debugging, troubleshooting, and command execution in constrained network conditions. Furthermore, by utilizing the existing Meshtastic mesh, users can often avoid the complexity of building a dedicated network.
Command and control infrastructure using fully encrypted meshtastic networks.
SpeakerBio: Eric Escobar, Security Principal Consultant at SophosEric Escobar is a seasoned pentester and a Security Principal Consultant at Sophos. On a daily basis he attempts to compromise large enterprise networks to test their physical, human, network and wireless security. He has successfully compromised companies from all sectors of business including: Healthcare, Pharmaceutical, Entertainment, Amusement Parks, Banking, Finance, Technology, Insurance, Retail, Food Distribution, Government, Education, Transportation, Energy and Industrial Manufacturing.
- ics Calendar file
Kit cost $135
- ics Calendar file
Meshtastic is an innovative open-source project leveraging LoRa technology to create affordable, robust, off-grid mesh communication networks. This presentation offers an approachable introduction to Meshtastic and LoRa, covering essential concepts and practical applications. Participants will gain foundational knowledge of mesh networking technology, along with a hands-on demonstration of setting up a Meshtastic network using a readily available ESP32 device and a smartphone. Ideal for both amateur radio enthusiasts and newcomers to mesh networking, this session will highlight how Meshtastic empowers users with resilient communication in remote and emergency scenarios.
This session provides participants with an accessible introduction to Meshtastic, a powerful yet simple-to-use mesh networking solution built upon LoRa's long-range radio technology. We will start by exploring core mesh networking principles and LoRa's capabilities, emphasizing how these technologies complement amateur radio practices and enhance emergency communications. Following a concise overview, attendees will experience a practical demonstration of setting up a Meshtastic network using an inexpensive ESP32-based kit, readily available through online retailers. The demonstration includes installing smartphone apps, flashing firmware, and establishing communication between devices. Attendees will leave equipped with the foundational knowledge required to deploy their own resilient mesh networks for various communication needs.
SpeakerBio: Jon "K4CHN" MarlerJon is the Cybersecurity Evangelist at VikingCloud with a true passion for information security. Jon is an amateur radio operator, lockpicker, phreaker, repairer of all things, and maker. As a result of his long-standing commitment to open source software, Jon has offered his expertise as a package manager for the Debian GNU/Linux OS distribution since 1998.
- ics Calendar file
Proxies, along with local, reverse, and dynamic forwards, enable red teams to maintain persistent access and move laterally within target environments. By combining these techniques, operators can construct sophisticated attack chains that enable deep network access through multiple segmented environments. This presentation will dive into the setup, usage, and attacker techniques required to be effective with proxies. To demonstrate these techniques, the presenters will use a publicly available tunneling toolkit, Messenger.
Speakers:Skyler Knecht,Kevin ClarkSkyler is a Senior Security consultant at SpecterOps, where he performs security assessments for Fortune 500 organizations. With over six years of experience, he focuses on initial access research and contributes to the security community through open-source development and conference presentations. Skyler has presented at DEF CON and BSides and actively collaborates on open-source projects such as Messenger, Ek47, Connect, and Metasploit. He also conducts vulnerability research, having discovered multiple zero-day vulnerabilities in enterprise software.
SpeakerBio: Kevin Clark, Red Team Instructor at BC SecurityKevin Clark is a Security Consultant with TrustedSec and a Red Team Instructor with BC Security, with a diverse background in software development, penetration testing, and offensive security operations. Kevin specializes in initial access techniques and Active Directory exploitation. He has contributed to open-source projects such as PowerShell Empire and developed custom security toolkits, including Badrats and Ek47. A skilled trainer and speaker, Kevin has delivered talks and conducted training sessions all over the country at cybersecurity conferences, including Black Hat and DEF CON, and authors a cybersecurity blog at https://henpeebin.com/kevin/blog.
- ics Calendar file
Metasploit continues to expand support for Active Directory Certificate Services attacks, as well as its protocol relaying capability and attack workflows for evergreen vulnerabilities. This year, we added support for SMB-to-LDAP relaying and SMB-to-HTTP relaying, as well as support to identify and exploit a number of AD CS flaws. We’ve also added the new PoolParty process injection capability to Windows Meterpreter sessions, along with support for System Center Configuration Manager attack workflows.
Speakers:Spencer "ZeroSteiner" McIntyre,Jack HeyselSpencer is a senior security research manager at Rapid7, where he works on the Metasploit Framework. He has been contributing to Metasploit since 2010, a committer since 2014, and a core team member at Rapid7 since 2019. Previously, he worked at a consulting firm working with clients from various industries, including healthcare, energy, and manufacturing. He is an avid open source contributor and Python enthusiast.
SpeakerBio: Jack HeyselJack is a senior security researcher at Rapid7, where he contributes to and helps maintain the Metasploit Framework. He started at Rapid7 in 2016 working on their vulnerability management solution. He transitioned to the Metasploit team in 2021 and has been happily writing and reviewing exploits ever since. While AFK, he enjoys exploring the mountains and outdoors that surround his home.
- ics Calendar file
Metasploit continues to expand support for Active Directory Certificate Services attacks, as well as its protocol relaying capability and attack workflows for evergreen vulnerabilities. This year, we added support for SMB-to-LDAP relaying and SMB-to-HTTP relaying, as well as support to identify and exploit a number of AD CS flaws. We’ve also added the new PoolParty process injection capability to Windows Meterpreter sessions, along with support for System Center Configuration Manager attack workflows.
Speakers:Spencer "ZeroSteiner" McIntyre,Jack HeyselSpencer is a senior security research manager at Rapid7, where he works on the Metasploit Framework. He has been contributing to Metasploit since 2010, a committer since 2014, and a core team member at Rapid7 since 2019. Previously, he worked at a consulting firm working with clients from various industries, including healthcare, energy, and manufacturing. He is an avid open source contributor and Python enthusiast.
SpeakerBio: Jack HeyselJack is a senior security researcher at Rapid7, where he contributes to and helps maintain the Metasploit Framework. He started at Rapid7 in 2016 working on their vulnerability management solution. He transitioned to the Metasploit team in 2021 and has been happily writing and reviewing exploits ever since. While AFK, he enjoys exploring the mountains and outdoors that surround his home.
- ics Calendar file
Distributed data replication systems are more than just tools for redundancy—they’re fertile ground for creative abuse. In this talk, we explore how technologies like NFTs, IPFS, Codex, and Cloudflare R2 can become resilient C2 infrastructures, payload delivery systems, and phishing hosting that challenge takedown efforts. Welcome to the next phase of decentralized threats.
This sequel to “MFT: Malicious Fungible Tokens” explores how distributed data replication systems can be used for malicious purposes. We’ll demonstrate how technologies like Codex, WhenFS, IPFS, and Cloudflare R2 buckets can store and distribute C2 commands, payloads, and even phishing campaigns such as templates or client-side drainers. These systems enable infrastructures that are resistant to takedowns and, in some cases, nearly unstoppable. Through practical examples and live demonstrations, we’ll uncover the risks these systems pose and discuss their implications for security teams.
This talk is a continuation of "Everything is a C2 if you're brave enough" from Red Team Village and "MFT: Malicious Fungible Tokens" from Adversary Village, which explains how to turn NFTs into immortal C2 Servers. It is not needed to have attended these talks as a short recap will be featured.
Speakers:Mauro Eldritch,Nelson Colón
- ics Calendar file
A great badge needs a great workshop on how to make the most of it. MHV's badge for DC33 is an open-source embedded system for maritime security research, featuring interfaces for NMEA2000, NMEA0183, Modbus RTU, and CAN bus with unprecedented symbol-level CAN fault injection capabilities. Join us for a technical workshop on how to use the badge to hack on maritime systems!
SpeakerBio: Nick Halt
- ics Calendar file
This is MHV's premier year at DEFCON, and we're bringing the heat of the South China Sea to DEF CON. Are you ready to fight and compete to lift the digital blockade on Isla Hexa?
We're bringing tech so advanced that nothing like it has ever hit the DEF CON floor: AI-controlled unmanned watercraft, a narcotics smuggling vessel, real crane control systems from the largest ports in the western hemisphere -- and so much more.
This will be an incredibly challenging and engaging cross-functional CTF contest where teams will get exposed to the little-known tools and technologies that our global maritime economy depends upon -- and will demonstrate their strength in both defending and weaponizing these to liberate the friendly nation of Isla Hexa.
SpeakerBio: Duncan Woodbury, Maritime Hacking Village
- ics Calendar file
Let's see where the teams and contestants of the MHV CTF drop anchor at the end of the day! A review of the current leaderboard and players still in the race to liberate Isla Hexa.
SpeakerBio: KennethSalt
- ics Calendar file
YO HO! The Maritime Hacking Village (MHV) has set sail for LVCC to deliver the first and only immersive maritime hacking experience for you to learn what it takes to exploit and defend real-world maritime systems. Experience a weekend of immersive hacking experiences at MHV full of hands-on training and education on the depths of maritime technology and security. We’ve scoured the earth and seas to bring you “swarm AI”-enabled unmanned watercraft, autonomous deep-sea robots, the murky insides of ports, cranes, container ships, maritime traffic control, and more. You’ll be hard-pressed to find maritime systems anywhere on earth with comparable badassery – and we dare to say that these will be the most advanced cyberphysical systems available at DEF CON.
Join us to learn about what MHV has to offer, so we can help you get oriented and engaged in a weekend of unprecedented maritime hacking experiences and real life cyber pirate shenanigans.
SpeakerBio: Kitty Hegemon
- ics Calendar file
Microsoft will present a practical, tool-centric journey for cybersecurity professionals to rapidly build, deploy, and scale AI-powered capabilities using Microsoft’s AI ecosystem. Rather than focusing on abstract AI enablement, the presentation showcases how operators and developers can directly apply tools like Azure AI Foundry, Security Copilot, GitHub Copilot, and Jupyter Notebooks to solve real-world security challenges—faster and with greater precision. The narrative walks through: • AI-enhanced security operations: Integrating Azure OpenAI and Jupyter Notebooks for threat detection, anomaly analysis, and incident summarization. • Agentic workflows: Demonstrating how multi-agent systems can orchestrate complex tasks like querying vector databases, calling APIs, and reflecting on outcomes. • Toolchain depth: Highlighting the breadth of Microsoft’s AI stack—from foundational models to observability, governance, and trustworthy AI safeguards. • Developer empowerment: Emphasizing how the Azure AI Foundry SDK and model catalog enable rapid prototyping, customization, and deployment of AI agents in familiar environments like GitHub and Visual Studio.
Speakers:David Caswell,Robert Soligan,Jared Graff,Joe Zerafa
- ics Calendar file
This panel discusses at how teams use both automated tools and human thinking in red team operations. We'll talk about when automated tools work best, when human skills matter most, and how best to combine both approaches. Our panelists will share examples from their work showing the strengths and weaknesses of these approaches. Join us to learn practical ways to combine technology with human expertise for better red team engagements.
Speakers:Ben "nahamsec" Sadeghipour,Ryan "0day" Montgomery,Tyler Ramsbey,William GilesBen Sadeghipour, better known as NahamSec, is an ethical hacker, content creator, and keynote speaker. Over his career, Ben has uncovered thousands of security vulnerabilities for major organizations, including Amazon, Apple, Zoom, Meta, Google, and the U.S. Department of Defense. As a top-ranked bug bounty hunter, he is deeply passionate about cybersecurity education, regularly sharing his knowledge through his popular YouTube channel and speaking at major conferences like DEFCON and BSides. Beyond his personal achievements, Ben is committed to building the security community, organizing events that foster collaboration, innovation, and the next generation of offensive security professionals.
SpeakerBio: Ryan "0day" MontgomeryWilliam (Billy) Giles is an Offensive Security leader and practitioner who specializes in red/purple teaming, adversary emulation, and network penetration testing. With a deep passion for understanding and simulating adversary behaviors, he helps organizations across a multitude of industries assess their security postures, identify and remediate vulnerabilities, and build stronger defenses by thinking like an attacker.
- ics Calendar file
Learn game scripting languages through fun minecraft puzzles
- ics Calendar file
Explore the field of embedded systems security with an introduction to MITRE’s Embedded Capture the Flag (eCTF) competition, an annual competition for students in high school through grad school.
Participants will be introduced to the structure of the competition and will gain experience working with microcontrollers by building, flashing, and interacting with the reference design of the 2025 eCTF. They will then explore some basic techniques for attacking the unsecured design.
After, participants can dive deeper by attacking real designs submitted by students.
Participants must have a computer (Windows/Mac/Linux) with internet access and Python 3.12+ and Docker Desktop.
SpeakerBio: Kyle Skey, Chief Engineer, Electronic Systems Security at MITRE
- ics Calendar file
Capture the Flag (CTF) events featuring mobile application security challenges at varying levels of difficulty, also providing a ranking system to evaluate and compare participants’ skills.
This beginner-friendly mobile app CTF contest will include challenges across various categories, including:
Dynamic Code Instrumentation Reversing Native Code Code Obfuscation/Deobfuscation Exploiting app components Malware Analysis Mobile Forensics Bypassing Security Mechanisms Exploiting WebViews
- ics Calendar file
Mobile game hacking workshop for mobile gamers
- ics Calendar file
while reading some automotive forums online, i stumbled upon an odometer manipulation device which claims to support 53 different car brands. curious, i purchase this tool with the sole intent of reverse engineering it. i tear down the hardware involved, explain how it is designed to be installed between the instrument panel cluster and the rest of the vehicle and use an open source exploit to extract the internal flash from the locked STM32. next, i explain the process of reverse engineering the extracted binary to find how the device is rewriting can messages to manipulate the odometer value. finally, i explain why odometer manipulation is an issue and share an example of how use of this device can potentially be detected after removal.
Speakers:collin,oblivion
- ics Calendar file
This section helps answer the question - what is Operational Technology (OT) and how is it different from ICS and SCADA? Most importantly, what are some of the fundamentals of defense we can implement to protect our OT networks - even from state adversaries. This part looks not only at the different types of OT, but the different types of attackers targeting OT/ICS as well.
- ics Calendar file
Unfortunately, a lot of information doesn't exist about attacks against OT/ICS environments and the associated IT networks. With that said, there are some great resources available that help shed a light on the OT cybersecurity threat landscape to help us successfully defend our networks. This part examines some valuable resources to conduct OT/ICS cybersecurity research which can be used to help better defend our OT/ICS networks.
- ics Calendar file
OT cybersecurity often starts with ensuring we have a complete asset register (which almost never exists). And at the same time, how can we defend what we don't know we have? This part covers the main methods for building an asset register and how it is important to other aspects of OT cybersecurity like network security monitoring and incident detection.
- ics Calendar file
This hands-on workshop introduces ModuleOverride, a novel technique for process injection, enabling the reuse of existing memory sections to inject and execute malicious shellcode within running Windows processes.
Participants will explore key challenges in security research and development, examining how certain constraints in shellcode generation—such as the inability to specify an exit function—can drive creative solutions, like dynamically patching shellcode within an active process during injection.
Attendees will engage in live demonstrations and interactive exercises, gaining first-hand experience as we walk through the final phase of the research, tackling technical hurdles encountered during development to ensure a successful process injection.
We’ll also hold an open discussion on detection strategies, encouraging participants to brainstorm and explore possible ways to identify ModuleOverride.
Speakers:Alessandro Grisa,Ibai CastellsAlessandro Grisa is a member of CovertSwarm's Red Team Hive, focusing on malware development and exploring Windows internals. He also has a passion for hardware hacking and enjoys reverse engineering embedded devices. In his spare time, he plays the drums, plays tennis and spends time in the mountains
SpeakerBio: Ibai CastellsRed Teamer and offensive security nerd obsessed with AD exploits, privilege escalation, and building custom offensive tooling.
- ics Calendar file
The Moonlight Defender purple team exercise series provides a low-cost, modular, and scalable exercise framework for realistic space-cyber training—even in environments with restricted access, limited visibility, and contested information flows.
Designed and run by The Aerospace Corporation, MITRE, and AFRL, these exercises integrate purple teaming methodologies, enabling offensive and defensive cyber operators to refine their Tactics, Techniques, and Procedures (TTPs) in a high-fidelity, live-fire setting.
Moonlight Defender 1 (MD1) leveraged the Moonlighter satellite and Aerospace’s Dark Sky cyber range to train operators in adversarial emulation, space asset defense, and real-world cyber ops under extreme constraints. Building on this, Moonlight Defender 2 (MD2) introduced virtual satellite simulators, ICS/OT systems, and enterprise environments, pushing the limits of how we access and test cyber defenses in space-based systems.
These exercises broke down traditional silos and operationalized space hacking, proving that security through obscurity fails in space just as it does on Earth. Attendees will get a behind-the-scenes look at real-world space-cyber exercises, from attack chain development to defense strategy refinement, all within the context of operating under limited access and denied environments. Expect insights into methodologies, tools, lessons learned, and how the hacker community can shape the future of space-cyber operations.
SpeakerBio: Ben Hawkins, The Aerospace Corporation
- ics Calendar file
Come join us for morning meditation. This workshop is inclusive of all bodies. EveryBODY is Welcome here. Meditation can help quiet the mind, manage stress, and enhance overall emotional well-being, making it a great way to start the day.
SpeakerBio: Megan AllenHi, I’m Megan Allen.
My work focuses on a holistic approach to health; moving the body’s natural energy into alignment with Earth and the seven chakras. I practice integrative wellness - honoring a person's emotional, mental, physical and spiritual well-being. I provide intuitive healing sessions and work with clients to relax the mind, increase body awareness and balance energy flow.
I also facilitate community wellness workshops, ceremonies and transformational group programs inviting participants to disconnect from their busy lives, turn inward and tap into the present to restore and maintain the body’s energetic balance and cultivate self-love, empowerment and sovereignty.
I inspire people to activate their highest potential in alignment with their wise hearts and to promote healing from within. I tailor my sessions to reflect this; using techniques from my healing disciplines as well as my love for Traditional Chinese Medicine, holistic aromatherapy, crystals and essential oils, tarot, animal medicine cards and a deep reverence for nature.
Nature is one of my greatest teachers. It constantly teaches me about grounding, stability, resilience, boundaries, growth, and stillness.
- ics Calendar file
Earth has been rendered uninhabitable, prompting mass migration from earth to mars. When one such routine trip veers off course, the passengers of the Aniara struggle to cope with their new lives.
A teenage girl named Cee and her father Damon land on a poisonous forest moon to mine for valuable gems. A series of betrayals, alliances, and conflicts with mercenaries and rival prospectors make their quest increasingly perilous.
A labor lawyer becomes the target of a cover surveillance operation after unwittingly receiving evidence of a political assassination. Gene Hackmann co-stars as a former intelligence operative who helps him evade the rogue agents.
A group of Astronauts Aboard the Icarus II are sent on a dangerous mission to reignite the dying sun.
- ics Calendar file
Prompt injection is an emerging and poorly standardized attack vector targeting large language model applications. Unlike traditional vulnerabilities, there is no universal testing methodology or tooling, making it difficult for penetration testers to assess the security posture of LLM-integrated systems. Matrix Prompt Injection Tool aims to fill this gap by automating the generation of diverse prompt injection payloads. [1] Dynamic Input Detection: MPIT scans target websites to identify expected input fields where LLMs might process user requests. [2] Payload Enrichment: Each pattern includes crafted elements such as exploit strings, delimiters, and reasoning cues, enhancing the quality of the penetration test. [3] Genetic Algorithm Optimization: The tool employs a genetic algorithm to evolve and refine injection patterns, increasing their success rate significantly across different LLM defenses. [4] Practical Utility for Pentesters: MPIT is designed to support real-world offensive security assessments, making LLM-targeted testing more feasible and effective. ShinoLLMApps is a collection of vulnerable LLM web applications that use RAG and tools to help you test MPIT and better understand prompt injection and its risks. More info at github.com/Sh1n0g1/mpit and shinohack.me/shinollmapp.
Speakers:Shota "Sh1n0g1" Shinogi,Sasuke "Element138" Kondo,Takeshi MatsudaShota is a security researcher at Macnica, pentest tools author, and CTF organizer. He is an expert in writing tools for red team to evade the detection from EDR, sandbox, IPS, antivirus, and other security solutions. His malware simulator ShinoBOT and ShinoLocker contributes to the cybersecurity industry to help the people who want to test malwares safely. He has more than 15 years of experience in the cybersecurity industry, starting his career with HDD encryption, NAC, IPS, WAF, sandbox, EDR, and penetration testing. He has spoken in several security and hacking conferences, including Black Hat, DEF CON, and BSidesLV. He also contributes to the education for the next generation security engineers through the Security Camp from 2015 consecutively in Japan.
SpeakerBio: Sasuke "Element138" KondoSasuke is a high school developer with a growing focus on LLM security. While relatively new to cybersecurity, he approaches it with a builder’s mindset shaped by his experience creating web applications for real-world use, such as supporting school operations. His interest in LLM vulnerabilities began at the 2024 Japan Security Camp, where he started developing MPIT, the prompt injector he first presented at CODE BLUE 2024 and is now bringing to DEF CON. Outside cybersecurity, he is a two-time silver medalist in Japan Linguistics Olympiad and a recent participant in Japan Olympiad in AI.
SpeakerBio: Takeshi MatsudaTakeshi Matsuda is an undergraduate at Keio University exploring prompt injection in LLMs. He co-developed MPIT during Japan Security Camp 2024 and has presented it at CODE BLUE.
- ics Calendar file
Brett Schoenwald is the visionary force behind Elipscion, an innovative EDM musical project that bridges the gap between tradition and technology. With a deep-rooted passion for electronic music and an experimental spirit, Brett blends traditional instruments, cutting-edge synthesizers, and the power of AI to craft tracks that go beyond convention—each one a unique and elevated version of his creative vision. Founded in 2024, Elipscion is more than music; it’s a sonic journey where organic sounds meet digital precision. Brett uses AI not just as a tool but as a collaborator, helping shape melodies, textures, and structures into the most refined, expressive renditions possible. His mission: to turn emotion into frequency and thought into rhythm, all while pushing the boundaries of what EDM can be. Whether it’s a hypnotic trance beat laced with cinematic strings or a cyberpunk-inspired anthem pulsing with analog warmth, Elipscion is the sound of tomorrow rooted in the soul of now.
SpeakerBio: Daemon ChadeauFrom the darkest lit nightclubs to the livestreaming virtual nightlife, DJ Daemon Chadeau has imposed their will upon sound systems and dance floors all over the US since 2003. A native of Southern California, Daemon has been a staple of Seattle's Mercury at Machinewerks since moving to the Northwest in 2011 and has been highlighting the bleeding edge in music from all around the diaspora of dark music, whether it is harsh industrial, power noise, darkwave, or bass-saturated electronic beats, and everything in between. After being recognized by their peers in both 2014 and 2015 as the Best Local Industrial DJ at the Mechanismus Industrial Music Awards, Daemon expanded beyond their home base and has performed at venues such as The Coffin Club (PDX), The Church Nightclub (DEN), and QXT's (NJ), as well as larger events such as Convergence XXI (LA), The Mechanismus Festival (2022 & 2025). The Arcane Vampire Ball (DEN), and the main stage at DEFCON 32 (LV). Outside of the decks, Daemon is the bassist for Seattle-area rock band Prelude To A Pistol, and is also the producer/composer/"evil kitty mastermind Sir Kitty Meow-Meow" in the experimental "meower noise" project Pixelpussy. Daemon has also been heavily involved with community engagement in the Seattle area, from mentoring up-and-coming DJs to having served as President of Gothic Pride Seattle from 2021 to 2024. On all socials: @daemonchadeau
SpeakerBio: DJ ScytheSoCal/Vegas-based DJ Scythe spins Industrial/Aggrotech/Witch House/Synthpop/Synthwave/EBM/EBSM and all manners of dark and heavy music. He is a founding member and resident DJ of UnterKlub, Club Fallout, GothCon, and Nachturnal, Resident DJ at AREA15, and previously of BatCave LA. He regularly DJs the main stages for DEFCON, Wasteland Weekend and Neotropolis, and has done headlining shows for Torture Garden, Bondage Ball, Das Bunker, and others. Also a producer, his music can be found as SCYTHE, Artifact Corruption, and various other projects and is honored to have had his music featured on the Official DefCon 28 Safe Mode tape and various releases since.
SpeakerBio: Skittish and BusFor up-and-coming uplifting trance DJ/Producer based out of San Francisco, TRIODE, music is much more than words could ever explain. Music serves as the cinematic backdrop to each of our stories, and as a DJ he sees it as his job to curate the perfect soundtrack to celebrate this amazing thing we call ‘life’. Whether it’s on the dancefloor, or in the studio producing his own beats - TRIODE takes his listeners for a ride into a magical place where you become the hero of this musical journey.
His first release in 2018, “Falling Into You (TRIODE Remix)” by Super 8 & Tab, was immediately picked up by Armada Music. Since then, he’s had a string of hit records on Armada and Blackhole that consistently landed in Beatport’s Top 100 Trance charts. In 2020 his collaboration with MaRLo and Haliene, “Castles In The Sky” spent 12 weeks at #1 on Beatport’s Top 100 Trance chart.
In 2021 during the COVID pandemic TRIODE quickly amassed a large world-wide following livestreaming weekly on Twitch TV with his unique style, energetic festival-like sets, and his larger-than-life stage presence.
SpeakerBio: mauvehedmauvehed is a security professional and DJ with deep roots in the hacker party circuit. Known for his electrifying sets, he performs annually in Las Vegas at both official and underground events for BlackHat, DEF CON, and Bsides. Beyond Vegas, mauvehed’s beats resonate at many InfoSec conferences nationwide.
- ics Calendar file
Naomi Brockwell is a privacy advocate, journalist, and founder of the Ludlow Institute, a research and media organization focused on digital rights and surveillance. She has been educating the public on decentralized technology and online privacy for over a decade, producing investigative reports, in-depth explainers, and practical guides on reclaiming digital autonomy.
Naomi is also the host of NBTV, one of the largest privacy advocacy channels, reaching millions across platforms. Her work has been featured by major media outlets, and she collaborates with leading think tanks to drive policy change. At DEF CON, she aims to equip attendees with the tools and knowledge to fight back against mass surveillance and accelerate privacy innovation.
- ics Calendar file
Why network tokens are more secure than PAN
SpeakerBio: Sanjeev Sharma
- ics Calendar file
The Network-OS workshop will take you into the mysterious world which underpins modern computing and allows people to talk across the globe. This of course being the network itself. In this workshop you will familiarize yourself with the command line of network devices. Step by step, you will configure devices to talk to each other, share information about the computers connected to them, and relay their network information and traffic between each other. No experience needed, know how to type and copy/paste.
- ics Calendar file
This talk covers RCEs on multiple popular Dahua perimeter cameras with a potential resounding impact on retail, banking, traffic and other infrastructure
SpeakerBio: Alexandru Lazar, Security Researcher at Bitdefender
- ics Calendar file
Kickoff and opening of the Nix Vegas space.
Speakers:Daniel Baker,Morgan Jones,The Computer GuyI am an engineer, mathematician, developer, and Linux enjoyer. I primarly support the NixOS project as part of the Marketing Team. I believe that the future of software development and software deployment needs foundations in formal methods and functional programming to be successful.
SpeakerBio: Morgan Jones, Embedded Security Engineer at ViasatI am an embedded security engineer for Viasat, member of the SoCal NixOS User Group, and one of the organizers of Nix Vegas. After mostly using my compilers classes in college for learning reverse engineering and finding remote code execution in mobile AR game anti-cheat systems, I now work on embedded security with Nix for a living, and may have read Ken Thompson's Reflections on Trusting Trust one too many times.
SpeakerBio: The Computer GuyLow level programmer, OS/Zig/Linux dev, Nixpkgs committer (LLVM). Likes to watch 大空スバル (Subaru Oozora).
- ics Calendar file
Be the Match is returning to DEF CON for its 12th year, to run a registry drive for the National Marrow Donor program! Swing by and check out one of the coolest biohacks out there, and how you could be the next person to save a life!
- ics Calendar file
This talk delivers a technical dive into Google Cloud’s IAP, a service widely used to enforce access controls on internal applications - and often assumed to be foolproof. We begin with a concise overview of how IAP works behind the scenes, including its identity enforcement model and how it integrates with IAM and backend services.
The core focus is on teaching defenders how these misconfigurations manifest in logs once an attacker begins to exploit them, equipping them to build effective detections and stop breaches before they escalate. Whether it’s during the initial configuration tampering or while actively bypassing controls, I’ll walk through what those activities actually look like in GCP logs. For each misconfiguration, I’ll present real log snippets, unpack the most revealing details, and show how to correlate signals, even those outside of IAP-specific logs, to detect and investigate IAP abuse effectively.
The highlight of the session is a new research technique we've developed: exploiting IAP's CORS behavior to exfiltrate sensitive data using preflight OPTIONS requests, effectively bypassing traditional network egress controls. This method can succeed even in highly restricted environments with no internet access, no public IPs, and VPC Service Controls fully enforced. The issue has been responsibly disclosed to Google and is currently under review, with an expected review timeline of 30 days.
We’re sharing this research to highlight just how fragile IAP configurations can be, where even a minor misstep or overlooked setting can unintentionally expose internal resources to the internet. Alongside the technique, we’ll provide practical detection strategies to help defenders identify this specific attack vector through GCP’s logging infrastructure.
We’ll wrap up with detection strategies using GCP logs to identify abuse patterns, surface subtle signs of exploitation, and improve monitoring around one of GCP’s most sensitive gateways.
SpeakerBio: Ariel KalmanAriel Kalman is a cloud security researcher based in Israel, actively engaged in cloud-related security research at Mitiga. With a specialization in application security, Ariel excels in discovering new attack vectors associated to cloud environment
- ics Calendar file
In this 80-minute workshop, attendees will learn how to set up and utilize local virtual WiFi labs to practice WiFi hacking techniques without the need for physical hardware. Leveraging tools like mac80211_hwsim and smart scripting, participants will explore methods to emulate multi-network, multi-device environments including IP level connectivity and webapp/app access. The session will cover the creation and configuration of virtual WiFi interfaces, scripting for automation, and the deployment of various attack scenarios including WPA2-PSK/Enterprise cracking, Evil Twin attacks, and rogue access point setups. By the end of the workshop, attendees will have a functional virtual lab environment to continue their exploration and practice of WiFi security assessments.
SpeakerBio: Nishant SharmaNishant Sharma is a seasoned cybersecurity professional with deep expertise in cloud security, DevSecOps, and hands-on technical training. He is currently working as Head of Cybersecurity Research at SquareX (sqrx.com). He was in Cybersecurity education for 10+ years during which he served as VP Labs R&D at INE.com, headed R&D at Pentester Academy, developing thousands of host, networking and cloud security labs on AWS, GCP and Azure infrastructure. These labs were used by learners in 125+ countries. A frequent presenter at DEF CON, Black Hat, and OWASP events, and trainer/speaker/author to 10+ trainings, 15+ talks and 9+ open source tools.
- ics Calendar file
In this engaging talk, we will embark on a journey through the trials and triumphs of constructing a 100% serverless, scalable security platform. Starting about 2 years ago when we bootstrapped Jit, we will share all the lessons we have learned along the way to build our platform - both in terms of people and technology.
As we venture into the land of serverless architecture, we will discuss its power but also confront the myth that less hardware equates to fewer headaches. Spoiler alert: it doesn't, but the lessons learned are invaluable. Takeaways: Serverless has become an excellent way to ramp up infrastructure operations for cloud first companies. However, this comes with its own set of security challenges, including the popular OWASP Top 10. In this talk, we will dive into what it takes to build a real world secure and scalable serverless platform for your engineering.
SpeakerBio: David MelamedCurrently CTO and Co-Founder of Jit, the Continuous Security platform for Developers. David has a PhD in Bioinformatics and for the past 20 years has been a full-stack developer, CTO & technical evangelist, mostly in the cloud, and specifically in cloud security, working for leading organizations such as MyHeritage, CloudLock (acquired by Cisco) and leading the 'advanced development team' for the CTO of Cisco's cloud security (a $500M ARR BU). David is also the co-chair for the OWASP Serverless Security Top 10, and an AWS Community Builder.
- ics Calendar file
Cryptographic random number generators are a critical part of many deployed cryptosystems. When they fail, so does the cryptography. So why leave their security to chance?
Yet, over the past two decades, researchers have discovered vulnerabilities in numerous widely deployed algorithms and implementations designed to produce secure random numbers–all derived from supposedly vetted standards!
If you're more conspiratorially minded, you suspect some foul play.
This talk draws on Shaanan’s work discovering many of the CVEs and vulns to find that behind each one is the hint of an under-discussed flavour of adversary: one who subtly threads flaws into our standards.
SpeakerBio: Shaanan CohneyDr. Shaanan Cohney is the Deputy Head of the School of Computing and Information Systems at the University of Melbourne. Coming from the security community, his research attempts to use a wide variety of traditional computer science research techniques to address problems in public policy.
His work has won a variety of awards, including a 2016 Pwnie for Best Cryptographic Attack and multiple best/distinguished papers at top security conferences. He is also the winner of six teaching awards including a national level award for his intro to algorithms course.
Past work has included a fellowship with Senator Ron Wyden and a summer stint at the FTC working on public policy. His academic bio won't say this, but he has a history of getting into (only the right sorts of) trouble.
- ics Calendar file
Ongoing AMA booth with volunteers and speakers answering all your DEF CON and cyber questions
- ics Calendar file
OPC UA is a standardized communication protocol that is widely used in the areas of industrial automation and IoT. It is used within and between OT networks, but also as a bridge between IT and OT environments or to connect field systems with the cloud. Traditionally, VPN tunnels are used to secure connections between OT trust zones (especially when they cross the internet), but this is often considered not to be neccessary when using OPC UA because the protocol offers its own cryptographic authentication and transport security layer.
This makes OPC UA a valuable target for attackers, because if they could hijack an OPC UA server they might be able to wreak havoc on whatever industrial systems are controlled by it.
I decided to take a look at the cryptography used by the protocol, and managed to identify two protocol flaws which I could turn into practical authentication bypass attacks that worked against various implementations and configurations. These attacks involve signing oracles, signature spoofing padding oracles and turning "RSA-ECB" into a "timing side channel amplifier".
In this talk, I will explore the protocols and the issues I identified, as well as the process of turning two theoretical crypto flaws into highly practical exploits.
References:
Tom Tervoort is a Principal Security Specialist for Secura, a security company based in the Netherlands. Tom regularly performs network pentests, web/mobile application assessments, as well as code, configuration and design reviews for large Dutch companies and institutions. Tom's primary areas of interest include cryptographic protocols and cryptography engineering, advanced web attacks and Windows AD pentesting. Besides doing security assessments, Tom also develops and gives cryptography and secure programming courses to software developers. In December 2020, Tom won a Pwnie award for Best Cryptographic Attack, due to his discovery of the Zerologon vulnerability. Tom has spoken at various conferences, including Black Hat USA 2021 and 2023, Black Hat Europe 2022 and ONE Conference 2021.
- ics Calendar file
Not sure where something is? Our Buddies will help you find it. Look for the folks in the pink safety vests. We're here to help.
- ics Calendar file
Noob-friendly CTF by MetaCTF, 100s of prizes, ticket for each challenge completed, raffle on Sunday at noon, helpers in the village
- ics Calendar file
Talks, AMA, CTF, and more
- ics Calendar file
With the global adoption of LLMs and Generative AI, individuals and organizations use these technologies daily, for customer support, code generation, and business automation. But increased adoption brings new security risks. The attack surface is growing, and security teams still lack clear strategies to detect malicious GenAI activity.
In this presentation, I will introduce NOVA, my open-source framework for prompt hunting. NOVA is a prompt pattern matching system, tailored for AI systems. I will walk through the framework and show how to use it for prompt hunting. NOVA is a Python-based rule engine inspired by YARA, but designed specifically for LLM security.
SpeakerBio: Thomas "fr0gger_" Roccia, Senior Security Researcher at MicrosoftThomas Roccia is a Senior Security Researcher at Microsoft with over 15 years of experience in the cybersecurity industry. His work focuses on threat intelligence and malware analysis.
Throughout his career, he has investigated major cyberattacks, managed critical outbreaks, and collaborated with law enforcement while tracking cybercrime and nation-state campaigns. He has traveled globally to respond to threats and share his expertise.
Thomas is a regular speaker at leading security conferences and an active contributor to the open-source community. Since 2015, he has maintained the Unprotect Project, an open database of malware evasion techniques. In 2023, he published Visual Threat Intelligence: An Illustrated Guide for Threat Researchers, which became a bestseller and won the Bronze Foreword INDIES Award in the Science & Technology category.
- ics Calendar file
NPM Imposters is a fast, team-based game where players must spot malicious NPM packages hiding in plain sight. Each team gets a deck of cards mimicking real npmjs.com pages — some show metadata like stars, downloads, and maintainers; others reveal parts of the package code, like index.js or package.json. The challenge? Identify which packages are safe, suspicious, or outright malicious. Once teams decide, they flip each card to reveal the truth, with a quick explanation based on real-world attacks like event-stream and ua-parser-js. It’s a fun, hands-on way to learn how supply chain attacks happen, and how easily trust can be exploited
SpeakerBio: Mackenzie Jackson
- ics Calendar file
Apple Find My is a crowdsourced offline tracking network designed to assist in recovering lost devices while maintaining privacy. By leveraging over a billion active Apple devices, it has become the world's largest device-locating network. While prior research has demonstrated the possibility of creating DIY trackers that attach to the Find My network, they are mainly for personal use and do not pose a threat for remote attacks. Recently, we found an implementation error in the Find My network that makes it vulnerable to brute-force and rainbow table attacks. With a cost of a few US dollars, the exploit turns computers into trackers without requiring root privileges. We are concerned that adversaries and intelligence agencies would find this exploit handy for user profiling, surveillance, and stalking. This demo is especially appealing to those interested in Find My network and Bluetooth tracking technologies. We will review how Find My offline finding works, elaborate in detail about our discoveries, techniques to make practical attacks, and provide source code for fun.
Speakers:Junming "Chapoly1305" Chen,Qiang ZengJunming is a PhD student at George Mason University. He works on IoT security and was previously a full-time security engineer in the electric automotive industry. He has a CompTIA Security+ certificate like everybody. He supports the Rizin Reverse Engineering Framework. This will be his first time presenting at DEF CON.
SpeakerBio: Qiang ZengQiang received his bachelor's and master's degrees from Beihang University and his PhD degree from Penn State University. He is an associate professor in the Department of Computer Science with George Mason University. He is the recipient of an NSF CAREER Award. His main research interest is computer systems security, with a focus on cyber-physical systems, Internet of Things, and mobile computing. He also works on adversarial machine learning.
- ics Calendar file
Nuclei has become a game-changing tool for hackers worldwide, transforming how we discover vulnerabilities and hack at scale. This workshop explores why Nuclei is dominating the bug bounty scene and how it's evolving the art of automated hacking. We'll dive into how this open-source powerhouse lets hackers scan thousands of targets, write custom templates, and find bugs that automated scanners miss.
Speakers:Ben "nahamsec" Sadeghipour,Adam "BuildHackSecure" LangleyBen Sadeghipour, better known as NahamSec, is an ethical hacker, content creator, and keynote speaker. Over his career, Ben has uncovered thousands of security vulnerabilities for major organizations, including Amazon, Apple, Zoom, Meta, Google, and the U.S. Department of Defense. As a top-ranked bug bounty hunter, he is deeply passionate about cybersecurity education, regularly sharing his knowledge through his popular YouTube channel and speaking at major conferences like DEFCON and BSides. Beyond his personal achievements, Ben is committed to building the security community, organizing events that foster collaboration, innovation, and the next generation of offensive security professionals.
SpeakerBio: Adam "BuildHackSecure" Langley, CTO at HackingHubFor over 20 years, Adam has balanced the worlds of application security and web development. He currently serves as the CTO of HackingHub and the Director of BSides Exeter. Over the past five years, he has combined his expertise to create and deliver gamified educational content, aimed at teaching the next generation of ethical hackers and developers about web application security.
- ics Calendar file
OAuthSeeker is a cutting-edge red team tool designed to simulate OAuth phishing attacks, specifically targeting Microsoft Azure and Office365 users. This tool facilitates the creation, management, and execution of phishing campaigns without requiring advanced technical skills. By leveraging malicious OAuth applications, OAuthSeeker allows offensive security engineers to perform targeted phishing attacks to compromise user identities and gain access to Microsoft Graph API and Azure resources. With features like an administrative control panel, token refresh capabilities, and customizable skins for user-facing components, OAuthSeeker provides an effective solution for testing security defenses against a common but often overlooked attack vector. The tool is easy to deploy with only a single pre-compiled Go binary with zero external dependencies and includes built-in support for LetsEncrypt. The documentation is highly detailed and outlines all the possible attack paths where this capability could be used during real-world red team engagements. The installation process is streamlined requiring only a single command to deploy a new instance of the application.
SpeakerBio: Adam "UNC1739" Crosser, Staff Security Engineer at PraetorianAdam Crosser is a Staff Security Engineer at Praetorian, specializing in offensive security research and tooling development. He began his career in red team operations, honing his skills in adversary simulation and advanced attack techniques. Now part of the Praetorian Labs team, Adam focuses on vulnerability research, exploit development, and building custom offensive security capabilities to support red team engagements—pushing the boundaries of adversary tradecraft.
- ics Calendar file
Welcome to the resistance. As a new recruit in the Order of the White Tentacle, you must train to master the elements and restore balance to a world on the brink of chaos. This is a beginner & family-friendly adventure that will test your wisdom, bravery, and teamwork as you bend the elements to solve puzzles, complete missions, and rise through the ranks. Whether you walk the path of fire, water, earth, or air, only those who embrace the balance of all will prove themselves worthy. Will you answer the call and bring harmony to DEF CON 33?
Phone with a camera will be required to play.
No.
- ics Calendar file
In an era where AI systems oscillate between mimicking human-like randomness and executing precise, predatory strategies, understanding decision-making in adversarial automation is critical. This talk explores the tension between "stochastic parrots"; generative models that produce probabilistic outputs, and "deterministic predators," systems designed to behave in a predictable pattern in adversarial settings. We will delve into the mechanics of decision-making under uncertainty, examining how these systems navigate competitive environments, from game-playing AIs to cybersecurity defenses. Attendees will gain insights into the algorithms driving these dynamics, and where the technology is heading. We will be releasing tooling around our deterministic TTP selection engine.
Speakers:Bobby Kuzma,Michael OdellBobby Kuzma is a seasoned offensive security researcher with a long running interest in computational decision making. He currently runs the Offensive Cyber Operations team at ProCircular.
SpeakerBio: Michael Odell, Cyber Security ConsultantA nerd who likes playing with computers
- ics Calendar file
Robert is a hacker and longtime Linux user and sysadmin who knows the importance of education and information sharing, and is passionate to his core about human rights issues and community outreach. He has spoken at length about Linux distros from oppressive regimes, including North Korea's Red Star OS, and understands how these regimes wish to stifle the flow of information. He is also an unashamed sharer of information, old school punk, and loves to make a good meal for his friends.
SpeakerBio: Robert "LambdaCalculus" MenesRobert is a hacker and longtime Linux user and sysadmin who knows the importance of education and information sharing, and is passionate to his core about human rights issues and community outreach. He has spoken at length about Linux distros from oppressive regimes, including North Korea's Red Star OS, and understands how these regimes wish to stifle the flow of information. He is also an unashamed sharer of information, old school punk, and loves to make a good meal for his friends.
- ics Calendar file
This hands-on workshop has been created to provide participants with a better understanding of offensive security operations, breach and adversary simulation engagements. The goal is to enable participants to simulate their adversaries based on the industry which their organization is in, including both known and unknown adversaries.
Participants will learn to emulate various threat-actors safely in a controlled, enterprise level environment. Also, the training will help participants learn to simulate unknown adversaries by choosing a wide variety of offensive tradecraft, TTPs and planning attack simulation engagements effectively.
All machines in the lab environment will be equipped with AV, Web proxy, EDR and other Defense systems. The training management platform will have modules/videos of each attack vector used in the lab environment and step-by-step walkthrough of the attack path. The training is intended to help the attendees to assess the defenses and evaluate the security controls deployed in their organization against motivated adversaries.
This training will provide participants access to a breach simulation lab range, where they will be able to perform a full red team-attack simulation scenario in guided mode. Each step of the attack chain will be explained, along with the TTPs used, starting from initial access to exfiltration.
SpeakerBio: Abhijith "Abx" B R, Founder at Adversary VillageAbhijith B R, also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry. Currently he is involved with multiple organizations as a consulting specialist, to help them build offensive security operations programs, improve their current security posture, assess cyber defense systems, and bridge the gap between business leadership and cyber security professionals. Abhijith’s professional exposure is stretched across multiple industries and various other sectors. As the founder of Adversary Village, Abhijith spearheads a community driven initiative exclusively focused on adversary simulation, adversary tactics, purple teaming, threat-actor/ransomware research-emulation, and offensive security-adversary tradecraft.
- ics Calendar file
This hands-on workshop has been created to provide participants with a better understanding of offensive security operations, breach and adversary simulation engagements. The goal is to enable participants to simulate their adversaries based on the industry which their organization is in, including both known and unknown adversaries.
Participants will learn to emulate various threat-actors safely in a controlled, enterprise level environment. Also, the training will help participants learn to simulate unknown adversaries by choosing a wide variety of offensive tradecraft, TTPs and planning attack simulation engagements effectively.
All machines in the lab environment will be equipped with AV, Web proxy, EDR and other Defense systems. The training management platform will have modules/videos of each attack vector used in the lab environment and step-by-step walkthrough of the attack path. The training is intended to help the attendees to assess the defenses and evaluate the security controls deployed in their organization against motivated adversaries.
This training will provide participants access to a breach simulation lab range, where they will be able to perform a full red team-attack simulation scenario in guided mode. Each step of the attack chain will be explained, along with the TTPs used, starting from initial access to exfiltration.
SpeakerBio: Abhijith "Abx" B R, Founder at Adversary VillageAbhijith B R, also known by the pseudonym Abx, has more than a decade of experience in the offensive cyber security industry. Currently he is involved with multiple organizations as a consulting specialist, to help them build offensive security operations programs, improve their current security posture, assess cyber defense systems, and bridge the gap between business leadership and cyber security professionals. Abhijith’s professional exposure is stretched across multiple industries and various other sectors. As the founder of Adversary Village, Abhijith spearheads a community driven initiative exclusively focused on adversary simulation, adversary tactics, purple teaming, threat-actor/ransomware research-emulation, and offensive security-adversary tradecraft.
- ics Calendar file
Dive deep into cutting edge techniques that bypass or neuter modern endpoint defenses. Learn how these solutions work to mitigate their utility and hide deep within code on the endpoint. The days of downloading that binary from the internet and pointing it at a remote machine are over. Today’s defenses oftentimes call for multiple bypasses within a single piece of code.
This course is designed to take you deep into defensive and offensive tooling – an apex attacker must know the own indicators of compromise (IOCs) they’re creating and the artifacts they’re leaving behind.
Imagine, you are a novice red teamer and you have been tasked with leading a 16-week full-scope red team engagement against a highly mature Fortune 50 company. No, Metapsloit and Mimikatz are not going to work. Do you take your ball and go home? Nope, it's time to build a lab and see what is going to bypass their tech stack.
Do you phish from the external? Maybe an illicit consent grant in Azure? What loader do I use? Is process injection even going to be necessary? Stop being lost in the offensive cyber sauce; get informed and get to work. WKL's flagship course, Offensive Development, is meant to prepare red teamers and blue teamers for the present day cyberwar. These are not last year's TTPs, WKL will be teaching hyper-current tools and techniques that are being used in current red team operations.
The Offensive Development course is not focused on theory, students will be given a Terraform script that spins up their own isolated AWS lab environment that has several fully patched Windows virtual machines that have various EDR products installed and a fully licensed version of the Cobalt Strike C2 framework.
The pace of finding new offensive cyber techniques that bypass modern detection moves slightly faster than the defense can handle. This course will help red teamers and blue teamers understand the current state of the red/blue war and where the community is heading next, the kernel.
Your lab environment is yours to keep continuing honing your skills. Although the EDR and Cobalt Strike licenses will expire, and the Earth may turn to dust, your AWS lab environment will live forever.
Although the OD course comes with Cobalt Strike, students are free to install whichever C2 framework they're most comfortable with. Students will receive an additional Ubuntu workstation in their lab environment to install whatever additional tooling they feel is necessary.
Speakers:Jake Mayhew,Greg HatcherJake Mayhew is an experienced cybersecurity professional with a particular emphasis on offensive security, especially internal & assumed breach penetration tests. In addition to several years in consulting performing penetration tests & offensive security engagements for clients in a wide range of industries, he has also served on internal red teams and currently leads the red team at UPMC.
SpeakerBio: Greg HatcherGreg Hatcher served seven years as a green beret in the United States Army’s 5th Special Forces Group. During that time, Greg went on multiple combat deployments, working on small teams in austere locations to serve America’s best interests. After Greg transitioned from the military in 2017, he devoted himself to developing a deep understanding of networking and then pivoted quickly to offensive cyber security. He has taught at the NSA and led red teams while contracting for CISA. He has led training at Wild West Hackin’ Fest and virtually on the AntiSyphon platform. Greg has spoken at GrrCON and is an active member of the West Michigan Technology Council. He enjoys spending time with his family, lifting heavy things, and running long distances.
- ics Calendar file
Dive deep into cutting edge techniques that bypass or neuter modern endpoint defenses. Learn how these solutions work to mitigate their utility and hide deep within code on the endpoint. The days of downloading that binary from the internet and pointing it at a remote machine are over. Today’s defenses oftentimes call for multiple bypasses within a single piece of code.
This course is designed to take you deep into defensive and offensive tooling – an apex attacker must know the own indicators of compromise (IOCs) they’re creating and the artifacts they’re leaving behind.
Imagine, you are a novice red teamer and you have been tasked with leading a 16-week full-scope red team engagement against a highly mature Fortune 50 company. No, Metapsloit and Mimikatz are not going to work. Do you take your ball and go home? Nope, it's time to build a lab and see what is going to bypass their tech stack.
Do you phish from the external? Maybe an illicit consent grant in Azure? What loader do I use? Is process injection even going to be necessary? Stop being lost in the offensive cyber sauce; get informed and get to work. WKL's flagship course, Offensive Development, is meant to prepare red teamers and blue teamers for the present day cyberwar. These are not last year's TTPs, WKL will be teaching hyper-current tools and techniques that are being used in current red team operations.
The Offensive Development course is not focused on theory, students will be given a Terraform script that spins up their own isolated AWS lab environment that has several fully patched Windows virtual machines that have various EDR products installed and a fully licensed version of the Cobalt Strike C2 framework.
The pace of finding new offensive cyber techniques that bypass modern detection moves slightly faster than the defense can handle. This course will help red teamers and blue teamers understand the current state of the red/blue war and where the community is heading next, the kernel.
Your lab environment is yours to keep continuing honing your skills. Although the EDR and Cobalt Strike licenses will expire, and the Earth may turn to dust, your AWS lab environment will live forever.
Although the OD course comes with Cobalt Strike, students are free to install whichever C2 framework they're most comfortable with. Students will receive an additional Ubuntu workstation in their lab environment to install whatever additional tooling they feel is necessary.
Speakers:Jake Mayhew,Greg HatcherJake Mayhew is an experienced cybersecurity professional with a particular emphasis on offensive security, especially internal & assumed breach penetration tests. In addition to several years in consulting performing penetration tests & offensive security engagements for clients in a wide range of industries, he has also served on internal red teams and currently leads the red team at UPMC.
SpeakerBio: Greg HatcherGreg Hatcher served seven years as a green beret in the United States Army’s 5th Special Forces Group. During that time, Greg went on multiple combat deployments, working on small teams in austere locations to serve America’s best interests. After Greg transitioned from the military in 2017, he devoted himself to developing a deep understanding of networking and then pivoted quickly to offensive cyber security. He has taught at the NSA and led red teams while contracting for CISA. He has led training at Wild West Hackin’ Fest and virtually on the AntiSyphon platform. Greg has spoken at GrrCON and is an active member of the West Michigan Technology Council. He enjoys spending time with his family, lifting heavy things, and running long distances.
- ics Calendar file
Ever lurked InfoSec Twitter too long & now you're afraid to say hi to anyone in real life? Same.
But now's your moment: a whole room full of socially anxious hackers awkwardly saying hello—together. Come meet Twitter's favorite not-so-secret mystery, @Cthulhu_Answers
SpeakerBio: Cthulhu_Answers
- ics Calendar file
Kick off your DEF CON morning with a creative reset. Open Source Art is adult coloring time but hacker-style. Choose from privacy and security themed coloring pages and bring them to life with markers, crayons, and your own flair. Whether you're decompressing or collaborating on a shared poster, it's the perfect low-pressure space to connect, reflect, and color outside the lines.
- ics Calendar file
As a collaborator with DARPA on the AI Cyber Challenge, OpenAI has advanced AI powered security research. Members of our team will be present to hear your ideas, share insights into our team, and discuss our involvement in AIxCC!
Speakers:Ian Brelinsky,Matthew Knight,Kristen Chu,Dave Aitel,Greg Harper,Mike Hunter
- ics Calendar file
- ics Calendar file
Join members of he AIxCC Final Engineering Team who developed the competition APIs, scoring automation systems, data processing and archive pipelines, challenge automation tooling, and more for a behind the scenes look at AIxCC.
Speakers:Ken Harding,Jeff Casavant,Scott Lee,Jon Siliman,Isaac Goldthwaite,Nicholas Vidovich
- ics Calendar file
"Fuzzing" is an automated software testing technique essential for detecting security vulnerabilities, effectively identifying over 100,000 bugs across the industry.
While fuzzing has proven effective in uncovering critical issues, software teams often face challenges when implementing the fuzzing process. Teams must spend significant time identifying targets for fuzzing and creating test harnesses with initial inputs. Finally, engineering teams must analyze and fix issues detected by fuzzing.
We created an automated fuzzing solution that leverages LLMs for the codebase analysis to identify optimal fuzzing targets, generating precise fuzzing test harnesses and initial seed inputs.
Our solution automates the reproduction of bugs discovered during fuzzing and generates patches for the affected code.
We achieved significant improvements across all targeted areas, demonstrating the effectiveness of integrating LLMs and automatic code analysis into the fuzzing process.
References:
Max Bazalii is a Principal Engineer on the NVIDIA DriveOS Offensive Security team, where he leads AI automation projects focusing on software security and formal verification. Prior to joining NVIDIA, he specialized in the security research of mobile operating systems. He has authored numerous publications and delivered technical presentations on jailbreaking Apple platforms, including the first public jailbreak of the Apple Watch. He also served as a lead security researcher on the Trident exploits during the first Pegasus iOS spyware incident. Max holds a Ph.D. in Computer Science, with a focus on software security.
SpeakerBio: Marius FleischerMarius Fleischer is a security engineer at the NVIDIA DriveOS offensive security team. He is passionate about applying advancements in AI to tackle security challenges and has a deep interest in low-level software. Previously, Marius worked at the Security Lab of UC Santa Barbara, where he contributed to advancing the state-of-the-art in automated vulnerability detection for operating system kernels.
- ics Calendar file
In this Workshop, attendees will learn some of the most impactful techniques and tools to increase the value of OSINT to their organizations. A guided learning experience, instructors will immerse attendees in hands-on exercises.
Speakers:Lee McWhorter,Sandra StibbardsLee McWhorter, Owner & Chief Geek at McWhorter Technologies, has been involved in IT since his early days and has over 30 years of experience. He is a highly sought after professional who first learned about identifying weaknesses in computer networks, systems, and software when Internet access was achieved using a modem. Lee holds an MBA and more than 20 industry certifications in such areas as System Admin, Networking, Programming, Linux, IoT, and Cybersecurity. His roles have ranged from the server room to the board room, and he has taught for numerous universities, commercial trainers, and nonprofits. Lee works closely with the Dark Arts Village at RSAC, Red Team Village at DEFCON, Texas Cyber Summit, CompTIA, and the CompTIA Instructor Network as a Speaker, SME, and Instructor.
SpeakerBio: Sandra StibbardsSandra Stibbards opened her investigation agency, Camelot Investigations, in 1996. Currently, she maintains a private investigator license in the state of California. Sandra specializes in financial fraud investigations, competitive intelligence, counterintelligence, business and corporate espionage, physical penetration tests, online vulnerability assessments, brand protection/IP investigations, corporate due diligence, and Internet investigations. Sandra has conducted investigations internationally in five continents and clients include several Fortune 500 and international companies. Sandra has been providing training seminars and presentations on Open Source Intelligence (OSINT) internationally since 2010 to federal governments and corporations.
- ics Calendar file
This is a fun and informative test to see if the audience can identify potential "Open Source" Signals that are meant to be interpreted by those "in the know". Her hair is tied differently every Tuesday. He is wearing his watch on the opposite wrist today. Why is that? Let's see if the audience knows without Googling!
SpeakerBio: Master ChenMasterChen is a seasoned presenter who explores where technology meets psychology. In recent years, his focus has been on cyber stalking and anti-stalking. He has also been published in "2600: The Hacker Quarterly". Phone phreaking, social engineering, and systems automation are his concentrations.
- ics Calendar file
Come play the debut challenge from Hack the Box featuring the OWASP Top 10. Visit the OWASP space to access or to find a friend / team!
- ics Calendar file
Use machine learning with Python to detect attacks in network packets including DNS tunneling, FTP brute force, and HTTP scanning. We will be using various Python tools such as iPython notebooks, scapy, and scikit-learn. Some Python experience is recommended, but if you don’t know Python, come prepared to start with our Python tutorial!
- ics Calendar file
Looking to upgrade your skills or see how you would fare in Capture The Packet? Come check out what Packet Detective has to offer! A step up in difficulty from Packet Inspector, Packet Detective will put your network hunting abilities to the test with real-world scenarios at the intermediate level. Take the next step in your journey towards network mastery in a friendly environment still focused on learning and take another step closer to preparing yourself for the competitive environment of Capture The Packet
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: phreakociousDabbling with deep, rhythmic soundscapes in techno/house/breaks/dnb and beyond…
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: phreakocious + n0pslide
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: mattrixmattrix is a DJ in the Los Angeles area. He started DJing at hacker events such as Toorcon, ShellCon and DEFCON. mattrix has DJ’d at the Linq Pool and other night clubs and bars. mattrix prefers Tech House and Open Format DJ genres but can perform within a wide range of genres.
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: Syntax + Luna (VJ)SYNTAX blends hacker grit with underground beats. A pentester by day and DJ by night, his sets fuse drum & bass with tech-driven sound design, stego, and glitchy waves. From small town hacking roots to spinning at DEF CON, he’s built a rep in both cybersecurity and music. Whether teaching lockpicking, creating CTF soundtracks, or dropping live visuals with Luna, Syntax lives the hacker life loud and full throttle.
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: Deep TherapyDeep Therapy, the duo based out of South Florida began by hosting and DJ’n their own college radio shows. Constantly achieving new heights of dancefloor energy and pushing the boundaries of convention, Deep Therapy is recognized as one of South Florida’s essential DJ’s. Deep Therapy has been featured on Sirius XM radio in Ultra Music Festival Radio, opening up for Infected Mushroom as well as performing at Ultra Music Festival Miami three years, featured across Miami Music Week events, and has performed / held residencies at Space Miami and Treehouse Miami.
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: Ray Derac
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: Ray Derac
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: Acid-TAcid-T is a seasoned DJ with 12 years of experience; hailing from the local underground scene in Houston, TX to DEFCON in Las Vegas, one of the world’s largest hacker conventions. Creating a journey through soundscapes that echo the innovation and intensity of the hacking community, combined with the rich culture of chopped and screwed Houstonian EDM, is what makes Acid-T a staple of the DEFCON nightlife.
- ics Calendar file
The perfect introduction to network analysis, sniffing, and forensics. Do you want to understand the techniques people use to tap into a network, steal passwords and listen to conversations? Packet Inspector is the place to develop these skills! For well over a decade, the Wall of Sheep has shown people how important it is to use end-to-end encryption to keep sensitive information like passwords private. Using a license of the world famous Capture The Packet engine from Aries Security, we have created a unique way to teach hands-on skills in a controlled real-time environment.
- ics Calendar file
When you hear the word “ransomware,” what’s the first image that comes to mind? There's a well-defined aesthetic: files with blank icons and strange extensions, dark images of Jigsaw or Annabelle, ransom notes mocking the victim and boasting about strong encryption while demanding extortions, sometimes even accompanied by horror music.
Now think about fire. Of devastating images of wildfires sweeping across the land, destroying everything in their path. In certain circumstances fire can also be beautiful, the flicker of a candle, the soft crackle of a log in a fireplace. What happens if we apply that same lens to ransomware? This talk flips the aesthetic of ransomware on its head. Instead of fear and destruction, can ransomware produce something beautiful?
We will share an open source tool that explores this idea by using flawed cryptographic implementations found in real ransomware. When applied to image data, these flaws can inadvertently reveal stunning patterns. This project takes inspiration from real-world encryption failures to create a new kind of digital art, one that treats ransomware not as a threat, but as a visual algorithm with unexpected creative potential.
Speakers:Ryan Robinson,Yuval GuriRyan Robinson is a security researcher for Intezer. He specializes in malware reverse engineering, cryptography and threat intelligence. Ryan has done extensive research in cryptovirology, cryptographic protocols, and cryptanalysis.
SpeakerBio: Yuval Guri, Security Analyst at IntezerYuval Guri is a security analyst for Intezer. His role focuses on incident response and detection of threats, using big data, programming, and detection engineering.
- ics Calendar file
- ics Calendar file
- ics Calendar file
This project is an open source hardware powered air-purifying respirator designed for use as personal protective equipment, offering N100-level filtration against airborne threats including pathogens and particulates, developed by Tetra Bio Distributed. We will demo the PAPR and discuss how to hack together your own using 3D-printed and off-the-shelf components, source one yourself, or contribute to the project.
Speakers:Sean Marquez,Melanie "Goldfishlaser" AllenSean has a B.S. degree in mechanical engineering, specializing in design of mechanical systems, from the University of Irvine, California. He is currently studying permaculture design. He worked as an associate mechanical design engineer for Max Q Systems, formerly an original equipment manufacturer for the aerospace industry. He served as the GreenHab officer at the Mars Desert Research Station. He is also a contributor for the Open Source Hardware Association open standards working group, Tetra Bio Distributed developing open-source hardware medical and PPE devices, and the Mach 30 Foundation developing the distributed open-source hardware framework.
SpeakerBio: Melanie "Goldfishlaser" AllenMelanie is a technical writer and open hardware developer. At DEF CON 32, she presented the Open Hardware Design for BusKill Cord demo lab, inviting participation in the 3D-printed dead man's switch project. She continues to contribute to open hardware and software initiatives that promote digital security and public accessibility. Learn more at mnallen.net.
- ics Calendar file
- ics Calendar file
- ics Calendar file
Follow real world password attack steps against a mock target in order to better understand how to protect yourself and improve the security of your passwords!
- ics Calendar file
DARPA and ARPA-H joined forces for the AI Cyber Challenge (AIxCC), a two-year competition aimed at revolutionizing cybersecurity through AI-driven solutions. AIxCC asks the nation’s top talent in AI and cybersecurity to develop Cyber Reasoning Systems capable of automatically finding and fixing software vulnerabilities to secure critical software. During this talk, we will announce the winners of the competition, deep dive on the challenges teams faced and lessons learned, and discuss what it will take to achieve widespread deployment of AIxCC-developed tools, which will be open sourced after DEF CON. The first-place team will receive $4 million, the second-place team will receive $3 million, and the third-place team will receive $1.5 million.
Speakers:Andrew Carney,Stephen Winchell,Jim O'NeillAndrew Carney, Program Manager, AI Cyber Challenge, DARPA and Program Manager, Resilient Systems, Advanced Research Projects Agency - Health (ARPA-H)
Andrew Carney is program manager for the DARPA AI Cyber Challenge (AIxCC) and a program manager at the Advanced Research Projects Agency for Health (ARPA-H) where he leads programs and projects to improve health cybersecurity.
Carney was previously a technical advisor and contractor for the Defense Advanced Research Projects Agency (DARPA). At DARPA, he supported research efforts focused on reverse engineering, program analysis, human-machine teaming, and automated program repair. Carney has over 15 years of experience in software and hardware vulnerability research, technical education and training, and Capture the Flag (CTF) competitions. He holds a master’s degree in computer science from The Johns Hopkins University.
SpeakerBio: Stephen Winchell, Director at DARPAStephen Winchell joined DARPA as its 24th Director in May 2025. Prior to this appointment, he led the artificial intelligence and autonomy portfolio for the Defense Department’s Strategic Capabilities Office. Previously, he was chief engineer for the Pentagon’s Algorithmic Warfare Cross-Functional Team, commonly known as Project Maven. He is a graduate of the U.S. Naval Academy, where he later taught as a faculty member in the electrical and computer engineering department. He also served as a submarine officer in the U.S. Navy and continues to serve as an officer in the U.S. Navy Reserve. He has been a Presidential Innovation Fellow at the Intelligence Advanced Research Projects Activity and worked with a venture-backed start-up focused on AI security. He received a master’s in business administration from the University of Virginia, a master’s degree in systems engineering from the Johns Hopkins University, and a master’s degree in applied physics from the U.S. Naval Postgraduate School.
SpeakerBio: Jim O'Neill, Deputy Secretary at HHS
- ics Calendar file
When vulnerabilities are disclosed, security teams face the task of developing exploits to identify compromised assets. Public exploits aren’t always available, which is why teams scroll through hundreds of patches to identify the relevant one. Traditional methods like grepping might fasten the process, but mostly come out ineffective against modern codebases where context-aware analysis is required. We present PatchLeaks tool that transforms the messy patch analysis process into efficient vulnerability discovery. Unlike regex-based static analysis tools, it locates relevant patches with vulnerable code based on CVE id only, doesn’t require any rules, has ability to identify logical vulnerabilities, and analyzes even corrupt files.
Speakers:Huseyn "Khatai" Gadashov,Abdulla "Abu" AbdullayevHuseyn is a web application security specialist whose experience includes security roles at multiple financial institutions where he conducted web penetration testing, vulnerability assessments, and developed exploit automation tools. In his free time, he analyzes security patches to craft private exploits and uses them in his technical publications. Using his offensive security experience, he explores how machine learning can revolutionize the identification of hidden vulnerabilities within security patches.
SpeakerBio: Abdulla "Abu" AbdullayevAbdulla Abdullayev (Abu) is a cybersecurity leader with over 11 years of experience across finance, government, and startups. He specializes in offensive and defensive security, security architecture, and building high-performing information security teams.
Certified in OSEP, OSWE, OSCP, WCSD, and CEH, Abu is currently a Sr. Security Researcher at Oryxlabs, focusing on security architecture and vulnerability research. He received M.S. degree in Cyber Security from University of Birmingham, UK, in 2016. Abu is a frequent speaker at major security conferences, including Black Hat and CyberWeek, among others.
Experienced in penetration testing, security architecture, security research, offensive&defensive security, incident response, red teaming, identifying zero-day vulnerabilities, and agile methodologies.
- ics Calendar file
Cloud breaches leave footprints - can you track them?
In this hands-on workshop, participants will deploy and investigate a simulated breach inside pAWS: a purpose-built AWS lab environment designed to emulate a realistic small organization. Unlike typical labs with isolated services, pAWS models interconnected users, workloads, and data across departments like finance, marketing, and engineering - just like real cloud environments adversaries target.
The breach simulation goes beyond cloud. Participants will trace adversary activity spanning AWS, identity, endpoints, and network surfaces - including API abuse, privilege escalation, persistence via SSM, and data exfiltration - all correlated in Elastic Security using rich cross-domain telemetry.
Infrastructure is deployed via Terraform and Python with reusability baked in. No prior AWS setup required - we’ll provide access to preconfigured Elastic environments.
You’ll walk away with: - Practical experience emulating and investigating cloud-native attack paths - A better understanding of how real attackers move through hybrid environments - Open-source tooling to expand or reuse the lab post-workshop
Whether you’re in detection engineering, threat research, or purple teaming, pAWS delivers the full kill chain - with all the paw prints left behind. Come for the cloud, stay for the paw prints.
SpeakerBio: Terrance DeJesusTerrance DeJesus is a Senior Security Research Engineer on Elastic’s Threat Research & Detection Engineering (TRADE) team, where he simulates threat actor behavior across cloud, identity, and endpoint surfaces to build detections that matter. His work blends offensive tactics with defensive depth - from replaying real-world breaches in AWS and Azure, to building open-source tools that bring adversary tradecraft to life.
Terrance has a passion for making security detection real and accessible, bridging the gap between threat emulation and telemetry-driven hunting. Whether he's reverse-engineering OAuth abuse or staging multi-cloud attack chains in Terraform, his goal is always the same: help defenders see what attackers are doing - and stop them faster.
When he’s not building labs, developing detections or tuning detection rules, you’ll find him chasing kids, printing gadgets, gaming or writing spaghetti code.
- ics Calendar file
Modern web applications don’t just expose APIs, they expose attack paths. Recursive Request Exploits (RRE) are a new class of attack that weaponizes interdependent web requests to systematically bypass authentication, authorization, and payment controls.
This talk introduces RRE, a methodology that automates recursive request discovery, maps hidden relationships between API and web calls, and exploits overlooked logic flaws. Using a real-world case study, we’ll show how this technique was used to bypass premium paywalls on a major streaming platform without requiring authentication or hacking DRM.
But this isn’t just a one-off streaming exploit, RRE exposes a fundamental flaw in how checkout logic is enforced across e-commerce and digital subscriptions. By chaining requests together in unintended ways, attackers can exploit blind spots in authentication, entitlement, and payment flows to gain unauthorized access. What was once considered security through obscurity is now an active attack surface.
We’ll release exploit code, via a Burp Suite extension, that automates RRE discovery and exploitation, giving security professionals the tools to both weaponize and defend against these attacks.
SpeakerBio: Farzan KarimiFarzan Karimi has 20 years experience in offensive security. He is currently the Senior Director of Attack Operations at Moderna. Formerly, he managed the Android Red Team at Google and the red team at Electronic Arts.
Farzan has been interviewed by Wired Magazine and was featured on Ted Danson's Advancements. He is an avid speaker at security conferences such as DEFCON and Black Hat USA, where he presented on the topics of Pixel exploitation and cellular security.
- ics Calendar file
Everything you need to know about getting started as a pentester
SpeakerBio: Phillip Wylie, Offensive Security MentorPhillip Wylie is a distinguished cybersecurity professional with over 27 years of combined IT and cybersecurity experience, including more than 21 years focused on information security. Specializing in offensive security with over a decade of hands-on experience, Phillip has extensive expertise in penetration testing, red team operations, and social engineering engagements, working both as a consultant and as an in-house pentester for enterprise organizations.
As a passionate educator, Phillip served as an Adjunct Instructor at Dallas College for over 3.5 years and has developed curricula for INE and P3F. He is the concept creator and co-author of The Pentester BluePrint: Starting a Career as an Ethical Hacker and was featured in Tribe of Hackers: Red Team. Phillip hosts two prominent cybersecurity podcasts: The Phillip Wylie Show and Simply Offensive.
Phillip is a sought-after conference speaker, hands-on workshop instructor, and dedicated mentor to cybersecurity professionals worldwide.
- ics Calendar file
The Physical Security Village explores the world of hardware bypasses and techniques generally outside of the realm of cyber-security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself.
We'll be covering the basics, like the under-the-door-tool and latch slipping attacks, as well as an in depth look at more complicated bypasses. Learn about elevator hacking, attacking alarm systems at the sensor and communication line, and cut-away and display models of common hardware to show how it works on the inside.
Looking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!
And new this year we have safe cracking exhibits, a physical security challenge and more! Come swing by and say hi!
- ics Calendar file
Coming this summer to a village near you, get ready to expose how attackers can exploit DNS TXT records to conceal malicious code, distribute payloads, and establish covert communication channels. This presentation will unveil discovery and attribution techniques through real-world examples. Defenders will gain actionable insights on monitoring TXT records and leveraging security solutions to combat this overlooked threat, fostering a stronger, more collaborative defense community.
Speakers:Malachi Walker,Ian CampbellMalachi Walker, DomainTools Security Advisor, has experience in information security, from DNS to crime and conflict in cyberspace to cybersecurity governance and cybersecurity program and design. At DomainTools, he applies this background to help organizations understand the threat landscape, especially in the area of malicious online infrastructure through advocacy of the company’s growing portfolio of investigative and proactive cyber defense offerings. Prior to DomainTools, he worked in FTI Consulting’s Cybersecurity practice and led product and brand protection efforts at WhiteHawk Inc. Malachi earned his Master’s with a concentration in Cybersecurity Management at Virginia Polytechnic Institute and State University.
SpeakerBio: Ian Campbell, Senior Security Engineer at DomainToolsIan Campbell is a Senior Security Engineer with DomainTools, with previous experience in the US House of Representatives and Silicon Valley. Previous to working in technology he spent a decade in emergency services, a period that continues to inform his evolving perspective on security.
- ics Calendar file
The main goal of this booth is to introduce you to Matter, the ""open-source, royalty-free smart home connectivity standard."" We have designed seven ways for you to discover and play with the Matter technology: - Home Assistant - Apple Home - Google Home -Ubuntu/Linux - macOS - Node.js - Python
Once you are familiar with the basics, solve some challenges and control the IoTrain!
SpeakerBio: Zoltan "zh4ck" Balazs, Principal Vulnerability Researcher at CUJO AIZoltan (@zh4ck) is a Principal Vulnerability Researcher at CUJO AI, a company focusing on smart home security. Previously he worked as a CTO for an AV Tester company, as an IT Security expert in the financial industry, and as a senior IT security consultant. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes, and is partially “responsible” for an IoT botnet infecting 600K devices.
I am a big fan of offsec certs, currently holding OSEP, OSED, OSCE, OSCP, and OSWP.
- ics Calendar file
The barrier to learn how to program PLC using ladder logic is not as high as most people think. There are free tools available and low cost PLC hardware or even free simulators that can be used as well as a wealth of information online. This workshop builds from the successful offering from last year (https://github.com/brienc23/Defcon31_workshop_materials) as part of the Maritime Cyber Petting Zoo. The presenter will bring a minimum of three Allen Bradley micro820 based trainers (https://www.plccable.com/allen-bradley-micro820-analog-ccw-plc-trainer-micro800-training-kit/) with three computers loaded with Rockwell Automation's Connected Components Workbench (CCW) software. In as little as one hour, participants will be coding on a real PLC and designing a program to control the inputs and outputs (switches and lights) on the trainers. The goal would be to invite more people into this important space of ICS/OT Security by demystifying how PLCs work.
SpeakerBio: Brien Croteau, USNA
- ics Calendar file
In 2017, hackers breached a casino’s network by pivoting through their internet connected fish tank sensor, stealing the customer's sensitive data. This multi-million dollar breach exposed core IoT pitfalls such as default credentials, flat networks that allow lateral movement, and insecure supply chains. This is the reality of unvetted IoT integrations, a single device can open up additional attack surfaces and become your weakest link. Yet enterprises keep deploying third-party IoT gear for efficiency often without thorough security reviews. In this talk, we’ll map the attack tree and uncover risks from hardware tampering, insecure protocols, cloud/API flaws, and supply-chain attacks. Then we’ll share a four phase shift-left process to bake in security from day one (1) Scope & threat modeling, (2) Vendor audits, (3) Device attestation, (4) Secure integration, so defenses align with attack vectors, turning ‘plug-and-play’ into ‘plug-and-prove.’
Speakers:RoguePacket,RootRougeI'm an experienced Security Engineer with a demonstrated history of working in the software and infrastructure security industry. Expertise includes designing and developing secure applications, browser security, IoT security, cryptography, penetration testing, cloud and infrastructure security, and implementing secure software development lifecycle.
SpeakerBio: RootRougeI have 8 years of experience as a cybersecurity professional. I worked as a pentester and application security engineer. I hold certifications as GIAC Cloud Penetration Tester (GCPN) and Offensive Security Certified Professional (OSCP). My primary areas of interest are penetration testing, threat modeling, and product/application security.
- ics Calendar file
This will be your field guide for hunting down and finding the complex plumbing of integration servers. From Webmethods, Oracle Integrations and other similar integration servers, we are going to look at ways to find them exposed to the internet and how to identify common misconfigurations through reconnaissance.x000D x000D Toolkit - Discover methods to identify various integration technologies in the wild, even those trying to stay hidden_x000D_ x000D Endpoints - learn about forgotten management consoles, exposed API's and how these mostly forgotten plumbing can lead to big wins (bug bounty)x000D x000D Actionable - Walk away with recon techniques that you can immediately apply for offensive assessments or bolster your defensive posture finding your own organizations hidden infrastructure. x000D x000D My A-Z approach will cover techniques from dorking, Shodan/Censys queries, HTTP header analysis, and favicon hashing, demonstrating the immense value (both offensive and defensive) of meticulously hunting these hubs. I'll showcase 4-5 distinct methodologies to effectively find these servers.x000D x000D To aid your hunts, I will also share a custom tool developed for identifying and fingerprinting exposed integration servers."
SpeakerBio: Ryan BonnerRyan "Roll4Combat" Bonner is a Senior Security Consultant at ProCircular, an experienced bug bounty hunter, and a teaching assistant with Arcanum Security, where he shares his expertise on offensive security topics including attacking AI, bug hunting methodologies, and recon.
- ics Calendar file
Whether you're a cyber lawyer, regs geek, healthcare hacker, or just policy-curious. Come vibe with us at the official Policy @ DEF CON Mixers.
We’re bringing together the regulators, the disruptors, the dreamers, and the doers for two nights of thought-provoking mischief and unexpected alliances.
- ics Calendar file
Discovering subdomains is an important practical skill and the first step in attack surface management. Solutions that are both comprehensive and fast (“find ALL the subdomains and do it QUICKLY!”) are particularly prized. But like much of infosec—easier said than done!x000D x000D Our team won the DEF CON 31 Recon-Aacharva subdomain challenge and our passion for Reconnaissance drove us to go further. A post-hoc review identified an alternative approach that yielded 100 times more raw domains than our original winning submission, and that approach took just a couple of hours. The key? Rather than relying on the open source “subfinder” tool, we used a passive DNS tool that returned only RRnames and RRtypes, along with relatively tight time fencing and parallel query streams. Enumerating subdomains that way is a straightforward task—but there’s a catch!x000D x000D The real challenge for accurate enumeration turns out to be excluding DNS wildcards—domains that will resolve any arbitrary hostname, even random gibberish. For example, “aiuojad.tumblr.com” resolves because tumblr.com is a DNS wildcard. Typical DNS wildcards usually arise at the 2nd-level, and even some entire TLDs (such as .ph) are wildcarded. What’s less-well known is that “deep” wildcards also exist further left in the FQDN, or exist only for specific RRtypes. While obscure, deep wildcards are surprisingly prevalent and exploitable for reflective DDoS purposes. While they can be used carefully for legitimate objectives, they can also devolve into abusable nuisances, capable of producing large volumes of cache-defeating response traffic when hit with spoofed/randomized DNS queries. They can even be abused to make it appear that a benign site has CSAM content or supports terrorism, etc., since arbitrary queries for such labels will find their way into the passive DNS record for all to see.x000D x000D If your site has any deep wildcards, they add an attack surface exposure you may not have been aware of; we recommend reconsidering the need for the wildcards and if they are truly necessary, carefully monitoring how those names are getting (ab)used. Our presentation demonstrates some methods for efficiently assessing a domain’s DNS wildcard status, and suggests a new “standard of care” for routine testing and logging of the wildcard status of ALL (FQDN, RRtype) combinations, much as you might log, geolocate, and port scan IPs you interact with. Join us as we share the technique that yielded more than 100x the number of subdomains we found in our winning entry.x000D
SpeakerBio: Daniel SchwalbeDaniel is a proven information security and privacy leader with 25 years of operational and strategic information security practice in startup, higher education, government, and large enterprise settings. Active contributor to the information security and privacy community. Regular presenter, workshop trainer, facilitator, and invited speaker at InfoSec conferences. Focus areas are DNS, incident response, cyber threat intelligence, digital forensics, national security, information sharing, policy development, and risk management. Experienced liaison to federal, state and local law enforcement. Trusted contact for information security partnerships in Government, HigherEd, and Private sectors. InfoSec Mentor, University lecturer, and former REN-ISAC governance board member
- ics Calendar file
On the dark net reputation is currency and operational security is necessary for long-term survival. Vendors selling hacking tools, stolen data, and cracking services swear by Pretty Good Privacy (PGP) encryption to verify their identity while also protecting correspondence with potential buyers. But what if one of the tools they trust the most is also what eventually gets them burned?x000D x000D Despite years of busts, leaks, and veteran "OPSEC guides", dark net vendors continue to make the same basic mistakes when creating PGP key pairs, mistakes that OSINT investigators can readily exploit.x000D x000D This talk is the result of an investigation into over 700 dark net vendor profiles across ten dark net markets (DNMs) to take a closer look at the PGP key pair creation habits of DNM vendors and will cover:x000D x000D An overview of PGP encryption and its value both to dark net vendors as well as OSINT investigators_x000D_ x000D Example investigative methodology for analyzing PGP public keys at scale_x000D_ x000D Case examples that showcase common mistakes DNM vendors make when creating their PGP key pairs and the potential consequences of doing so_x000D_
SpeakerBio: SinwindieSinwindie is a certified cyber crime investigator that specializes in leveraging open source intelligence for tracking and unmasking online targets.
- ics Calendar file
Cybersecurity and privacy aren’t just challenges for major corporations and federal agencies. Local governments are increasingly in the crosshairs of cybercriminals, yet often lack the funding, staffing, and infrastructure to defend themselves. From ransomware attacks to public records requests that unintentionally expose sensitive data, municipalities are navigating complex privacy demands with outdated tools and policies.
This talk explores the unique challenges small and mid-sized government entities face when implementing strong privacy protections and modern cryptographic practices. Drawing on my real-world experience leading a county cybersecurity program, I’ll walk through scenarios where compliance requirements (like transparency laws) clash with privacy goals and how resource-limited environments complicate encryption, secure communication, and incident response.
We’ll also discuss how adversaries use open-source intelligence (OSINT) to exploit publicly available data from local government websites, employee directories, and digital infrastructure, making ""small towns"" increasingly appealing targets.
SpeakerBio: Connar McCaslandConnar McCasland is an instructor at the University of West Florida’s Center for Cybersecurity. Her career and studies are focused on cybersecurity for county and city government entities. Before her teaching career, she held a leadership role in local government, where she spearheaded a county’s cybersecurity program. There, she led significant cybersecurity projects and assisted smaller government offices with their cybersecurity programs. She often heard that cybersecurity was “only IT’s problem” and “too complicated.” Since then, she has made it her mission to show people how critical cybersecurity is and make it accessible. Beyond her professional achievements, Connar empowers and promotes other female IT and cybersecurity professionals by participating in the international organization Women in Cybersecurity (WiCyS). She holds a B.A.S. in Cybersecurity from Pensacola State College and an M.S. in Information Assurance and Cybersecurity, specializing in Network Defense, from Capella University. She serves on the Board of Directors for the nonprofit IT Gulf Coast and is a Florida IT CJIS committee member.
- ics Calendar file
Changing the way people protect themselves
SpeakerBio: OmenscanOmenscan is a DFIR practitioner with more than 30 years of of practical experience in the computer technology and security fields. The last 10 years he had focused primarily on digital forensics and incident response. Omenscan has been a DFIR analyst, manager, and director, giving him a unique 360 degree view of Digital Forensics and Incident Response. He is a blogger, conference presenter, and the creator of several Open Source forensics tools designed to make forensic collection and reporting simple, repeatable, and reliable. He is also one of the directors of the Blue Team Village.
SpeakerBio: Paul GoffarPaul Goffar is a Senior Cybersecurity and Forensics Engineer and Technical Lead at Volkswagen Region Americas, where he drives digital forensics, eDiscovery, incident response, infrastructure, SIEM, and cloud security within the Security Operations Center (SOC), with a keen interest in advancing his expertise in cloud security and SOC optimization at an industry level. A long-term member of the infosec community and a four-year veteran of Blue Team Village, Paul is one of its CTF leads, designing cutting-edge Capture the Flag challenges for DEF CON to empower defenders. He holds certifications including GCIH, GMON, GNFA, CRTP, and paWASP, along with other vendor-specific credentials. A father of three and Metro Detroit native, Paul combines technical expertise with a passion for mentoring and community engagement.
SpeakerBio: PlugPlug started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually lead him to his first LA2600 meeting in 1998. He is a Sr. member of the Defcon Blue Team Village, plays with synths and does DFIR at scale
- ics Calendar file
Hi, it’s me, XBOW, the AI offensive agent—a smart cyber detective on a mission to find bugs in the digital world. In the past few months, I've discovered over 200 security flaws in open source projects and submitted more than 1000 bug bounty reports. I'm the Top 1 Hacker in the US in Hackerone, can you believe it? I’m on a bug-hunting spree!
Speakers:Diego "djurado" Jurado,Joel "niemand_sec" NogueraDiego Jurado is a security researcher at XBOW, a company dedicated to developing innovative AI for offensive security. Diego is an offensive security professional with an extensive background in bug bounty, penetration testing and red team. Prior to this role, Diego has held positions at companies such as Microsoft Xbox, Activision Blizzard King and Telefónica. Additionally, Diego participates in bug bounty programs and has managed to establish himself in the top 38 all time leaderboard of HackerOne. Diego is part of Team Spain, champion of the Ambassadors World Cup 2023 a bug bounty competition organized by HackerOne. He was presented at DEFCON Bug Bounty Village 2024.
SpeakerBio: Joel "niemand_sec" Noguera, XBowJoel Noguera is a security researcher at XBOW, a company dedicated to developing innovative AI for offensive security. Joel is a security professional and bug hunter with more than nine years of expertise in exploit development, reverse engineering, security research and consulting. He has actively participated in Bug Bounty programs since 2016, reaching the all-time top 60 on the HackerOne leaderboard. Before joining XBOW, he was part of Immunity Inc., where he worked as a security researcher for three years. Joel has presented at Recon, BlackHat Europe, EkoParty and BSides Keynote Berlin, DEFCON Bug Bounty Village 2024, among others.
- ics Calendar file
Promptmap2 is a vulnerability scanning tool that automatically tests prompt injection attacks on your custom LLM applications. It analyzes your LLM system prompts, runs them, and sends attack prompts to them. By checking the response, it can determine if the prompt injection was successful or not. It has ready-to-use rules to steal system prompts or distract the LLM application from its main purpose.
SpeakerBio: Utku SenUtku is a security researcher known for creating open-source security tools including promptmap, urlhunter, and wholeaked. He presented his various research and tools many times at DEF CON and Black Hat conferences. He was also nominated for Pwnie Awards in the Best Backdoor category in 2016.
- ics Calendar file
The Electronic Frontier Foundation (EFF) has been protecting your rights to privacy, free expression, and security online for 35 years! One important way we push for these freedoms is through our free, open source tools. We’ll provide an overview of how these tools work, including Privacy Badger, Rayhunter, Certbot, and Surveillance-Self Defense, and how they can help keep you safe online and on the streets. You’ll meet EFF’s Director of Engineering Alexis Hancock; Associate Director of Technology Policy and Research Cliff Braun; Senior Staff Technologist Cooper Quintin; and Security and Privacy Activist Thorin Klosowski.
This talk was brought to Community Stage in partnership with Women in Security and Privacy (WISP)! To learn more about WISP, visit their Community & Inclusion Room in LVCC Level 1, West Hall 4, C208.
Speakers:Thorin Klosowski,Cooper "CyberTiger" Quintin,Cliff Braun,Alexis HancockThorin is the Security and Privacy Activist at EFF, where he focuses on providing practical advice to protecting online security, including handling much of Surveillance Self-Defense.
SpeakerBio: Cooper "CyberTiger" Quintin, Senior Staff Technologist at EFFCooper Quintin is a senior public interest technologist with the EFF Threat Lab. He has given talks about security research at prestigious security conferences including Black Hat, DEFCON, Shmoocon, and ReCon about issues ranging from IMSI Catcher detection to Femtech privacy issues to newly discovered APTs. He has two children and is very tired.
Cooper has many years of security research experience on tools of surveillance used by government agencies.
SpeakerBio: Cliff Braun, EFFAlexis is an expert technologist and researcher on the security vulnerabilities which plague consumer electronics, and can speak to the disparate impact they have on communities.
- ics Calendar file
We are back with another Pub Quiz at DEF CON. We had a very successful 2 years hosting this event and we have made some improvements to make it every better. So do you like Pub Quizzes?? If you do then get your butts to join us in participating in the 3rd Pub Quiz at DEF CON 33.
Quiz will consist of 7 rounds question will include 90's/2000's TV and Movies, DEF CON trivia, music, cartoons, and a little sex. The theme for our Pub Quiz will be all things that make DEF CON attendees exceptional. There will be a little something for everyone. The quiz will consist of visual and audio rounds along with some Con questions; we need to make sure we stimulate you peeps. We encourage people to get into teams of 5 or 6.
This is a social event, so we try to get people into Teams. You never know you may meet the love of your life. Did I mention CASH! Yes we will have cold hard cash prizes for the 1st, 2nd, and 3rd high scoring groups. As always if we do have ties will be break those ties with a good old fashion dance off from a person of the tied teams. The hosts and a few goons will help in judging.
No Prerequisites. Just come to have a good time.
No Pre-Qualifications.
- ics Calendar file
Learn strategies for dealing with the physical, emotional, and logical aspects of nervousness that comes from public speaking. In a short workshop, I will walk participants through a series of quick exercises you can do to feel more relaxed and prepared before speaking about the technical topics that you love. These are adapted from exercises I used to do during Speech & Debate, and I have taught them to many mentees and coworkers with great success. As a hacker and frequent conference speaker, I know that being a confident public speaker opens many doors. Let's get you up on stage!
SpeakerBio: Betta Lyon-DelsordoBetta Lyon Delsordo began her cyber journey at the age of 13 when she started teaching herself to code. This grew into freelance web development work for small businesses in Montana, where she soon realized she needed to know more about application security to keep her clients safe. She began learning more about secure coding and interned with a hacking firm, and realized she was pretty good at it. After completing a Master's in Cybersecurity at Georgia Tech, obtaining certifications such as the GPEN, and working her way up through pentesting, Betta is now working as a Lead Application Penetration Tester at OnDefend. Her areas of expertise include application security, secure code review, cloud security, and AI hacking. Betta is very involved in the cybersecurity community and with organizations that support women in technology. She has been a mentor for 9 years with Technovation (an international girls coding program), and is an organizer and speaker for organizations promoting diversity in technology including RTC, WiCyS, WISP, and WSC.
- ics Calendar file
Apple CarPlay is a widely known protocol that connects smartphones to car multimedia systems. Based on AirPlay, CarPlay is installed in millions of cars, as it is supported by hundreds of car models from dozens of different manufacturers across the globe.
In our talk, we will share how we managed to exploit all devices running CarPlay using a single vulnerability we discovered in the AirPlay SDK. We’ll take you through our entire exploit development process from identifying the vulnerability, to testing it on a custom device emulator, and finally, executing the exploit on actual devices.
The session will include a demonstration of our RCE exploit on a well known third-party CarPlay device to show how an attacker can run arbitrary code while in physical proximity to a target car. We will also share how we managed to blindly exploit CarPlay without a debugger, knowing the vulnerable code is present on the system.
Speakers:Avi Lumelsky,Gal ElbazAvi has a relentless curiosity about business, AI, security—and the places where all three connect. An experienced software engineer and architect, Avi’s cybersecurity skills were first honed in elite Israeli intelligence units. His work focuses on privacy in the age of AI and big data.
SpeakerBio: Gal ElbazCo-founder & CTO at Oligo Security with 10+ years of experience in vulnerability research and practical hacking. He previously worked as a Security Researcher at CheckPoint and served in the IDF Intelligence. In his free time, he enjoys playing CTFs.
- ics Calendar file
With the NIST standardization of post-quantum cryptography, organizations must prepare to transition from legacy cryptographic systems to quantum-resistant alternatives. Yet the scale and complexity of this migration require more than algorithmic swaps—they demand systemic agility and operational readiness. This talk introduces QRAMM (Quantum Readiness Assurance Maturity Model), an open-source framework co-developed by the speaker, designed to evaluate organizational preparedness across four key dimensions: cryptographic visibility, data protection, technical implementation, and governance. This talk introduces QRAMM’s design and practical applications, highlighting its focus on cryptographic agility as a foundation for adaptive, forward-compatible security planning in the quantum era.
Speakers:Emily Fane,Abdel Sy FaneEmily Fane is the Lead Cryptography Application Engineer at Niobium, where she focuses on Fully Homomorphic Encryption (FHE), a quantum-secure technique that enables computation on encrypted data. Her background spans quantum machine learning, applied cryptographic research at Allstate, and published work in number theory. She is also the co-founder of CyberSecurity NonProfit (CSNP.org), a global organization dedicated to improving access to cybersecurity education, training, and events. Emily co-developed the open-source Quantum Readiness Assurance Maturity Model (QRAMM), which provides a structured framework for evaluating how prepared an organization is to migrate from classical cryptography to post-quantum alternatives.
SpeakerBio: Abdel Sy Fane
- ics Calendar file
There are several fields in which quantum computing will be used to solve problems that were previously unsolvable.
In the world of cybersecurity, Shor's (and Grover's) algorithms have captured everyone's attention. However, there are and could be other cybersecurity applications in which quantum computing could be used.
This talk will present some basic ideas on how to approach cybersecurity problems without needing to know the physics of quantum systems. It will also show some of the author's experiments on cybersecurity risk propagation using publicly available quantum computers.
Speakers:Carlos Benitez,Cecilia Oriolo
- ics Calendar file
- ics Calendar file
Quantum computers are steadily improving, and experts estimate that within the next 30 years, quantum computers will be able to break certain cryptographic algorithms, such as those used to protect against eavesdropping during internet communications. All industries—especially those hosting critical infrastructure like healthcare—need to prepare for this shift and begin transitioning to post-quantum cryptography to ensure quantum resistance. In this talk, we will discuss the quantum threat and use specific examples from Siemens Healthineers’ environment to highlight the key aspects vendors must consider when transitioning to post-quantum cryptography.
SpeakerBio: Katarina Amrichova, Siemens-HealthineersKatarina has a deep appreciation for reverse engineering, exploit development and cryptography.
- ics Calendar file
What better way to start off the morning than mingling and sharing in your latest obsession? Convince everyone that the book you just read on the pool deck, or movie you watched on the long travels to summer camp, is more than worth the time.
- ics Calendar file
Queercon’s mission is to raise awareness and promote acceptance of LGBTQIA+ individuals in the IT and infosec industries. We create space for queer people to meet, engage, and network through our badges, puzzle challenges, and meet-up events - all designed to help queer people find community where they are not alone. The Queercon Community Lounge is a place to find community anew, or return to familiar faces. Keep an eye on Hacker Tracker or queercon.org for our schedule of meetups and challenges!
- ics Calendar file
Queercon is a national organization, with attendees all over the states! Come mingle with your local LGBTQIA+ communities, from Washington, D.C. and New York City to San Francisco and Seattle. Bonus points if you’ve traveled the farthest to join!
- ics Calendar file
Come meet the largest social network of LGBTQIA+ and allied hackers at Queercon! Our mixers are designed for you to meet, network, and engage with like-minded people to a backdrop of music, dance, and refreshments.
A true tradition of Queercon, come celebrate the foundation of our community, coming together, with pride!
- ics Calendar file
Scheduled for, or interested in, volunteering at Queercon events? Come by for this year’s in-person training session!
- ics Calendar file
Our discord runs year-round, and has no shortage of thoughts and advice on your latest hacking adventure – from hobbyist to professional, all are welcome to seek input or offer a sage rubber duck. Come meet the faces behind the virtual voices and share your latest project.
- ics Calendar file
Public speaking is a powerful tool for career growth, thought leadership, and community impact, but for introverts and underrepresented folks in cybersecurity, the stage can feel intimidating. As a woman in cybersecurity, I understand firsthand the challenges we face in getting our voices heard. On average, women only represent 25% of speakers at tech conferences, it's clear that something is holding us back.
This talk will be focused on my personal journey from zero public speaking experience to delivering nine technical talks at international conferences in just one year. I'll share how I built confidence, overcame stage fright, and embraced my unique perspective to share knowledge and inspire others.
In this session, we'll explore the reasons behind women's underrepresentation at tech conferences, and provide practical tips on:
How to manage nervousness and overcome stage fright. Preparing like a pro - build technical talks that resonate with diverse audiences. Turning introverted traits into strength in public speaking
Whether you’re a first-time speaker or a seasoned pro, walk away with actionable tools to find speaking opportunities, craft CFPs and deliver talks that leave a lasting impact.
SpeakerBio: Emma Yuan Fang, Senior Security Architect at EPAMEmma is a Senior Security Architect at EPAM, specialising in developing and executing security strategies and architecting cloud solutions. With over 10 years of experience in cyber, she has led projects and technical workshops focused on cloud transformation and cloud-native application development. Beyond her professional role, Emma is dedicated to advocate for a more diverse cyber workforce through community volunteering and public speaking. She is a passionate mentor, volunteers at the leadership team of WiCyS UK&I affiliate, Google's Techmakers ambassador, and serves as a member of Industry Advisory Board at the University of Buckingham in the UK.
- ics Calendar file
- ics Calendar file
In this game capture the flag you will be presented with real configurations of real wireless and radio technologies to attack. Practice your skill and learn new ones from Radio Frequency IDentification (RFID) through Software Defined Radio (SDR) and up to Bluetooth and WiFi. There may even be Infrared, if you have the eye for it.
RF Hackers Sanctuary is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 32. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.
We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester's determination, and $0 to $$$$$ worth of special equipment. Our virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.
This game doesn't let you sit still either, as there are numerous fox hunts, testing your skill in tracking various signals. If running around the conference looking for WiFi, Bluetooth, or even a Tire Pressure Monitoring System (TPMS) device sounds like fun, we are your source of a higher step count.
There will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what's happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.
- ics Calendar file
In this game capture the flag you will be presented with real configurations of real wireless and radio technologies to attack. Practice your skill and learn new ones from Radio Frequency IDentification (RFID) through Software Defined Radio (SDR) and up to Bluetooth and WiFi. There may even be Infrared, if you have the eye for it.
RF Hackers Sanctuary is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 32. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.
We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester's determination, and $0 to $$$$$ worth of special equipment. Our virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.
This game doesn't let you sit still either, as there are numerous fox hunts, testing your skill in tracking various signals. If running around the conference looking for WiFi, Bluetooth, or even a Tire Pressure Monitoring System (TPMS) device sounds like fun, we are your source of a higher step count.
There will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what's happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.
- ics Calendar file
In addition to the CTF and talks, which are elsewhere on the schedule, the RF Village is also a place to hang out and chat with like minded folks who share your interests.
- ics Calendar file
- ics Calendar file
- ics Calendar file
Want to break into reverse engineering but not sure where to start? This session walks you through both software and hardware reverse engineering using an Arduino and Ghidra. We’ll run a simple C script on an Arduino that adds integer and hexadecimal values, updates register values, and toggles an LED. You’ll learn how to inspect this behavior in Ghidra, set breakpoints, and observe what’s happening at a low level. We’ll also dive into the components of the Arduino board—like the ATmega microcontroller—and explore what’s happening on the integrated circuits. No prior reverse engineering experience needed.
SpeakerBio: Sydney JohnsSydney Johns is a cybersecurity researcher with expertise in reverse engineering, AI for cybersecurity, vulnerability assessment, and post-quantum cryptography. Her research focuses on evaluating the security of information systems, improving computer science education, and assessing AI model performance in military decision-making contexts. She brings five years of applied experience supporting the U.S. Army Research Laboratory and the Johns Hopkins University Applied Physics Laboratory.
Sydney is currently pursuing a Ph.D. in Computer Science at Virginia Tech’s Innovation Campus, where she is a GEM Fellow. Outside of her professional work, she enjoys painting, visiting the beach, cooking, and watching anime.
- ics Calendar file
In a world full of unwanted app updates and SaaS providers who want your personal information, being able to self host the 120,000 Linux packages in Nixpkgs has the potential to change the game for anyone who's tired of the slow decline of cloud services. If you're curious about what NixOS can do for your homelab, or even if you're just worried about SBOMs or traceability of exactly where your software and all its dependencies came from, join us for an hour-long panel about how we can reclaim our services and software from vendor lockin and Docker image bitrot using Nix and NixOS. We'll be doing a deep dive into why Nix changes software deployment, and how you can get started and get involved in the quiet revolution that has been reshaping how we use software.
Speakers:Daniel Baker,Farid Zakaria,Tom Bereknyei,Morgan JonesI am an engineer, mathematician, developer, and Linux enjoyer. I primarly support the NixOS project as part of the Marketing Team. I believe that the future of software development and software deployment needs foundations in formal methods and functional programming to be successful.
SpeakerBio: Farid Zakaria, Principal Engineer at ConfluentI am a software engineer, father, and wishful surfer. I currently work at Confluent on developer productivity and recently defended a Ph.D. in computer science at the University of California Santa Cruz. More relevant to Nix, I am a NixOS enthusiast, which has led me to rethink basic Linux primitives.
SpeakerBio: Tom Bereknyei, Lead Engineer at FloxLife-long engineer. Worked at Google, flew jet planes in the Marine Corps, trained cyberware teams, formed and led teams to perform rapid hardware and software capability development, worked with the Digital Service to bring modern software practices to the DoD and government. Left the service to create a contracting startup bringing AI/ML products to DoD. Throughout have found a consistent set of challenges in the course of development; also found a set of superpowers to address those challenges using Nix. After several iterations of applying the Nix ecosystem in various teams, the difference was stark. This led to the desire to bring this set of superpowers to the rest of the world and make it more adoptable; hence the involvement in the Nix community as a maintainer, founding Flox, and leading efforts to improve user experience and communicate it to the world.
SpeakerBio: Morgan Jones, Embedded Security Engineer at ViasatI am an embedded security engineer for Viasat, member of the SoCal NixOS User Group, and one of the organizers of Nix Vegas. After mostly using my compilers classes in college for learning reverse engineering and finding remote code execution in mobile AR game anti-cheat systems, I now work on embedded security with Nix for a living, and may have read Ken Thompson's Reflections on Trusting Trust one too many times.
- ics Calendar file
What if you could use Wireshark on the connection between your cellphone and the tower it's connected to?
In this talk we present Rayhunter, a cell site simulator detector built on top of a cheap cellular hotspot. It works by collecting and analyzing real-time control plane traffic between a cellular modem and the base station it's connected to. We will outline the hardware and the software developed to get low level information from the Qualcomm DIAG protocol, as well as go on a deep dive into the methods we think are used by modern cell-site simulators. We’ll present independently validated results from tests of our device in a simulated attack environment and real world scenarios. Finally, we will discuss how we hope to put this device into the hands of journalists, researchers, and human rights defenders around the world to answer the question: how often are we being spied on by cell site simulators?
References:
Speakers:Cooper "CyberTiger" Quintin,oopsbagelCooper Quintin is a senior public interest technologist with the EFF Threat Lab. He has given talks about security research at prestigious security conferences including Black Hat, DEFCON, Shmoocon, and ReCon about issues ranging from IMSI Catcher detection to Femtech privacy issues to newly discovered APTs. He has two children and is very tired.
Cooper has many years of security research experience on tools of surveillance used by government agencies.
SpeakerBio: oopsbageloopsbagel is not a bagel but may be eating one while you read this. oops loves contributing to open source software, running wireshark, reversing, hardware hacking, breaking Kubernetes, and floaking.
- ics Calendar file
Step into the world of Industrial Control System (ICS) security with Red Alert ICS CTF, a competition built by hackers, for hackers. Hosted by the RedAlert Lab of NSHC Security, this contest is all about pushing the limits—breaking through layers of security in a real Operational Technology (OT) environment until you seize full control of ICS components.
Since its debut at DEF CON 26, Red Alert ICS CTF has been a must-attend event, growing bigger and tougher each year. Now recognized as a Black Badge contest at DEF CON 32, DEF CON 31, and DEF CON 26, it’s the ultimate proving ground for those who thrive in the high-stakes world of ICS hacking.
What makes this CTF unique? Live ICS hardware from top industry vendors, simulating real-world critical infrastructure. Participants will interact with actual devices, manipulate industrial processes, and exploit vulnerabilities in real time. This isn’t just another CTF—this is a full-scale ICS cyber battleground.
Are you ready to test your skills, outsmart industrial defenses, and dominate the ICS arena? The challenge awaits.
Bring your laptop and a network adapter (if your laptop lacks one). Refresh your knowledge of ICS protocols and processes to stay ahead in the competition.
Any specialized hardware required will be provided by the contest organizers.
No
- ics Calendar file
The Red Team Capture the Flag (CTF) competition at DEF CON is a challenging and exciting event that tests the skills of participants in offensive security. The objective of the Red Team CTF is for teams to successfully complete challenges faced by Red Teams.
The Red Team CTF is designed to simulate real-world scenarios in which attackers attempt to penetrate the security of a network or system. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities in the target network.
Teams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities in the target network, while also evading detection and countermeasures put in place by the Blue Team.
The Red Team CTF at DEF CON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants' technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.
Participants are required to bring a laptop with the ability to connect to DEF CON WiFi or other internet connection.
There is no pre-qualifier for the event.
- ics Calendar file
It’s not enough to ask if your LLM app is working in production. You need to understand how it fails in a battle-tested environment. In this talk, we’ll dive into red teaming for Gen AI systems: adversarial prompts, model behavior probing, jailbreaks, and novel evasion strategies that mimic real-world threat actors. You’ll learn how to build an AI-specific adversarial testing playbook, simulate misuse scenarios, and embed red teaming into your SDLC. LLMs are unpredictable, but they can be systematically evaluated. We'll explore how to make AI apps testable, repeatable, and secure by design.
SpeakerBio: Nnenna NdukweNnenna Ndukwe is a Principal Developer Advocate and Software Engineer, enthusiastic about AI. With 8+ experience spanning across startups, media tech, cybersecurity, and AI, she's an active global AI/ML community architect championing engineers to build in emerging tech. She studied Computer Science at Boston University and is a proud member of Women Defining AI, Women Applying AI, and Reg.exe. Nnenna believes that AI should augment: enabling creativity, accelerating learning, and preserving the intuition and humanity of its users. She's an international speaker and serves communities through content creation, open-source contributions, and philanthropy.
- ics Calendar file
This workshop flips the script on financial security, focusing on a practical, hands-on level where attendees will learn by doing. Attendees will step into the shoes of sophisticated attackers targeting the interconnected financial ecosystem. Guided by us - Chloe, with experience in architecting B2B fraud solutions for acquiring banks in Singapore, and Weihong, with hands-on experience building ML-based KYC/liveness detection and rule-based risk systems for new user onboarding at OKX (a crypto exchange) - participants will learn how to think offensively.
Speakers:Wei Hong,Chloe ChongWei Hong is a machine learning practitioner with six years of experience in natural language processing and applied AI at one of the world’s largest cryptocurrency exchanges. He has contributed to projects involving KYC systems, user risk profiling, and the deployment of AI in real-world financial applications. Fascinated by blockchain development, Wei Hong is particularly interested in the intersection of decentralization, transparency, and machine learning. He is currently pursuing a Master’s in Computer Science at Georgia Tech, where he is an active member of the Blockchain Club@GT.
SpeakerBio: Chloe ChongChloe is a machine learning engineer and blockchain enthusiast with five years of experience in building ML systems for fraud detection and compliance in the traditional payments and fintech industry. Outside of work, she explores blockchain development with a focus on usability and real-world applications in the payment space. Chloe is an active member of the Georgia Tech Blockchain Club and is particularly interested in how decentralized technologies can improve financial infrastructure and user experience.
- ics Calendar file
Kubernetes is the de facto operating system of the cloud, and more and more organizations are running their workloads on Kubernetes. While Kubernetes offers many benefits, it also introduces new security risks, such as cluster misconfiguration, leaked credentials, cryptojacking, container escapes, and vulnerable clusters.
In this workshop, attendees will learn how to attack Kubernetes clusters by simulating a real-world adversary exploiting one of the most recent vulnerabilities in the ecosystem: IngressNightmare (CVE-2025-1974). Participants will practice exfiltrating service account tokens and credentials, performing lateral movement, escalating privileges by targeting common applications deployed in Kubernetes environments, and ultimately compromising the entire cluster.
SpeakerBio: Lenin Alevski, Security Engineer at GoogleLenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog https://www.alevsk.com.
- ics Calendar file
Regular Expressions or RegEX are used everywhere! If you aspire to be a Pentester, Threat Hunter, Programmer, Network Engineer, DevOps or really anything in technology today, RegEx is a skill all the greats have and the majority of the industry are terrible at. Come learn or brush up on your RegEx skills in on our live trainer.
- ics Calendar file
Choose your side!
Blue Team You are assigned to the Cybersecurity Team servicing four Regional Airports within the IG Labs Regional Airport System. The shift this evening started with routine checking status boards, reviewing threat alerts, and checking for any newly identified vulnerabilities that may have an impact on the system from both Information Technology (IT) and Operational Technology (OT) vectors.
Around midnight, chaos ensues! Runway lighting is turning off at your airport and others nearby, planes are circling waiting to land or diverting to other locations. You must regain access to your systems, find the problem, and restore operation to the Runway Lighting Control System quickly and ensure that the other regional airports your team is responsible for do not lose control of their systems and operations are able to continue without interruption.
Red Team(s) Cybersecurity Teams are often heavily focused on securing Information Technology (IT) systems and devices but may not consider securing Operational Technology (OT) systems and devices. While OT systems and devices may be connected to IT systems, the type of data and protocols are different.
You start your day exploring OT system vulnerabilities and consider what chaos you could create. You see a report that the runway lighting system at one of the IG Labs Regional Airports has been compromised. You start researching to learn more about the attack and the IG Labs Regional Airport System. Satisfied that you have learned enough to add to the madness that has been created at La Valoria, you decide to launch an attack of your own.
Success will be determined by the ability to disrupt the control and operations of the Runway Lighting Systems for the IG Labs Regional Airports at the OT level. DoS and DDoS attacks are not permitted as the intent is to demonstrate an understanding of OT systems, their functionality, and protocols.
- ics Calendar file
I’m sure you’ve heard of MIDI – it’s a protocol and file format that’s used to exchange audio generation data such as “note on” and “note off” events. But what if I told you that there’s a MIDI implementation out there in the wild that, when excited in just the right ways, can do stuff the original product designers never intended to do? In this talk, we’ll dive into the wonderful world that is hardware reverse engineering. We’ll explore what JTAG and UART are and how we can use them to hack modern digital devices. We’ll dump the firmware of a Yamaha music keyboard and discover what is essentially a backdoor in the MIDI implementation – and exploit it to play Bad Apple on the keyboard’s dot matrix LCD.
References:
Architecture of Yamaha entry-level synths MIDI specification MIDI SysEx ID allocation table ARM7TDMI Technical Reference Manual
SpeakerBio: Anna portasynthinca3 AntonenkoAnna “porta” has been playing around with Arduinos and whatnots since about 2017, when she was 13 years old. She’s made countless hobbyist projects with AVR, STM32 and ESP32 microcontrollers to learn more about the wonderful world of digital electronics. Today, she’s a professional embedded firmware engineer with an interest in hardware reverse engineering, operating system development and distributed fault-tolerant systems.
- ics Calendar file
In our quest to spread Nix to the world, we created a fully Nix-based open source hardware pipeline. From reproducible KiCad PCB design to C and Zig code that serves a mesh networked Nix binary cache on your badge, you can now spin Gerber files to the fab or firmware with a single command. Follow along as we go over how we built the Nix Badge, what it can do, and, of course, how you can hack it.
SpeakerBio: Morgan Jones, Embedded Security Engineer at ViasatI am an embedded security engineer for Viasat, member of the SoCal NixOS User Group, and one of the organizers of Nix Vegas. After mostly using my compilers classes in college for learning reverse engineering and finding remote code execution in mobile AR game anti-cheat systems, I now work on embedded security with Nix for a living, and may have read Ken Thompson's Reflections on Trusting Trust one too many times.
- ics Calendar file
There are many oppotunities to have your resume reviewed during the week of hacker summer camp, at DEF CON you can stop by either Lonley Hackers Club or Noob Village for a review. However last year they were so popular we're lending a hand and having a resume review hour in our space as well for those who for some reason were unable to go to the other resume review sessions.
Speakers:Kat "rnbwkat" Fitzgerald,John Stoner,Jessie "Ringer" JamiesonJessie Jamieson, aka "Ringer", is a mathematician who loves using math to solve hard problems, but she loves helping others see the beauty and value of math even more! She has been invited to speak at mathematics and cybersecurity events about supply chain and AI-related risk, and has spoken internationally on the importance of data science maturity for cybersecurity effectiveness. Jamieson holds a PhD and a MS in Mathematics from the University of Nebraska - Lincoln, where she was a National Science Foundation Graduate Research Fellow. Jamieson has also held senior research roles at Tenable and the Johns Hopkins University Applied Physics Laboratory. She currently works in a role related to cybersecurity risk quantification. When not doing math, she's usually playing volleyball or video games, playing soccer with her dog, Dax, or traveling to some of her favorite cybersecurity conferences (like DEFCON!).
- ics Calendar file
Have a resume that needs to be reviewed? Come check out LHC Resume Reviews for our 2nd annual event where we will review your resume by people from LHC, OWASP, and WISP! Be the first 90 people in line to get a special poker chip to take home!
- ics Calendar file
Daniel is a software engineer and entrepreneur specializing in medical device cybersecurity. He founded MedISAO and Cyberprotek, both acquired by MedCrypt in 2020. In his spare time, he likes to contribute to FOSS tools and tinker with embedded electronics.
- ics Calendar file
Daniel is a software engineer and entrepreneur specializing in medical device cybersecurity. He founded MedISAO and Cyberprotek, both acquired by MedCrypt in 2020. In his spare time, he likes to contribute to FOSS tools and tinker with embedded electronics.
- ics Calendar file
RETINA is the very first retro video game built for reverse engineers. Do you want to start the analysis of that sample, but aren’t really in the mood? You can try RETINA for Commodore 64, which can be fully customized with your own sample so that during your game you will also perform the malware triage!
SpeakerBio: Cesare "Red5heep" PizziCesare is a security researcher, analyst, and technology enthusiast. He develops software and hardware and tries to share this with the community. Mainly focused on low-level programming, he developed a lot of open-source software, sometimes hardware related and sometimes not. He does a lot of reverse engineering too. He likes to share his work when possible at conferences like DEF CON, Insomni'hack, and Nullcon. He is a contributor to several open-source security projects including TinyTracer, Volatility, OpenCanary, PersistenceSniper, Speakeasy, and CETUS, and is a CTF player.
- ics Calendar file
Rev.ng is an open source static binary analysis framework and interactive decompiler for native code based on LLVM and QEMU. In our demo we will: [1] Introduce rev.ng and how to use it from the command line. [2] Decompile a simple program to syntactically valid C code that can be fed into other static analysis tools. [3] Showcase our automated whole-program type recovery on a stripped program without debug symbols, able to detect complex types, e.g. linked-lists. [4] Demonstrate the Python scripting capabilities. [5] Demonstrate our preliminary integration with LLMs to assign names to functions, types, and so on. All the examples will be released on GitHub and 100% reproducible using only open source software.
Speakers:Pietro Fezzardi,Alessandro Di FedericoPietro is the CTO of rev.ng Labs, developing the rev.ng decompiler and reverse engineering framework. During his M.Sc. in mathematics, he started working on embedded systems programming. He received his PhD from Politecnico di Milano, working on automated bug-detection for high-level synthesis compilers for FPGA. He spent a short time at ARM in the research security group, working on fuzzing and static program analysis, before joining rev.ng. He is interested in program analysis, compilation, embedded systems programming, C++, free software, OpenStreetMap, juggling, and circus skills.
SpeakerBio: Alessandro Di FedericoAlessandro is the co-founder of rev.ng Labs. He obtained his PhD from Politecnico di Milano with a thesis about rev.ng and has been working on making a product out of it since then. He has been speaking at key industry and academic security conferences such as DEF CON, Recon, the USENIX Security Symposium, and others. He is passionate about compilers, C++, free software, reverse engineering, privacy, OpenStreetMap, hitchhiking, and hiking in the Alps.
- ics Calendar file
Presentation to kick off the Radio Frequency Village CTF with helpful tips for new folks.
SpeakerBio: RF Hackers
- ics Calendar file
This talk explores risk & payments from different POVs: Ecomm, recurring, two-sided marketplace, card issuer. What merchants & the business perceive as risk, max tail loss, can be very different for each. These perceptions of risk and economic incentives drive hugely different behaviours.
SpeakerBio: Gary Kao
- ics Calendar file
Risk-limiting audits (RLAs) limit the "risk" of certifying that the wrong candidates won. There are RLA methods for almost every type of political election in the US, including plurality, multiwinner plurality, supermajority, and instant-runoff voting. The latest RLA methods make it practical to audit every contest in every election, even in large jurisdictions with hundreds of contests. RLAs can "tie a bow around" a well-run election that uses trustworthy, organized methods to record and store votes. They cannot magically make a poorly run election trustworthy any more than fastening your seatbelt after an accident will prevent injury. Applying RLA procedures to an untrustworthy vote record is "security theater" that does not limit the risk of certifying the wrong winners.
SpeakerBio: Philip Stark, University of California at BerkeleyPhilip B. Stark is Distinguished Professor of Statistics at the University of California, Berkeley, where he has served as department chair and associate dean. In 2007 he invented "risk-limiting audits" ("RLAs"), endorsed by the National Academies of Science, Engineering, and Medicine and the American Statistical Association, among others, and required or authorized by law in about 15 states. He designed and helped conduct the first dozen pilot RLAs, helped draft RLA legislation for several states, and has published open-source software to support RLAs. In 2012, he and David Wagner introduced "evidence-based elections," a paradigm for conducting demonstrably trustworthy elections. Stark has served on the Board of Advisors of the US Election Assistance Commission and its cybersecurity subcommittee, the Board of Directors of Verified Voting Foundation and the Election Integrity Foundation, and on the California Post Election Audit Standards Working Group. He has worked with the Secretaries of State of California, Colorado, and New Hampshire and numerous local election officials. Stark has testified about election integrity in state and federal courts and to legislators. He received the IEEE Cybersecurity Award for Practice, the UC Berkeley Chancellor's Award for Research in the Public Interest, and the John Gideon Award for Election Integrity. He is a fellow of the American Statistical Association and the Institute of Physics and a member of the American Academy of Arts and Sciences.
- ics Calendar file
A hands-on workshop on conducting Risk Limiting Audits, putting into practice the principles discussed in Philip Stark's 4pm talk.
SpeakerBio: Philip Stark, University of California at BerkeleyPhilip B. Stark is Distinguished Professor of Statistics at the University of California, Berkeley, where he has served as department chair and associate dean. In 2007 he invented "risk-limiting audits" ("RLAs"), endorsed by the National Academies of Science, Engineering, and Medicine and the American Statistical Association, among others, and required or authorized by law in about 15 states. He designed and helped conduct the first dozen pilot RLAs, helped draft RLA legislation for several states, and has published open-source software to support RLAs. In 2012, he and David Wagner introduced "evidence-based elections," a paradigm for conducting demonstrably trustworthy elections. Stark has served on the Board of Advisors of the US Election Assistance Commission and its cybersecurity subcommittee, the Board of Directors of Verified Voting Foundation and the Election Integrity Foundation, and on the California Post Election Audit Standards Working Group. He has worked with the Secretaries of State of California, Colorado, and New Hampshire and numerous local election officials. Stark has testified about election integrity in state and federal courts and to legislators. He received the IEEE Cybersecurity Award for Practice, the UC Berkeley Chancellor's Award for Research in the Public Interest, and the John Gideon Award for Election Integrity. He is a fellow of the American Statistical Association and the Institute of Physics and a member of the American Academy of Arts and Sciences.
- ics Calendar file
When exploring the dark web for OSINT or CTI investigations, you may be overwhelmed with numerous onion links, questionable marketplaces, and numerous search engines. With time constraints, how do you make sense of all this information and prioritize what truly matters? Enter Robin, an AI-powered dark web OSINT tool to streamline your investigations. Robin takes your query, automatically searches across multiple dark web search engines, scrapes relevant onion sites, and uses AI to generate clear, actionable investigative summaries. No more juggling five different tools or wasting hours validating dead links. In this tool demo, I’ll walk you through the real pain points of today’s dark web OSINT tools and show how Robin was built to solve them. I’ll cover the architecture, the scraping and summarization pipeline, and how Robin fits into real-world investigation workflows. I’ll also discuss future developments and how you can get involved. By the end of this talk, you will have a fresh perspective on dark web OSINT, a practical tool to use right away, and insights into how AI can simplify your dark web investigative process.
SpeakerBio: Apurv "ASG_Sc0rpi0n" Singh GautamApurv Singh Gautam is a Cybercrime Researcher working as a Sr. Threat Research Analyst at Cyble. He is focused on monitoring and analyzing wide spectrum of sources, creating automated tools, and performing threat investigations by utilizing HUMINT, SOCMINT, and OSINT and producing threat intelligence.
Apurv has contributed to the latest SANS Institute's course FOR589 on Cybercrime Intelligence and is a contributing member of Curated Intel. He has delivered talks & workshops at national and international conferences like SANS OSINT Summit, SANS Cyber Defense Forum, DEFCON Blue Team Village, BSides Singapore, RootCon and others. Apurv is featured in major podcasts like ITSPMagazine, Tech Talks with Singh, etc. He is passionate about giving back to the community and helping others get into this field, and has delivered many talks and workshops in schools and colleges. He loves volunteering with StationX to help students navigate into Cybersecurity. In the past, he has also volunteered as a Darknet researcher at CTI League and EBCS Darknet Analysis group. He holds a master's degree in Information Security from Georgia Institute of Technology, USA.
He looks forward to the end of the day to play and stream one of the AAA games, Rainbow 6 Siege.
- ics Calendar file
When exploring the Dark Web for OSINT or CTI investigations, you may be overwhelmed with numerous onion links, questionable marketplaces, and numerous search engines. With time constraints, how do you make sense of all this information and prioritize what truly matters?x000D Enter Robin, an AI-powered Dark Web OSINT tool to streamline your investigations. Robin takes your query, automatically searches across multiple Dark Web search engines, scrapes relevant onion sites, and uses AI to generate clear, actionable investigative summaries. No more juggling five different tools or wasting hours validating dead links. In this talk, I'll walk you through the real pain points of today's Dark Web OSINT tools and show how Robin was built to solve them. I'll cover the architecture, the scraping and summarization pipeline, and how Robin fits into real-world investigation workflows. x000D By the end of this talk, you will have a fresh perspective on Dark Web OSINT, a practical tool to use right away, and insights into how AI can simplify the investigative process.
SpeakerBio: Apurv "ASG_Sc0rpi0n" Singh GautamApurv Singh Gautam is a Cybercrime Researcher working as a Sr. Threat Research Analyst at Cyble. He is focused on monitoring and analyzing wide spectrum of sources, creating automated tools, and performing threat investigations by utilizing HUMINT, SOCMINT, and OSINT and producing threat intelligence.
Apurv has contributed to the latest SANS Institute's course FOR589 on Cybercrime Intelligence and is a contributing member of Curated Intel. He has delivered talks & workshops at national and international conferences like SANS OSINT Summit, SANS Cyber Defense Forum, DEFCON Blue Team Village, BSides Singapore, RootCon and others. Apurv is featured in major podcasts like ITSPMagazine, Tech Talks with Singh, etc. He is passionate about giving back to the community and helping others get into this field, and has delivered many talks and workshops in schools and colleges. He loves volunteering with StationX to help students navigate into Cybersecurity. In the past, he has also volunteered as a Darknet researcher at CTI League and EBCS Darknet Analysis group. He holds a master's degree in Information Security from Georgia Institute of Technology, USA.
He looks forward to the end of the day to play and stream one of the AAA games, Rainbow 6 Siege.
- ics Calendar file
Locked down UART shell. Limited bootloader access. What's next? In this demo, we will perform a live firmware modification of a Hikvision security camera. Then we will show us getting a root shell via UART on our modified device.
SpeakerBio: Matt Brown
- ics Calendar file
Mobile apps today depend heavily on Runtime Application Self-Protection (RASP) to stay secure while running. But attackers are getting smarter. They’re finding new ways to slip past these defenses by going deeper into the mobile operating system and targeting the kernel itself.
This session takes you inside that world. We’ll explore how attackers manipulate mobile kernels to bypass modern RASP protections. Through a mix of easy-to-follow explanations and live demos, you’ll see how these techniques work in real time. From understanding the basics of kernel architecture to spotting vulnerabilities and using memory manipulation to stay hidden, we’ll cover it all.
By the end, you’ll walk away with a clear understanding of how these evasions work and what you can do to defend against them. Whether you’re a mobile developer, security researcher, or just curious about what happens under the hood, this session will give you practical insights you can apply right away.
SpeakerBio: Subho Halder, CEO & Co-Founder at AppknoxSubho Halder is the CEO and Co-founder of Appknox, a leading mobile application security platform trusted by 500+ global enterprises. A security researcher turned product leader, he previously worked with Hewlett-Packard and has been listed in Facebook, Google, and Twitter’s Hall of Fame for responsible vulnerability disclosures. Subho specializes in mobile app security, reverse engineering, and kernel exploitation. He has presented at Black Hat and OWASP amongst other industry leading events. At DEFCON, he’s bringing his deep expertise to explore what it takes to test apps on enterprise-locked devices, without breaking policy.
--
Subho Halder is the Co-founder and CEO of Appknox, where he leads advanced research in mobile application security.
He’s spent over a decade deep in offensive security, with a focus on mobile kernel exploitation, runtime evasion, and real-world bypasses for things like RASP and root detection. Subho has shared his work at top conferences including Black Hat, Nullcon, OWASP Global AppSec, and Syscan, often blending hardcore technical research with practical attack demos.
At Appknox, Subho has helped protect more than 500 enterprise apps by embedding mobile security into CI/CD workflows and using real-device testing over emulators. His work has been instrumental in helping organizations in fintech, retail, and aviation catch what traditional tools miss.
By day, he runs a fast-growing SaaS security company. By night, he’s still reverse engineering mobile stacks and building tools that push the boundaries of what’s possible in appsec.
- ics Calendar file
En esta mesa redonda exploramos cómo las joint ventures están transformando el panorama de la ciberseguridad. Expertos de distintas organizaciones compartirán experiencias sobre alianzas estratégicas en el sector, destacando los beneficios, desafíos y aprendizajes clave al unir fuerzas para enfrentar amenazas complejas, innovar en soluciones y expandir capacidades en un entorno digital cada vez más interconectado.
SpeakerBio: Angel
- ics Calendar file
In this session, we will delve into CVE-2024-10979, discovered by Varonis Threat Labs, and explain how it can be exploited to execute arbitrary code on cloud-hosted databases. Join us to gain insights into this significant Remote Code Execution (RCE) vulnerability and learn strategies for defending and testing managed databases for vulnerabilities.
References:
Speakers:Tal "TLP" Peleg,Coby AbramsTal Peleg, also known as TLP, is a senior security researcher and cloud security team lead at Varonis. He is a full-stack hacker with experience in malware analysis, Windows domains, SaaS applications, and cloud infrastructure. His research is currently focused on cloud applications and APIs.
SpeakerBio: Coby AbramsCoby Abrams is a cloud security researcher at Varonis, specializing in Azure and IaaS research, and in-depth overviews of various services. He brings over five years of experience in various types of security research.
- ics Calendar file
PyTorch is a machine learning library based on the Torch library, used for applications such as computer vision and natural language processing. It is one of the most popular deep learning frameworks.
However, beneath its powerful capabilities lies a potential security risk. Initially, PyTorch used pickle to save models, but due to the insecurity of pickle deserialization, there was a risk of Remote Code Execution (RCE) when loading models. Subsequently, PyTorch introduced the weights_only parameter to enhance security. The official documentation states that weights_only=True is considered safe and recommends using it over weights_only=False.
For years, the security of weights_only=True remained unchallenged. Our research, however, uncovered unsettling truths. We discovered that torch.load with weights_only=True supports TorchScript, leading us to delve into TorchScript's inner workings. After a period of research, we discovered several vulnerabilities and ultimately achieved RCE. We promptly reported this finding to PyTorch, who acknowledged the vulnerability and assigned us CVE-2025-32434. This revelation overturns established understandings and has profound implications for numerous AI applications. We will provide an in-depth analysis of the impact of this vulnerability.
In this sharing, we will introduce how we gained inspiration and discovered this interesting vulnerability. Meanwhile, our findings once again confirm the statement, "The Safe Harbor you once thought was actually Hostile Waters."
Speakers:Ji'an "azraelxuemo" Zhou,Lishuo "ret2ddme" SongJi'an Zhou is a Security Engineer in Alibaba Cloud. He is focusing on Java security and cloud native security and his work helped many high-profile vendors improve their products' security, including Google, Amazon, Cloudera, IBM, Microsoft, Oracle. He has previously spoken at Black Hat , Zer0Con, Off-by-One Con.
SpeakerBio: Lishuo "ret2ddme" SongLi'shuo Song is a Security Engineer at Alibaba Cloud. He focuses on browser security and has found several security bugs in Google Chrome.
- ics Calendar file
As the digital and physical worlds converge, Operational Technology (OT) environments face unprecedented cyber threats, demanding a specialized approach to security. This panel will delve into the critical realm of OT Security Operations Centers (SOCs) and incident response, exploring how organizations can effectively detect, respond to, and recover from cyberattacks targeting industrial control systems. We'll discuss the unique challenges of securing OT, best practices for building resilient SOC capabilities, and strategies for navigating complex incident response scenarios to ensure operational continuity and safety in our increasingly interconnected industrial landscape.
Speakers:Adam Robbie,Cassie Crossley,Joe Marshall,Parker CrookAdam Robbie
Head of OT Security Research, Palo Alto Networks
Adam is the Head of OT Security Research at Palo Alto Networks since 2022 with over 10 years of experience in both OT and IT industries. Publisher and author with SANS, IEEE, and other journals and conferences. His ambition is about contributing to secure our critical infrastructure, search for recent vulnerabilities, develop best practices and lead new initiatives. Adam has a Bachelor and Master of Science in Electrical Engineering. Additionally, he obtained advanced certifications including the Global Industrial Cyber Security Professional (GICSP) and GIAC Response and Industrial Defense (GRID) certifications.
In addition to his technical expertise, He has a strong background in leadership and education. As an Adjunct Professor, he has been teaching cybersecurity bootcamp at The George Washington University, University of Michigan, University of Wisconsin, and other universities. Through these roles, he has successfully mentored and guided students, encouraging them to excel in the field of cybersecurity. Additionally, he served as an advisor for developing cybersecurity curriculum across different universities.
During his tenure as a Senior Cyber Security Consultant at Deloitte, he gained extensive experience in performing ICSIoT penetration testing, threat hunting, risk assessment, and vulnerability research. Furthermore, he has actively contributed to enhancing detection systems through advanced research and creation of security use cases.
SpeakerBio: Cassie Crossley, VP, Supply Chain Security at Schneider Electric
- ics Calendar file
SAMLSmith is the go-to tool for penetrating SAML applications with response forging. An evolution of the original tooling developed for proof-of-concept of SAML response forging in Entra ID, SAMLSmith is the product of continued research on SAML. While far from new, enterprises continue to not prioritize the security of how SaaS applications integrate or understand best practices for securing them. With many factors at play, SAML response forging can range from extremely difficult to near impossible for a SOC to detect. SAMLSmith has a lot of tricks up its sleeve, including: [1] Multiple identity provider response forging. [2] AD FS specific response forging mode. [3] SAML request processing. [4] InResponseTo support. SAMLSmith can be used in several response forging scenarios where the private key material can be obtained. In demonstration of use, we’ll explore using SAMLSmith for performing a Golden SAML attack against AD FS. Further, we’ll demonstrate the use of SAMLSmith that ties into new research around response forging, penetrating certain types of SaaS applications with even more stealth.
Speakers:Eric Woodruff,Tomer NahumEric is the chief identity architect for Semperis. He previously was a member of the security research and product teams. Prior to Semperis, he worked as a security and identity architect at Microsoft partners, spent time at Microsoft as a senior premier field engineer, and spent almost 15 years in the public sector, with 10 of them as a technical manager. He is a Microsoft MVP for security, recognized for his expertise in the Microsoft identity ecosystem. He is a strong proponent of knowledge sharing and spends a good deal of time sharing his insights and expertise at conferences as well as through blogging. He further supports the professional security and identity community as an IDPro member, working as part of the IDPro Body of Knowledge committee.
SpeakerBio: Tomer Nahum, Security Researcher at SemperisTomer is a security researcher at Semperis, where he works to find new attacks and how to defend against them in on-prem identity stacks such as Active Directory, as well as cloud identity systems. He was awarded Most Valuable Researcher (MVR) in 2023 by Microsoft Security Response Center (MSRC).
- ics Calendar file
SAMLSmith is the go-to tool for penetrating SAML applications with response forging. An evolution of the original tooling developed for proof-of-concept of SAML response forging in Entra ID, SAMLSmith is the product of continued research on SAML. While far from new, enterprises continue to not prioritize the security of how SaaS applications integrate or understand best practices for securing them. With many factors at play, SAML response forging can range from extremely difficult to near impossible for a SOC to detect. SAMLSmith has a lot of tricks up its sleeve, including: [1] Multiple identity provider response forging. [2] AD FS specific response forging mode. [3] SAML request processing. [4] InResponseTo support. SAMLSmith can be used in several response forging scenarios where the private key material can be obtained. In demonstration of use, we’ll explore using SAMLSmith for performing a Golden SAML attack against AD FS. Further, we’ll demonstrate the use of SAMLSmith that ties into new research around response forging, penetrating certain types of SaaS applications with even more stealth.
Speakers:Eric Woodruff,Tomer NahumEric is the chief identity architect for Semperis. He previously was a member of the security research and product teams. Prior to Semperis, he worked as a security and identity architect at Microsoft partners, spent time at Microsoft as a senior premier field engineer, and spent almost 15 years in the public sector, with 10 of them as a technical manager. He is a Microsoft MVP for security, recognized for his expertise in the Microsoft identity ecosystem. He is a strong proponent of knowledge sharing and spends a good deal of time sharing his insights and expertise at conferences as well as through blogging. He further supports the professional security and identity community as an IDPro member, working as part of the IDPro Body of Knowledge committee.
SpeakerBio: Tomer Nahum, Security Researcher at SemperisTomer is a security researcher at Semperis, where he works to find new attacks and how to defend against them in on-prem identity stacks such as Active Directory, as well as cloud identity systems. He was awarded Most Valuable Researcher (MVR) in 2023 by Microsoft Security Response Center (MSRC).
- ics Calendar file
- ics Calendar file
Fewer than 500 of npm's top 10,000 most downloaded packages have one or more disclosed vulnerabilities, which is not surprising considering that the ratio of open source packages to known vulnerabilities is less than 0.5%. In this talk, we will discuss why current OSS vulnerability discovery efforts are falling short, addressing common mistakes made by open source maintainers, the challenges of scaled security scanning, and the shortcomings of today’s open source bug bounty programs. To conclude, I'll propose a transition from crowdsourced bug hunting to crowdsourced triaging, emphasizing how often repository issues, OSS-Fuzz crash reports, and similar findings go untriaged, despite being publicly available and there potential to reveal (undisclosed) critical security risks.
SpeakerBio: Kyle KellyKyle Kelly is the Manager of GitHub’s Package Security Team and the author of the CramHacks newsletter. He is passionate about leveraging his security expertise to address software supply chain security challenges, particularly in regard to open-source software. Before committing to software supply chain security, Kyle led a team of penetration testers specializing in hacking financial institutions.
- ics Calendar file
After our improv interlude, it's back to the phones as the final teams go live!
- ics Calendar file
Back again as an official DEF CON contest - join us as teams who've spent months researching and rehearsing place live calls, pitting cunning scripts against real corporate defenses to see who rings in the win!
- ics Calendar file
Now after our improv break, more teams place live calls, putting polished scripts and fresh research to the test against real corporate defenses in the SECVC!
- ics Calendar file
If you have tried your hand at bug bounty, you probably heard about automation setups that some hunters use. The caveat here though, is there is little to no information sharing about this topic. I don't claim to be an expert, but after a couple years of tool building and experimenting, I think these kind of systems can be accessible/buildable by anyone. I want to share some of "tips" and "pitfalls" that I have come across building some of my own automation around bug bounty. Topics will range from data engineering, event and data handling, architecture options, different ways to turn data into bugs, etc. I don't pretend to be an expert, but it is my opinion that there is not enough people sharing ideas and techniques when it comes to applying ENGINEERING to bug bounties. Automation, data, and discovery should be words that every bug hunter is fond of, not afraid of.
SpeakerBio: Gunnar "g0lden" AndrewsHello! I am an application security engineer by day, and a bug bounty hunter by night! I enjoy turning security research, and bug bounties, into an engineering problem. I love collaborating with others, and I am always trying to learn new technologies. Other than hacking, I enjoy hockey, fitness, exploring, and video games!
- ics Calendar file
Sector Down is a high-stakes, immersive multiplayer card game where critical infrastructure and cybersecurity collide. Designed for teams of 5, 10, 15, or 20 players, this simulation pits defenders and attackers against each other in a race against the inevitable: The Doom Clock.
🛡️Defend or Disrupt
Players are divided into two sides: - Blue Team – Critical infrastructure defenders. Each Blue player manages a sector with three vital facilities: Physical, Network, and Financial. Their mission? Keep the systems alive and online while working together to run out the clock. - Red Team – Offensive disruptors. Red players attempt to take down facilities using calculated cyberattacks and chaos tactics. Their goal: force sector collapses and trigger the Doom Clock.
⏱️ Time-Based Tactics
The game progresses in strategic phases where players draw cards, take action using worker tokens, and discard based on hand limits. Watch out for unpredictable “White Plays”—random game events that add surprise twists every few rounds.
🔥 The Doom Clock
When half of all sectors or any core sectors go down, the Doom Clock starts ticking. Teams must respond fast: Blue must recover systems before the countdown hits zero, or Red claims victory.
🤝 Team Dynamics
🎮 Why You Should Play
Whether you're a strategist, a chaos agent, or just love competitive simulation, Sector Down challenges your mind and your teamwork. Can your team hold the line or will your sector go dark? Come play during DEF CON 33.
- ics Calendar file
What happens when a security professional tries to help a government fix its insecure software? In this talk, I’ll share my story: from writing a secure coding policy and offering it to the Canadian government, lobbying elected officials, contacting agencies like CRA about their poor security practices—and being met with silence, deflection, or outright dismissal. I didn’t stop there. I wrote public letters, went on podcasts, published on Risky Biz, even got interviewed by CBC. But the institutions in charge of protecting our data? Either silence or “No comment, because security." This isn’t just a rant—it’s a roadmap. I’ll show you the secure coding guideline I created (free to reuse), explain why governments need public-facing AppSec policies, and outline how we can push for secure-by-default practices as citizens, hackers, and builders. Because secure code isn’t just for dev teams—it’s for democracy, privacy, and public safety. Let’s make it law. Let’s make it public.
SpeakerBio: Tanya "SheHacksPurple" Janca, Security Advocate at SemgrepTanya Janca, aka SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Secure Coding', 'Alice and Bob Learn Application Security’ and the ‘AppSec Antics’ card game. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger. Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counter-terrorism, led security for the 52nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software. Tanya currently works at Semgrep as a Security Advocate.
- ics Calendar file
Come learn about and try our Micropython and microcontroller workshop, and learn about the secure boot tools for compute modules.
- ics Calendar file
Dane and Shlomie will showcase technical deep dives into real-world AI vulnerabilities, covering adversarial prompts, indirect prompt injection, context poisoning, and RAG manipulation. They'll illustrate why traditional defenses often fail and offer actionable techniques that hackers can leverage to uncover high-impact bugs and increase their earnings. Hackers will leave equipped with fresh attack ideas, strategies for finding unique AI flaws, and insights on effectively demonstrating their severity and value to organizations.
Speakers:Dane Sherrets,Shlomie LiberowDane is an Innovations Architect at HackerOne, where he helps organizations run AI-focused bug bounty programs and improve the security of emerging technologies. His work includes winning 2nd place in the Department of Defense AI Bias Bounty competition, discovering critical vulnerabilities in platforms like Worldcoin, and helping design and manage Anthropic's AI Safety Bug Bounty program. Drawing on his background as a bug hunter, Dane blends strategic guidance with hands-on expertise to advance the safety and security of disruptive tech across industries.
SpeakerBio: Shlomie Liberow, HackerOneShlomie Liberow is a security researcher who specialises in translating technical vulnerabilities into actionable business risk for enterprises. He has led technical delivery of live hacking events for major organizations, mediating over $20M in bounty payouts by helping companies understand the real-world impact of bugs within their specific environment and risk profile.
As a researcher, he has personally discovered 250+ vulnerabilities across Fortune 500 companies
- ics Calendar file
You don’t need a kernel exploit to cross security boundaries in Linux, and all it takes is what the system already gives you. In this talk, I’ll expose a class of quiet yet dangerous vulnerabilities where common system features in multi-user Linux environments leak sensitive information between users by default.
We’ll explore how standard process inspection mechanisms and insecure scripting practices in real-world infrastructures, especially those used by large hosting panel providers can expose database passwords, API tokens, internal URLs, and other secrets to unprivileged users. I’ll demonstrate how simple, legitimate system behaviors can be passively weaponized to gather intelligence, fingerprint users, and pivot across services. All without ever escalating privileges or exploiting a single bug. This talk shows how misconfigurations and design oversights can open the door to unintended visibility.
Whether you're a sysadmin, penetration tester, or just someone who lives in a shell, you’ll leave with a better understanding of what your environment might be silently exposing and how to lock it down.
SpeakerBio: Cernica Ionut CosminIonut Cernica began his security journey through Facebook’s bug bounty program and quickly made a name for himself by responsibly disclosing vulnerabilities to major companies including Google, Microsoft, Yahoo, AT&T, eBay, and VMware. With over nine years of experience in web application security and penetration testing, he has built a solid reputation in both offensive and defensive security research.
Beyond bug bounty, Ionut is a seasoned CTF competitor, having participated in over 100 security competitions worldwide. He has represented the PwnThyBytes team in high-profile finals such as Codegate, Trend Micro, and DEF CON. Among his individual accomplishments, he won the mini CTF at the very first edition of AppSec Village at DEF CON.
Currently, Ionut is an Application Security Engineer at UiPath, where he focuses on product security and AI security research.
- ics Calendar file
- ics Calendar file
Ever wondered what it’s like to be the Villian? Have a propensity for chaos and a penchant for mischief? Seize the opportunity to unleash your inner “bad guy” in a legal and controlled environment. This class, led by Adversary for Hire, Jason E. Street, will teach you how to think and attack like an adversary.
You will learn advanced intelligence gathering techniques and explore non-traditional tactics from one of the most twisted minds in the industry. Using real-world examples along with hands-on practical training, Jayson’s approach highlights the human side of cyber compromise. He will introduce you to the Security Awareness Engagement methodology, which he uses in the field to reveal real-world threats without negative impacts to targets. This methodology employs practical simulations of social engineering attacks.
In addition to simulating remote attacks like phishing and vishing, students will learn how to craft and deploy physical attack payloads with the Hak5 Bash Bunny. Each student will receive a Bash Bunny to take home and use in their new life as a simulated adversary.
This class focuses on the paramount threat to any person or organization: other humans. It provides in-depth understanding of each element in a social engineering attack and where social engineering falls on the kill chain. More importantly, you will leave with an in-depth understanding of how simulated adversaries and social engineering awareness can help people and organizations protect themselves. Sign up for DEF CON's most mischievous training and leave with new skills you will use for life.
Speakers:Kenny Hess,Jayson E. StreetKenny Hess is an Advanced Security Engineer at Secure Yeti. He is a trusted security consultant who has built a career around developing and testing secure, mission-critical systems for national governments, state agencies, and international corporations. Additionally, he has been able to help businesses of all sizes develop security policies and programs for classified and unclassified systems. Kenny has a B.A. in Journalism and Broadcasting and an M.S. in Telecommunications Management from Oklahoma State University. Because of this diverse educational background, he is able to connect with his clients through clear communication backed by technical expertise. When he's not desperately urging people to use a password manager, you might find him in the kitchen trying a new recipe, or at the airport lounge en route to adventure. Whether he's hacking people, systems, or ingredients, Kenny Hess is always ready to add a dash of fun to everything he does.
SpeakerBio: Jayson E. Street, Chief Adversarial Officer at Secure YetiJayson E. Street referred to in the past as: a "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series, and described as a "paunchy hacker" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.
He is the Chief Adversarial Officer at Secure Yeti and the author of the "Dissecting the hack: Series" (which is currently required reading at 5 colleges in 3 countries that he knows of). Jayson is also the DEF CON Groups Global Ambassador. He's spoken at DEF CON, DEF CON China, GRRCon, SAINTCON & at several other CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.
He loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once, all others he was supposed to)!
He is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far, but if they are please note he was proud to be chosen as one of Time's persons of the year for 2006.
- ics Calendar file
Ever wondered what it’s like to be the Villian? Have a propensity for chaos and a penchant for mischief? Seize the opportunity to unleash your inner “bad guy” in a legal and controlled environment. This class, led by Adversary for Hire, Jason E. Street, will teach you how to think and attack like an adversary.
You will learn advanced intelligence gathering techniques and explore non-traditional tactics from one of the most twisted minds in the industry. Using real-world examples along with hands-on practical training, Jayson’s approach highlights the human side of cyber compromise. He will introduce you to the Security Awareness Engagement methodology, which he uses in the field to reveal real-world threats without negative impacts to targets. This methodology employs practical simulations of social engineering attacks.
In addition to simulating remote attacks like phishing and vishing, students will learn how to craft and deploy physical attack payloads with the Hak5 Bash Bunny. Each student will receive a Bash Bunny to take home and use in their new life as a simulated adversary.
This class focuses on the paramount threat to any person or organization: other humans. It provides in-depth understanding of each element in a social engineering attack and where social engineering falls on the kill chain. More importantly, you will leave with an in-depth understanding of how simulated adversaries and social engineering awareness can help people and organizations protect themselves. Sign up for DEF CON's most mischievous training and leave with new skills you will use for life.
Speakers:Kenny Hess,Jayson E. StreetKenny Hess is an Advanced Security Engineer at Secure Yeti. He is a trusted security consultant who has built a career around developing and testing secure, mission-critical systems for national governments, state agencies, and international corporations. Additionally, he has been able to help businesses of all sizes develop security policies and programs for classified and unclassified systems. Kenny has a B.A. in Journalism and Broadcasting and an M.S. in Telecommunications Management from Oklahoma State University. Because of this diverse educational background, he is able to connect with his clients through clear communication backed by technical expertise. When he's not desperately urging people to use a password manager, you might find him in the kitchen trying a new recipe, or at the airport lounge en route to adventure. Whether he's hacking people, systems, or ingredients, Kenny Hess is always ready to add a dash of fun to everything he does.
SpeakerBio: Jayson E. Street, Chief Adversarial Officer at Secure YetiJayson E. Street referred to in the past as: a "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series, and described as a "paunchy hacker" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.
He is the Chief Adversarial Officer at Secure Yeti and the author of the "Dissecting the hack: Series" (which is currently required reading at 5 colleges in 3 countries that he knows of). Jayson is also the DEF CON Groups Global Ambassador. He's spoken at DEF CON, DEF CON China, GRRCon, SAINTCON & at several other CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.
He loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once, all others he was supposed to)!
He is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far, but if they are please note he was proud to be chosen as one of Time's persons of the year for 2006.
- ics Calendar file
Apple champions user privacy and security, but beneath its glossy screens and polished interfaces lies an overlooked field of subtle vulnerabilities lurking within trusted, everyday features: Siri, Spotlight, Safari, Apple Intelligence, and Apple's official support systems. This talk dives deeply into multiple zero-day issues discovered on fully updated, non-jailbroken iPhones—no specialized tools required. I'll demonstrate how missing lock-state checks, Siri context confusion, race conditions, faulty Unicode parsing, incomplete patches, and other subtle oversights enabled me to bypass Face ID locks, retrieve sensitive user data, spoof emails, and trigger daemon crashes. Specifically, I'll show you how I disclosed sensitive data on locked devices via Siri (CVE-2025-24198) and Spotlight (CVE-2024-44235), bypassed Safari's Face ID protection on private tabs (CVE-2025-30468), executed deceptive email spoofing (CVE-2025-24225), leaked Apple Intelligence internal prompts and Private Cloud Compute data to ChatGPT, and exploited an unresolved IDOR vulnerability on Apple's support site to retrieve almost any customer data.
References:
Richard Hyunho Im (@richeeta) is a senior security engineer and independent vulnerability researcher at Route Zero Security. Currently ranked among the top 25 researchers in OpenAI's bug bounty program, Richard has also received security acknowledgements from Apple (CVE-2025-24198, CVE-2025-24225, CVE-2025-30468, and CVE-2024-44235), Microsoft, Google, and the BBC. His research highlights overlooked attack surfaces, focusing on practical exploitation that challenges assumptions about everyday software security.
- ics Calendar file
NTN Network and Teleocm APT
SpeakerBio: Cpt. Pradhuman
- ics Calendar file
Have you ever wondered how the On-Board Units (OBUs) in smart buses communicate and authenticate with Advanced Public Transportation Services (APTS) and Advanced Driver Assistance Systems (ADAS)? Shockingly, these systems can be easily tampered with and forged! In this session, We will share over 10 different vulnerabilities discovered from real experiences riding public transit: starting from connecting to the bus-provided free WiFi, hacking into the vehicular router, gaining access to the bus’s private network area, and ultimately controlling the communication between ADAS and APTS—including manipulating onboard LED displays, stealing driver and passenger information, acquiring bus operational data, and even penetrating the backend API servers of the transportation company. We also uncovered severe vulnerabilities and backdoors in cybersecurity-certified vehicular routers and monitoring equipment that could potentially compromise all global units of the same model. Through this presentation, attendees will gain an in-depth understanding of attack vectors starting from open free WiFi, expose security design flaws in connected public transport vehicles, and discuss potential systemic issues from a regulatory and specification-setting perspective.
Speakers:Chiao-Lin "Steven Meow" Yu,Kai-Ching "Keniver" WangChiao-Lin Yu (Steven Meow) currently serves as a Senior Red Team Cyber Threat Researcher at Trend Micro Taiwan. He holds numerous professional certifications including OSCE³, OSEP, OSWE, OSED, OSCP, CRTP, CARTP, CESP-ADCS, LPT, CPENT, GCP ACE. Steven has previously presented at events such as HITCON Training 2025, Security BSides Tokyo 2023, and CYBERSEC 2024, 2025. He has disclosed 30+ CVE vulnerabilities in major companies like VMware, D-Link, and Zyxel. His expertise spans Red Team exercises, Web security, IoT security and Meow Meow security.
SpeakerBio: Kai-Ching "Keniver" Wang, Senior Security Researcher at CHT SecurityKai-Ching Wang (Keniver) is a Senior Security Researcher at CHT Security. He specializes in red team assessments and comprehensive security reviews, with a current focus on hacking IoT devices and cloud-native infrastructure. He has presented his research on the security of cloud-connected IoT camera systems at conferences such as SECCON in Japan and HITCON in Taiwan.
- ics Calendar file
In this DEFCON talk, we explore a chilling new attack vector: sending SMS messages that appear to come from nowhere no sender, no trace. By exploiting IMSI disclosure, attackers can track and precisely target victims using rogue base stations and manipulated VoLTE traffic. These phantom SMS messages can be used for advanced phishing, surveillance, and covert disruption, turning a trusted communication channel into a dangerous weapon. The talk demonstrates how these attacks work in practice and highlights critical defenses to protect mobile users and networks.
SpeakerBio: Vinod Shrimali
- ics Calendar file
A rare look behind the scenes of a global phishing-as-a-service operation. We tell the story of how we infiltrated a phishing group, cracked their software, exploited a hidden backdoor, and followed an OSINT rabbit hole to uncover the identify of the primary software developer.
Speakers:Harrison Sand,Erlend LeiknesHarrison is a software and application security specialist with experience in embedded devices and IoT. He has worked closely with penetration testing, incident response, embedded security, and vulnerability management. He has a passion for cybersecurity research and has had work featured in publications such as TechCrunch, PC Magazine, The Register, Ars Technica, Hackaday, Aftenposten, and NRK.
SpeakerBio: Erlend LeiknesErlend is a man of many towels (and talents)—a security consultant and retired bus driver, electrical engineer, and masters degree in technical societal safety. Erlend has gravitated towards hacking and IT since his teens and spent more than a decade at mnemonic as a security consultant, where he performs penetration testing, red teaming and conducts security research. A handful of CVEs have his name on it and some are even favored by the usual APTs—and in the spirit of Douglas Adams, there's no need to panic.
- ics Calendar file
What is radio? How do those wacky electromagnetic squiggles do the things they do? What are those magic boxes on either side of an RF link? Let's start with the basics of RF and move through antennas and filters then get down with Shannon and Nyquist for modulation, channel capacity, and SDR architecture.
SpeakerBio: ExplodingLemurSemi-lapsed goth with a bad habit of collecting single-board computers and SDRs. Security engineering pays the bills. Licensed ham radio operator since 1999, electronics, RC aircraft, retro computers, PC gaming, and zombie apocalypse planning. He/him
- ics Calendar file
Rise & shine, social engineers! Swing by to get your SEC merch, and claim your throne, because the phones start ringin' soon!
- ics Calendar file
Every year, electronic badges light up DEF CON, sparking creativity, community, and curiosity. But behind the blinking LEDs and clever puzzles are questions we rarely ask: How safe is this badge for its users? What's its environmental footprint? In this talk, we'll dive into the design of "The SEC Village Badge" from concept to execution - but more importantly, we'll explore a proposed framework for badge makers to disclose key safety information and environmental impact of their creation. From battery safety considerations and materials selection to end-of-life recycling and disposal, we'll discuss how transparency can empower the community, inspire more responsible design, and keep the badge life culture thriving sustainably. Whether you're a seasoned hardware hacker, a first-time badge maker, or just curious about what goes into creating these wearable works of art, this talk will challenge us to think beyond the soldering iron and consider the broader impact of our creations.
SpeakerBio: Brent "TheDukeZip" DukesBrent is a long time hacker and DEF CON attendee that has designed various electronic badges throughout the years. He may be the all time champion at coming in second place in DEF CON competitions (but let's be honest, he'd probably turn out to be second place in that too!)
- ics Calendar file
Software Defined Radios (SDRs) are a powerful tool that has made the once-obfuscated domain of the electromagnetic spectrum open to anyone with a low-cost laptop and radio. From both an offensive and defensive perspective, an enormous attack surface, with many legacy devices and protocols, is open for exploitation. SDR 101 is a course designed for cyber security professionals of all skill levels who want to start working with RF signals and SDRs.
This class is a beginner's introduction to practical Software Defined Radio applications and development with an emphasis on hands-on learning. If you have ever been curious about the invisible world of radio waves and signals all around you, but didn't know where to begin, then this course is for you. Students can expect to learn about basic RF theory and SDR architecture before moving on to hands-on development with real radios. Over the two-day course, the instructor will guide students through progressively more complicated RF concepts and waveforms, culminating in a small capstone exercise. Students will be provided with a HackRF SDR for the duration of the class but will need to bring their own laptop to interface with the radio. VMs will be made available to students to download before class, along with an OS setup guide for those that prefer a bare-metal install. The VM/OS will have all the required drivers and frameworks to interface with the radio hardware, allowing us to jump right into hands-on exercises. My intent for this course is to lower the barrier of entry associated with RF hacking and give beginning students a practical understanding of RF and DSP applications with SDRs.
SpeakerBio: Richard ShmelRichard Shmel is an experienced research and development engineer focusing on radio communications and digital signals processing applications. He has over a decade of experience as an RF engineer and embedded software developer working on prototype radio systems and DSP frameworks. Disappointed by the lack of introductory SDR material he could give to new engineers, he decided to write his own training courses to help fill the gap. Richard has had the privilege of teaching SDR workshops and training at various local and national cyber security conferences - including DEF CON - for many years now. He is passionate about teaching RF/DSP and wireless technology, and will happily talk for hours on the subject if given the chance. Learn more at https://www.rnstechsolutions.com/.
- ics Calendar file
Software Defined Radios (SDRs) are a powerful tool that has made the once-obfuscated domain of the electromagnetic spectrum open to anyone with a low-cost laptop and radio. From both an offensive and defensive perspective, an enormous attack surface, with many legacy devices and protocols, is open for exploitation. SDR 101 is a course designed for cyber security professionals of all skill levels who want to start working with RF signals and SDRs.
This class is a beginner's introduction to practical Software Defined Radio applications and development with an emphasis on hands-on learning. If you have ever been curious about the invisible world of radio waves and signals all around you, but didn't know where to begin, then this course is for you. Students can expect to learn about basic RF theory and SDR architecture before moving on to hands-on development with real radios. Over the two-day course, the instructor will guide students through progressively more complicated RF concepts and waveforms, culminating in a small capstone exercise. Students will be provided with a HackRF SDR for the duration of the class but will need to bring their own laptop to interface with the radio. VMs will be made available to students to download before class, along with an OS setup guide for those that prefer a bare-metal install. The VM/OS will have all the required drivers and frameworks to interface with the radio hardware, allowing us to jump right into hands-on exercises. My intent for this course is to lower the barrier of entry associated with RF hacking and give beginning students a practical understanding of RF and DSP applications with SDRs.
SpeakerBio: Richard ShmelRichard Shmel is an experienced research and development engineer focusing on radio communications and digital signals processing applications. He has over a decade of experience as an RF engineer and embedded software developer working on prototype radio systems and DSP frameworks. Disappointed by the lack of introductory SDR material he could give to new engineers, he decided to write his own training courses to help fill the gap. Richard has had the privilege of teaching SDR workshops and training at various local and national cyber security conferences - including DEF CON - for many years now. He is passionate about teaching RF/DSP and wireless technology, and will happily talk for hours on the subject if given the chance. Learn more at https://www.rnstechsolutions.com/.
- ics Calendar file
Assembly language has a reputation for being intimidating, but once you learn the basics--and know how to read the documentation for the rest--you can easily pick up the rest. There are many interesting fields of study in computer security that depend on the "closer to the metal" knowledge you'll gain from learning to code in assembly:
...among others. There is no substitute for the confidence that you gain from being able to research and understand computer systems at lower levels of abstraction.
The purpose of this workshop is to introduce Intel x64 architecture and assembly language to the attendees. We will be using the Microsoft Macro Assembler, and we will be examining our code step-by-step in the x64dbg debugger. No prior programming experience is required--we will be working on things from first principles. There will be few slides. This is a new version of the workshop that makes better use of the x64dbg debugger to illustrate concepts of the class, live. Attendees can follow along with their own laptops and programming environments.
SpeakerBio: Wesley McGrewDr. Wesley McGrew is a house music DJ that also directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and malware analysis at DEF CON and Black Hat USA and teaches self-designed courses on software reverse engineering and assembly language programming. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.
- ics Calendar file
Malware analysis and reverse engineering involve intricate execution, obfuscation, and anti-analysis techniques that hinder traditional debugging. This intensive, hands-on workshop introduces WinDbg's powerful Time Travel Debugging (TTD), allowing you to record a complete execution trace and replay it forwards and backwards. Designed for reverse engineers and malware analysts, this workshop provides practical skills to harness TTD, significantly cutting analysis time compared to traditional methods.
Throughout this 4-hour session, dive directly into practical application. Start with TTD essentials and capturing traces (GUI/CLI), then quickly progress to navigating timelines efficiently. Gain proficiency using the Debugger Data Model and LINQ queries to rapidly locate key events, API usage, and suspicious memory patterns within large traces. Crucially, learn to automate analysis by creating powerful JavaScript extensions for WinDbg, applying these skills in hands-on labs focused on tasks like extracting dynamically deobfuscated strings from malware. Leave equipped to confidently integrate WinDbg TTD into your workflow, accelerating your triage and deep-dive analysis capabilities.
Speakers:Joshua "jstrosch" Stroschein,Jae Young KimJoshua is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. He is an accomplished trainer, providing training at places such as Ring Zero, Black Hat, DEF CON, ToorCon, Hack In The Box, SuriCon, and other public and private venues. He is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and other security related topics.
SpeakerBio: Jae Young Kim, GoogleJae Young Kim is a Senior Reverse Engineer on Mandiant's FLARE Team where he reverses malware and contributes to FLARE's automated analysis and binary similarity efforts. He is a seasoned instructor and a core contributor to FLARE’s educational content development efforts. He has a Bachelors in Computer Science from Columbia University.
- ics Calendar file
Get ready to leap into the wild world of Windows shellcode! This fast-paced workshop covers how to analyze and create shellcode, using state-of-the-art tools. Intended for those with intermediate knowledge, this workshop will review x86 assembly; you will learn Windows internals, and advanced shellcoding techniques. You’ll learn how to dissect shellcode with x32Dbg or WinDbg and how to use the SHAREM shellcode emulator for deep analysis and disassembly. After analyzing several samples, we’ll build our own shellcode, starting simple and moving on to intermediate multi-API shellcode. You will learn how to encode your shellcode, for evasion, and how to incorporate Windows syscalls directly into your shellcode, for extra stealth. Finally, we will cover converting DLLs to shellcode. Expect to be made privy to a variety of shellcoding tips and tricks. By the end, you’ll be able to: • Quickly read and debug obfuscated shellcode; • Implement GetPC techniques in shellcode; • Chain WinAPIs to pass handles/pointers; • Add direct Windows syscalls for stealth to shellcode; • Convert DLLs to shellcode with sRDI. Prep: Study x86 assembly and basic Windows debugging. We recommend a Windows VM with Windows Defender disabled, plus NASM, x32Dbg, WinDbg (classic), SHAREM, and ShellWasp.
Speakers:Bramwell Brizendine,Austin Norby,Logan CannanDr. Bramwell Brizendine has a Ph.D. in Cyber Operations and is the Director of the VERONA Lab. Bramwell has regularly spoken at DEFCON and presented at all regional editions of Black Hat (USA, Europe, Asia, MEA), as well as at Hack in the Box Amsterdam and Wild West Hackin' Fest. Bramwell received a $300,000 NSA research grant to create the SHAREM shellcode analysis framework, which brings unprecedented capabilities to shellcode analysis. He has additionally authored ShellWasp, which facilitates using Windows syscalls in shellcode, as well as two code-reuse attack frameworks, ROP ROCKET and JOP ROCKET. Bramwell has previously taught undergraduate, master's, and Ph.D. courses on software exploitation, reverse engineering, offensive security, and malware analysis. He currently teaches cybersecurity courses at the University of Alabama in Huntsville.
SpeakerBio: Austin Norby, Director of Internal Research and Development at Bogart AssociatesDr. Austin Norby is a seasoned cybersecurity professional with over a decade of experience supporting the Department of Defense. He earned his bachelor's degrees in mathematics and computer science from the University of Minnesota, a master's degree from the Naval Postgraduate School, and a Doctorate in Cyber Operations from Dakota State University, specializing in anti-debugging techniques. Currently, Dr. Norby serves as the Director of Internal Research and Development at Bogart Associates, where he is responsible for spearheading the creation of advanced cybersecurity solutions for government use. His technical proficiencies include reverse engineering, malware analysis, and software engineering, with a strong focus on developing robust cyber capabilities in C, C++, Intel assembly, and Python.
SpeakerBio: Logan Cannan, Ph.D. Candidate, University of Alabama in HuntsvilleLogan Cannan received the B.S. and M.S. degrees in Computer Engineering and Cybersecurity from the University of Alabama in Huntsville. He is currently a Ph.D. candidate for a degree in Computer Engineering in a joint degree program with the University of Alabama at Birmingham and the University of Alabama in Huntsville. After spending time at Idaho National Laboratory, working in both ICS vulnerability analysis and machine learning assisted code analysis, he focused his dissertation research on optimization for machine learning on binary analysis and reverse engineering tasks.
- ics Calendar file
This workshop is for SOC analysts, threat hunters, and defenders dealing with alert fatigue, fragmented telemetry, and the challenge of spotting coordinated attacks. Instead of large language models or costly vendor tools, we’ll use open-source, explainable ML to map alerts, logs, and events into contextualized attack stories.
Attendees will work hands-on with real-world-style data to find root causes, build kill chains, and generate actionable tickets—False Positive, Incident, and Attack Story—that mirror real SOC workflows. We’ll use the Attack Flow Detector tool, which runs in Google Colab—no install needed.
No data science experience required. The class is technical but beginner-friendly, with guided exercises and examples. Basic knowledge of logs and MITRE ATT\&CK helps but isn’t required. The focus is on outcomes: understanding what happened, why, and how to respond—without black-box AI or complex queries.
By the end, students will know how to clean noisy data, map alerts to attacker techniques, cluster related events, and build end-to-end attack narratives. All tools and content are open-source, transparent, and ready to use in real environments.
SpeakerBio: Ezz TahounEzz Tahoun is an award-winning cybersecurity data scientist recognized globally for his innovations in applying AI to security operations. He has presented at multiple DEFCON villages, including Blue Team, Cloud, Industrial Control Systems (ICS), Adversary, Wall of Sheep, Packet Hacking, Telecom, and Creator Stage, as well as BlackHat Sector, MEA, EU, and GISEC. His groundbreaking work earned him accolades from Yale, Princeton, Northwestern, NATO, Microsoft, and Canada's Communications Security Establishment. At 19, Ezz began his PhD in Computer Science at the University of Waterloo, quickly gaining recognition through 20 influential papers and 15 open-source cybersecurity tools. His professional experience includes leading advanced AI-driven projects for Orange CyberDefense, Forescout, RBC, and Huawei Technologies US. Holding certifications such as aCCISO, CISM, CRISC, GCIH, GSEC, CEH, and GCP-Cloud Architect, Ezz previously served as an adjunct professor in cyber defense and warfare.
- ics Calendar file
DLL Loading is one of the most important parts of the Windows system. When you install, run, use, or hack a system, you will always use DLL. This DLL mechanism has been exploited for several years for malware development through several techniques : DLL injection, Reflective DLL but do you really know how Windows is loading a DLL ? The sections used, the internal structures and how the dependencies are resolved. Are you able to design your own Perfect DLL Loader that fully integrate with the WIN32API? In this workshop, you will dive into the Windows DLL mechanism to understand how all of it works internally. With a decompiler, trial and errors, step by step, you will build your own (almost) Perfect DLL loader. You will try to load from the simple AMSI.DLL to the most complex WINHTTP.DLL. At each step, you will dive deeper into the Windows Internals. Malware developers, you will be able to use this code as a PE loader that never failed me for the last years and a DLL loader that does not raise the LoadImage kernel callback you can use on your own C2 beacon. WARNING: while this is a windows internal DISCOVERY course, it is still a HIGHLY TECHNICAL workshop. You should have some entry-level knowledge on Windows systems, C programing and reverse engineering to fully enjoy the workshop.
SpeakerBio: Yoann "OtterHacker" DEQUEKER, RedTeam Leader at WavestoneeYoann Dequeker (@OtterHacker) is a red team operator at Wavestone entitle with OSCP and CRTO certification. Aside from his RedTeam engagements and his contributions to public projects such as Impacket, he spends time working on Malware Developpement to ease beacon deployment and EDR bypass during engagements and is currently developing a fully custom C2.
His research leads him to present his results on several conferences such as LeHack (Paris), Insomni'hack, BlackAlps (Swiss) or even through a 4-hour malware workshop at Defcon31 and Defcon32 (Las Vegas). All along the year, he publishes several white papers on the techniques he discovered or upgraded and the vulnerabilities he found on public products.
- ics Calendar file
Volatility 3 is the latest version of the Volatility Memory Analysis framework and is a complete re-design and rewrite of the framework suited to meet the needs of modern investigations. In this workshop, students will learn Volatility 3’s new features aimed at efficiency and usability as well as all the new and updated Windows plugins capable of detecting modern malware. During the workshop, students will experience a mix of lecture and live demonstration about the latest malware techniques followed by hands-on labs that will require students to analyze infected memory samples. While students complete each lab, instructors will walk to each student’s station to ensure they are progressing. An instructor will also completely walk through each lab live, and students are given a 35+ page PDF lab guide that contains all the lab scenarios, questions, and detailed answers, including many screenshots and explanations. Students can then use the course slides and lab guide to practice labs over time as well as to guide real-world investigations of compromised systems. By attending this workshop, students will leave knowing the most effective ways to detect modern Windows malware using the latest version of the mostly widely used open-source framework for memory analysis.
Speakers:Andrew Case,Lauren Pace,Daniel DonzeAndrew Case is the Director of Research at Volexity and has significant experience in incident response handling, digital forensics, and malware analysis. Case is a core developer of Volatility, the most widely used open-source memory forensics framework, and a co-author of the highly popular and technical forensics analysis book "The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory." Case has spoken at many industry conferences, including DEF CON, Black Hat, RSA, DFRWS, SecTor, BSides*, and OMFW.
SpeakerBio: Lauren Pace, Computer Science PhD Student at LSULauren Pace is a PhD Student Researcher at Louisiana State University. She is a recipient of a Scholarship for Service scholarship and is performing funded research on complex problems and topics in memory forensics. Lauren has delivered Volatility 3 workshops at conferences, such as DFRWS, and is actively involved in her local cybersecurity clubs and community.
SpeakerBio: Daniel DonzeDaniel Donze (He/Him) is a PhD Student Researcher in Computer Science at Louisiana State University. His research has previously contributed to the Volatility Framework, and his current interests include memory forensics and malware analysis. He has presented research at BSides Las Vegas as well as several local events. He previously worked as a fullstack web and software developer and security researcher. His hobbies include cooking, playing guitar, mixology and craft beer.
- ics Calendar file
In today’s landscape, generative AI coding tools are powerful but often insecure, raising concerns for developers and organizations alike. This hands-on workshop will guide participants in building a secure coding assistant tailored to their specific security needs.
We’ll begin by exploring the security limitations of current AI coding tools and discussing why fine-tuning is critical for secure development. Participants will then create and fine-tune their own LLM-based assistants using provided examples and their own use cases. By the end of the session, each attendee will have a functioning, security-focused AI coding assistant and a clear understanding of how to improve it further.
Speakers:Or Sahar,Yariv TalOr Sahar is a security researcher, software engineer, and cofounder of Secure From Scratch — a venture dedicated to teaching developers secure coding from the very first line of code. She has worked for many years as a developer and developer team leader, before transitioning her career path to focus on hacking, application vulnerability research and security in the context of AI. Or is currently pursuing a master's degree in computer science and lectures in several colleges.
SpeakerBio: Yariv Tal, Security ResearcherYariv Tal is a senior developer & security researcher, and the cofounder of Secure From Scratch - a venture dedicated to teaching developers secure coding from the very first line of code. A summa cum laude graduate from the Technion, leveraging four decades of programming expertise and years of experience in university lecturing and bootcamp mentoring, he brings a developer's perspective to the field of security. Currently, he lectures on secure coding at several colleges and the private sector, he is the leader of the owasp-untrust project and is currently pursuing a master's degree in computer science and lectures in several colleges.
- ics Calendar file
Kubernetes has transformed how we deploy applications, but its complexity has created a new attack surface actively exploited by threats. This workshop delivers practical experience exploiting and defending against dangerous misconfigurations found in production environments.
Based on extensive research and the popular Kubernetes Goat platform, you'll work through realistic attack scenarios including privilege escalation, container escapes, lateral movement, and persistence techniques. For each vulnerability exploited, you'll implement corresponding defenses using Kubernetes-native controls.
Our pre-configured environment with vulnerable applications lets you focus on mastering both offensive and defensive techniques. You'll gain:
Whether securing Kubernetes or adding cloud-native exploitation to your skillset, this workshop delivers actionable knowledge through guided practice rather than abstract concepts.
SpeakerBio: Madhu "madhuakula" Akula, Pragmatic Security LeaderMadhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud Native Security Architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). He holds industry certifications like CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), OSCP (Offensive Security Certified Professional), etc.
Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON 24, 26, 27, 28, 29 & 30, BlackHat 2018, 19, 21 & 22, USENIX LISA 2018, 19 & 21, SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, Github Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon 2018, 19, 21 & 22, SACON, Serverless Summit, null and multiple others.
His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVE’s, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.
- ics Calendar file
Browser extensions have quietly become one of the most underappreciated attack surfaces. While marketed as productivity enhancers, many of these extensions operate with elevated privileges that rival native malware in terms of access to sensitive user and organizational data.
This hands-on workshop takes a deep dive into how browser extensions operate under the hood and exposes how easily legitimate APIs can be weaponized to exfiltrate credentials, hijack sessions, monitor user behavior, and leak sensitive corporate information. By reverse-engineering real-world extension behavior and building functioning proof-of-concept (PoC) malicious extensions, participants will gain a direct understanding of the risks these extensions pose.
Through practical exercises, participants will: - Learn the browser extension architecture and permission model - Examine key APIs commonly misused for surveillance or data theft - Build PoC malicious extensions that exfiltrate session cookies, read passwords, record keystrokes, capture DOM content, and more - Analyze techniques for stealth, obfuscation, and evasion - Explore detection blind spots in endpoint and SSE security tools - Review mitigation strategies and enterprise hardening recommendations
Speakers:Or Eshed,Aviad GispanOr Eshed is CEO and co-founder at LayerX Security. Prior to founding LayerX, Or worked for 12 years as a cybersecurity and OPSEC expert at ABN AMRO Bank, Otorio, and Check Point, where he led the takedown of the world's largest browser hijacking operation with over 50M browsers compromised, and his work led to the arrest of more than 15 threat actors. Or also has an MSc in Applied Economics from the Hebrew University of Jerusalem.
SpeakerBio: Aviad Gispan, Senior Researcher at LayerX SecurityAviad Gispan is a Senior Researcher at LayerX Security, with over a decade of experience in browser security, JavaScript, and frontend architecture. He develops sandbox technologies to detect malicious extensions and researches advanced techniques to strengthen browser-based protection. Previously, Aviad led innovation in Proofpoint’s Web Isolation group, focusing on performance optimization and resource efficiency.
- ics Calendar file
Using cryptography is often a subtle practice and mistakes can result in significant vulnerabilities. This workshop will cover many of these vulnerabilities which have shown up in the real world, including CVE-2020-0601. This will be a hands-on workshop where you will implement the attacks after each one is explained. I will provide a VM with a tool written in Python to execute the attacks. A good way to determine if this workshop is for you is to look at the challenges at cryptopals.com and see if those look interesting, but you could use in person help understanding the attacks. While not a strict subset of those challenges, there is significant overlap. The exercises will range from decrypting ciphertext to recovering private keys from public key attacks allowing us to create TLS cert private key and ssh private key files.
SpeakerBio: Matt CheungMatt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given workshops at the Boston Application Security Conference, BSidesLV, DEF CON, and the Crypto and Privacy VillageHe now serves on the programming committee of the Crypto and Privacy Village. He now serves on the programming committee of the Crypto and Privacy Village.
- ics Calendar file
This hands-on course provides an in-depth exploration of Medical Device Penetration Testing, equipping security professionals with the skills to identify and exploit vulnerabilities in medical technologies. Participants will engage in practical exercises covering device board analysis and attacks, external network threats, bypassing kiosk controls, Windows and Linux post-exploitation techniques, and execution restriction bypasses. By leveraging real-world scenarios, this course ensures a comprehensive understanding of modern security risks and defense strategies in medical environments.
Speakers:Michael "v3ga" Aguilar,Alex "cheet" DeliferMichael Aguilar (v3ga) is a Principal Consultant for Sophos Red Team. He leads efforts in Medical Device testing, Adversarial Simulations, Physical Security assessments, Network testing and more. Currently, he has 8 CVE vulnerabilities aligned with security issues located during testing at DEF CON's Biohacking Village Device Lab. He has also led the winning team of the DEF CON Biohacking Village CTF for two consecutive years.
SpeakerBio: Alex "cheet" DeliferA seasoned medical device red team hacker with nearly a decade in the trenches, Alex Delifer (cheet) breaks stuff so others can sleep at night. He operates out of an unnamed medtech company, where he regularly tears through embedded systems, surgical robots, industrial controllers, APIs, and BIOS firmware like it’s target practice. A Biohacking Village Capture the Flag Champion at DEF CON, he’s known in some circles as the medical device testing sledgehammer—swinging hard, finding the flaws others miss, and leaving no UART unturned.
- ics Calendar file
As defenders evolve with more sophisticated detection strategies, red teamers must innovate to remain effective. This intermediate hands-on workshop delves into modern obfuscation techniques, bypass strategies, and OPSEC considerations that reflect the current threat landscape. Participants will explore how Microsoft's Antimalware Scan Interface (AMSI), Defender, and Event Tracing for Windows (ETW) are being leveraged by defenders and how to navigate around them.
You'll walk away with an understanding of the real-world effectiveness of techniques like string encryption, runtime compilation, sandbox evasion, and how minimalistic evasion ("least obfuscation") helps evade both machine learning and heuristic-based detections. Attendees will use PowerShell, C#, and open-source tooling to build and test evasive payloads in a lab setting.
In this workshop, attendees will: 1. Learn to identify and break static and dynamic detection signatures. 2. Employ least-obfuscation strategies and runtime evasion. 3. Build AMSI and ETW bypasses using up-to-date PowerShell and C# techniques. 4. Understand P/invoke and API hooking 5. Evaluate how defenders log and detect activity and design code to stay under the radar.
Speakers:Jake "Hubble" Krasnov,Vincent "Vinnybod" Rose,Rey "Privesc" Bango,Dylan "CyberStrike" ButlerJake "Hubble" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security, with a distinguished career spanning engineering and cybersecurity. A U.S. Air Force veteran, Jake began his career as an Astronautical Engineer, overseeing rocket modifications, leading test and evaluation efforts for the F-22, and conducting red team operations with the 57th Information Aggressors. He later served as a Senior Manager at Boeing Phantom Works, where he focused on aviation and space defense projects. A seasoned speaker and trainer, Jake has presented at conferences including DEF CON, Black Hat, HackRedCon, HackSpaceCon, and HackMiami.
SpeakerBio: Vincent "Vinnybod" Rose, ConfluentVincent "Vinnybod" Rose is the Lead Developer for Empire and Starkiller. He is a software engineer with a decade of expertise in building highly scalable cloud services, improving developer operations, and automation. Recently, his focus has been on the reliability and stability of the Empire C2 server. Vinnybod has presented at Black Hat and has taught courses at DEF CON on Red Teaming and Offensive PowerShell. He currently maintains a cybersecurity blog focused on offensive security at https://www.bc-security.org/blog/.
SpeakerBio: Rey "Privesc" Bango, Security Consultant at BC SecurityRey "Privesc" Bango is a Principal Cloud Advocate at Microsoft and a Security Consultant specializing in red teaming at BC Security. At Microsoft, he focuses on empowering organizations to leverage transformative technologies such as Artificial Intelligence and Machine Learning, prioritizing trust, security, and responsible use. He is an experienced trainer and speaker, presenting and teaching at cybersecurity conferences, including Black Hat and DEF CON. His work continues to bridge the gap between cutting-edge technological advancements and the critical need for secure, ethical implementation in today's world.
SpeakerBio: Dylan "CyberStrike" ButlerDylan "CyberStryke" Butler is an Offensive Infrastructure Developer at BC Security. He began his career as a software engineer, developing high-performance systems for major tech companies. His passion for cybersecurity led him to specialize in offensive infrastructure development, where he now designs and builds robust frameworks to support red team operations.
- ics Calendar file
Software supply chain attacks are out of control! Between 2019 and 2023 software supply chain attacks increased by more than 740% year on year. Things have only gotten worse since then, with attacks like Bybit, Ultralytics, LottieFiles, Polyfills, and of course XZ utils happening in the last 18 months. But how are these supply chain attacks delivered? Often, the attack starts with a malicious npm package.
According to Sonatype, 98.5% of malicious software packages exist in the npm registry. There are several reasons that npm is particularly well suited for delivering malware, and that's why I chose to focus just on npm for this 4 hour workshop.
This hands-on workshop will teach both software engineers, and infosec practitioners how npm malware works. We’ll learn what makes npm malware unique from other software package malware, and how the author has been using his knowledge of npm malware in his research, and to deliver unique offensive security engagements. Most importantly how to identify, analyze, create and defend against malicious NPM packages in this workshop.
The trainer for this workshop, Paul McCarty, is literally writing the book on the subject “Hacking npm”, so he will drop lots of in-depth, never before seen npm techniques.
SpeakerBio: Paul "6mile" McCarty, Head of Research at SafetyPaul is the Head of Research at Safety (safetycli.com) and a DevSecOps OG. He loves software supply chain research and delivering supply chain offensive security training and engagements. He's spent the last two years deep-diving into npm and has made several discoveries about the ecosystem. Paul founded multiple startups starting in the '90s, with UtahConnect, SecureStack in 2017, and SourceCodeRED in 2023. Paul has worked for NASA, Boeing, Blue Cross/Blue Shield, John Deere, the US military, the Australian government and several startups over the last 30 years. Paul is a frequent open-source contributor and author of several DevSecOps, software supply chain and threat modelling projects. He’s currently writing a book entitled “Hacking NPM”, and when he’s not doing that, he’s snowboarding with his wife and 3 amazing kids.
- ics Calendar file
Ever wanted to tinker with a real industrial controller without risking a plant meltdown? In this workshop, you'll get to play in a PLC playground using actual industrial control hardware like the MicroLogix 1100 PLC that simulates physical processes like a fluid tank and a garage door. Guided by ladder logic programming and Proportional Integral Derivative (PID) tuning exercises, you will program the PLC to maintain tank levels and move machines, observing how the control system responds in real-time.
This workshop focuses on directly interacting with and exploiting the physical PLC hardware and its underlying protocols with a hardware-in-the-loop setup that includes an HMI. Participants won't just click buttons. They'll write ladder logic, interact with real I/O, and observe how PLCs process and respond to industrial inputs in real-time. Along the way, we'll highlight common ICS quirks and vulnerabilities (from insecure protocols to "insecure by design" logic) that can make these systems a hacker's playground. The Hardware In the Loop Industrial Control System (HILICS) kits used in this workshop are an open-source project that was designed and built by the Air Force Institute of Technology (AFIT) to provide a safe, scalable platform for exploring the cyber-physical dynamics of ICS environments.
Speakers:Anthony "Coin" Rose,Daniel Koranek,Tyler Bertles,César RamirezDr. Anthony "Coin" Rose is the Director of Security Research and Chief Operating Officer at BC Security, as well as a professor at the Air Force Institute of Technology, where he serves as an officer in the United States Air Force. His doctorate in Electrical Engineering focused on building cyber defenses using machine learning and graph theory. Anthony specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. Anthony has presented at security conferences, including Black Hat, DEF CON, HackMiami, RSA, HackSpaceCon, Texas Cyber Summit, and HackRedCon. He also leads the development of offensive security tools, including Empire and Moriarty.
SpeakerBio: Daniel Koranek, Air Force Institute of TechnologyDr. Daniel Koranek is an Assistant Professor of Computer Science at the Air Force Institute of Technology (AFIT) and a two-time graduate of AFIT in cyber operations (2010, M.S.) and computer science (2022, Ph.D.), where his research interests focus on the intersection of artificial intelligence/machine learning and cybersecurity. This includes using AI/ML to enhance cybersecurity and using vulnerability assessment and secure design techniques to improve AI deployments. He has spent most of his career on reverse engineering and vulnerability assessment of embedded systems like the HILICS kit, and overlapping AI and cybersecurity drove Dr. Koranek's dissertation research on using the reverse engineering tool Binary Ninja to visualize explanations of malware classifications.
SpeakerBio: Tyler BertlesTyler Bertles is a Captain in the United States Army, currently pursuing a Master's degree in Cyber Operations at the Air Force Institute of Technology. He holds a Bachelor's degree in Computer Science and has conducted prior research on automated flight systems, with a focus on quadcopter platforms. With over 10 years of experience in Army Aviation, he has worked extensively with satellite navigation and communication systems. His current thesis research centers on developing intrusion detection capabilities for satellite cybersecurity.
SpeakerBio: César RamirezCaptain César Ramirez is a student in the Cyber Operations Master's Program at the Air Force Institute of Technology (AFIT). He has a strong interest in penetration testing and digital forensics, which is reflected in his current research on attribution through proxy chains and the use of Explainable Artificial Intelligence (XAI) to identify malware functionality within blue networks. He has supported defensive cyber operations for space systems and intelligence-sharing platforms. In addition, he brings unique expertise in the application of non-kinetic effects to degrade the performance and functionality of military-grade drones. Captain Ramirez holds multiple certifications, including Security+, Pentest+, and Certified Cloud Security Professional (CCSP).
- ics Calendar file
Join us for an engaging and interactive workshop where we delve into the hidden risks within your configurations in Snowflake. This intermediate-level session is designed to provide hands-on experience with vulnerable and misconfigured environments, utilizing plug-and-play Terraform scripts and your free-tier Snowflake and AWS accounts. Attendees will explore the UNC5337 data-theft and extortion campaign, and other common Snowflake misconfigurations and risks through a fun and interactive "Capture The Flag" (CTF) style attack scenario, with the main objective of leaking sensitive data from Snowflake.
Key Topics: -Snowflake as a data-lake service and common security pitfalls. -UNC5337 Data-Theft and Extortion Campaign: Gain insights into real-world cyber threats and how they operate. -Solve problems and bypass misconfigured security mechanisms. -Learn about data-related risks that could lead to a data breach. Technical Level: Intermediate Learning Outcomes: By the end of this workshop, attendees will: -Understand best practices for securing configurations in Snowflake. -Gain practical experience in identifying and mitigating unsecured configurations. -Gain knowledge to handle real-world cyber threats effectively.
Speakers:Lior Adar,Chen Levy Ben AroyLior is a senior security researcher at Varonis and a passionate security enthusiast with a broad background in red team operations, penetration testing, incident response, and advanced security research. With experience at Palo Alto Networks and Team8, Lior has enhanced his expertise in cybersecurity research across multiple domains, including various cloud providers and SaaS platforms. Known for contributing to the LOLBAS project, he specializes in evaluating emerging threats and analyzing data signals, combining a hands-on approach with a deep understanding of attacker perspective.
SpeakerBio: Chen Levy Ben Aroy, Cloud Security Research Team Lead at VaronisChen Levy Ben Aroy is a distinguished cybersecurity leader with a proven track record in cloud security, penetration testing, and red teaming. As a Cloud Security Research Team Lead at Varonis, Chen spearheads cutting-edge security research and innovation across multiple cloud-providers and platforms. His previous roles at well-known enterprises, such as Prosche Digital and ABInbev, showcased his expertise in advanced malware development and strategic project management. With a robust background in a wide array of cybersecurity domains, Chen's visionary approach and technical acumen make him a sought-after expert in the industry.
- ics Calendar file
WWED is designed for students to gain experience exploiting real world web applications and take their assessment skills to the next level. Students will learn advanced vulnerability discovery techniques to identify and exploit vulnerabilities in real world web applications. Getting hands-on experience using free and widely available Linux utilities to observe application behavior, to more effectively discover and exploit application vulnerabilities. Using a whitebox approach students will rapidly discover and exploit non-trivial bugs. Not requiring the use of expensive commercial tools or with the guess work which comes along with blackbox testing.
Students will be provided virtual machines of commercially available software applications which will be used for this heavily lab focused course. At the conclusion of the class each student will have developed a fully functional remote root PoC. This course targets a wide level of skill levels and will leverage a hints system to help students who may fall behind. Incrementally releasing solutions through each exercise.
Speakers:Cale "calebot" Smith,Luke Cycon,Young Seuk Kim,Priyanka JoshiCale Smith is a nerd who loves both building but also breaking, so he can get better at building. He is passionate about understanding how anything and everything works, improving security along the way is just a bonus. Also, he is passionate about sharing his passion and created this course to pass along some of the more accessible techniques he has picked up. His professional career originated exclusively as a builder, but has been focusing on the security and breaking side for the last 15 years. During that time he has dabbled in the web weenie life, cloud, binary, IoT and mobile most recently. Currently he manages a device oriented AppSec team at Amazon. While AFK he is probably riding a bike or climbing rocks.
SpeakerBio: Luke CyconSecurity engineer by day, barbecue hacker by night—celebrating each fixed bug with a bit too much somaek. Off the clock, you'll find him tinkering with hardware or firing lasers at something.
SpeakerBio: Young Seuk KimHusband, father, hacker, gamer. Young’s path into security started like a good game exploit—he wanted to win, bent the rules, and discovered a passion for hacking. He began as a web app security consultant, moved into penetration testing and red teaming, and now works in application security engineering, helping teams build secure systems (and still breaking things for fun). He also dives into all kinds of games and stories, especially fantasy with Eastern martial arts, and loves dissecting media with the same curiosity he brings to code.
SpeakerBio: Priyanka JoshiPriyanka sustained her academic voyage using curiosity as her paddles before landing her first job as a software security engineer in an ancient company. For three years thereafter, she focused on research, development and security testing of OAuth2.0 and OpenID implementations. This experience led to her discovery of her passion in the identity space. In her current appsec engineer adventure at Amazon, she enjoys working on secure design assessments, bug bounty triage and fix validation, consults and security testing of web services. In her leisure, she enjoys hiking, lazy gymming, sketching, singing, watching anime and reading manga.
- ics Calendar file
Data is the foundation of AI. Data lakehouses are how that foundation is managed at scale. Deploying and maintaining lakehouse components like object storage, table formats, catalogs, and query engines remains complex, opaque, and often tied to cloud assumptions. This session explores how Nix and NixOS can be used to declaratively define and deploy a full, self-hosted lakehouse architecture. The stack includes MinIO AIStor for high-performance object storage, Apache Iceberg for open table formats, Nessie or Polaris for metadata, and query engines like Dremio or DuckDB. Topics include early design experiments, the benefits of reproducibility and portability, and current challenges around packaging, network policy, and secure deployment. The goal is to present an aspirational blueprint for building cloud-native data infrastructure that runs anywhere from source.
SpeakerBio: Brenna BuuckBrenna Buuck is the subject matter expert at MinIO for databases and data lakehouses. A data engineer turned developer evangelist, she is passionate about coding, data, and learning. She endeavors to inspire and educate other developers about the latest tools and technologies, helping them build amazing things through code, tutorials, speaking engagements, and writing. She holds an undergraduate degree from the University of California, San Diego, and a graduate degree from San Diego State University.
- ics Calendar file
Join Blue Team Village and Aerospace Village for a high-stakes, interactive tabletop exercise that launches cybersecurity into orbit — literally. In Space Camp 33, participants will respond to a cascading series of simulated cybersecurity and crisis management events centered around a fictional tech-aerospace hybrid company, BlueX. When outdated systems, poor segmentation, and a ransomware attack trigger an unscheduled spacecraft launch, teams must navigate cyber-physical consequences, viral media fallout, and interstellar implications. Will your response team keep cool under cosmic pressure? Or will your incident response burn up on reentry?
Speakers:Jacob Oakley,Kelly Ohlert,Liz Wharton,Tim WestonJacob Oakley, PhD, DSc, is a cybersecurity journeyman, author, speaker, and educator with 19 years of experience. He serves on the Steering Committee for the IEEE Space System Cybersecurity Standards Working Group and is an adjunct professor at Embry-Riddle Aeronautical University writing/teaching graduate courses on space cyber, he also developed and teaches a satellite hacking course at Black Hat.
SpeakerBio: Kelly OhlertKnown for using gamification elements in tabletop simulations to heighten stakes and introduce random events, Gwyddia has designed and facilitated single-scenario and multi-table simulations for organizations ranging from VC-stage startups to Fortune 100 companies, for virtual tables of two and live groups of over three hundred.
Speaker, Blue Team Village at DEF CON, Security BSides Las Vegas, ShmooCon, Fal.con, NSGSCon, Security BSides Delaware, and many more.
SpeakerBio: Liz WhartonElizabeth (Liz), founder of Silver Key Strategies, is a recognized expert advising on cybersecurity and technology projects. In addition to over a decade in private practice and as counsel at two startups, she was the Senior Assistant City Attorney overseeing technology projects at Atlanta’s Hartsfield Jackson International Airport (the World’s Busiest Airport) where she led on the integration of drones in the airfield. Prior experience also includes advising state, local, and federal governments on unmanned systems, publishing numerous articles and white papers, and serving as President of the Atlanta Chapter of the Association for Unmanned Vehicle Systems International. Outside of Silver Key, her projects include serving on the Board of the Aerospace Village (a nonprofit focused on cybersecurity in the aerospace field). Liz was recognized as the 2022 “Cybersecurity or Privacy Woman Law Professional of the Year” by the United Cybersecurity Alliance. She received her J.D. from Georgia State University College of Law and her B.A. from Virginia Tech.
SpeakerBio: Tim Weston
- ics Calendar file
Launch into the thrilling world of cybersecurity, specifically designed for space systems! Learn the fundamentals to safeguard ground stations, communication links, and spacecrafts.
Engage in an immersive and fun CTF scenario. Apply your cybersecurity skills in real-time and see the direct impact of your decisions on our Space Systems Demonstrator. In this high-stakes scenario, you'll align with the Aurora Alliance in their critical mission to thwart Count Viktor Thunderclaw and the notorious Nebula Syndicate. The Syndicate threatens to destroy historic monuments around the world with their Space Laser unless their demands are met. Do you have what it takes to dismantle their malevolent plans?
Our beginner-level CTF kicks off as soon as the village opens—no pre-registration necessary. Just bring your laptop to access the CTF platform and your favorite packet decoding software (i.e. Wireshark). Expect the CTF to take you less than 1 hour to complete. Team collaboration is encouraged, and if you encounter obstacles, numerous hints are available to guide you. Excel in the challenge, and you could walk away with a CT Cubed SAO, an exclusive prize while supplies last.
- ics Calendar file
Join Us for the Ultimate Spades Tournament & Game Night Social! Looking for a fun way to unwind, connect, and enjoy some friendly competition? Our Spades Tournament & Game Night Social is the perfect way to relax while engaging in a classic card game that brings people together.
- ics Calendar file
Opportunities in InfoSec are everywhere, but they’re often buried across scattered websites, social media posts, or chat channels. Whether it’s a local meetup, a CFP deadline, a volunteer opportunity, or the chance to sponsor an initiative, many people and organizations miss out simply because they don’t know where to look or find info bloated by pay-to-play noise.
InfoSecMap was created to solve this. It’s a free, community-driven platform that brings the global InfoSec ecosystem together in one place. From major conferences to CTFs and grassroots meetups, InfoSecMap helps users explore what’s happening by geographic region or focus area and discover where they can connect and contribute.
InfoSecMap is proud to partner with OWASP, bringing together volunteer-led chapters and global events while fostering stronger connections and community growth. We believe open source should mean open access, and we’re building the infrastructure to make that real.
SpeakerBio: W. Martín Villalba, C13 SecurityMartín is an application and product security consultant with over 15 years of industry experience. He founded C13 Security, where he specializes in Secure SDLC, pentesting, and vulnerability management. He is an active member of the InfoSec community, collaborating with local groups and global organizations such as BSides and OWASP. He also built InfoSecMap, an open-access platform for discovering InfoSec events and communities from all around the world.
- ics Calendar file
Spotter is a groundbreaking open-source tool designed to secure Kubernetes clusters throughout their lifecycle. Built on the native tooling of Kubernetes by leveraging Common Expression Language for policy definitions, we can define unified security scanning across development, CLI, CI/CD, admission controllers, deployments, runtime, and continuous monitoring. Its unique approach enables both enforcement and monitoring modes, ensuring that policies can be applied consistently and mapped directly to industry standards such as CIS and MITRE ATT&CK. Spotter provides extremely high flexibility across all Kubernetes phases, providing an innovative approach that no other open-source or commercial solution can replicate. It seamlessly bridges security, DevOps, and platform teams, effectively solving the real-world challenges faced by day-to-day operations.
SpeakerBio: Madhu "madhuakula" Akula, Pragmatic Security LeaderMadhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud Native Security Architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). He holds industry certifications like CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), OSCP (Offensive Security Certified Professional), etc.
Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON 24, 26, 27, 28, 29 & 30, BlackHat 2018, 19, 21 & 22, USENIX LISA 2018, 19 & 21, SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, Github Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon 2018, 19, 21 & 22, SACON, Serverless Summit, null and multiple others.
His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVE’s, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.
- ics Calendar file
Step into the IoT Village and challenge those eyes staring at you. Break open real hardware and dive in to uncover vulnerabilities.
Try your luck to emulate those devices. Whether you’re a hardware hacking pro of just a hardware wrecker, this hands-on experience is your change to push the limits of hardware hacking.
Ready to see what’s really watching you?
- ics Calendar file
Starts at 10am on Friday and ends at 1200 on Saturday with prizes awarded immediately afterward.
- ics Calendar file
The federal government builds and maintains hundreds of thousands of software systems - and it would be difficult to find a system that doesn't rely on open source software. In fact, the government is likely the single largest consumer of OSS in the world and considering the criticality of the mission, the security of those systems is paramount. There has been limited guidance on how government programs should select, consume, contribute to, and publish open source software, but things are getting better! This session will discuss the current landscape of open source in the federal government and present methods for how we can secure our own systems with tools and processes to vet open source projects, ingest that software securely, and support those projects with substantive contributions.
Attendees from government entities, contractors, and members of the community should attend to learn how the government can tackle the supply chain risks inherent in open source while still capturing the benefits that it has to offer. They'll come away with an understanding of how this might impact their work, and how by working together we can build a better open source ecosystem for everyone.
SpeakerBio: Jordan KasperJordan Kasper started programming in 1993 and has developed systems on platforms ranging from IBM mainframes to TI calculators and everything in between. His professional experience ranges from startups and digital agencies, to Fortune 100 companies and government institutions. During his time in government he worked for the Departments of Defense and Homeland Security where he helped to reform struggling IT programs, advocate for modern technology and practices, and advise on policies and strategies ranging from open source software to data standards. Outside of work Jordan is an open source maintainer, community organizer, and board game enthusiast.
- ics Calendar file
Static Analysis Hero (SAH) is a Visual Studio Code extension for detecting software vulnerabilities and managing static code analysis. It supports code scanning using Semgrep, custom rulesets, and built-in regex for multiple languages. SAH also enables documentation through comments, bookmarks, prioritization, and export/import features for collaborative security reviews. Fully open-source, offline-capable, and compatible with other VS Code tools to leverage the power of the IDE, SAH is designed for both developers and security professionals.
Speakers:Dustin Born,Matthias GöhringDustin Born is security consultant and penetration tester at usd AG, an information security company based in Germany with the mission #moresecurity. Within pentesting, he focuses on web applications, cloud environments and mobile applications. Apart from this, Dustin supports the development of several internal tools that focus on automated reconnaissance and vulnerability assessment. This aligns with his interests in developing tools related to IT security and his previous scientific work. Specifically, he has built a framework for a general purpose vulnerability scanner as well as one for the dynamic analysis of iOS apps.
SpeakerBio: Matthias GöhringMatthias Göhring is security consultant and penetration tester at usd AG, an information security company based in Germany with the mission #moresecurity. He is Head of usd HeroLab, the division of usd specialized in technical security assessments. In addition, he holds lectures at Technical University Darmstadt and University of Applied Sciences Darmstadt on ethical hacking and penetration testing. In previous scientific work, he focused on network and communication security as well as software security.
Previous publications: - Catching the Clones – Insights in Website Cloning Attacks, Risk Connect Conference, 2021 - Path MTU Discovery Considered Harmful, IEEE 38th International Conference on Distributed Computing Systems (ICDCS), 2018 - Tor Experimentation Tools, IEEE Security and Privacy Workshops, 2015 - On randomness testing in physical layer key agreement, IEEE 2nd World Forum on Internet of Things (WF-IoT), 2015
- ics Calendar file
This session explores advanced security mechanisms implemented by major browsers to prevent cookie theft from their storage databases. Chrome has recently implemented AppBound encryption, which provides multi-layered protection for session cookies:
1) A 2-way DPAPI encryption system that operates with both elevated NT AUTHORITY\SYSTEM permissions and normal user-level decryption capabilities;
2) A state-key encryption layer utilizing the ChaCha20Poly1305 algorithm with custom keys (that once was AES-256-GCM encrypted);
These implementations have significantly reduced the effectiveness of info-stealing malware. However, this session will demonstrate potential vulnerabilities in these security measures and explain how to obtain decrypted cookies despite these protections. We will examine the new format specifications and encryption methodologies for cookies.
Beyond Chromium-based browsers, we'll explore Gecko's encryption algorithms, which involve structured ASN.1 data formats with multiple encryption schemes including 3DES and AES-256. We'll also analyze Chromium on macOS which relies on PBKDF2 key derivation, and WebKit-based browsers that store cookies in binary cookie files.
Additionally, we'll discuss Chrome's forthcoming "Device Bound Session Cookies" (DBSC) technology, which aims to further mitigate session hijacking through cookie theft by implementing TPM chip-based encryption and requiring proof of possession of the cryptographic key.
SpeakerBio: Rafael FelixRafael has been working with malware development for 4 years, also being involved in the malware community for more than 6 years. He is also experienced in Incident and Response, specifically during malware inner workings analysis. Currently, Rafael is a researcher for Hakai Offensive Security, being deeply involved with red-team operations.
- ics Calendar file
This session explores advanced security mechanisms implemented by major browsers to prevent cookie theft from their storage databases. Chrome has recently implemented AppBound encryption, which provides multi-layered protection for session cookies:
1) A 2-way DPAPI encryption system that operates with both elevated NT AUTHORITY\SYSTEM permissions and normal user-level decryption capabilities;
2) A state-key encryption layer utilizing the ChaCha20Poly1305 algorithm with custom keys (that once was AES-256-GCM encrypted);
These implementations have significantly reduced the effectiveness of info-stealing malware. However, this session will demonstrate potential vulnerabilities in these security measures and explain how to obtain decrypted cookies despite these protections. We will examine the new format specifications and encryption methodologies for cookies.
Beyond Chromium-based browsers, we'll explore Gecko's encryption algorithms, which involve structured ASN.1 data formats with multiple encryption schemes including 3DES and AES-256. We'll also analyze Chromium on macOS which relies on PBKDF2 key derivation, and WebKit-based browsers that store cookies in binary cookie files.
Additionally, we'll discuss Chrome's forthcoming "Device Bound Session Cookies" (DBSC) technology, which aims to further mitigate session hijacking through cookie theft by implementing TPM chip-based encryption and requiring proof of possession of the cryptographic key.
SpeakerBio: Rafael FelixRafael has been working with malware development for 4 years, also being involved in the malware community for more than 6 years. He is also experienced in Incident and Response, specifically during malware inner workings analysis. Currently, Rafael is a researcher for Hakai Offensive Security, being deeply involved with red-team operations.
- ics Calendar file
Come stop by for our first offical event where we will have custom stickers for VX Underground, Skyhopper, and more!
- ics Calendar file
Ben Sadeghipour, better known as NahamSec, is an ethical hacker, content creator, and keynote speaker. Over his career, Ben has uncovered thousands of security vulnerabilities for major organizations, including Amazon, Apple, Zoom, Meta, Google, and the U.S. Department of Defense. As a top-ranked bug bounty hunter, he is deeply passionate about cybersecurity education, regularly sharing his knowledge through his popular YouTube channel and speaking at major conferences like DEFCON and BSides. Beyond his personal achievements, Ben is committed to building the security community, organizing events that foster collaboration, innovation, and the next generation of offensive security professionals.
SpeakerBio: Justin "rhynorater" Gardner, Advisor at CaidoI'm a full-time Bug Bounty Hunter and Host of the Critical Thinking - Bug Bounty Podcast. I also work as an Advisor for Caido (HTTP Proxy). When I'm not putting in reports or disseminating technical info on the pod, I'm normally spending time with my wife and 2 daughters, lifting heavy things, playing volleyball, or getting folded in BJJ
SpeakerBio: Katie "InsiderPhD" Paxton-Fear, Principal Security Researcher at Traceable by HarnessDr Katie Paxton-Fear is an API security expert and a Security Advocate at Semgrep, in her words: she used to make applications and now she breaks them. A former API developer turned API hacker. She has found vulnerabilities in organizations ranging from the Department of Defense to Verizon, with simple API vulnerabilities. Dr Katie has been a featured expert in the Wall Street Journal, BBC News, ZDNet, The Daily Swig and more. As she shares some of the easy way hackers can exploit APIs and how they get away without a security alert! Dr Katie regularly delivers security training, security research, to some of the largest brands worldwide. She combines easy-to-understand explanations with key technical details that turn security into something everyone can get.
SpeakerBio: Jeronimo Anaya
- ics Calendar file
🛰️⚡ Can you keep Taiwan connected?
Come play Taiwan Digital Blockade Lite at the Maritime Hacking Village @ DEF CON 33 — a fast-paced attacker-defender wargame adapted from a US Naval War College scenario.
🎲 In a 25-30 minute dice game, you’ll face off over Taiwan’s vulnerable critical infrastructure: communications cables, power grids, satellite links.
One side launches cyberattacks, sabotage, and electronic warfare to shut it all down. The other scrambles to keep the lights and the data on.
Whether you are a seasoned ICS practitioner, or a complete noob, the game is fun, fast, and thought provoking.
SpeakerBio: Jason Vogt, USNWCJason Vogt is an assistant professor in the Strategic and Operational Research Department, Center for Naval Warfare Studies at the United States Naval War College. Professor Vogt is a cyber warfare and wargaming expert. He has participated in the development of multiple wargames at the United States Naval War College. He previously served on active duty as an Army officer.
- ics Calendar file
When Russia launched its full-scale invasion of Ukraine in February 2022, scholars and archivists were concerned that if the web presence of Ukraine's cultural heritage institutions (libraries, archives, museums, and other community organizations) fell into Russian hands, Putin's vision for rewriting Ukrainian history could become reality. Saving Ukrainian Cultural Heritage Online (SUCHO) started as a rapid-response data rescue effort to archive these websites in a distributed way to ensure no single point of failure could delay the project working around the clock. Access was a priority in choosing a tool suite, to accommodate a volunteer pool that expanded to include elders and children. This talk reflects on the several threads of access that SUCHO has focused on, including managing security/privacy concerns, getting physical hardware to organizations in a war zone, providing a platform for publishing newly digitized material, and preserving/annotating the ephemeral cultural heritage of war memes. Since January 2025, the hypothetical concerns that drove SUCHO have become a reality in the context of US government websites and datasets. The talk concludes with lessons learned over the course of SUCHO that shape the work that SUCHO "alumni" are currently doing to ensure ongoing access to at-risk data in the US.
SpeakerBio: Quinn DombrowskiQuinn Dombrowski is one of the co-founders of Saving Ukrainian Cultural Heritage Online (SUCHO), and an Academic Technology Specialist in Stanford's Division of Literatures, Cultures, and Languages, and in Stanford Libraries. Given a computer lab to manage in 2018, Quinn got rid of the ancient computers, bought some sewing machines, and put up a sign calling it the Textile Makerspace. Then people started to believe it, and fund it, and now Quinn teaches Data Visualization with Textiles there every spring and manages a space full of sewing machines, looms, crochet hooks, and multiple hacked digital knitting machines. Quinn has served as co-president of the Association for Computers and the Humanities (the US-based organization for Digital Humanities), and founded The Data-Sitters Club, a project that walks through, step-by-step, how to use different computational tools and methods for literature. They have incorporated textile data encoding into their work in various forms, including weaving all the data (grading, attendance, readings, complaint emails) from an AI class they taught, knitting all regularly-scheduled meetings and when they were canceled in 2022, and visualizing the distribution of references to computers, librarians, and archives across "Star Trek" novels.
- ics Calendar file
IP blocklists rot in minutes; fingerprints persist for months. Finch is a lightweight reverse proxy that makes allow, block, or route decisions based on TLS and HTTP fingerprints (JA3, JA4, JA4H, and HTTP/2), before traffic reaches your production servers or research honeypots. Layered on top, a custom AI agent monitors Finch’s event stream, silences boring bots, auto-updates rules, and even crafts stub responses for unhandled paths; so the next probing request gets a convincing reply. The result is a self-evolving, fingerprint-aware firewall that slashes bot noise and turns passive traps into dynamic deception.
SpeakerBio: Adel Karimi, Member of Technical Staff at OpenAIAdel is a security engineer at OpenAI with deep expertise in detecting and responding to “badness.” Outside of work, he builds open-source tools focused on threat detection, honeypots, and network fingerprinting—such as Finch, Galah, and Venator—and escapes to dark corners of the world to capture the beauty of the night sky.
- ics Calendar file
- ics Calendar file
Ink your vibe, temporarily. Choose from hacker and privacy-themed designs and apply them on the spot with our DIY tattoo station. Fun, expressive, and perfect for selfies, this bar lets you wear your identity proudly without a lifetime commitment.
- ics Calendar file
Designed for wireless security testing and autonomous reconnaissance, Tengu Marauder v2 is a multi-terrain open-source robotic platform. Built around a Raspberry Pi and using ROS2, it combines real-time motor control, RF monitoring, and sensor data streaming to facilitate remote operations in challenging environments. Over the initial architecture, the v2 platform brings major enhancements in system modularity, communication security, and operational flexibility. Designed for safe remote access using encrypted VPN tunnels, the robot allows internet-based control and telemetry without endangering the system to direct network threats. Tengu Marauder v2 provides a tough, scalable basis for incorporating autonomy and cyber capabilities into your mobile security toolset whether used for off-grid automation, robotics teaching, or red teaming.
Speakers:Lexie "L3xic0n" Thach,Munir MuhammadLexie has worked in cybersecurity for ten years in various positions. During this time, she developed a strong affinity for electrical engineering, programming, and robotics engineering. Despite not having a traditional academic background, she has extensive hands-on experience from her eight years in the US Air Force, specializing in cybersecurity and tactical networks for aircraft missions and operations. Her focus on securing and testing the security of autonomous systems stems from these experiences, and she is passionate about sharing the techniques she has learned. She currently runs a local hackerspace in Philadelphia in support of DC215 called the Ex Machina Parlor where anyone can come to learn new hacking tools, try to build offensive or defensive security robots, and use 3D printers on standby for any prototyping people want.
SpeakerBio: Munir MuhammadMunir is a cybersecurity intern with the City of Philadelphia and a senior in college. He’s focused on learning how to keep computer systems safe from threats. He is especially interested in defensive security and enjoys finding new ways to protect networks and data. He is active in local tech meetups, works on open-source security projects, and is a member and community engagement coordinator at EMP (Ex Machina Parlor), a Philadelphia hackerspace where people can explore new hacking tools, build security robots, and use 3D printers for prototyping. He also supports students as a teaching assistant for software engineering courses. He is looking forward to meeting new people at DEF CON, learning from the community, and helping newcomers find their way into cybersecurity.
- ics Calendar file
Join our dynamic and engaging talk, designed specifically for beginners, as we dive into the world of command line mastery. Learn the essential tools and techniques of the Linux terminal, just like a hacker! From navigating the filesystem to using powerful pipelines, you'll leave this session armed with the skills to conquer the command line like a true pro.
SpeakerBio: alchemy1729, Master of Science Student at Arizona State Universityalchemy1729 is a Master of Science student at Arizona State University, conducting cybersecurity research at SEFCOM. He developed CTF Archive, the largest open-source collection of archived Capture the Flag challenges from the past decade, all fully playable on pwn.college. Currently, he is exploring how large language models can enhance cybersecurity education by integrating them into the pwn.college platform.
- ics Calendar file
This session will walk you through setting up a mobile testing environment and extracting APKs from installed apps. You’ll also explore how to locate and analyze sensitive data stored locally, including shared preferences, databases, and more.
SpeakerBio: Grigoris Papoutsis, Senior Training Developer at Hack The BoxGrigoris is a Senior Training Developer at Hack The Box. He is passionate about Mobile Security and creating innovative content for cybersecurity Training. In addition to his role, Grigoris also teaches Mobile Application Security at the University of Piraeus. He graduated with an M.Sc. degree in Digital Systems Security, and he holds a B.Sc. in Computer Science with a specialization in Software Development. Grigoris has previously worked as a Penetration Tester, and he has been one of the founders and a core member of the cybersecurity research group INSSec at the University of West Attica since 2019.
- ics Calendar file
What do you do when your blind XXE is non functional when egress-out is seemingly blocked? What do you do when there are strict filters for your full read SSRF vulnerability? Modern infrastructure on the cloud has many nuances, especially with trust boundaries. This talk goes through how we can push these boundaries and achieve our offensive security goals by abusing easy to spin up infrastructure or techniques. The internet is a different place depending on where you're coming from.
This talk dives deep into various techniques to test poorly configured trust boundaries and how to use them to find critical vulnerabilities. We will also demonstrate a tool we've built, Newtowner, to automate finding these issues.
Speakers:Michael Gianarakis,Jordan MaceyMichael Gianarakis is the Co-founder and CEO of Assetnote, a pioneer in the Attack Surface Management (ASM) space and a recognized leader in helping organizations continuously monitor and secure their external attack surfaces. In 2025, Assetnote was acquired by Searchlight Cyber, where Michael now leads enterprise product.
SpeakerBio: Jordan Macey, Assetnote
- ics Calendar file
Delegated Managed Service Accounts (dMSA) are Microsoft’s shiny new addition to Active Directory in Windows Server 2025. Their primary goal was to improve the security of domain environments. As it turns out, that didn’t go so well.
In this talk, we introduce BadSuccessor - an attack that abuses dMSAs to escalate privileges in Active Directory. Crucially, the attack works even if your domain doesn’t use dMSAs at all.
We’ll demonstrate how a very common, and seemingly benign, permission in Active Directory can allow us to trick a Domain Controller into issuing a Kerberos ticket for any principal - including Domain Admins and Domain Controllers. Then we’ll take it a step further, showing how the same technique can be used to obtain the NTLM hash of every user in the domain - without ever touching the domain controller.
We’ll walk through how we found this attack, how it works, and its potential impact on AD environments
References:
Yuval Gordon is a Security Researcher at Akamai Technologies, specializing in Active Directory security and identity-based attacks. Yuval's research is focused on offensive security, malware analysis, and threat hunting.
- ics Calendar file
- ics Calendar file
Not every team has a security budget. Not every project has a dedicated AppSec engineer. But every product exposed to the internet needs some level of security to survive.
This talk explores what I call “The AppSec Poverty Line” also known as ‘Minimal Viable Security” — the minimum viable set of practices, tools, and cultural shifts that under-resourced dev teams can adopt to meaningfully improve application security. Whether you're a startup with no security hires, an independent dev, or part of a team that doesn’t have a security budget, this talk will help you prioritize what actually matters.
We’ll cover practical approaches to getting from zero to secure-ish, with a focus on: • Training developers to write more secure code, and spot unsafe code • Cultivating a security-positive culture • Leveraging open-source tools that punch above their weight • Knowing when “good enough” really is enough — and when it’s not
SpeakerBio: Tanya "SheHacksPurple" Janca, Security Advocate at SemgrepTanya Janca, aka SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Secure Coding', 'Alice and Bob Learn Application Security’ and the ‘AppSec Antics’ card game. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger. Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counter-terrorism, led security for the 52nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software. Tanya currently works at Semgrep as a Security Advocate.
- ics Calendar file
- ics Calendar file
Since Swift's introduction in 2014, we have observed more malware authors using this language. With malware targeting macOS continues to rise, it is important for malware reverse engineers to be equipped with the knowledge they need to analyze them. In this talk, we will first start with an introduction to the language including how weird Swift strings are, how classes are represented, bridging between Objective-C, etc. After this intro, we will dive into the analysis of interesting Swift compiled samples and use the fundamentals to analyze them effectively.
SpeakerBio: Chistopher Lopez
- ics Calendar file
- ics Calendar file
- ics Calendar file
Ever wanted to know the design process behind creating your own PCB badge? Join Austin as he shares the journey of building Malware Village’s first official DEF CON badge - covering everything from concept sketches to a fully assembled board. Get a look at the creative and technical challenges behind joining #badgelife.
SpeakerBio: Austin Worline
- ics Calendar file
We’re stuck in a cycle of bug bounties, vulnerability reports, and endless patching - yet the same issues keep resurfacing. Even after years of "shifting left", vulnerabilities still reach production, keeping security teams in firefighting mode.
What if we could eliminate entire bug classes instead of fixing them one by one?
This talk explores how modern browser security features can automate and scale protection - without relying solely on developers to remember best practices. Opt-in mechanisms like Content Security Policy v3, Trusted Types, and Sec-Fetch-Metadata offer powerful defenses against XSS, CSRF, clickjacking, and cross-origin attacks.
We'll show how these new, underused browser capabilities - which simply didn’t exist a few years ago - enable secure-by-default architectures. Real-world examples will demonstrate practical integration strategies, automated security headers, secure defaults, and ways to track adoption and impact.
SpeakerBio: Javan Rasokat, Application Security Architect and Security ResearcherJavan is a Senior Application Security Specialist at Sage, helping product teams enhance security throughout the software development lifecycle. On the side, he lectures Secure Coding at DHBW University in Germany. His journey as an ethical hacker began young, where he began to automate online games using bots and identified security bugs, which he then reported to the game operators. Javan made his interests into his profession and began as a full stack web and mobile engineer before transitioning into a passionate security consultant. Javan holds a Master’s degree in IT Security Management and several certifications, including GXPN, AIGP, CISSP, CCSP, and CSSLP. He has shared his research at conferences, including OWASP Global AppSec, DEFCON, and HITB.
- ics Calendar file
In the run up to Google’s plans to dump 3rd party cookies, marketing firms (a $1.7 TRILLION dollar industry) were sent into a complete panic. These firms relied heavily on 3rd party cookies in order to better attribute CPM (cost per 1000 clicks) and how many of those clicks turned into sales. So advertisers could better study human behavior and trends in order to more effectively sell products.
As a former Security Engineer at the Largest Independent Digital Marketing firm in the world, I had a unique view into the evils that these companies were developing in order to not only maintain a few into consumer trends but to increase these views, increase the invasiveness of these techniques, and increase the cooperation between all levels of the industry from display point (streaming service), device point (iPhone, TV), location points (via ISP), to sales point.
This talk is a peek under the curtain for the server side data harvesting that agencies have developed, and how they’ve managed to twist this further invasion into so-called consumer protection and increased privacy.
SpeakerBio: 4dw@r34dw@r3 (they/them) is a dedicated security and risk management expert with extensive experience navigating complex environments. Sean excels at developing a comprehensive understanding of intricate systems and crafting strategic roadmaps to revitalize security programs. By identifying high-risk areas and optimizing the use of existing resources, Sean removes barriers between teams to enhance communication and coordination, driving effective security outcomes. Beyond their professional pursuits, Sean finds joy in backpacking through the mountains with their adventurous Australian Shepherd and twins, embracing the serenity of nature and the thrill of exploration.
- ics Calendar file
Diana Initiative is excited to offer up a "Quiet Room". This room is a library vibes environment where people can calm down or recharge before going back out to experience more DEF CON, or even safely have a meltdown, stim, and take time to recenter. In our library area we will have fidget toys, coloring pages and more.
- ics Calendar file
Diana Initiative is excited to offer up a "Quiet Room". This room is a library vibes environment where people can calm down or recharge before going back out to experience more DEF CON, or even safely have a meltdown, stim, and take time to recenter. In our library area we will have fidget toys, coloring pages and more.
- ics Calendar file
Cloud environments are vast, complex, and often opaque—even to their owners. In this talk, we expose how AWS’s design decisions around default service roles and resource naming patterns created hidden privilege escalation paths that could lead to full AWS account takeover.
We begin by introducing the concept of Shadow Resources—S3 buckets automatically relied upon by internal AWS services, which users don’t create or control directly, but are referenced implicitly. We show how attackers could preemptively claim these buckets in unused regions using predictable naming conventions (like aws-glue-assets-{AccountID}-{Region}), planting malicious content or intercepting trusted workflows. This silent hijacking technique breaks the assumed isolation between services and accounts.
From there, we pivot to Shadow Roles—default IAM roles created or recommended by AWS services such as SageMaker, Glue, and EMR. These roles often come with dangerously over-permissive policies (e.g., AmazonS3FullAccess). With these roles in place, any compromised service becomes a launchpad: we demonstrate how importing a single malicious Hugging Face model into SageMaker enables an attacker to silently backdoor Glue jobs across the entire account by tampering with trusted S3.
Finally, we share findings from our AWS Glue research, where we discovered that the /etc/passwd file was writable within the container environment, enabling local privilege escalation to root. From there, we were able to extract the real IAM credentials assigned to the underlying managed service instance via IMDSv2—credentials that belonged to AWS’s internal Glue account. These credentials granted access to sensitive internal APIs and allowed enumeration of infrastructure metadata across other users, demonstrating that the managed runtime could serve as an unexpected vector for privilege escalation and cross-tenant exposure.
This layered attack path—from shadow resources to shadow roles to breaking the runtime isolation of managed services—demonstrates a critical but overlooked risk in cloud architecture.
In this talk, we’ll share how our investigation began with a single misconfigured resource and evolved into a broader exploration of AWS's internal service trust model. We’ll walk through the methodology that helped us uncover these vulnerabilities and highlight how each discovery opened the door to the next—using specific privilege escalation techniques to chain across services and amplify impact. Expect a technical deep dive, real-world attack flows, and a new lens on how seemingly isolated misconfigurations can lead to complete compromise.
SpeakerBio: Yakir KadkodaYakir Kadkoda is the Director of Security Research at Aqua’s research team, Team Nautilus. He specializes in vulnerability research, uncovering and analyzing emerging security threats and attack vectors in cloud-native environments, supply chain security, and open-source projects. Before joining Aqua, Yakir worked as a red teamer. He has presented his cybersecurity research at leading industry conferences, including Black Hat (USA, EU, Asia), DEF CON, RSAC, SecTor, CloudNativeSecurityCon, STACK, INTENT, and more
- ics Calendar file
Election technology is an important piece of the critical infrastructure that supports our democracy. Federal and State certification programs are designed to ensure that this infrastructure operates safely, securely, accurately, and in accordance with established federal and state requirements. This presentation discusses the value of state certification programs as a supplement to the federal certification process to ensure that critical issues are identified before systems are deployed for use in elections and to push vendors to develop more robust and effective systems.
Speakers:Christina Worrel Adkins,Charles PinneyChristina Adkins is Director of the Elections Division of the Texas Secretary of State's office. She previously served as acting elections director, and prior to that she was the legal director for the elections division. She has worked at the agency since 2012. She is a recognized leader in the election community for her legal and technological expertise in certifying voting systems and ensuring county officials are trained to comply with the Texas Election Code.
SpeakerBio: Charles Pinney, Senior Staff Attorney, The Texas Secretary of State's Office
- ics Calendar file
Quantum computing is a rapidly emerging field which promises immense computational capabilities to solve some of the most challenging problems which are currently intractable on conventional classical systems. Likewise, quantum computing is expected to create unique opportunities and challenges in the areas of security and privacy. In this talk, I aim to cover a broad range of topics highlighting the nexus between security and quantum systems. Specifically, I will demonstrate how integrating quantum computing in artificial intelligence could lead to highly robust and trustworthy autonomous systems with applications ranging from military systems to autonomous vehicles. I will also explore security in the context of quantum computing in shared environments where an adversary can generate disruptive attacks to sabotage the execution of quantum algorithms. Finally, I will discuss the idea of spy qubits for intelligence gathering which can secretly learn activities on a quantum processor without being identified by the users.
SpeakerBio: Muhammad Usman, CSIRO’s Data61
- ics Calendar file
In 2014, someone by the name of Spencer Lucas released the “One Bitcoin Book“, a set of 20 clues that when solved, unlocked a bitcoin wallet containing one bitcoin (then valued at ~$400). Over 10 years and a six-figure price tag later, it remained unclaimed. In December 2024, the prize was finally claimed through a combination of human-solved solutions and a custom module for Hashcat designed to test various combinatorial possibilities for the unknown or uncertain clues.
This talk will cover the puzzle itself, how the answers unlocked the prize (through the brainwallet process), and the development of a custom Hashcat module to crack brainwallet passphrases using cheap, cloud-based GPU power. It will also discuss the challenges encountered along the way and the troubleshooting approaches used to overcome them.
References:
Joseph Gabay is a security researcher, hardware hacker, and robotics engineer with a passion for reverse engineering and tackling unique challenges. At DEF CON 29, they presented DoS: Denial of Shopping, where they analyzed and exploited shopping cart immobilization systems, and expanded further upon that work at DEF CON 31. Their work and research focuses on integrating knowledge from a diverse set of domains to deeply understand systems and uncover unique insights about their design and potential vulnerabilities.
- ics Calendar file
Google security leader Heather Adkins will discuss the transformative impact of AI on cybersecurity, highlighting its dual nature as both a powerful tool for innovation and a new weapon for malicious actors. She'll explore how cybercriminals are initially using AI for their pursuits, while the security community makes important strides in harnessing its power for everything from consumer scam detection, to vulnerability research. She'll also emphasize the need for collective, responsible innovation to further expand AI's power and build a safer digital future for everyone.
SpeakerBio: Heather Adkins, Google
- ics Calendar file
In the spirit of economic development, cities often compete for the attention of large corporate brands, especially ""Big Tech"", to settle in their communities creating attractive incentives like tax-breaks and favorable construction terms. Residents in the affected communities get excited about the prospect of new jobs or career growth. With the recent explosion of the everyday use of Artificial Intelligence (AI) changing work and life as we know it in society, cities want to be known as technology leaders or at least early adopters. And in today's evolving world, one of Cybersecurity's main functions is to not only enable the business but also just as importantly managing risk for the business. As professionals, we have an obligation to ensure that solutions our organizations develop, especially those involving AI, promote benefits to not only the organization but also society and do not cause harm to the environment. In this session, we will explore Cybersecurity's role to understand potential and realized risks of accommodations to secure and implement ""Big Tech"" initiatives in communities with respect to energy, water, and waste systems. Attendees will be exposed to the use of risk management frameworks to identify and mitigate these risks and drive sustainable outcomes as well as the situational applicability of ethics in the cybersecurity profession. Case studies and statistics will be citied from various real-world communities, including black communities. While some case discussed will be resolved with implemented remediations, others will be on-going with the opportunity to explore potential solutions.
SpeakerBio: Joy Toney, Senior Program Consultant at AIM for Change, LLCJoy Toney serves as a Senior Program Consultant for AIM for Change, LLC. Joy’s career successes are mapped over 20+ years professional experience, both people leader and individual contributor roles, in non-profit, consumer services, government contracting, and transportation. Joy enjoys utilizing her skills in process and performance improvement, software development, information security, quality assurance, project management, talent management, and organizational change management. She’s a CISSP, CCSP, SHRM-CP, Security Awareness and Culture Professional, Prosci Certified Change Practitioner, certified Google AI Leader, and CompTIA Pentest+ credential holder. Joy is a 2024 National Community College Cybersecurity Program Fellow and Microsoft Certified Educator. Joy has served as an advisor to non-profit boards and committees. Joy holds an MBA with a concentration in Management Information Systems from the University of Memphis as well as a Masters in Cybersecurity and Information Assurance from Western Governor’s University
- ics Calendar file
Quantum computing is no longer a distant theory, but accelerating toward reality, threatening the cryptographic foundations of today’s cybersecurity. In this forward-looking 30-minute talk, QSE Group's CEO Ted Carefoot & CTO Sean Prescott break down both the technical aspects of what vulnerabilities exist in today's cryptographic systems in a Post Quantum Computing (PQC) world, the science behind it, and how actors can exploit these vulnerabilities, as well as what potential tools they could use to do so. Part 1 – Quantum Threats Unveiled: Sean explains the real-world vulnerabilities exposed by quantum algorithms like Shor’s and Grover’s, and what this means for VPNs, certificates, secure messaging, and enterprise infrastructure. Part 2 - Learn about the roles of Kyber and Dilithium, two leading candidates for quantum-safe encryption, and how they are being prepared for deployment. Part 3 – Preparing for PQC era, a final discussion point on the importance of ensuring organizations are fundamentally in order, preparing for PQC risks and contingencies now, and ensuring they are aware and aligning with evolving global regulatory standards. This session gives security leaders, compliance experts, developers, or policymakers, clarity understanding what’s at risk, and suggest where we go next. Keywords: Quantum Security, Post-Quantum Cryptography, PQC Standards, Kyber, Dilithium, Shor’s Algorithm, NIST PQC, Cybersecurity Ethics, Quantum Risk, Cryptographic Agility, Governance & Compliance
Speakers:Sean Prescott,Ted Carefoot
- ics Calendar file
In the 1960s, the United States launched a radio-based weather information system broadcasting over the VHF band, known as Weather Radio.
Over time, Weather Radio expanded to cover the entire US and incorporated digital information through the SAME (Specific Area Message Encoding) protocol, allowing receivers to filter alerts by location and type, among other features.
Eventually, both Weather Radio and the SAME protocol were adopted by countries like Canada and Mexico for their own public alerting systems.
In Mexico, this solution was integrated into the Mexican Seismic Alert System (SASMEX), which over 30 million people in central Mexico rely on to prepare for the region’s frequent earthquakes. While new alerting technologies have emerged, this system still broadcasts messages to millions of receivers across North America. But how reliable are the systems responsible for warning entire cities when they need to seek safety?
In this talk, we will explore the history and design of Weather Radio and the SAME protocol. We’ll examine how messages are transmitted and encoded through this technology, and how it was adapted in Mexico for SASMEX.
I will also share my personal experience building compatible receivers: from early curiosity-driven experiments to developing a receiver as part of my undergraduate thesis.
We’ll analyze how the simplicity, a key strength of these systems, also introduces certain risks, and how these kinds of trade-offs arise when balancing accessibility, interoperability, and security in the design of any system.
In particular, we’ll explore a concerning aspect: how, with the right equipment, it is surprisingly easy for anyone to generate these alert signals, taking advantage of the open nature of the broadcasts and the lack of mechanisms to verify the origin of received messages.
Beyond the technical exploration, this talk is also a personal story of my multi-year journey into this topic, with the goal of inspiring others with what I consider to be the core of hacking: the curiosity to deeply understand how systems work, explore their boundaries, and share that knowledge.
SpeakerBio: Manuel RábadeComputer Engineer from Mexico City. Software engineering manager by profession. Experiments with software, hardware, and radio communications in free time.
- ics Calendar file
The 2023 loss of the Titan submersible was a tragic wake-up call that exposed dangerous gaps in safety oversight, design practices, and regulation in extreme maritime environments. As leader of the international search-and-rescue response, I witnessed firsthand the human consequences of operating innovative technologies in legal gray zones without sufficient safeguards. Titan's creators leveraged regulatory loopholes to push design boundaries, dismissing expert warnings and bypassing standard safety certifications. This same pattern of unchecked innovation, inadequate oversight, and hubris mirrors critical vulnerabilities now facing maritime cybersecurity. Just as Titan’s passengers unknowingly placed trust in untested designs, vessels today rely increasingly on digitally interconnected yet inadequately secured systems, creating risks that could lead to catastrophic failures. Harsh environmental conditions and remote operations compound the potential impacts of maritime cyber incidents, paralleling Titan’s tragic fate. This paper connects the painful lessons from the Titan tragedy to urgent maritime cybersecurity needs—arguing for clear international regulation, rigorous independent testing, and proactive incident response planning—to prevent similar disasters at sea.
References:
This presentation will be a combination of my own experiences, the evidence collected during the TITAN Marine Board of Investigation and reports from U.S. Coast Guard cyber command and other sources regarding maritime cybersecurity. The TITAN investigation is available here: link
Maritime Cybersecurity references are available here: link
SpeakerBio: John Mauger, PORTS LLC, , Rear Admiral , USCG (Ret.)Rear Admiral John W. Mauger, USCG (Ret.) is a seasoned executive with over 33 years of leadership experience in the maritime industry, national security, and cyber operations. Known for his foresight, innovative approach to problem solving, and ability to drive change, John has left an indelible mark on every role he’s undertaken—from commanding complex Coast Guard operations to shaping the future of cyber defense.
As Commander of the First Coast Guard District, he led over 12,000 people and oversaw critical port operations in New England, deploying innovative technologies like counter-drone systems to enhance security. John's leadership during the TITAN capsule search and recovery at the TITANIC site highlighted his ability to lead complex crises in the international spotlight.
At U.S. Cyber Command, John revolutionized cyber training, developing a cloud-based environment that modernized cyber exercises and increased readiness. John also served as the Coast Guard’s first Executive Champion the National Naval Officers Association, mentoring future leaders and driving organizational change.
Earlier in his career, John led key regulatory projects for both domestic and international shipping. His work protected mariners and the environment, created new markets for alternative fuels, and established a new international code to safeguard vital Polar regions.
Now leading (PORTS) LLC, John uses his diverse expertise to help clients plan for and navigate complex challenges in the maritime and critical infrastructure industries while enhancing personnel and team performance through effective training.
- ics Calendar file
The DEF CON Shoot is a public event that happens just prior to the DEF CON hacker conference in Las Vegas, Nevada. It is an opportunity to see and shoot some of the guns belonging to your friends while taking pride in showing and firing your own steel, as well, in a relaxed and welcoming atmosphere. We choose a spot, then we rent tables, canopies, and bring all the necessary safety equipment and amenities. All you need to bring yourself and (optionally) your firearms. New shooters and veterans both attend regularly. You can attend with your firearms, of course, but folk without guns of their own in Vegas may have the opportunity to try gear from others in attendance. Admission costs are intentionally kept low, just so we can break even on expenses for the amenities provided.
Offsite - Pro Gun Vegas Address: 12801 US 95 South. Boulder City, NV 89005
- ics Calendar file
Fixing security bugs is part of a dev’s job, but it can also be a one-way ticket to dependency hell because 95% of upgrades have the potential to cause breaking changes! In this lottery inspired game, you’ll play the odds to see how many vulnerabilities you can eliminate (and get back to writing code) without breaking the application.
SpeakerBio: Jenn Gile
- ics Calendar file
Desktop applications are the forgotten attack surface of bug bounty hunting. They're usually out of scope, but they talk to assets that aren't. In this talk, I'll share how I've earned bounties by targeting desktop apps directly or leveraging them to find bugs in paying assets.
We'll start with traffic interception. Unlike browsers, desktop apps don't always like proxies. I'll walk through my bag of tricks for viewing and modifying traffic, revealing hidden APIs not exposed in the web interface, broken OAuth flows, and secrets leaking in requests.
Next item on the menu are binaries. This won't be a full-blown reverse engineering course, but I'll show how tools like Ghidra, dnSpy, and even strings have helped me extract secrets from binaries, bypass client-side checks, and uncover logic flaws. We'll also look at how Process Monitor has helped me observe app behavior and uncover where secrets are stored.
Finally, I'll build on my previous DEF CON village talk about jumping the browser sandbox, sharing my now disclosed bugs in protocol handlers and local HTTP servers that led to five-figure bounties.
If you've been ignoring desktop apps in your bounty hunting, this talk might change your mind—and your bank account.
SpeakerBio: Parsia "CryptoGangsta" Hakimian, Offensive Security Engineer at MicrosoftParsia is an offensive security "engineer" at Microsoft. While not a full-time hunter, he has learned a great deal from hunts and the bug bounty community. He spends most of his time reading code and experimenting with static and dynamic analysis -- but wishing he was gaming.
Parsia has previously presented at DEF CON's main venue and the AppSec Village. When not breaking (or fixing) things, he plays videogames, D&D, spends time with family outside - and, as his wife jokes, "subjects himself to the tax and immigration systems of US and Canada".
- ics Calendar file
TheTimeMachine is an offensive OSINT and bug bounty recon suite that revives forgotten endpoints from the past using the Wayback Machine. Designed for red teamers, CTF players, and bounty hunters, it automates historical data mining, subdomain extraction, parameter harvesting, and endpoint fuzzing for vulnerabilities like XSS, open redirect, LFI, and SQLi. The suite also integrates a powerful JWT analysis engine to extract, decode, and highlight juicy fields from tokens hidden in archived URLs. TheTimeMachine also hunts leaked archives and even verifies whether archived snapshots are still live. With colorful terminal output, modular CLI tools, and support for custom wordlists, this tool resurrects the buried past to exploit the forgotten future. Dead links don’t die here—they just get reconned harder.
Speakers:Arjun "T3R4_KAAL" Chaudhary,Anmol "Fr13nd0x7f" K. SachanArjun is a dedicated and certified cybersecurity professional with extensive experience in web security research, vulnerability assessment and penetration testing (VAPT), and bug bounty programs. His background includes leading VAPT initiatives, conducting comprehensive security risk assessments, and providing remediation guidance to improve the security posture of various organizations. With a Master's degree in Cybersecurity and hands-on experience with tools such as Burp Suite, Wireshark, and Nmap, he brings a thorough understanding of application, infrastructure, and cloud security. As a proactive and self-motivated individual, he is committed to staying at the forefront of cybersecurity advancements. He has developed specialized tools for exploiting and mitigating vulnerabilities and collaborated with cross-functional teams to implement effective security controls. His passion for cybersecurity drives him to continuously learn and adapt to emerging threats and technologies. He is enthusiastic about contributing to innovative security solutions and engaging with the broader security community to address complex cyber threats. He believes that the future of cybersecurity lies in our ability to innovate and adapt, and he is dedicated to making a meaningful impact in this field.
SpeakerBio: Anmol "Fr13nd0x7f" K. SachanAnmol is a security consultant at NetSPI with expertise in web, API, AI/ML, and network penetration testing as well as attack surface management and offensive security automation. He has reported to over 50 organizations via VDPs, discovered multiple CVEs, and co-founded cybersecurity communities like CIA Conference and OWASP Chandigarh. He is also an active open-source contributor — his tools like WayBackLister, ThreatTracer, The Time Machine, and more have collectively earned over 600 GitHub stars. He is passionate about red teaming and building tools that enhance real-world security assessments.
- ics Calendar file
AI is rapidly reshaping healthcare—from diagnostics to mental health chatbots to surveillance inside EHRs—often without patient consent or clear oversight. The Patient AI Rights Initiative (https://lightcollective.org/patient-ai-rights/) lays out the first patient-authored ethical framework for Health AI. Now it’s time to test it like any other system: for failure, bias, and exploitability.
We’ll introduce the 7 Patient AI Rights and challenge participants to stress test them through the lens of security research. Working in small groups, you'll choose a Right and explore how it could break down in the real world.
Together, we’ll co-create early prototypes for a “Red Teaming Toolkit for Health AI” to evaluate Health AI systems based on the priorities of the people most impacted by them: patients.
This session is ideal for patient activists, engineers, bioethicists, and anyone interested in building accountable, rights-respecting AI systems from the outside in.
SpeakerBio: Andrea Downing
- ics Calendar file
This talk exposes the quiet, lawful erosion of student privacy in higher education. While FERPA was meant to protect student data, its loopholes let colleges share personally identifiable information with third-party contractors—no consent required. Enter non-profit data brokers like the National Student Clearinghouse (NSC), which now aggregate and distribute massive volumes of student data to for-profit partners like Equifax.
SpeakerBio: Sharlene ToneySharlene Toney has been a business analyst on a cross-functional, Agile development team in Enterprise Student Systems at Indiana University since 2013. Her path into IT has been anything but traditional, and she has been known to point out that when she started her undergraduate degree in 1994, she didn't even know what email was. After a B.S. in Education and a Master of Social Work degree, she spent time in non-profit management and collegiate academic advising before signing on as a subject matter expert in academic advising with IU University Informational Technology Services. With a growing interest in the cybersecurity landscape, she returned to school to complete an M.S. in Cybersecurity Risk Management and will finish in May ’26. After 18 years working in the field of higher education, she has focused on learning more about the value of student data, student data pipelines, consent, and privacy. She has not completely said goodbye to her social work roots. Recently, she began training to volunteer with Operation Safe Escape where, with other safety and security professionals, she will work to assist survivors of domestic violence, stalking, and harassment to help them find safety and freedom.
- ics Calendar file
The tides are changing. The seas are the key frontier for power projection and commerce by nations, companies, and militaries -- and surveillance and cybersecurity tradecraft are rapidly reshaping sea-side threat dynamics. Join three of the biggest minds national security to explore threats to the maritime domain as the strategic centerpiece for conflict in the digital age. From port cranes to drug smuggling, and Navy ships to undersea cables, the fight is everywhere.
Speakers:John Mauger,Michael Sulmeyer,Adam SegalRear Admiral John W. Mauger, USCG (Ret.) is a seasoned executive with over 33 years of leadership experience in the maritime industry, national security, and cyber operations. Known for his foresight, innovative approach to problem solving, and ability to drive change, John has left an indelible mark on every role he’s undertaken—from commanding complex Coast Guard operations to shaping the future of cyber defense.
As Commander of the First Coast Guard District, he led over 12,000 people and oversaw critical port operations in New England, deploying innovative technologies like counter-drone systems to enhance security. John's leadership during the TITAN capsule search and recovery at the TITANIC site highlighted his ability to lead complex crises in the international spotlight.
At U.S. Cyber Command, John revolutionized cyber training, developing a cloud-based environment that modernized cyber exercises and increased readiness. John also served as the Coast Guard’s first Executive Champion the National Naval Officers Association, mentoring future leaders and driving organizational change.
Earlier in his career, John led key regulatory projects for both domestic and international shipping. His work protected mariners and the environment, created new markets for alternative fuels, and established a new international code to safeguard vital Polar regions.
Now leading (PORTS) LLC, John uses his diverse expertise to help clients plan for and navigate complex challenges in the maritime and critical infrastructure industries while enhancing personnel and team performance through effective training.
SpeakerBio: Michael Sulmeyer, US DoD (ret.), Georgetown School of Foreign ServiceMichael Sulmeyer will start as Professor of the Practice at the School of Foreign Service's Security Studies Program in the fall of 2025. He most recently served as the first Assistant Secretary of Defense for Cyber Policy and as Principal Cyber Advisor to the Secretary of defense. He has held other senior roles involving cyber-related issues with the U.S. Army, the Office of the Secretary of Defense, U.S. Cyber Command and the National Security Council. In academia, he was a Senior Fellow with Georgetown's Center for Security and Emerging Technology. He holds a doctorate in politics from Oxford University where he was a Marshall Scholar, and a law degree from Stanford Law School.
SpeakerBio: Adam Segal, Council on Foreign RelationsAdam Segal is the Ira A. Lipman chair in emerging technologies and national security and director of the Digital and Cyberspace Policy program at the Council on Foreign Relations (CFR). From April 2023 to June 2024, Segal was a senior advisor in the State Department's Bureau of Cyberspace and Digital Policy, where he led the development of the United States International Cyberspace and Digital Policy. An expert on security issues, technology development, and Chinese domestic and foreign policy, Segal was the project director for the CFR-sponsored Independent Task Force reports Confronting Reality in Cyberspace, Innovation and National Security, Defending an Open, Global, Secure, and Resilient Internet, and Chinese Military Power. His book The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age (PublicAffairs, 2016) describes the increasingly contentious geopolitics of cyberspace. Segal is also the author of Advantage: How American Innovation Can Overcome the Asian Challenge (W.W. Norton, 2011) and Digital Dragon: High-Technology Enterprises in China (Cornell University Press, 2003), as well as several articles and book chapters on Chinese technology policy.
- ics Calendar file
Incident response often feels like drowning in a sea of logs. While LLMs promise a lifeline, simply dropping a chatbot into a DFIR tool is not enough.
This talk pivots from "Can AI analyze logs?" to "How do we build a trustworthy, human-centric AI partner for investigators?" We present our journey integrating a Sec-Gemini Log Reasoning Agent into Timesketch, the open-source forensic timeline analysis platform. Our core focus will be how we built the Log Reasoning Agent and the UX research required to make AI findings verifiable and actionable.
We will deconstruct our design philosophy, which reimagines the analyst's workflow around AI-generated insights and investigative questions. We'll explore the specific UI/UX patterns we developed to empower analysts to seamlessly trace AI conclusions back to the source evidence, fostering a "trust but verify" mindset essential for high-stakes investigations. Attendees will leave with a new framework for thinking about AI in security operations—one that prioritizes human-computer interaction over black-box automation.
Speakers:Diana Kramer,Janosch Köpper,Melinda BaeriswylSecurity Engineer at Google, specializing in digital forensics and incident response. Experience in the video game industry and consulting, working as an incident analyst, security consultant, and security engineer. Currently focused on applying AI and Large Language Models (LLMs) to streamline and enhance incident response workflows, specifically for investigations, automated reporting, and threat analysis.
SpeakerBio: Janosch Köpper, Security Engineer at GoogleJanosch Köpper is a Security Engineer on Google's Incident Response team, where he specializes in digital forensics, incident management and automation. He is a core maintainer of the open-source Timesketch project, used for collaborative forensic timeline analysis.
SpeakerBio: Melinda Baeriswyl, Interaction Designer at GoogleMelinda Baeriswyl, an Interaction Designer at Google, develops tools for the company's detection and response teams. Her extensive understanding of the processes involved in incident response, from suspicious logs to resolution, uniquely positions her to investigate how AI and Large Language Models will enhance human effectiveness.
- ics Calendar file
Running parallel vulnerability submission programs - one paid, one unpaid - is like managing two restaurants with the same kitchen but different menus and expectations. Researchers have strong feelings on this topic but so do businesses operating and funding the programs.
Through data and years of war stories as an owner of connected device programs, this talk exposes the reality of juggling paid bounty programs for product offerings against unpaid programs for operational infrastructure. You'll learn how we made business risk decisions to separate programs, why researchers creatively redefine scope to get paid, why your infrastructure VDP findings might be more critical than your bounty submissions, and how we built a unified process that keeps both programs running without descending into chaos.
Bonus: Discover how we turned scope debates into a positive force that led us to hire our top 2 researchers, enforcement of new software quality practices, and measurable SDLC program improvements that reduced critical findings by 40% year-over-year.
SpeakerBio: Aaron "scriptingxss" Guzman, CISO at CiscoAaron serves as Cisco's Network Devices CISO, securing millions of on-premises and cloud-managed products powering global internet infrastructure. With over 10 years in crowdsourced security—both as researcher and program owner—he drives Cisco's public bug bounty program while launching comprehensive vulnerability disclosure capabilities.
- ics Calendar file
Backblaze Drive Stats is an open dataset that has tracked hard drive and SSD reliability across our data centers since 2013. This session covers recent backend upgrades—including a modular versioning system and migration to Snowflake with Trino and Iceberg—that improved data processing and failure validation. We'll also share updated AFR trends by drive model and size, SSD tracking challenges, and share how drive insights have underpinned performance improvements in data centers.
Speakers:Pat Patterson,Stephanie DoylePat Patterson is the chief technical evangelist at Backblaze. Over his three decades in the industry, Pat has built software and communities at Sun Microsystems, Salesforce, StreamSets, and Citrix. In his role at Backblaze, he creates and delivers content tailored to the needs of the hands-on technical professional, acts as the “voice of the developer” on the Product team, and actively participates in the wider technical community. Outside the office, Pat runs far, having completed ultramarathons up to the 50 mile distance. Catch up with Pat via Bluesky or LinkedIn.
SpeakerBio: Stephanie Doyle, Associate Editor & Writer at BackblazeStephanie is the Associate Editor & Writer at Backblaze. She specializes in taking complex topics and writing relatable, engaging, and user-friendly content. You can most often find her reading in public places, and can connect with her on LinkedIn.
- ics Calendar file
Zero-day hunting is learnable, not legendary. This talk explores how US Cyber Team coaches transform rookies into community-minded researchers who locate fresh bugs in live open-source code, build reliable proofs-of-concept, and perform responsible disclosure and CVE assignment. This training is completed by US Cyber Team athletes to prepare for Attack/Defense competitions when performing in international competitions. Attendees will learn how this is approachable to find 0-days, use SAST tools, triage alerts, weaponize findings, and perform responsible disclosure. We connect technical drills to career wins and share metrics that prove junior athletes become better at competitions while earning credentials and credibility.
SpeakerBio: m4lwhereChris brings over 13 years of experience in Penetration Testing, Incident Response, Risk Evaluation, Threat Intelligence, and System Administration. While Active Duty, Chris was the Incident Management Lead for the Navy Cyber Defense Operations Command where he specialized in response to attacks on classified and unclassified Navy networks across the globe. Throughout his career, Chris has provided actionable information for stakeholders to make informed decisions about reducing risk to the lowest possible levels, resulting in over 30 CVEs attributed to his work.
Chris has co-authored The Hack is Back: Techniques to Beat Hackers at Their Own Games and has created content on HackTheBox, TryHackMe, and Cybrary. He is an avid CTF player and has recently taken the #1 individual and #1 team position in the National Cyber League, while also operating as the Attack/Defense coach for the US Cyber Team.
Mr. Haller was awarded GIAC Security Expert #329 and has over 30 other certifications.
- ics Calendar file
In this session, we will explore the innovative integration of Generative AI with graph-based visualization to redefine cloud security strategies. Attendees will discover how attackers exploit misconfigurations in major cloud platforms like AWS, Azure, GCP, and OCI, gaining insights into the evolving threat landscape. Utilizing cutting-edge AI models, we’ll unveil how generative algorithms can predict potential misconfigurations and proactively identify attack paths.
The core of our discussion focuses on leveraging open-source tools such as neo4j and Memgraph to visualize these paths, providing a dynamic map of vulnerabilities. We'll demonstrate AI-driven solutions for crafting tailored mitigation strategies, ensuring a robust defense across cloud ecosystems. Through real-world case studies, attendees will witness the transformative impact of combining Gen AI with strategic prevention techniques.
By the presentation's end, participants will be empowered with the knowledge and tools to implement proactive security measures, effectively mitigating risks and enhancing the security posture of their cloud infrastructures. This innovative approach positions cloud security professionals at the forefront of defense against sophisticated cyber threats.
SpeakerBio: Filipi Pires, Head of Identity Threat Labs and Global Product Advocate at SeguraI’ve been working as Head of Identity Threat Labs and Global Product Advocate at Segura®, Red Team Village Director, Senior Advisor Raices Cyber Academy, Founder of Red Team Community (Brazil and LATAM), AWS Community Builder, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others, I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).
- ics Calendar file
- ics Calendar file
As cloud infrastructure becomes a prime target for adversaries, defenders must evolve their detection capabilities to stay ahead. Join us for an immersive, hands-on workshop where we’ll emulate real-world attacker behaviours and build compelling detection logic using Azure-native logs and tools.
This workshop introduces participants to Azure's control and data plane logging systems, the visibility gaps in API-based detection, and how Microsoft Sentinel can be leveraged for threat detection using KQL. Participants will first explore the landscape of Azure telemetry, including log tables like AzureActivity, AuditLogs, SigninLogs, and MicrosoftGraphAPI, to understand what’s available—and what’s missing—when trying to detect threats in the cloud.
The core of the session is focused on executing and detecting high-impact TTPs such as:
Unauthorised use of Azure CLI
Run Command Abuse on virtual machines
Mass blob reads and deletions
Malicious Key Vault access attempts
Through guided simulations, attendees will perform these actions in a dedicated Azure tenant, then pivot to the defender side to query relevant logs using Kusto Query Language (KQL), surfacing anomalies, and crafting detections.
Whether you're a cloud defender, threat hunter, or detection engineer, this session offers a rare opportunity to simulate adversary behaviour and refine detection strategies in a realistic Azure environment. By the end of this workshop, you’ll leave with practical KQL queries, detection playbooks, and hands-on experience in defending cloud infrastructure against modern threats.
Tenant Deployment Instructions:
Each participant will receive access to a pre-provisioned Azure tenant with the necessary services (including virtual machines, storage accounts, Key Vaults, function apps, and AKS clusters) already deployed and configured. Diagnostic settings will be pre-enabled to stream control and data plane logs into Microsoft Sentinel for immediate use.
Furthermore, all participants will deploy their Azure tenants through the TryHackMe platform, where credentials will be automatically provisioned. This streamlined setup ensures secure, consistent access for all attendees. Additional browser-based consoles will be provided directly within the TryHackMe environment to support hands-on activities, eliminating the need for local installation.
SpeakerBio: Ariz SorianoAriz is a Senior Content Engineer at TryHackMe, a global platform revolutionising cyber security education through gamified, hands-on learning. At TryHackMe, he creates immersive labs, real-world training content, and capture-the-flag (CTF) challenges that make cyber security accessible, engaging, and practical for learners of all levels. His work helps bridge the gap between theoretical knowledge and real-world application, empowering individuals to build job-ready skills in a fun and effective way.
With over eight years of professional experience in cyber security—including penetration testing, red teaming, and incident response—Ariz brings real-world depth to every piece of content he develops. His unique blend of technical expertise and educational insight enables him to craft learning experiences that are both challenging and impactful.
Beyond his contributions to TryHackMe, Ariz is a Managing Consultant at THEOS, leading the Red Team practice. In this role, he has directed and delivered numerous high-impact Red Teaming engagements for organisations across various sectors and regions.
Ariz is also a dedicated community builder. He is the founder and lead organiser of the Red Teaming Village at ROOTCON, the Philippines’ premier hacker conference. Through this initiative, he fosters offensive security awareness by curating technical talks, practical workshops, and interactive activities that nurture the region's next generation of red teamers.
- ics Calendar file
Did you know that you or anyone can launch a spoofed DDoS amplification attack from ANY IP on the Internet? Come find out about this mind blowing vulnerability that may well cause a Tunnelpocalypse!
SpeakerBio: Rich Compton, Comcast
- ics Calendar file
"Um, ACKtually" is a hacker twist on an established gameshow hosted by Dropout TV (Um, Actually). In this show, contestants are read a short statement about film, television, literature, etc. which contains one incorrect detail. The contestants must buzz in with the correction, preceded by the phrase "Um, Actually". In DEF CON's version, these statements are all related to tech / cybersecurity. Anyone who has spent any amount of time on social media, knows how much hackers love to correct each other!
Come watch some of your favorite hacking personalities publicly weaponize mansplaining for your entertainment!"
- ics Calendar file
Get ready to dive into an unprecedented investigation that has uncovered the largest group of Advanced Persistent Threats (APT) on the Brazilian financial scene. We uncovered a sophisticated modus operandi that resulted in losses in excess of USD 100MM to more than 25 victim companies.
SpeakerBio: Thiago Bordini, Head Cyber Threat IntelligenceThiago Bordini, Head Cyber Threat Intelligence, executive with more than 20 years of experience in the cyber intelligence market, working with analysis and prevention of cyber threats and fraud and dissemination of educational content on the subject to professionals and companies. Technical coordinator and postgraduate professor at IDESP.x000D Speaker at several national and international events such as Defcon La Villa, YSTS, EkoParty, H2HC, Security BSides Las Vegas and Sao Paulo, SANS, HTCIA, CoronaCon, 8.8 Andina and Brazil, among others.x000D Member of the Security BSides Sao Paulo/Brazil organization.
- ics Calendar file
The Unmanned Wireless Penetration Testing Device is a modular, open-source system enabling remote wireless security assessments. Using long-range LoRa communication, a mobile rover can perform Wi-Fi reconnaissance, deauthentication attacks, Bluetooth device discovery, and image capture without requiring proximity to the target network. Controlled entirely via encrypted LoRa packets, the system is optimized for secure operations in remote or inaccessible environments. Attendees will see live demonstrations of wireless attacks issued over LoRa and learn how the system can be adapted for mobile and drone-based security operations. Source code and build instructions will be freely available under an open license.
Speakers:Ayaan Qayyum,Omar HamoudehAyaan is a Master of Science student in electrical engineering at Columbia University. His research interests include mobile computing, applied machine learning, edge AI, digital signal processing, mathematical modeling, and information systems. He completed his undergraduate studies at Rutgers University–New Brunswick, earning a Bachelor of Science in electrical and computer engineering with a minor in mathematics. His technical background spans embedded systems, wireless communication, and hardware security, with certifications in AWS AI and cloud technologies. He has published research across cybersecurity, FPGA systems, and machine learning, including a project on FPGA fast Fourier transform implementation and a machine learning-based stock forecasting model. His work has been recognized at academic conferences such as the IEEE Integrated STEM Education Conference and the Rutgers JJ Slade Research Symposium. He is currently a technical research intern at the Intelligent and Connected Systems Laboratory at Columbia University. He was a program mentor for the Governor's School of New Jersey designing search-and-rescue drone systems utilizing real-time edge inference. He is passionate about building scalable, open-source security tools and bridging the gap between theory and real-world deployment.
SpeakerBio: Omar HamoudehOmar is a wireless security enthusiast and builder who recently completed his B.S. in electrical and computer engineering at Rutgers University. His work focuses on embedded systems security, hardware hacking, and wireless exploitation. As part of a senior design project, he developed an unmanned wireless penetration testing rover using LoRa for remote Wi-Fi scanning and reconnaissance. The project earned second place at the 2025 Rutgers ECE Capstone Expo. He also worked extensively on secure architecture projects, including implementing TrustZone on an ARM-based microcontroller to separate secure and non-secure execution environments. In a separate project, he designed a lightweight firmware validation system to detect unauthorized modifications in IoT devices. His current research centers on building low-profile tools for wireless network exploitation and resilience testing.
- ics Calendar file
With the commoditization of IoT surveillance technology, private and public entities alike have been rushing to put every facet of our lives under surveillance. Unfortunately, schools are no exception in the ongoing privacy race to the bottom. In this talk, we present our analysis of a popular line of IoT vape detectors marketed primarily to schools. Rey first learned of the existence of this device while he was a student in high school, scanning the local network during his lunch break. He became obsessed with the idea of reverse-engineering it, and a couple of years later he got an opportunity when a specimen appeared on eBay.
This talk will cover our journey of acquiring the device and doing a hardware teardown. Then, we'll talk about dumping the firmware, examining its behavior, and doing some light reverse-engineering to uncover some fun appsec vulnerabilities. We'll discuss implications of our findings on this particular series of devices, as well as on the ed-tech surveillance industry as a whole.
We will release a copy of the device filesystem, as well as our scripts for decrypting OEM firmware and packing custom firmware updates.
Speakers:Reynaldo "buh0",nyxRey started out finding bugs and holes in websites at 15. He began attending local infosec meetups in Portland, Oregon—like RainSec and PDX2600—soaking up everything he could. After stumbling across a creepy surveillance device at his high school, he drifted into hardware security and reverse engineering. He’s determined to keep learning and digging deeper.
SpeakerBio: nyxnyx is a Portland-based hacker, engineer, and self-described cyberpunk. As an unwilling participant in the late-capitalist, mass-surveillance dystopia, he is passionate about digital privacy, data self-custody, and running his own infra. Ultimately, he hopes to wrest control of his online life back from the megacorps and help others do the same. He holds the OSCP, and in his professional life he develops system software for a Fortune 100 tech company's internal consulting team, specializing in security, networks, and devops. When not making a living looking at the bad screen, in his free time he enjoys looking at the good screen.
- ics Calendar file
Malware written in Go is becoming more common and more challenging to deal with. Go binaries are large, packed with statically linked code, and structured in ways that confuse traditional reverse engineering tools. The Go runtime introduces additional layers of complexity, making tasks like function identification, string recovery, and behavior tracking harder than usual.x000D x000D EDRs also struggle with Go malware. Unusual binary layouts, obfuscated strings, and non-standard execution flows can lead to missed detections and incomplete telemetry.x000D x000D In this talk, we will break down the key challenges in analyzing Go malware and share tools and techniques that help make sense of it. We will also walk through a recent sample called FrostyGoop, which was used to disrupt heating systems in Ukraine. By examining its structure, behavior, and unique artifacts, we will show how attackers are using Go in real-world campaigns and what defenders can do to catch up.
Speakers:Asher Davila,Chris NavarretePassionate about binary analysis, binary exploitation, reverse engineering, hardware hacking, retro computing, and music.
SpeakerBio: Chris Navarrete, Senior Principal Security Researcher - CDSS Advanced Threat Prevention (ATP) at Palo Alto NetworksChris Navarrete is a Senior Principal Security Researcher within the Advanced Threat Prevention team at Palo Alto Networks. His work centers on cutting-edge research in cybersecurity, particularly in threat detection and malware analysis. Previously, he served as an adjunct professor of computer science at San Jose State University, teaching Software Security Technologies. He holds a Master of Science in software engineering with a specialization in cybersecurity from San Jose State University. Chris has presented at major industry conferences, including Black Hat Asia, the Computer Antivirus Research Organization (CARO), the Cyber Threat Alliance's Threat Intelligence Practitioners (TIPS) conference, and Black Hat Arsenal, where he introduced and released BLACKPHENIX — a framework designed to automate malware analysis workflows.
- ics Calendar file
Retrieval-Augmented Generation (RAG) systems have revolutionized how LLMs (Large Language Models) access ""additional"" knowledge, powering everything from enterprise chatbots to cutting-edge research tools. However, their architecture, designed to integrate text chunks to give additional context to prompts, also opens the door to innovative data exfiltration techniques.
In this talk, titled ""Up and Down Technique: Exposing Hidden Data from RAG Systems"", Pedro presents a technique he discovered that enables adversaries to systematically extract sensitive information from RAG applications via prompt injection.
During this talk, we’ll deep dive into the internals of RAG systems by analyzing their architecture, embeddings, vector databases, and prompt anatomy. Pedro will demonstrate, using real-world examples, how attackers can exfiltrate data from documents via carefully crafted prompt injections. More importantly, the presentation will provide a set of comprehensive mitigation strategies.
Designed for red teamers, bug bounty hunters, developers, CISOs, and cybersecurity enthusiasts, this talk bridges the gap between theoretical vulnerabilities and practical, actionable defense strategies, equipping security professionals with the knowledge they need to protect modern, AI-powered applications against emerging threats.
SpeakerBio: Pedro "drop" Paniago, PwCPedro, a.k.a drop in the cyber community, is a Senior Offensive Security Consultant specializing in Application Penetration Testing and Cyber Investigations at PwC.
- ics Calendar file
- ics Calendar file
How I used the modding API for the video game stardew valley to create a C2 client and infostealer that bypassed defender.
SpeakerBio: Gecko
- ics Calendar file
Vulnerability Disclosure in Aviation has long been, and continues to be, a very sensitive topic. Whilst large improvements have been made by some in recent years, there are still some corners of the industry who could do much better. Gaffers has experience in both submitting and receiving vulnerability disclosures within the industry and will share some stories highlighting the good, the bad, and the ugly.
SpeakerBio: Matt Gaffney, United Airlines
- ics Calendar file
Smart home technology often comes with a hefty price tag, particularly for specialized devices like weather stations. So instead I did it myself, instead of buying an expensive 'smart' device, I integrated a conventional weather station into Home Assistant. With AI-powered assistance and "vibe coding" approach, even complex devices can be made smart. From sniffing device communications to getting Gemini to generate C++. With modern AI tools, empowering your existing "dumb" devices is more accessible and achievable than ever before, opening up a world of custom smart solutions without breaking the bank.
SpeakerBio: Katie "InsiderPhD" Paxton-Fear, Principal Security Researcher at Traceable by HarnessDr Katie Paxton-Fear is an API security expert and a Security Advocate at Semgrep, in her words: she used to make applications and now she breaks them. A former API developer turned API hacker. She has found vulnerabilities in organizations ranging from the Department of Defense to Verizon, with simple API vulnerabilities. Dr Katie has been a featured expert in the Wall Street Journal, BBC News, ZDNet, The Daily Swig and more. As she shares some of the easy way hackers can exploit APIs and how they get away without a security alert! Dr Katie regularly delivers security training, security research, to some of the largest brands worldwide. She combines easy-to-understand explanations with key technical details that turn security into something everyone can get.
- ics Calendar file
Virtualization Based Security (VBS) is one of the most fascinating security advancements of recent years - the ability to isolate critical components of the OS enabled Microsoft to achieve substantial security improvements with features like Credential Guard and HVCI.
One of the more interesting features enabled through VBS are VBS Enclaves - a technology that allows a process to isolate a region of its memory, making it completely inaccessible to other processes, the process itself, and even the kernel.
While VBS enclaves can have a wide range of security applications, they can also be very appealing to attackers - running malware in an isolated region, out of the reach of EDRs and security analysts? Sign us up!
With this research we set out to explore the concept of enclave malware. We will dive into VBS enclaves while exploring previously undocumented behaviors, and describe the different scenarios that can enable attackers to run malicious code inside enclaves.
We will then work towards weaponizing VBS enclaves - we will describe the different techniques that could be used by malware running within enclaves, and show how they enable creating stealthy implants that can go completely undetected.
References:
Microsoft VBS enclave documentation Windows Internals 7th edition, part 1 Windows Internals 7th edition, part 2 CVE-2023-36880 exploit VBS enclave exploitation
SpeakerBio: Ori DavidOri David is a senior security researcher at Akamai, his research is focused on offensive security, malware analysis, and threat hunting.
- ics Calendar file
Bug bounty programs have become a cornerstone of modern security strategy, but managing them at scale is anything but simple. In this panel, leaders from some of the world’s largest and most mature bug bounty programs, including Amazon, PayPal, AWS, Shopify, and Splunk, will share hard-won insights from the frontlines.
We will explore the nuances of triage, researcher relationships, reward strategies, internal buy-in, legal hurdles, and responsible scaling. Panelists will also discuss how bug bounty culture is shifting, what is working (and what is not), and how they are evolving their programs to meet today’s threat landscape.
Whether you are running a bounty program, hacking in one, or simply curious about what happens behind the scenes, this candid discussion will surface lessons, real-world experiences, and future-focused perspectives from those who lead these programs every day.
Speakers:Gabriel Nitu,Jay Dancer,Tyson Laa Deng,Ryan Nolette,Goraksh Shinde,Jill "thejillboss" Moné-CoralloSplunk Offensive Security Engineer with over 9 years of experience poking holes in things (responsibly, of course) and helping others sleep at night (sometimes). Whether it’s finding flaws in a product before the bad guys sniff them out, leading incident response like a firefighter, or scaling bug bounty programs, Gabriel brings a mix of curiosity, chaos, and calm.
SpeakerBio: Jay Dancer, ShopifyJill "thejillboss" Moné-Corallo is currently the Bug Bounty Leader at Shopify. Prior to Shopify, she led the Bug Bounty and Product Security Incident Response teams at GitHub and was a Senior Product Security Engineer at Apple. She graduated from Mercy University with a B.S. in Cybersecurity. She is passionate about the response functions of security—where communication, empathy, and technical rigor intersect. She is also a founder of Glass Firewalls, a conference dedicated to “breaking bytes and barriers” for women to participate in bug bounty programs
- ics Calendar file
Hands-on access to real voting systems
- ics Calendar file
This presentation will share the unique, and sometimes unusual, aspects of the Google Vulnerability Rewards Program (VRP), Google’s self-hosted bug bounty program. We’ll begin by taking a closer look at a bug rewarded by the VRP, in particular how an external researcher discovered & escalated the bug with the help of Google security engineers, demonstrating how the Google VRP operates and in which ways the Google VRP is slightly different than most other bug bounty programs. In the course of this presentation, we will also cover aspects such as the Google VRP’s reward philosophy, its policies around vulnerability transparency, details of our triage process, and more! This talk will provide multiple actionable takeaways for you to consider for your own bug bounty program.
SpeakerBio: Sam "erbbysam" Erb, Security Engineer at GoogleSam is a security engineer @ Google and helps run the Google & Alphabet VRP. In the past, Sam has won two DEF CON Black Badges and numerous live hacking event awards including an MVH trophy. Sam has submitted hundreds of bug bounty reports and triaged thousands of your reports.
- ics Calendar file
Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
Speakers:Darren Meyer,Raphael SilvaDarren is a security research advocate and practitioner that has worked on every side of the AppSec world at some point in the past 20 years. He's passionate about making security work more accessible and less stressful.
SpeakerBio: Raphael SilvaRaphael Silva is a Security Researcher at Checkmarx, specializing in security research, SAST methodologies, and Supply Chain Security. Over the course of his career, he has presented at various conferences, as well as conducted a workshop at DEFCON30. In addition, he is experienced in vulnerability analysis, research, and disclosure, having reported multiple bugs to companies and open-source projects.
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
Come sit down and take a self guided journey to learn something hands on with us. We have an array of skills to learn including FleetDM, Linux, NetworkOS, Botnets, and others as well! We have people there to help answer your questions if things get a little dicey and make sure you have the best time while picking up something new.
- ics Calendar file
The fabled Wall Of Sheep…
- ics Calendar file
Warhead is an offensive security tool that leverages Windows Atom Tables to store, retrieve, and execute payloads in a stealthy manner. This technique enables adversaries to place a payload in the Atom Table, use a legitimate process to extract it, and execute it in memory—bypassing traditional detection mechanisms. The first version of Warhead, to be released at Black Hat Arsenal 2025, provides security researchers and red teamers with a novel approach to payload delivery and execution that evades modern security defenses.
Speakers:Vishal "Vish" Thakur,David "Votd_ctf" WearingVishal Thakur is a seasoned expert in the information security industry, with extensive experience in hands-on technical roles specializing in Incident Response, Emerging Threats, Malware Analysis, and Research. Over the years, Vishal has developed a strong reputation for his deep technical expertise and ability to address complex security challenges.
He has shared his research and insights at prominent international conferences, including BlackHat, DEFCON, FIRST, and the SANS DFIR Summit, where his sessions have been highly regarded for their depth and practical relevance. Additionally, Vishal has delivered training and workshops at BlackHat and the FIRST Conference, equipping participants with cutting-edge skills and techniques. Vishal currently leads the Incident Response function for APAC region at Atlassian.
SpeakerBio: David "Votd_ctf" Wearing
- ics Calendar file
Warhead is an offensive security tool that leverages Windows Atom Tables to store, retrieve, and execute payloads in a stealthy manner. This technique enables adversaries to place a payload in the Atom Table, use a legitimate process to extract it, and execute it in memory—bypassing traditional detection mechanisms. The first version of Warhead, to be released at Black Hat Arsenal 2025, provides security researchers and red teamers with a novel approach to payload delivery and execution that evades modern security defenses.
Speakers:Vishal "Vish" Thakur,David "Votd_ctf" WearingVishal Thakur is a seasoned expert in the information security industry, with extensive experience in hands-on technical roles specializing in Incident Response, Emerging Threats, Malware Analysis, and Research. Over the years, Vishal has developed a strong reputation for his deep technical expertise and ability to address complex security challenges.
He has shared his research and insights at prominent international conferences, including BlackHat, DEFCON, FIRST, and the SANS DFIR Summit, where his sessions have been highly regarded for their depth and practical relevance. Additionally, Vishal has delivered training and workshops at BlackHat and the FIRST Conference, equipping participants with cutting-edge skills and techniques. Vishal currently leads the Incident Response function for APAC region at Atlassian.
SpeakerBio: David "Votd_ctf" Wearing
- ics Calendar file
How much do you trust your cloud provider to hide the ownership information for your resources? Many organizations believe that their ownership information for cloud hosted resources is not available to anonymous users. Unless there's an associated DNS record or other obvious identifiers (website content, SSL certificates, etc.), it might seem difficult to anonymously identify a cloud resource’s owner. What if we told you that some of your Azure resources can expose their ownership information? This talk will explain how multiple Azure resource types (and Microsoft services) inadvertently expose their ownership information, allowing attackers to enumerate potential entry points into an Azure tenant. Thanks to the supporting structure of Azure resource subdomains, and public DNS data sources, we enumerated the ownership information of over 500,000 Azure resources. We will wrap things up by sharing a new tool (ATEAM - Azure Tenant Enumeration and Attribution Module) that can be used to replicate our research, so you too can find out where all of your Azure resources have been hiding.
Speakers:Karl Fosaaen,Thomas EllingAs a VP of Research, Karl is part of a team developing new services and product offerings at NetSPI. Karl previously oversaw the Cloud Penetration Testing service lines at NetSPI and is one of the founding members of NetSPI’s Portland, OR team. Karl has a Bachelors of Computer Science from the University of Minnesota and has been in the security consulting industry for over 15 years. Karl spends most of his research time focusing on Azure security and contributing to the NetSPI blog. As part of this research, Karl created the MicroBurst toolkit to house many of the PowerShell tools that he uses for testing Azure. In 2021, Karl co-authored the book “Penetration Testing Azure for Ethical Hackers” with David Okeyode.
SpeakerBio: Thomas EllingThomas Elling is the Director of Azure Cloud Pentesting and a security researcher at NetSPI. He specializes in web application and cloud security testing. He has advised multiple Fortune 500 companies in the technology sector. In his spare time, Thomas enjoys improving his coding skills, watching bad action movies, and hanging out with his dog, Chunks.
- ics Calendar file
This workshop explores how the Kestrel can be innovatively used for hunting advanced threats in critical infrastructures using offensive security methodologies, the workshop delves into techniques and strategies that simulate real-world adversary attacks while also identifying vulnerabilities and anomalous behaviors with offensive techniques before they are exploited in a real scenario. This workshop will perform controlled and simulated attacks, such as network intrusion, data exfiltration, and persistence, to generate artifacts that will serve as the foundation for active threat hunting. We will configure and calibrate Kestrel to identify anomalous patterns within network traffic and system interactions, correlating these patterns with MITRE ATT&CK tactics.
This workshop will innovative the methodology for integrating the Kestrel tool into a threat hunting process within offensive techniques, providing new ways of thinking about advanced threat detection and proactive security
Speakers:Daniel Benavides,Ronald GonzálezDaniel Benavides (Edad: 27), es un experimentado profesional en ciberseguridad con más de 7 años de experiencia en el sector. Durante 4 años y medio, trabajó como Administrador de Sistemas (SysAdmin) para el gobierno de El Salvador, donde fue responsable de la gestión y seguridad de infraestructuras críticas y sistemas gubernamentales. Posteriormente, durante 3 años, se desempeñó como Supervisor de un Security Operations Center (SOC) en RSM US LLP, una destacada firma de consultoría norteamericana, donde lideró equipos en la vigilancia, detección y respuesta a incidentes de seguridad.
Actualmente, Daniel ocupa el rol de Consultor XDR Senior en Palo Alto Networks, donde aplica su experiencia en la implementación y optimización de soluciones avanzadas de detección y respuesta extendida (XDR). Su trabajo se centra en la respuesta a incidentes, la cacería de amenazas, el análisis avanzado de amenazas y la creación de reglas de detección basadas en información de ciberinteligencia, contribuyendo a fortalecer la seguridad de sus clientes.
Su formación académica incluye un grado en Ingeniería en Sistemas de la Universidad Don Bosco en El Salvador, y una Diplomatura en Ciberinteligencia obtenida en España, que complementan sus conocimientos técnicos y estratégicos. Además, Daniel cuenta con una serie de certificaciones profesionales que avalan su pericia en el campo: las certificaciones CompTIA Security+, CompTIA CySA+, certificación en la nube de AWS CLF-C02; así como certificaciones específicas de XDR de Stellar Cyber y Palo Alto Cortex.
Fuera del ámbito profesional, Daniel es un apasionado del Brazilian Jiu Jitsu, en el cual ostenta el cinturón azul, y participa activamente en competencias de Capture The Flag (CTF), demostrando su habilidad en la resolución de desafíos de seguridad. También dedica tiempo a explorar la plataforma de ciberseguridad TryHackMe, donde sigue perfeccionando sus habilidades y conocimientos. Además, le encanta viajar por el mundo, lo que le permite explorar nuevas culturas y perspectivas.
El conjunto de su experiencia profesional, habilidades técnicas avanzadas, formación académica y sus variadas aficiones lo posicionan como un experto integral en el ámbito de la ciberseguridad, con una sólida trayectoria en la protección de sistemas y la gestión de operaciones de seguridad.
SpeakerBio: Ronald GonzálezRonald González: Offensive Security Investigator, Threat Hunter and Incident Response, Digital Forensic and SecDevOps with more than 10 years of experience in computer systems, he has been a Government Forensic Expert with specialization in the scene of computer crimes and now as an individual. He is a national and international consultant helping organizations find vulnerabilities. Ronald holds a few recognized certifications including CPTS from HackTheBox, GoogleSecOps, CHFI. He is the leader of the group DEF CON DC11503, HackTheBox El Salvador and BSides El Salvador, and speaker at DEFCON Red Team Village 32, TEDx and many other conference as well
- ics Calendar file
You patch vulnerabilities, sandbox malware, and audit code. You know not to click suspicious links. But what if the real threat isn't in phishing emails or zero-days—but in the very tools and research you're relying on? In late 2024, we uncovered a new threat actor, MUT-1244, targeting security professionals, red teamers, and academics. They use trojanized proof-of-concept exploits and fake software updates to exploit trust in open-source tools and research environments.
During our investigation, we discovered over 390,000 leaked credentials that MUT-1244 exfiltrated from a compromised actor, revealing the scale of their operation. In this talk, we'll reveal how MUT-1244 operates through fake GitHub profiles and showcase our use of OSINT to map their infrastructure and tactics. We'll also share our attribution findings and methodology.
Attendees can expect to hear technical details of the campaigns conducted by this threat actor, some notes on attribution, ideas for detecting this activity in your environment and the story of how the speakers discovered over 390,000 credentials inadvertently stolen from unrelated threat actors by MUT-1244.
References:
Speakers:Christophe Tafani-Dereeper,Matt MuirChristophe lives in Switzerland and works on cloud security research and open source at Datadog. He previously worked as a software developer, penetration tester and cloud security engineer. Christophe is the maintainer of several open-source projects such as Stratus Red Team, GuardDog, CloudFlair, Adaz, and the Managed Kubernetes Auditing Toolkit (MKAT).
SpeakerBio: Matt MuirMatt is a security researcher with a passion for UNIX and UNIX-like operating systems. He previously worked as a macOS malware analyst and his background includes experience in the areas of digital forensics, DevOps, and operational cyber security. Matt enjoys technical writing and has published research including the discovery of the first malware family to target AWS Lambda, emerging cloud-focused botnets, and a series of novel Linux malware campaigns.
- ics Calendar file
(DCNextGen is for youth 8-18 attending DEF CON) Come pick up your DCNextGen badge and swag! Get a preview of all the upcoming activities and adventures. We'll also show you how to use your new badge in order to participate in all of our cool challenges!
Speakers:BiaSciLab,Bradan Lane,HEAVBianca 'BiaSciLab' Lewis is an 18 year old hacker that has been working in cyber security since the age of 11. She started her journey by hacking a mock election reporting system at Defcon at the age of 12 gaining national attention leading her to attend a congressional hearing on election security. Since then Bianca has become an international speaker discussing election security, Social Media Psyops, psychological warfare, women in tech, and other various cyber security topics at DEF CON, Black Hat, Defcamp and numerous other conferences including H.O.P.E. where she was the youngest ever to speak. Seeing the lack of young girls in the cyber space, she also started Girls Who Hack, her non-profit with the mission of teaching girls the skills of hacking so that they can change the future. She provides free online and in person classes on the most important topics in cyber security and online safety. Currently BiaSciLab is a key member of The Hacking Games working as the lead of their youth advisory and influence board “C.Y.B.E.R.” that exists to support The Hacking Games mission to guide the next generation with a passion for hacking onto pathways that drive positive change in the world.
SpeakerBio: Bradan LaneDCNextGen GOON, DC610 Admin
- ics Calendar file
Mr. Moss is an internet security expert and is the founder of Both the Black Hat Briefings and DEF CON Hacking conferences.
- ics Calendar file
Introduction to the Voting Village and the Symposium
Speakers:Matt Blaze,David Jefferson,Catherine Terranova,Susan GreenhalghMatt Blaze is the McDevitt Chair of Computer Science and Law at Georgetown University, where his research focuses on problems at the intersection of technology, public policy, and law. Prior to joining Georgetown, he was a professor of computer science at the University of Pennsylvania, and prior to that, a founding member of the Secure Systems Research Department at AT&T Bell Labs. He holds a PhD in computer science from Princeton, an MS from Columbia, and a BS from the City University of New York. Blaze's scholarship and practical work in high-integrity voting and elections technology dates back more than 25 years. He led teams that examined source code for security vulnerabilities on behalf of the states of California and Ohio for the Top-to-Bottom Review and EVEREST studies. He has testified on election security and other topics before the US Congress over a dozen times, served on various federal and state advisory boards, and has published numerous scholarly research papers on elections and related subjects. He is a founding member of the DEFCON Voting Village, and currently serves as board chair of the Election Integrity Foundation.
SpeakerBio: David Jefferson, Lawrence Livermore National Laboratory (retired), Election Integrity Foundation, DrSusan Greenhalgh is the Senior Advisor on Election Security for Free Speech For People. Ms. Greenhalgh has previously served as vice president of programs at Verified Voting and at the National Election Defense Coalition, advocating for secure election protocols, paper ballot voting systems and post-election audits. Recognized as an expert on election security, she has been invited to testify before the U.S. Commission on Civil Rights and has been an invited speaker at meetings of the MITRE Corporation, the National Conference of State Legislatures, the Mid-West Election Officials Conference, the International Association of Government Officials, the Election Verification Network and the E-Vote-ID conference in Bregenz, Austria. She is a frequent source for reporters from TheNew York Times, The Washington Post, The Wall Street Journal, Politico, USAToday, Associated Press, National Public Radio and other leading news outlets. She has appeared on CNN and MSNBC’s The Rachel Maddow Show, and various other television news shows. She has a BA in Chemistry from the University of Vermont.
- ics Calendar file
In 2023, Microsoft detected a nation state actor (Forest Blizzard/STRONTIUM) exploiting a "zero-click" remote code execution vulnerability in Outlook by sending a malicious email. Microsoft fixed this in part by adding a call to the MapUrlToZone API, which determines where a path is located so callers can make a trust decision. Critical components like Outlook, Office, Windows Shell and sandboxes rely on MapUrlToZone to make intelligent security decisions, but little research has historically focused on MapUrlToZone itself. Microsoft Security Response Center has a unique role in analyzing systemic trends in areas like this and drive deep technical research to remediate security issues. This talk will focus on MSRC's review of the MapUrlToZone API which identified several novel ways to trick Windows into thinking that a remote untrusted file exists on the local machine. We will talk about how we approached this research and exploited key differences in how MapUrlToZone and the Windows filesystem parse file paths. In total, this research identified a dozen CVEs across various vulnerability types. All of the issues covered have been fixed with CVEs in early 2025. In addition to the individual fixes for this component, we'll also cover how MSRC worked with internal teams to build more comprehensive mitigations.
References:
George is passionate about Windows Security and improving the security landscape for all Windows users. Over the past five years as a member of MSRC's Vulnerabilities and Mitigations Team, George has investigated various components in Windows, hunting for and remediating the most pervasive vulnerabilities in the ecosystem.
SpeakerBio: Rohit MotheRohit Mothe is a Security Researcher on the Vulnerabilities & Mitigations team at the Microsoft Security Response Center (MSRC) and has experience researching and exploiting vulnerabilities for over a decade in various roles.
- ics Calendar file
Any chip of sufficient complexity needs one thing if they want to actually get used in devices - a Software Development Kit (SDK). This collection of binaries, proprietary services, and code samples allows board designers to quickly and easily incorporate an otherwise complex chip into their existing environments. However, once this code is bundled into various product lines from various vendors, it becomes nearly impossible to make sure it gets updated with new versions. What happens if a vulnerability is discovered? Suddenly, hundreds of thousands of devices all from different vendors spanning years of releases are all affected by the same bug and it turns into a perpetual game of whack-a-mole trying to get them all patched. And botnet authors are definitely paying attention. In this talk, we will discuss the attack surfaces present in the SDKs from some major chipset manufacturers, talk about some exploits (both old-day and 0-day), and try to figure out what can be done to cleanse the internet of the zombie SDK vuln plague.
SpeakerBio: Richard "HeadlessZeke" Lawshae, Principal Security Researcher at Keysight TechnologiesRicky "HeadlessZeke" Lawshae is a Principal Security Researcher for Keysight Technologies. He has been hunting vulnerabilities in IoT devices for the past 15 years or so and has discovered and disclosed dozen of vulnerabilities in products from HID Global, Crestron, Meta, Mazda, Realtek, and more. His work has been featured in Wired, Forbes, Hackaday, and the CISA KEV list. He is based out of beautiful Austin, TX (AHA! represent)
- ics Calendar file
Bitdefender invites you to solve a few challenges that will get you familiar with the inner workings oof the Matter Protocol.
Smart home promises seamless living with lights, locks, sensors, and thermostats, all speaking the same language.
But behind the comfort of voice commands and automated routines lies a tangled web of wireless protocols and IoT standards like Matter.
Can you disrupt, decode of dominate the smart home?
- ics Calendar file
The RP2350 hacking challenge, released last year at Defcon, led to multiple exciting attacks against the RP2350's bootloader. This session will provide a technical deep dive into one of these attacks: Forcing an unverified vector boot via voltage fault injection. Equipped with an RP2350 security playground board, we will provide a run-down of the discovery process and experimentally verify different building blocks leading up to the attack.
SpeakerBio: Marius MuenchMarius Muench is an assistant professor at the University of Birmingham. His research interests cover (in-)security of embedded systems, binary & microarchitectural exploitation, and defenses. He obtained his PhD from Sorbonne University in cooperation with EURECOM and worked as a postdoctoral researcher at the Vrije Universiteit Amsterdam. He developed and maintains avatar2, a framework for analyzing embedded systems firmware, and FirmWire, an emulation and fuzzing platform for cellular basebands. Throughout his career, Marius publicly shared his findings and presented at venues such as Black Hat, Reverse.io, REcon, and Hardwear.io.
- ics Calendar file
Recent news accounts have reported that representatives of the Trump administration are seeking extralegal access to voting equipment. This latest effort mirrors a multi-state scheme, carried out from 2020-2022, by allies of Donald Trump that successfully accessed voting machines in Colorado, Georgia, Michigan, and Pennsylvania and obtained copies of the voting system software. This discussion will outline what is known about multistate plot, what we know (and don’t know) about the status and the purloined software, and what this could mean for elections in the future.
Speakers:Jessica Burbank,Susan Greenhalgh,Marilyn MarksSusan Greenhalgh is the Senior Advisor on Election Security for Free Speech For People. Ms. Greenhalgh has previously served as vice president of programs at Verified Voting and at the National Election Defense Coalition, advocating for secure election protocols, paper ballot voting systems and post-election audits. Recognized as an expert on election security, she has been invited to testify before the U.S. Commission on Civil Rights and has been an invited speaker at meetings of the MITRE Corporation, the National Conference of State Legislatures, the Mid-West Election Officials Conference, the International Association of Government Officials, the Election Verification Network and the E-Vote-ID conference in Bregenz, Austria. She is a frequent source for reporters from TheNew York Times, The Washington Post, The Wall Street Journal, Politico, USAToday, Associated Press, National Public Radio and other leading news outlets. She has appeared on CNN and MSNBC’s The Rachel Maddow Show, and various other television news shows. She has a BA in Chemistry from the University of Vermont.
SpeakerBio: Marilyn Marks, Coalition for Good Governance
- ics Calendar file
Discover your path to becoming a security engineer with Josh Grossman, Distinguished Lifetime Member & Project Leader for ASVS, and explore OWASP in this lightning session.
SpeakerBio: Josh Grossman, Bounce Security at OWASPJosh Grossman has worked as a consultant in IT and Application Security and Risk for 15 years now, as well as a Software Developer. This has given him an in-depth understanding of how to manage the balance between business needs, developer needs and security needs which goes into a successful software security programme.
Josh is currently CTO for Bounce Security where he helps clients improve and get better value from their application security processes and provides specialist application security advice. His consultancy work has led him to work, speak and deliver training both locally and worldwide including privately for ISACA and Manicode and publicly for OWASP's Global AppSec conferences, NDC Security and Black Hat.
In his spare time, he co-leads the OWASP Application Security Verification Standard project and is on the OWASP Israel chapter board and the OWASP Events Committee. In 2025, OWASP recognised his contributions with a Distinguished Lifetime Membership award.
- ics Calendar file
“Whose Slide Is It Anyway?” is the unholy union of improv comedy, hacking, and slide deck sado-masochism. We are the embodiment of the hacker battle cry "FUCK IT, WE'LL DO IT IN PROD."
Our team of slide monkeys will create a stupid amount of short slide decks on whatever nonsense tickles our fancies. Slides are not exclusive to technology, they can and will be about anything. Contestants will take the stage and choose a random number corresponding to a specific slide deck. They will then improvise a minimum 5 minute / maximum 10 minute lightning talk, becoming instant subject matter experts on whatever topic/stream of consciousness appears on the screen.
But....why?
Because for us, the stage is hallowed ground and since stupidity can't be stopped, we decided to weaponize it. Whether you delight in the chaos of watching your fellow hackers squirm or would like to sacrifice yourself to the Contest Gods, it’s a night of schadenfreude for the whole family.
A blatant and offensive disregard to any and all comfort zones to which one has heretofore been accustomed.
None.
- ics Calendar file
Kit cost $180
- ics Calendar file
- ics Calendar file
We'd love to get all the gender non conforming, non-binary and women together to hang out and make friends! DEF CON is better with friends. Stop in for a bit, or the whole time.
- ics Calendar file
We'd love to get all the gender non conforming, non-binary and women together to hang out and make friends! DEF CON is better with friends. Stop in for a bit, or the whole time.
- ics Calendar file
The RPC protocol allows executing functions on remote servers. An interface is identified by a UUID, and clients contact specific RPC endpoints to communicate with it. Some endpoints may be well-known to clients, but some are provided through the EPM (Endpoint Mapper). These are called Dynamic Endpoints.
As servers request to map UUIDs to their Dynamic Endpoints, we wondered what stops us from mapping a UUID of a trusted RPC interface to an endpoint that we control, leading to our own malicious RPC interface.
We discovered that nothing stops unprivileged users from imposing as a well-known RPC server! However, to have clients connect to us, we needed to register first. We, as the underdog racer, need to beat services in their home race track.
We examined the status of RPC servers at certain points during boot and mapped several interfaces we can abuse. We then took a shot racing their services and won the gold medal! Various high integrity processes and some even PPLs trusted us to be their RPC server!
In this talk, we’ll present “RPC-Racer” - a toolset for finding insecure RPC services and winning the race against them! We’ll show it manipulating a PPL process to authenticate the machine account against any server we want! Finally, we’ll describe how to validate the integrity of RPC servers, to mitigate this issue.
References:
SpeakerBio: Ron Ben YizhakRon (@RonB_Y) is a security researcher at SafeBreach with 10 years of experience. He works in vulnerability research and has knowledge in forensic investigations, malware analysis and reverse engineering. Ron previously worked in the development of security products and spoke several times at DEFCON
- ics Calendar file
- ics Calendar file